open-reverselab
mcp1.1.0-windowsOpen-source reverse engineering lab: 197-article knowledge base + MCP tools + CTF/APK/PE automation toolchain. Agent-native. Note:由于场景原因,目前有让几乎所有(除fable5)AI都会越狱的bug,静等官方修复,但是请在合法授权下进行安全测试😉(等我用上5.6再更新(ー_ー)!!)
By LING71671 | 82 findings | Scanned 7/12/2026 | tooltrust-scanner/v0.3.19 | 574
Risk Summary
Safe With Normal ControlsMissing Description is the main signal, but overall risk remains within an acceptable range.
Potential impact: This finding indicates the tool should be reviewed before it is trusted.
Recommended action: No high-risk findings were detected in this scan, but you should still apply least-privilege defaults and rescan after changes.
Suggested policy: keep this tool behind manual approval, do not allow unattended runs, and re-scan after narrowing risky permissions.
Security Findings (82)
tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
AI finding recorder/searcherdirsearchsearchsploitFix: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.
Tool 'Python' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
PythonTool 'Node.js' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
Node.jsTool 'Java' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
JavaTool 'ripgrep' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
ripgrepTool 'curl' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
curlTool 'Git' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
GitTool 'Go' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
GoTool 'Docker' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
DockerTool 'AI task context generator' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
AI task context generatorTool 'AI tool router' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
AI tool routerTool 'AI finding recorder/searcher' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
AI finding recorder/searcherTool 'No-popup AI toolcheck' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
No-popup AI toolcheckTool 'ffuf' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
ffufTool 'gobuster' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
gobusterTool 'feroxbuster' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
feroxbusterTool 'sqlmap' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
sqlmapTool 'nmap' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
nmapTool 'httpx' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
httpxTool 'katana' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
katanaTool 'nuclei' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
nucleiTool 'dirsearch' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
dirsearchTool 'jwt_tool' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
jwt_toolTool 'tplmap' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
tplmapTool 'searchsploit' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
searchsploitTool 'Burp Suite Desktop JAR' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
Burp Suite Desktop JARTool 'Burp Suite wrapper' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
Burp Suite wrapperTool 'apktool' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
apktoolTool 'jadx CLI' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
jadx CLITool 'uber-apk-signer' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
uber-apk-signerTool 'frida-server android x86_64' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
frida-server android x86_64Tool 'PE-bear' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
PE-bearTool 'Procmon' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
ProcmonTool 'HxD installer' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
HxD installerTool 'Cutter' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
CutterTool 'Proxy Pool' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
Proxy PoolTool 'Proxy Pipeline' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
Proxy PipelineTool 'Proxy Quick Test' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
Proxy Quick TestTool 'MITM Proxy Capture' has no description - agents cannot reason about its purpose, and static analysis coverage is limited
MITM Proxy CaptureFix: Review and remediate the identified issue.
Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
PythonNode.jsJavaripgrepcurlGitGoDockerAI task context generatorAI tool routerAI finding recorder/searcherNo-popup AI toolcheckffufgobusterferoxbustersqlmapnmaphttpxkatananucleidirsearchjwt_tooltplmapsearchsploitBurp Suite Desktop JARBurp Suite wrapperapktooljadx CLIuber-apk-signerfrida-server android x86_64PE-bearProcmonHxD installerCutterProxy PoolProxy PipelineProxy Quick TestMITM Proxy CaptureFix: Review and remediate the identified issue.
declared capabilities: network access
AI finding recorder/searcherdirsearchsearchsploitFix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
Scan this tool yourself
Reproduce this audit locally, integrate into CI, or let your agent audit its own tools.
Install once, then scan any MCP server:
$ curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash$ tooltrust-scanner scan --server "npx -y open-reverselab"Adjust the package name if your npm registry name differs from the tool ID. View source
Add badge to your README
Copy this Markdown to show your ToolTrust grade on GitHub.
[](https://github.com/AgentSafe-AI/tooltrust-directory)