# website-search MCP server

Improve security writing, score it against rubrics, plan IR, CTI, vuln, and product strategy.

## Links
- Registry page: https://www.getdrio.com/mcp/com-zeltser-website-search
- Repository: https://github.com/lennyzeltser/zeltser-website-mcp-server
- Website: https://zeltser.com/good-ir-reports-with-ai

## Install
- Endpoint: https://website-mcp.zeltser.com/mcp
- Auth: Not captured

## Setup notes
- Remote endpoint: https://website-mcp.zeltser.com/mcp

## Tools
- search_zeltser - Search Lenny Zeltser's Website by keywords. Security articles on malware analysis, incident response, and security leadership. Searches across titles, abstracts, full content, and topics. Endpoint: https://website-mcp.zeltser.com/mcp
- get_article - Get the full content of a specific article from Lenny Zeltser's Website by URL path. Security articles on malware analysis, incident response, and security leadership. Returns title, date, topics, summary, and full body text. Endpoint: https://website-mcp.zeltser.com/mcp
- get_index_info - Get statistics about the Lenny Zeltser's Website search index including total pages indexed, last update time, and available tools. Endpoint: https://website-mcp.zeltser.com/mcp
- get_capabilities - List all capabilities and tools available from the Lenny Zeltser's Website MCP server, including search tools and any specialized features like IR report writing assistance. Endpoint: https://website-mcp.zeltser.com/mcp
- get_security_writing_guidelines - Get Lenny Zeltser's expert writing guidelines for security reports and assessments. Provides guidance on tone, structure, clarity, executive summaries, and avoiding common writing mistakes. Includes rating-sheet items (the four lens sheets: structure, look, words, tone) as concrete reference points for grounded feedback. Works for any security document. This server never requests your documents and instructs your AI to keep them local—guidelines flow to your AI for local analysis. Note: For incident response reports specifically, use the ir_* tools which provide deeper section-by-section review criteria. Endpoint: https://website-mcp.zeltser.com/mcp
- ir_get_template - Get Lenny Zeltser's structured incident response template. Covers all critical IR sections with field-by-field guidance. Pass kind: "report" (default — full incident-response report) or "brief" (one-page executive brief, IR 1.5.0+). This server never requests your incident notes and instructs your AI to keep them local—guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- ir_get_guidelines - Get Lenny Zeltser's expert writing guidelines for incident response reports. Topics: tone, words, structure, executive_summary, voice, articles, summary, brief (one-page brief section guidance, IR 1.5.0+), frameworks (regulatory + maturity frameworks), handoffs (cross-server routing). When the topic maps to a lens (tone, words, structure), the response includes a rating-sheet checklist appendix as concrete reference points for grounded feedback. This server never requests your incident notes and instructs your AI to keep them local—guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- ir_load_context - Load Lenny Zeltser's IR report writing context for local analysis. Returns expert guidelines for field completeness, incident identification, notification triggers, and writing quality. Includes rating-sheet items (lens taxonomy plus the IR-specific Information sheet) as concrete reference points for grounded feedback. This server never requests your incident notes and instructs your AI to keep them local. Use detail_level to control response size: "minimal" (~2k tokens), "standard" (~5k tokens), or "comprehensive" (~11k tokens). Endpoint: https://website-mcp.zeltser.com/mcp
- ir_review_report - Get Lenny Zeltser's expert criteria for reviewing an existing IR report. Returns focused guidance for constructive critique — what to check in each section, writing quality issues to identify, and how to frame feedback collaboratively. Includes rating-sheet items (lens taxonomy plus the IR-specific Information sheet) as concrete reference points for grounded feedback. This server never requests your report and instructs your AI to keep it local. Endpoint: https://website-mcp.zeltser.com/mcp
- product_get_template - Get Lenny Zeltser's fill-in-the-blank template for planning a security product strategy. Includes strategic questions organized by section with evidence columns. This server never requests your product plans and instructs your AI to keep them local—guidelines flow to your AI for local analysis. The template is Copyright (c) 2026 Lenny Zeltser; any content you create using it is entirely yours. Endpoint: https://website-mcp.zeltser.com/mcp
