CutterMCP-plus

Provides an MCP-enabled interface to Cutter (reverse engineering tool). It exposes Cutter operations (listing functions/globals/strings/segments, decompiling/disassembling, xrefs, renaming, comments/types, and reading bytes/addresses) via a local HTTP plugin inside Cutter and an MCP wrapper that can run in STDIO or streamable HTTP mode.

Evaluated Mar 30, 2026 (21d ago)

Repo ↗ Ai Ml mcp reverse-engineering disassembly decompilation llm local-api cutter-plugin

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Runs primarily as local services (127.0.0.1) and communicates via HTTP/stdio. README does not describe TLS, authentication, authorization, or rate limiting. It explicitly warns about injection risks from strings during malware analysis and cautions against blindly executing commands; however, no concrete sandboxing or input sanitization details are provided.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

Used locally for interactive reverse engineering and analysis where an agent can call deterministic Cutter actions (decompile/disasm/xrefs) and the operator can review results.

Avoid When

Avoid exposing the server to untrusted networks, and avoid deploying in multi-tenant settings without strong network and auth controls.

Use Cases

• Accelerate reverse engineering workflows with LLM-assisted reasoning over disassembly/decompilation
• Assist CTF-style program analysis and challenge solving
• Aid malware analysis by summarizing/renaming functions and extracting key information

Not For

• Production, internet-facing deployments (runs as a local server; no documented auth)
• Environments requiring strict compliance/SLA guarantees
• Automated execution of potentially dangerous actions without human review

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

Yes ↗

SDK

Webhooks

Authentication

OAuth: No Scopes: No

No authentication mechanism is described for the local HTTP endpoints or MCP wrapper. Usage appears to assume a trusted local environment (127.0.0.1).

Pricing

Free tier: No

Requires CC: No

The project itself appears open-source; costs depend on whichever external LLM(s) are used by the agent/host.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ Local HTTP server endpoints are assumed trusted; avoid exposing beyond localhost
⚠ Token spending can be significant for LLM-driven steps
⚠ Analysis results may be influenced by anti-analysis/obfuscation; agent may need extra disassembly/direct inspection
⚠ Some operations change Cutter state (renames/comments/types), so agent should avoid unintended repeated modifications

Alternatives

Cutter standalone (manual workflow with built-in analysis) Other disassembly/decompilation LLM integrations (e.g., IDA/Ghidra scripting + LLM tooling) General-purpose MCP tool wrappers around reverse-engineering frameworks (if available)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for CutterMCP-plus.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.