TriageMCP
by eversinc33
Overview
Enables an LLM to perform static analysis and triage of PE files using local security tools.
Installation
python triage.pySecurity Notes
The server allows an LLM to execute external binaries (FLOSS, UPX, CAPA) and access the local filesystem via user-controlled file paths. Without robust input validation, sanitization, or sandboxing mechanisms, a malicious or compromised LLM could potentially: 1) analyze arbitrary system files (information leak via `list_directory`, `get_hashes`, `get_pe_metadata` etc.), 2) attempt to unpack or modify critical system binaries (`upx_unpack`), or 3) exploit command injection vulnerabilities in the external tools if crafted file paths are passed directly to `subprocess` calls. The hardcoded tool paths also mean the setup is specific and not easily adaptable to different security contexts without code modification.
Similar Servers
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
Reversecore_MCP
Provides a Micro-Agent Control Protocol (MCP) server that wraps various reverse engineering CLI tools and libraries, enabling AI agents to perform binary analysis, malware analysis, and vulnerability research through natural language commands.
MalwareBazaar_MCP
An AI-driven MCP server interfacing with Malware Bazaar for real-time threat intelligence and sample metadata, supporting cybersecurity research workflows.
treesitter-mcp
Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.