- product_get_guidelines - Get Lenny Zeltser's expert strategic guidelines for a specific product strategy topic. Topics: market (segmentation), capabilities (AI, agents, MVP, positioning), sales (GTM, channels, distribution, POCs), pricing (models, retention), delivery (deployment, APIs), trust (compliance, security program), platform (ecosystem positioning), team (expertise, gaps), competitive (differentiation, moats), defensibility (AI-era defensibility rubric scoring a product across seven dimensions), smb (SMB market dynamics), endpoint (endpoint viability), ai_security (AI security vertical), role (product manager responsibilities), category_creation (new category strategy), comparative (multi-company analysis), evidence_tiering (evidence classification framework). This server never requests your product plans and instructs your AI to keep them local—guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- product_load_context - Load Lenny Zeltser's product strategy context for local analysis. Returns expert strategic frameworks, principles, and guidance for evaluating or creating security product plans. Includes rating-sheet items (the lens taxonomy: structure, words, tone) as concrete reference points for grounded feedback on the plan's writing. This server never requests your plans and instructs your AI to keep them local. Use detail_level to control response size: "minimal" (~2k tokens), "standard" (~5k tokens), "compact" (~3-4k tokens, all sections but stripped), or "comprehensive" (~12k tokens). Use market_segment: "smb" for SMB-specific guidance. Use product_focus: "endpoint" for endpoint security viability assessment. Set include_template: true to include the fill-in-the-blank template in the response. Endpoint: https://website-mcp.zeltser.com/mcp
- product_review_plan - Get Lenny Zeltser's expert criteria for reviewing an existing product strategy plan. Returns focused guidance for constructive critique—what to check in each section, strategic coherence issues, and how to frame feedback collaboratively. Includes rating-sheet items (the lens taxonomy: structure, words, tone) as concrete reference points for grounded feedback on the plan's writing. This server never requests your plan and instructs your AI to keep it local. Use market_segment: "smb" to include SMB-specific review criteria. Use product_focus: "endpoint" to include endpoint viability assessment. Endpoint: https://website-mcp.zeltser.com/mcp
- product_compare_context - Load Lenny Zeltser's comparative analysis framework for evaluating multiple security companies side by side. Returns structured scoring rubric, evaluation dimensions, evidence tiering guidance, and comparison-type-specific instructions. Requires comparative analysis content. This server never requests your product plans and instructs your AI to keep them local—guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- rating_get_sheet - Get Lenny Zeltser's cybersecurity-writing rating sheet(s) so your AI can apply the rubric. Returns the structured rubric (groups, items, scoring bands) WITHOUT computing a score. Use `rating_score_writing` if you also want a numeric score, gap analysis, or rubric-anchored feedback. This server never requests your draft and instructs your AI to keep it local—rating sheets and scoring instructions flow to your AI. Endpoint: https://website-mcp.zeltser.com/mcp
- rating_score_writing - Get Lenny Zeltser's scoring playbook so your AI can score a draft locally against a cybersecurity-writing rating sheet. THIS IS THE ONLY TOOL THAT PRODUCES NUMERIC SCORES — the writing-coach tools (`get_security_writing_guidelines`, `ir_*`, `product_*`) never score. Returns the rubric plus step-by-step instructions for applying it. This server never requests your draft and instructs your AI to keep it local—rating sheets and scoring instructions flow to your AI. Endpoint: https://website-mcp.zeltser.com/mcp
- rating_load_context - Load Lenny Zeltser's complete cybersecurity-writing rating toolkit: all 7 sheets, scoring policy, scoring playbook, and cross-references to the writing guidelines. This server never requests your draft and instructs your AI to keep it local—rating sheets and scoring instructions flow to your AI. Endpoint: https://website-mcp.zeltser.com/mcp
- aidefense_load_context - Load Lenny Zeltser's AI Defense Matrix context: the 8-asset x 6-NIST-CSF-2.0-function matrix, nine cross-walked frameworks (NIST IR 8596, CSA AICM, ISO 42001, Google SAIF, SANS Critical AI Security Guidelines, MITRE ATLAS, OWASP AI Exchange, OWASP LLM Top 10, OWASP Agentic Top 10), and the evaluation + cross-mapping playbooks. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- aidefense_get_matrix - Get the structured AI Defense Matrix: 8 AI-specific asset rows x 6 NIST CSF 2.0 function columns. Each cell describes a control category for defending that asset class. Supports optional filtering by asset or function. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- aidefense_get_framework_alignment - Get AI Defense Matrix cross-mappings to nine external frameworks: NIST IR 8596, CSA AI Controls Matrix, ISO 42001, Google SAIF, SANS Critical AI Security Guidelines, MITRE ATLAS, OWASP AI Exchange, OWASP LLM Top 10, OWASP Agentic Security Top 10. Each row maps an AI asset class to how that framework applies. Each returned framework also carries a 'concepts' array of the structured IDs (MITRE ATLAS techniques, OWASP risks, ISO clauses) the matrix references for it. Supports a 'buyer' archetype shortcut to scope to the frameworks a particular buyer will care about. Use to translate between framework vocabularies. