jebmcp

jebmcp provides an MCP server/plugin that integrates the JEB Pro reverse-engineering environment with MCP-capable clients (e.g., Cline/Cursor/RooCode). It starts a local HTTP endpoint (127.0.0.1:16161) and exposes MCP methods for querying/manipulating decompiled/exported artifacts in JEB, including class/method/field inspection and renaming.

Evaluated Mar 30, 2026 (0d ago)

Repo ↗ Ai Ml mcp mcp-server jython jeb reverse-engineering decompiler-automation agent-integration

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Based on README alone: MCP endpoint is local HTTP (127.0.0.1). There is no documented authentication/authorization, scope model, or transport security. The tool appears to support powerful actions (renaming classes/methods/fields), so misuse could alter analysis artifacts. Dependency hygiene is unknown from provided content; only Python>=3.11 and uv are mentioned.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You want local, agent-driven assistance for JEB Pro analysis and refactoring tasks, running MCP on the same machine as JEB.

Avoid When

You need strong access control, network-exposed deployment, or verified robustness guarantees (docs/security details are limited in the provided README).

Use Cases

• Use an MCP client to drive JEB Pro analysis workflows
• Export or enumerate JEB activities/classes/methods/fields via MCP
• Retrieve decompiled code (class/method) and related analysis (callers/overrides/interfaces/superclass)
• Automate renaming of classes/methods/fields based on analysis results

Not For

• Production-grade authenticated remote services
• Use without JEB Pro installed and correctly configured
• Environments requiring strict compliance evidence for code provenance or security controls

Interface

REST API

GraphQL

gRPC

MCP Server

Yes ↗

SDK

Webhooks

Authentication

OAuth: No Scopes: No

README indicates local MCP server on 127.0.0.1 without any mention of authentication/authorization or scoped access. Authorization controls (if any) are not documented.

Pricing

Free tier: No

Requires CC: No

No SaaS pricing described; project is a self-hosted/local integration dependent on JEB Pro licensing.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ Server is started as a local JEB script; clients must be configured with correct command/args and sufficient timeout (README uses timeout: 1800).
⚠ No documented authentication: agents on the same network/host could potentially access the local endpoint if bound broadly (README shows 127.0.0.1).
⚠ Renaming operations are potentially non-idempotent and may be difficult to roll back if repeated.

Alternatives

IDA Pro MCP integrations (e.g., mrexodia/ida-pro-mcp referenced by the project) Other disassembly/decompilation automation frameworks with documented APIs Custom scripts inside JEB (Jython/automation) without MCP

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for jebmcp.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.