// SCAN REPORT

CutterMCP-plus

20 tools. 4 can modify or destroy data without limits.

4 write tools that can modify data. Rate limits recommended.

Last updated:

4 can modify or destroy data
16 read-only
20 tools total

Community server · catalogue entry verified 11/06/2026

How to control CutterMCP-plus ↓

TOOL MAP

Read (16) Write / Execute (4) Destructive / Financial (0)

MOST DANGEROUS TOOLS

High Risk
Write · Medium rename_function Renaming a function is a reversible modification operation that changes project state but does not delete data or execute arbitrary code. Write · Medium rename_local_variable This tool modifies metadata within a Cutter reverse engineering project by renaming local variables/parameters. Write · Medium set_comment This tool modifies reversible data (comments/annotations in Cutter's analysis database) without deleting or executing code. Write · Medium set_local_variable_type This tool modifies data (variable type metadata) within Cutter's reverse engineering environment.

4 of CutterMCP-plus's 20 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL CUTTERMCP-PLUS

PolicyLayer is an MCP gateway — it sits between your AI agents and CutterMCP-plus, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "rename_function": {
    "limits": [
      {
        "counter": "rename_function_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "decompile": {
    "limits": [
      {
        "counter": "decompile_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register CutterMCP-plus — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON CUTTERMCP-PLUS →

Free to start. No card required.

ALL 20 CUTTERMCP-PLUS TOOLS

WRITE 4 tools
Write rename_function Rename a function. Write rename_local_variable Rename local variable/parameter. Write set_comment Set a comment at the given address (CCu). Write set_local_variable_type Set local variable type.
READ 16 tools
Read decompile Decompile the function. addr is the address to decompile. If this fails, you can try disasm_text for disassemb Read current_address Get the currently selected address (hex string). Read current_function Get information of the function containing the current address. Read disasm_by_func_json Disassemble the entire function as JSON (pdfj). Beware of large functions. If result is null, use text instead Read disasm_by_func_text Disassemble the entire function as text (pdf) given its address. Recommended, but be cautious of large functio Read disasm_json Linear disassembly in JSON format. Returns {addr, count, ops:[...]}. Default 64 ops. Read disasm_text Linear disassembly text: from addr, list count instructions, default 64. Can be used as a fallback when disasm Read function_detail Get detailed structured information of a single function (address, size, xrefs, etc.). Pass the hexadecimal ad Read list_entry_points List entry points. Read list_functions List brief information of functions. Returns up to limit items. Use this first to filter targets, then fetch d Read list_globals List global symbols. Read list_segments List segments/sections. Returns fields: name, vaddr, paddr, size, perm. Read list_strings List strings. Can filter out shorter strings with min_length. Returns fields: addr, length, type, string. Read list_vars List variables/parameters in the function. Returns a variables array. Read read_bytes Read raw bytes at the given address. Default size is 64. Read xrefs_to Get cross-references to a given address.

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
admin
Binance MCP Server 734 tools
admin
Nodebench 724 tools
admin
AdButler 622 tools
admin
GoHighLevel MCP Server 566 tools
admin
UnClick 451 tools
admin
NowAIKit — ServiceNow AI Toolkit 446 tools
admin
Mcp Windows 441 tools
admin

FAQ

How do I prevent bulk modifications through CutterMCP-plus? +

The CutterMCP-plus server has 4 write tools including rename_function, rename_local_variable, set_comment. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach CutterMCP-plus.

How many tools does the CutterMCP-plus MCP server expose? +

20 tools across 3 categories: Destructive, Read, Write. 16 are read-only. 4 can modify, create, or delete data.

How do I enforce a policy on CutterMCP-plus? +

Register the CutterMCP-plus MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every CutterMCP-plus tool call.

Deterministic rules across all 20 CutterMCP-plus tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON CUTTERMCP-PLUS →

Free to start. No card required.

20 CutterMCP-plus tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.