NexusCore_MCP

This server is designed for malware analysis and inherently implements powerful, low-level, and risky capabilities. 1. **Code Injection**: Tools like `install_hook` and several Frida-based tools (`frida_session_inject`, `inject_frida_script`) allow direct injection of arbitrary JavaScript code into target processes. While this is a core feature for dynamic instrumentation, it poses a critical risk if the AI agent is compromised or fed malicious, unsanitized input, potentially leading to arbitrary code execution within the monitored process or the Frida agent itself. 2. **Network Interception (MITM)**: Tools like `https_proxy` (using Hudsucker) and `ssl_keylog`/`ssl_dumper` perform Man-in-the-Middle (MITM) attacks on network traffic. This is a deliberate feature for decrypting HTTPS malware traffic but could be a significant security/privacy risk if misconfigured or misused. 3. **Input Simulation**: The `simulate_input` tool uses Windows API calls (`winapi`) to simulate mouse and keyboard inputs. This can bypass sandbox detection but, if misused by a compromised AI agent, could lead to direct malicious actions on the host VM or even VM escape if vulnerabilities exist. 4. **External Command Execution**: Several tools wrap external executables (`tshark`, `handle.exe`, `procdump`, `pe-sieve64.exe`, `cdb.exe`, `powershell`, `ScyllaTest.exe`). The server relies on these being in the system's PATH. If an attacker could manipulate the PATH or replace these executables, it would be a critical arbitrary command execution vulnerability. Some tools, like `eventlog.rs`, construct PowerShell commands using string formatting, which could be a vector for injection if arguments are not strictly validated. 5. **Orphaned Processes**: The `network_capture` tool spawns `tshark` but warns about child process lifecycle management. Orphaned `tshark` processes could run indefinitely, consuming resources or exfiltrating data. 6. **Low-level Access**: The `stealth_unpacker.js` script actively bypasses anti-debugging and anti-VM checks, demonstrating its deep, system-level access. Given these points, the server enables highly privileged and potentially dangerous operations. It is **CRITICAL** to run NexusCore MCP only in an isolated virtual machine (VM) with untrusted inputs, as explicitly warned in the README.