TriageMCP
by eversinc33
Overview
Enables an LLM to perform static analysis and triage of PE files using local security tools.
Installation
python triage.pySecurity Notes
The server allows an LLM to execute external binaries (FLOSS, UPX, CAPA) and access the local filesystem via user-controlled file paths. Without robust input validation, sanitization, or sandboxing mechanisms, a malicious or compromised LLM could potentially: 1) analyze arbitrary system files (information leak via `list_directory`, `get_hashes`, `get_pe_metadata` etc.), 2) attempt to unpack or modify critical system binaries (`upx_unpack`), or 3) exploit command injection vulnerabilities in the external tools if crafted file paths are passed directly to `subprocess` calls. The hardcoded tool paths also mean the setup is specific and not easily adaptable to different security contexts without code modification.
Similar Servers
mcp-windbg
Bridges AI models with WinDbg/CDB to analyze Windows crash dumps and connect to remote debugging sessions.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers that detects vulnerabilities and security issues in MCP implementations.
Reversecore_MCP
The Reversecore_MCP server provides a Micro-Capability Platform (MCP) enabling AI agents to perform comprehensive binary analysis, malware detection, vulnerability research, and security report generation using integrated tools like Radare2, Ghidra, LIEF, and YARA.
MalwareBazaar_MCP
An AI-driven MCP server interfacing with Malware Bazaar for real-time threat intelligence and sample metadata, supporting cybersecurity research workflows.