// SCAN REPORT

Pwno

36 tools. 22 can modify or destroy data without limits.

22 write tools that can modify data. Rate limits recommended.

Last updated:

22 can modify or destroy data
14 read-only
36 tools total

Community server · catalogue entry verified 11/06/2026

How to control Pwno ↓

TOOL MAP

Read (14) Write / Execute (22) Destructive / Financial (0)

MOST DANGEROUS TOOLS

High Risk
Execute · Critical execute An 'execute' tool on a binary research and debugging platform can run arbitrary commands, scripts, or GDB operations. Execute · Critical execute_python_code This tool allows execution of arbitrary Python code with full control over the execution environment (working directory, timeout). Execute · Critical execute_python_script This tool runs Python code with user-controlled arguments and working directory in a shared environment. Execute · High finish This tool executes a control flow operation on an attached debugged process via GDB.

22 of Pwno's 36 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL PWNO

PolicyLayer is an MCP gateway — it sits between your AI agents and Pwno, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "close_debug_session": {
    "limits": [
      {
        "counter": "close_debug_session_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "checkevents": {
    "limits": [
      {
        "counter": "checkevents_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Pwno — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON PWNO →

Free to start. No card required.

ALL 36 PWNO TOOLS

EXECUTE 20 tools
Execute execute execute Execute execute_python_code Execute Python code dynamically in the shared environment. Args: code: Python source code Execute execute_python_script Execute an existing Python script within the shared environment. Args: script_path: Path Execute finish Run until the current function returns (MI -exec-finish). Execute pwncli_stop Stop a pwncli driver session and clear its session pipe. Execute run Run the loaded program under GDB control. Args: args: Argument string passed to the infer Execute run_command Execute a system command and wait for completion. Note: Use this for build and helper com Execute spawn_process Spawn a long-running background process and return its PID and log paths. Note: Use this Execute step_control Execute a stepping command (c, n, s, ni, si). Args: command: One of {c, n, s, ni, si} or Execute until Run until a specified location or next source line (MI -exec-until). Execute gdb_interrupt Interrupt the inferior and drain async notifications. Args: timeout: Maximum time to wait Execute jump Resume execution at a specified location (MI -exec-jump). Args: locspec: Location such as Execute pwncli pwncli Execute return_from_function Force the current function to return immediately (MI -exec-return). Execute sendinput sendinput Execute attach Attach to an existing process by PID using GDB/MI. Args: pid: Target process ID to attach Execute create_debug_session Create or return a debug session by id. Execute install_python_packages Install additional Python packages using the shared package manager (uv). Args: packages: Execute set_breakpoint Set a breakpoint using MI (-break-insert). Args: location: Breakpoint location (symbol/ad Execute set_file Load an executable file into GDB/pwndbg for debugging. Args: binary_path: Absolute path t
WRITE 2 tools
Write close_debug_session Close an active debug session and stop any attached pwncli driver. Write kill_process Send a signal to a tracked background process (default SIGTERM=15).
READ 14 tools
Read checkevents checkevents Read checkoutput checkoutput Read fetch_repo Fetch a git repository into /workspace. Args: repo_url: Repository URL (https or ssh). Read gdb_poll Drain pending async GDB notifications. Args: timeout: Maximum time to wait (seconds) for Read get_context get_context Read get_decompiled_code Return RetDec decompiled C code if available, or a status describing why not. Read get_memory get_memory Read get_process Get information about a tracked background process by PID. Read get_retdec_status Get the current RetDec decompilation status, lazily initializing as needed. Read get_session_info Return current session info (session state + GDB state) without issuing new GDB commands. Read list_debug_sessions List all active debug sessions and metadata. Read list_processes List all tracked background processes and their metadata (PID, command, log paths). Read list_pwncli_sessions List all active pwncli driver sessions. Read list_python_packages List all packages installed in the shared Python environment.

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
automation
Binance MCP Server 734 tools
automation
Nodebench 724 tools
automation
GoHighLevel MCP Server 566 tools
automation
UnClick 451 tools
automation
NowAIKit — ServiceNow AI Toolkit 446 tools
automation
Mcp Windows 441 tools
automation
0nmcp 407 tools
automation

FAQ

How do I prevent bulk modifications through Pwno? +

The Pwno server has 2 write tools including close_debug_session, kill_process. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Pwno.

How many tools does the Pwno MCP server expose? +

36 tools across 3 categories: Execute, Read, Write. 14 are read-only. 22 can modify, create, or delete data.

How do I enforce a policy on Pwno? +

Register the Pwno MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Pwno tool call.

Deterministic rules across all 36 Pwno tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON PWNO →

Free to start. No card required.

36 Pwno tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.