ToolTrust
A2/100
LING71671

open-reverselab

mcp1.1.0-windows

@LING71671

Open-source reverse engineering lab: 197-article knowledge base + MCP tools + CTF/APK/PE automation toolchain. Agent-native. Note:由于场景原因,目前有让几乎所有(除fable5)AI都会越狱的bug,静等官方修复,但是请在合法授权下进行安全测试😉(等我用上5.6再更新(ー_ー)!!)

By LING71671 | 82 findings | Scanned 7/12/2026 | tooltrust-scanner/v0.3.19 | 574

3 Low79 Info

Risk Summary

Safe With Normal Controls

Missing Description is the main signal, but overall risk remains within an acceptable range.

Potential impact: This finding indicates the tool should be reviewed before it is trusted.

Recommended action: No high-risk findings were detected in this scan, but you should still apply least-privilege defaults and rescan after changes.

Suggested policy: keep this tool behind manual approval, do not allow unattended runs, and re-scan after narrowing risky permissions.

Security Findings (82)

  • LowAS-011

    ℹ️Missing Rate-Limit / Timeout ×3

    tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

    AI finding recorder/searcherdirsearchsearchsploit

    Fix: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

  • InfoAS-007

    ℹ️Missing Description or Schema ×38

    Tool 'Python' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Python

    Tool 'Node.js' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Node.js

    Tool 'Java' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Java

    Tool 'ripgrep' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    ripgrep

    Tool 'curl' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    curl

    Tool 'Git' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Git

    Tool 'Go' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Go

    Tool 'Docker' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Docker

    Tool 'AI task context generator' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    AI task context generator

    Tool 'AI tool router' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    AI tool router

    Tool 'AI finding recorder/searcher' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    AI finding recorder/searcher

    Tool 'No-popup AI toolcheck' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    No-popup AI toolcheck

    Tool 'ffuf' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    ffuf

    Tool 'gobuster' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    gobuster

    Tool 'feroxbuster' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    feroxbuster

    Tool 'sqlmap' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    sqlmap

    Tool 'nmap' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    nmap

    Tool 'httpx' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    httpx

    Tool 'katana' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    katana

    Tool 'nuclei' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    nuclei

    Tool 'dirsearch' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    dirsearch

    Tool 'jwt_tool' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    jwt_tool

    Tool 'tplmap' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    tplmap

    Tool 'searchsploit' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    searchsploit

    Tool 'Burp Suite Desktop JAR' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Burp Suite Desktop JAR

    Tool 'Burp Suite wrapper' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Burp Suite wrapper

    Tool 'apktool' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    apktool

    Tool 'jadx CLI' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    jadx CLI

    Tool 'uber-apk-signer' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    uber-apk-signer

    Tool 'frida-server android x86_64' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    frida-server android x86_64

    Tool 'PE-bear' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    PE-bear

    Tool 'Procmon' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Procmon

    Tool 'HxD installer' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    HxD installer

    Tool 'Cutter' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Cutter

    Tool 'Proxy Pool' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Proxy Pool

    Tool 'Proxy Pipeline' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Proxy Pipeline

    Tool 'Proxy Quick Test' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    Proxy Quick Test

    Tool 'MITM Proxy Capture' has no description - agents cannot reason about its purpose, and static analysis coverage is limited

    MITM Proxy Capture

    Fix: Review and remediate the identified issue.

  • InfoAS-014

    ℹ️Dependency Inventory Unavailable ×38

    Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

    PythonNode.jsJavaripgrepcurlGitGoDockerAI task context generatorAI tool routerAI finding recorder/searcherNo-popup AI toolcheckffufgobusterferoxbustersqlmapnmaphttpxkatananucleidirsearchjwt_tooltplmapsearchsploitBurp Suite Desktop JARBurp Suite wrapperapktooljadx CLIuber-apk-signerfrida-server android x86_64PE-bearProcmonHxD installerCutterProxy PoolProxy PipelineProxy Quick TestMITM Proxy Capture

    Fix: Review and remediate the identified issue.

  • InfoAS-002

    ⚠️Excessive Permissions ×3

    declared capabilities: network access

    AI finding recorder/searcherdirsearchsearchsploit

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

Scan this tool yourself

Reproduce this audit locally, integrate into CI, or let your agent audit its own tools.

Install once, then scan any MCP server:

$ curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash
$ tooltrust-scanner scan --server "npx -y open-reverselab"

Adjust the package name if your npm registry name differs from the tool ID. View source

Add badge to your README

Copy this Markdown to show your ToolTrust grade on GitHub.

[![ToolTrust Grade A](https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-directory/main/docs/badges/grade-a.svg)](https://github.com/AgentSafe-AI/tooltrust-directory)