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- aidefense_evaluate_program - Get the AI Defense Matrix evaluation playbook for assessing an AI security program: per-cell prompts, gap-inventory template, and a workflow that walks each asset class first and rolls findings up to the Govern column. Supports mode='gate' for binary deployment-gate decisions (returns the deployment-gate workflow plus gate-tier prompts only) and consumerPattern for scoping to consumed-vs-built AI deployments. The AI applies these prompts against your program documentation locally, and no program details leave your client. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- aidefense_cross_map - Get the AI Defense Matrix cross-mapping playbook for mapping product capabilities to matrix cells: coverage taxonomy (primary, secondary, partial, aspirational), differentiation guidance, disambiguation block, worked examples, and out-of-scope examples. The response always includes an inScopeCheck. Products that USE AI to solve a non-AI security problem (deepfake detection, AI-for-fraud, AI features added to existing SIEM, SOAR, or EDR tools) belong in the Cyber Defense Matrix at https://cyberdefensematrix.com. Pairs naturally with product_load_context(productFocus: 'ai_security') for follow-on positioning and GTM work. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- aidefense_locate_concept - Reverse-lookup a single concept ID (MITRE ATLAS technique like 'AML.T0051', OWASP LLM Top 10 risk like 'LLM01', OWASP Agentic Top 10 issue like 'ASI03', or ISO 42001 Annex A clause like 'A.6') across the AI Defense Matrix. Returns which framework the concept belongs to, the asset rows whose alignment cites it, the cells whose evaluation cellPrompts cite it, and those prompts themselves. Useful when a vendor's product is defined by a specific technique ('we defend AML.T0051') and they need to find which matrix cells to claim. Recognizes only concepts with structured IDs; for prose-only frameworks (NIST IR 8596, CSA AICM, Google SAIF, OWASP AI Exchange) use aidefense_get_framework_alignment instead. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- ir_get_brief_template - Get Lenny Zeltser's IR one-page executive brief template. Standalone variant of `ir_get_template` for callers that only want the brief without the long-form report. This server never requests your incident notes and instructs your AI to keep them local—guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- ir_get_cross_server_routes - Get Lenny Zeltser's IR cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `ir_load_context`. This server never requests your incident notes and instructs your AI to keep them local—guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- ir_get_frameworks - Get Lenny Zeltser's IR frameworks (primary frameworks the brief structurally derives from) plus optional sibling frames (adjacent frameworks that aren't the structural backbone). Pass `include_siblings: false` to skip sibling blocks. This server never requests your incident notes and instructs your AI to keep them local—guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- cti_get_template - Get Lenny Zeltser's cyber threat intel template. The long report covers Executive Summary, Actor Snapshot, Methodology, Activity Overview, Representative Adversary Techniques, Indicators of Compromise, Defensive Implications, Attribution Analysis, Anticipated Activity, optional Strategic Analysis and Competing Hypotheses, plus About this Report. The one-page brief covers Bottom Line, Quick Facts, Are We in Scope?, Defensive Actions, What We Don't Know, More Information. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- cti_get_guidelines - Get Lenny Zeltser's expert CTI writing guidelines. Topics include tone, words, structure, executive_summary, voice, articles, summary, brief (one-page brief section guidance), handoffs (cross-server routing), methodology (the three subsections), fields (per-field guidance), and CTI-specific topics: attribution (full Six Signals prose), confidence (ICD-203 ladder), pyramid_of_pain, six_signals (signals table only), and anti_patterns. The general writing topics (tone/words/structure/executive_summary) now defer to `get_security_writing_guidelines` for the canonical Five Elements rules; CTI-specific content lives in the other topics. Pair the 'fields' topic with field_id for single-field guidance. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- cti_load_context - Load Lenny Zeltser's CTI writing context for local analysis. Returns a JSON payload with section guidance, completeness criteria, framework grounding (12 frameworks), the six attribution signals, ICD-203 confidence levels and ladder, and the Pyramid of Pain. The 'profile' parameter ANNOTATES sections (internal/public applicability label) rather than filtering — every section is returned so cross-profile comparisons are possible. