pwno-mcp

pwno-mcp runs GDB (with pwndbg) inside an isolated environment and exposes stateful debugging/exploit I/O workflows to LLM agents via an MCP server, with support for multiple sessions and helper automation.

Evaluated Mar 30, 2026 (0d ago)

Homepage ↗ Repo ↗ DevTools mcp gdb pwndbg pwntools agentic binary-analysis debugger exploit-dev

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Security-critical: the container run example grants SYS_PTRACE and SYS_ADMIN and relaxes seccomp/apparmor (unconfined). README does not mention authentication/authorization, TLS, or rate limiting for the MCP endpoint, so network exposure should be avoided (use localhost/isolated networks) unless additional hardening exists in the unseen implementation.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

Running locally/privately (e.g., container on a developer machine) where an agent needs stateful debugging and can manage its own session lifecycle.

Avoid When

When you need strong, documented auth/rate limiting for untrusted remote clients, or when container/ptrace privileges cannot be granted safely.

Use Cases

• Agentic binary exploitation workflows that require interactive debugging
• Automated register/stack/disassembly/source/backtrace snapshots during analysis
• Deterministic execution control using GDB/MI for iterative refinement
• Workspace automation for managing target binaries, processes, and related tooling
• Parallel agent sessions for concurrent exploit-driver experiments

Not For

• Production-grade hosted deployments that require strong multi-tenant auth and network hardening
• Sensitive environments where running GDB/pwndbg with ptrace is unacceptable
• Use cases needing a public internet API with clear rate-limit/SLA guarantees

Interface

REST API

GraphQL

gRPC

MCP Server

Yes ↗

SDK

Webhooks

Authentication

OAuth: No Scopes: No

README shows an unauthenticated-looking local endpoint and a stdio transport, but does not describe any authentication mechanism, tokens, or access controls for the MCP service.

Pricing

Free tier: No

Requires CC: No

No pricing details provided; README includes license/usage notes but not commercial hosting/pricing for the service itself.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ Requires ptrace-capable container execution (SYS_PTRACE/SYS_ADMIN) which may fail depending on host/container security settings.
⚠ Statefulness implies agents must manage session lifecycle correctly to avoid cross-session contamination.
⚠ Deterministic control depends on correct GDB/MI usage; agents may need to wait for prompt/response boundaries to avoid desync.
⚠ Running untrusted binaries under the debug environment can introduce risk beyond the tool’s API surface.

Alternatives

Using GDB/pwndbg directly with a custom agent integration (e.g., gdbserver + scripting) Other agent-oriented MCP tools or custom FastAPI/REST wrappers around GDB/MI Local orchestration around pwntools + GDB/MI without an MCP layer

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for pwno-mcp.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.