Pangea MCP Server

Pangea MCP Server

A Model Context Protocol (MCP)server that provides integration with Pangea APIs.

Prerequisites

• Node.js v22.15.0 or greater.
• A Pangea API token with access to all of AI Guard, Domain Intel, Embargo,IP Intel, Redact, Secure Audit Log, URL Intel, and Vault. This token needs tobe stored in Pangea Vault. See Service Tokens for documentation on how tocreate and manage Pangea API tokens.
• A Pangea API token with access to Vault. This will be used to fetch the abovetoken at runtime.
• A Pangea Secure Audit Log configuration with the "Standard Audit Log Config"schema. See Multiple Service Configurations fordocumentation on how to create a new Secure Audit Log configuration. Note downthe configuration ID for later.

The first API token may look like:

Pangea setup from scratch

This section will go over how to set up a brand new Pangea account for this MCPserver.

1. Create a Pangea account at https://pangea.cloud/signup. During the accountcreation process, an organization (top-level group) and project(individual app) will be created as well. On the "Get started with a commonservice" dialog, just click on the Skip button to get redirected to thedeveloper console.
2. In the developer console, there will be a list of services in the left handpanel. Click on the Vault service to enable it. Vault provides securestorage of secrets, cryptographic keys, and Pangea API tokens.
3. In the modal, there will be a prompt to create a new Pangea API token or toextend an existing one. Choose Create a new token and click on Done.This is the token that will be used later as the PANGEA_VAULT_TOKENenvironment variable.
4. In the left hand panel, click on the Secure Audit Log service to enableit. Secure Audit Log provides transparent, immutable, and cryptographicallyverifiable tamperproof audit logging.
5. Continue with the default Standard Audit Log schema.
6. In the modal, there will be a prompt to create a new Pangea API token or toextend an existing one. Choose Create a new token. Ensure that theStore token in Vault checkbox is checked, then click Done.
7. The Config ID displayed on the destination page is what will be usedlater as the PANGEA_AUDIT_CONFIG_ID environment variable.
8. Now the second token that was created must be extended to the rest ofPangea's services. For each of the following services, click on itsrespective item in the left hand panel and, in the modal that appears, chooseExtend an existing token. Select the token that was created in theprevious step (not the first token that was created for Vault alone), thenclick Done.
   1. AI Guard — Protects data and interactions with LLMs.
   2. Domain Intel — Retrieves intelligence data for submitted domains.Supported providers: DomainTools, CrowdStrike, WhoisXML API.
   3. Embargo — Checks IPs and country codes against known sanction and tradeembargo lists.
   4. IP Intel — IP monitoring. Supported providers: Team CYMRU, CrowdStrike,Digital Element.
   5. Redact — Controls sensitive information by performing redaction usingdefined rules.
   6. URL Intel — Retrieves intelligence about known URLs. Supported provider:CrowdStrike.
   7. Vault — Secure storage of secrets, cryptographic keys, and Pangea APItokens.
9. Navigate to https://console.pangea.cloud/project/credentials. The tokenthat has been extended to all of the above services should be displayed witha "Stored" indicator under the Vault column. Click on that to navigatestraight to the Vault item that contains that token. The ID of this itemis what will be used as the PANGEA_VAULT_ITEM_ID environment variable.

Usage with Claude Desktop

Edit the following configuration file (create it if it does not exist):

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

Replace (or merge) the file contents with the following:

{
  "mcpServers": {
    "pangea": {
      "command": "npx",
      "args": ["-y", "@pangeacyber/mcp-server"],
      "env": {
        "PANGEA_VAULT_TOKEN": "pts_00000000000000000000000000000000",
        "PANGEA_VAULT_ITEM_ID": "pvi_00000000000000000000000000000000",
        "PANGEA_AUDIT_CONFIG_ID": "pci_00000000000000000000000000000000"
      }
    }
  }
}

1. Update the PANGEA_VAULT_TOKEN value to the Pangea Vault API token.
2. Update the PANGEA_VAULT_ITEM_ID value to the Vault item ID that containsthe API token that will be used to call all other Pangea services.
3. Update the PANGEA_AUDIT_CONFIG_ID value to the Secure Audit Logconfiguration ID.
4. Restart Claude Desktop.

Tools

AI Guard

• prompt_guard — Analyze and redact text to avoid manipulation of the model, addition of malicious content, and other undesirable data transfers.

Domain Intel

• lookup_domain_reputation — Look up reputation score(s) for one or more domains.
• whois — Retrieve WHOIS (an Internet resource's registered users or assignees) for a domain.

Embargo

• check_ip_embargo — Check one or more IP addresses against known sanction and trade embargo lists.
• check_iso_code_embargo — Check a country code against known sanction and trade embargo lists.

File Intel

• lookup_file_reputation — Retrieve a reputation score for a set of file hashes.

IP Intel

• lookup_ip_address_reputation — Look up reputation score(s) for one or more IP addresses.
• lookup_domain_from_ip_address — Retrieve the domain name associated with one or more IP addresses.
• is_proxy — Determine if one or more IP addresses originate from a proxy.
• is_vpn — Determine if one or more IP addresses originate from a VPN.
• geolocate — Geolocate, or retrieve location information associated with, one or more IP addresses.

Redact

• redact — Redact sensitive information from provided text.

Secure Audit Log

• log_entry — Create a log entry in the Secure Audit Log.
• search_log — Search the Secure Audit Log.

URL Intel

• lookup_url_reputation — Look up reputation score(s) for one or more URLs.

Vault

• get_vault_item — Retrieve details for a Vault key, secret, token, or folder.
• list_vault_items — Retrieve an array of Vault items matching a given filter, including secrets, keys, tokens, and folders, along with their common details.
• delete_vault_item — Delete a Vault key, secret, token, or folder.
• generate_key — Generate a symmetric or asymmetric key.