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- cti_review_report - Get Lenny Zeltser's expert criteria for reviewing an existing CTI report or brief. Surfaces per-theme review criteria (framework, confidence, attribution, defense, distribution, etc.), cross-cutting criteria, the six anti-patterns to watch for, and focus-driven writing analysis. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- cti_get_brief_template - Get Lenny Zeltser's CTI one-page executive brief template. Standalone variant of `cti_get_template` for callers that only want the brief without the long-form report. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- cti_get_cross_server_routes - Get Lenny Zeltser's CTI cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `cti_load_context`. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- cti_get_frameworks - Get Lenny Zeltser's CTI frameworks (primary frameworks the brief structurally derives from) plus optional sibling frames (adjacent frameworks that aren't the structural backbone). Pass `include_siblings: false` to skip sibling blocks. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- malware_get_template - Get Lenny Zeltser's malware analysis report template. The report covers Executive Summary, Sample Snapshot, Malware Family Identification, Component Inventory, Runtime Requirements, Sources, Capabilities, Indicators of Compromise, Analysis Details, What We Don't Know, optional Infection Vector, optional Detection Engineering, About this Report, Appendix: Analysis Environment, and optional Appendix: Analysis Scripts. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- malware_get_guidelines - Get Lenny Zeltser's expert malware analysis report writing guidelines. Topics include capabilities, confidence, pyramid_of_pain, anti_patterns, methodology, fields, handoffs, frameworks, plus tone, words, structure, and executive_summary topics that defer to `get_security_writing_guidelines` for canonical Five Elements guidance. Pair the 'fields' topic with field_id for single-field guidance. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- malware_load_context - Load Lenny Zeltser's malware analysis report writing context for local analysis. Returns a JSON payload with section guidance, the MBC capability model, ICD-203 confidence scoped to the family call, Pyramid-of-Pain IOC tiering, and a briefPolicy explaining why there is no companion brief. The 'profile' parameter ANNOTATES sections (organizationalReport/researcherNarrative applicability label) rather than filtering — every section is returned so cross-profile comparisons are possible. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- malware_review_report - Get Lenny Zeltser's expert criteria for reviewing an existing malware analysis report. Surfaces per-theme review criteria for identification, capabilities, indicators, evidence, ecosystem, detection, reproducibility, and distribution; cross-cutting criteria; anti-patterns; and focus-driven writing analysis. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- malware_get_cross_server_routes - Get Lenny Zeltser's Malware cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `malware_load_context`. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- malware_get_frameworks - Get Lenny Zeltser's Malware frameworks (primary frameworks the brief structurally derives from) plus optional sibling frames (adjacent frameworks that aren't the structural backbone). Pass `include_siblings: false` to skip sibling blocks. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- vuln_get_template - Get Lenny Zeltser's one-page Vulnerability Advisory Brief template. Covers Bottom Line, Quick Facts, Are We Affected?, Defensive Actions (with What/Why/When/Who), What We Don't Know, and More Information. This server never requests your vulnerability notes and instructs your AI to keep them local—the brief template and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- vuln_get_guidelines - Get Lenny Zeltser's expert vulnerability-brief writing guidelines. Topics include tone, words, structure, voice, articles, summary, fields (per-field guidance), handoffs (cross-server routing), and vuln-specific topics: significance (calibrated insecurity, no vendor passthrough — note this is the Vuln Brief's Significance row, distinct from CVSS/vendor severity scoring), actions (action-enabling What/Why/When/Who), gaps (calibrated uncertainty), sources (evidence synthesis), are_we_affected (scope discipline), and anti_patterns. Pair the 'fields' topic with field_id for single-field guidance. This server never requests your vulnerability notes and instructs your AI to keep them local—the brief template and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- vuln_load_context - Load Lenny Zeltser's Vulnerability Investigation Brief context for local analysis. Returns a JSON payload with brief section guidance, completeness criteria, significance discipline (renamed from 'severity' in 1.1.0 — the Vuln Brief's Significance row, distinct from CVSS or vendor severity scoring), evidence-source guidance, frameworks (CVSS / CVE / NVD / CISA KEV / Vendor Advisory), and ALWAYS embeds the mcpHandoffs array — six pointers that tell the AI when to reach for