{"id":"pwno-io-pwno-mcp","name":"pwno-mcp","homepage":"https://docs.pwno.io","repo_url":"https://github.com/pwno-io/pwno-mcp","category":"devtools","subcategories":[],"tags":["mcp","gdb","pwndbg","pwntools","agentic","binary-analysis","debugger","exploit-dev"],"what_it_does":"pwno-mcp runs GDB (with pwndbg) inside an isolated environment and exposes stateful debugging/exploit I/O workflows to LLM agents via an MCP server, with support for multiple sessions and helper automation.","use_cases":["Agentic binary exploitation workflows that require interactive debugging","Automated register/stack/disassembly/source/backtrace snapshots during analysis","Deterministic execution control using GDB/MI for iterative refinement","Workspace automation for managing target binaries, processes, and related tooling","Parallel agent sessions for concurrent exploit-driver experiments"],"not_for":["Production-grade hosted deployments that require strong multi-tenant auth and network hardening","Sensitive environments where running GDB/pwndbg with ptrace is unacceptable","Use cases needing a public internet API with clear rate-limit/SLA guarantees"],"best_when":"Running locally/privately (e.g., container on a developer machine) where an agent needs stateful debugging and can manage its own session lifecycle.","avoid_when":"When you need strong, documented auth/rate limiting for untrusted remote clients, or when container/ptrace privileges cannot be granted safely.","alternatives":["Using GDB/pwndbg directly with a custom agent integration (e.g., gdbserver + scripting)","Other agent-oriented MCP tools or custom FastAPI/REST wrappers around GDB/MI","Local orchestration around pwntools + GDB/MI without an MCP layer"],"af_score":51.8,"security_score":26.0,"reliability_score":31.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:35:57.986130+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://127.0.0.1:5500/mcp","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"README shows an unauthenticated-looking local endpoint and a stdio transport, but does not describe any authentication mechanism, tokens, or access controls for the MCP service."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing details provided; README includes license/usage notes but not commercial hosting/pricing for the service itself."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":51.8,"security_score":26.0,"reliability_score":31.2,"mcp_server_quality":62.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":90.0,"rate_limit_clarity":0.0,"tls_enforcement":20.0,"auth_strength":15.0,"scope_granularity":10.0,"dependency_hygiene":55.0,"secret_handling":40.0,"security_notes":"Security-critical: the container run example grants SYS_PTRACE and SYS_ADMIN and relaxes seccomp/apparmor (unconfined). README does not mention authentication/authorization, TLS, or rate limiting for the MCP endpoint, so network exposure should be avoided (use localhost/isolated networks) unless additional hardening exists in the unseen implementation.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":50.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":"Debugger/execution actions are typically stateful and not inherently idempotent, and the README does not document idempotency semantics.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Requires ptrace-capable container execution (SYS_PTRACE/SYS_ADMIN) which may fail depending on host/container security settings.","Statefulness implies agents must manage session lifecycle correctly to avoid cross-session contamination.","Deterministic control depends on correct GDB/MI usage; agents may need to wait for prompt/response boundaries to avoid desync.","Running untrusted binaries under the debug environment can introduce risk beyond the tool’s API surface."]}}