{"id":"eversinc33-triagemcp","name":"TriageMCP","homepage":null,"repo_url":"https://github.com/eversinc33/TriageMCP","category":"security","subcategories":[],"tags":["mcp","static-analysis","malware-triage","pe","yara","python"],"what_it_does":"TriageMCP is an MCP server intended to perform basic static triage of Windows PE (Portable Executable) files using tooling such as pefile and YARA, returning analysis results to an LLM-driven workflow.","use_cases":["Automated static triage of suspected malware samples for faster analyst review","Initial PE feature extraction (headers/structure) and rule-based detection via YARA","LLM-assisted malware triage/report generation in an agent workflow"],"not_for":["Dynamic analysis / sandbox detonation","High-confidence malware attribution or verdicts","Cryptographically verifying sample provenance","Production SaaS use without hardening and operational controls"],"best_when":"You need a local/controlled static PE triage capability integrated into an agent via MCP (stdio or SSE).","avoid_when":"You require a fully documented, contract-first API with robust auth/rate limiting, or you need sandbox/detonation capabilities.","alternatives":["Custom static triage pipelines (pefile + lief + yara) behind a simple internal API","Existing malware triage platforms and CLIs (commercial or open-source) that provide richer analysis workflows","Vulnerability/malware static scanners with REST interfaces"],"af_score":40.5,"security_score":30.0,"reliability_score":17.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:51:11.997136+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No authentication mechanism is described in the provided README; it appears intended for local usage (stdio transport) or local SSE without auth controls."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source tooling; no pricing details provided."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":40.5,"security_score":30.0,"reliability_score":17.5,"mcp_server_quality":45.0,"documentation_accuracy":40.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":95.0,"rate_limit_clarity":0.0,"tls_enforcement":10.0,"auth_strength":20.0,"scope_granularity":0.0,"dependency_hygiene":60.0,"secret_handling":70.0,"security_notes":"No auth controls described. SSE usage suggests network exposure may be possible without TLS/auth guidance. The tool analyzes uploaded/local file content; ensure you run in a controlled environment and handle untrusted files safely (sandboxing). Dependency hygiene is unknown from provided content; Python deps may have typical CVE risk depending on versions.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":20.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["No documented MCP tool schema/inputs/outputs in the provided README; agent integration may require inspecting triage.py directly.","No documented behavior for repeated requests, large files, or partial analysis failures.","No guidance on how sample paths are resolved/validated across stdio vs SSE transport."]}}