rating_score_writing, rating_get_sheet, get_security_writing_guidelines, cti_load_context, ir_load_context, or search_zeltser. This server never requests your vulnerability notes and instructs your AI to keep them local—the brief template and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- vuln_review_brief - Get Lenny Zeltser's expert criteria for reviewing an existing Vulnerability Investigation Brief. Surfaces per-theme review criteria (significance, scope, actions, gaps, sources), cross-cutting criteria, anti-patterns, and inline mcpHandoffs pointers when the requested focus triggers scoring or writing-mechanics themes (e.g., focus=tone surfaces rating_score_writing). This server never requests your vulnerability notes and instructs your AI to keep them local—the brief template and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- vuln_get_brief_template - Get Lenny Zeltser's Vuln one-page executive brief template. Standalone variant of `vuln_get_template` for callers that only want the brief without the long-form report. This server never requests your vulnerability notes and instructs your AI to keep them local—the brief template and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- vuln_get_cross_server_routes - Get Lenny Zeltser's Vuln cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `vuln_load_context`. This server never requests your vulnerability notes and instructs your AI to keep them local—the brief template and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- vuln_get_frameworks - Get Lenny Zeltser's Vuln frameworks (primary frameworks the brief structurally derives from) plus optional sibling frames (adjacent frameworks that aren't the structural backbone). Pass `include_siblings: false` to skip sibling blocks. This server never requests your vulnerability notes and instructs your AI to keep them local—the brief template and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- assessment_get_template - Get Lenny Zeltser's security assessment template. The report is a reader-first findings report: Executive Summary, Assessment Scope, Findings Summary, Detailed Findings, Remediation Priorities, optional Attack Path Narrative and Detection and Response Observations, Methodology, Limitations and Disclaimer, Appendices, and About this Report. The one-page brief covers Bottom Line, Key Findings, Recommended Actions, and More Information. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- assessment_get_guidelines - Get Lenny Zeltser's expert security assessment report writing guidelines. Topics: severity (the risk-adjusted severity model — the spine), findings, remediation, methodology, scope, strengths, brief (one-page brief section guidance), executive_summary, analysis, anti_patterns, frameworks, handoffs, and summary. The general 'tone' topic defers to `get_security_writing_guidelines` for the canonical Five Elements rules. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- assessment_load_context - Load Lenny Zeltser's security assessment report writing context for local analysis. Returns a JSON payload with the risk-adjusted severity model (the spine), reader-first section guidance, completeness criteria, frameworks (NIST SP 800-115/800-30, OWASP WSTG/Risk Rating, CVSS, MITRE ATT&CK, PTES, PCI DSS, CREST), and the mcpHandoffs array. The 'profile' parameter ANNOTATES sections (internal/external applicability) rather than filtering — every section is returned so cross-profile comparisons are possible. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- assessment_review_report - Get Lenny Zeltser's expert criteria for reviewing an existing security assessment report or brief. Surfaces the 17 info-assessment review items across five groups (Key Takeaways, Assessment Scope, Prioritized Findings, Remediation Suggestions, Assessment Methodology), cross-cutting criteria, the risk-adjusted severity model, anti-patterns, and a pointer to rating_score_writing for a numeric score. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- assessment_get_brief_template - Get Lenny Zeltser's Security Assessment one-page executive brief template. Standalone variant of `assessment_get_template` for callers that only want the brief without the long-form report. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- assessment_get_cross_server_routes - Get Lenny Zeltser's Security Assessment cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `assessment_load_context`. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp
- assessment_get_frameworks - Get Lenny Zeltser's Security Assessment frameworks (primary frameworks the brief structurally derives from) plus optional sibling frames (adjacent frameworks that aren't the structural backbone). Pass `include_siblings: false` to skip sibling blocks. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis. Endpoint: https://website-mcp.zeltser.com/mcp

## Resources
Not captured

## Prompts
Not captured

## Metadata
- Owner: com.zeltser
- Version: 8.0.0
- Runtime: Streamable Http
- Transports: HTTP
- License: Not captured
- Language: Not captured
- Stars: Not captured
- Updated: May 29, 2026
- Source: https://registry.modelcontextprotocol.io
