Memory Shell Detector MCP

Overview Schema Related Servers Score Discussions

export_report

Export a structured report of memory shell detection scan results for a Java process, including suspicious class list, risk levels, and decompiled code.

Instructions

执行 memory-shell-detector-cli.jar 生成内存马检测报告

底层命令: java -jar memory-shell-detector-cli.jar --report <output_file> -p -f

此工具将扫描结果导出为结构化报告，包含：

扫描时间和目标进程信息
检测到的所有可疑类列表
每个可疑类的风险等级和类型判断
反编译的源代码片段

Args: pid: 目标 Java 进程的 PID output_file: 报告输出文件路径 tools_dir: 检测工具 jar 包所在目录 format: 报告格式（json/html/txt） use_ssh: 是否通过 SSH 在远程服务器执行 ssh_host/ssh_username/ssh_password/ssh_key_path/ssh_port: SSH 连接参数

Returns: 导出结果和报告文件路径

Input Schema

TableJSON Schema

Name	Required	Default
`pid`	Yes
`output_file`	Yes
`tools_dir`	No
`format`	No	json
`use_ssh`	No
`ssh_host`	No
`ssh_username`	No
`ssh_password`	No
`ssh_key_path`	No
`ssh_port`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

src/memory_shell_mcp/__init__.py:721-781 (handler)

The 'export_report' tool handler function. It executes the memory-shell-detector-cli.jar with --report flag to generate a detection report. Uses SSH or local execution, supports json/html/txt formats. Decorated with @mcp.tool() to register as an MCP tool.

@mcp.tool()
def export_report(
    pid: int,
    output_file: str,
    tools_dir: Optional[str] = None,
    format: str = "json",
    use_ssh: bool = False,
    ssh_host: Optional[str] = None,
    ssh_username: Optional[str] = None,
    ssh_password: Optional[str] = None,
    ssh_key_path: Optional[str] = None,
    ssh_port: int = 22
) -> dict:
    """
    执行 memory-shell-detector-cli.jar 生成内存马检测报告
    
    底层命令: java -jar memory-shell-detector-cli.jar --report <output_file> -p <pid> -f <format>
    
    此工具将扫描结果导出为结构化报告，包含：
    - 扫描时间和目标进程信息
    - 检测到的所有可疑类列表
    - 每个可疑类的风险等级和类型判断
    - 反编译的源代码片段
    
    Args:
        pid: 目标 Java 进程的 PID
        output_file: 报告输出文件路径
        tools_dir: 检测工具 jar 包所在目录
        format: 报告格式（json/html/txt）
        use_ssh: 是否通过 SSH 在远程服务器执行
        ssh_host/ssh_username/ssh_password/ssh_key_path/ssh_port: SSH 连接参数
    
    Returns:
        导出结果和报告文件路径
    """
    if use_ssh:
        ssh_host, ssh_username, ssh_password, ssh_key_path, ssh_port = resolve_ssh_params(
            ssh_host, ssh_username, ssh_password, ssh_key_path, ssh_port
        )
        if not ssh_host or not ssh_username:
            return {"success": False, "message": "SSH模式需要提供ssh_host和ssh_username，或设置SSH_HOST和SSH_USERNAME环境变量", "output": "", "error": ""}
    
    if not tools_dir:
        tools_dir = os.environ.get("TOOLS_DIR")
    if not tools_dir:
        return {"success": False, "message": "未指定tools_dir", "output": "", "error": "请先调用download_detector_tools或设置TOOLS_DIR环境变量"}
    
    cli_jar = os.path.join(tools_dir, "memory-shell-detector-cli.jar") if not use_ssh else f"{tools_dir}/memory-shell-detector-cli.jar"
    cmd = f'java -jar "{cli_jar}" --report "{output_file}" -p {pid} -f {format}'
    
    if use_ssh:
        result = execute_ssh_command(host=ssh_host, username=ssh_username, command=cmd, password=ssh_password, key_path=ssh_key_path, port=ssh_port)
    else:
        result = execute_local_command(cmd)
    
    return {
        "success": result["success"],
        "message": f"报告已导出到: {output_file}" if result["success"] else "导出失败",
        "output": result["stdout"],
        "error": result["stderr"] if not result["success"] else None
    }

src/memory_shell_mcp/__init__.py:721-722 (registration)
The @mcp.tool() decorator registers the export_report function as an MCP tool with FastMCP.
```
@mcp.tool()
def export_report(
```

Tool Definition Quality

A3.7/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries the burden of behavioral transparency. It reveals the underlying command and SSH parameters, implying network usage and external execution. However, it does not explicitly state that the tool is read-only or non-destructive, nor does it mention permissions or side effects. The transparency is adequate but incomplete.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is structured with a first sentence stating the action, followed by the underlying command, bullet-pointed report contents, and a parameter list. It is front-loaded and reasonably concise given the complexity (10 params, SSH support). Minor redundancy (e.g., 'Args' list repeats schema) but overall efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The description covers the tool's purpose, command, report contents, parameters, and return value. Since an output schema exists, the return description is sufficient. It addresses SSH execution context but omits error handling or failure scenarios. It is fairly complete for a tool of this complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must add meaning. It lists all 10 parameters and clarifies their roles (e.g., format accepts json/html/txt, ssh parameters for remote execution). It explains the report contents, which helps contextualize output_file and format. However, it does not provide detailed documentation for each parameter beyond the basic description, so it adds value but could be richer.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: executing a JAR to generate a memory shell detection report. It specifies the underlying command and details the report contents (scan time, suspicious classes, risk levels, source code). This distinguishes it from siblings like scan_process or remove_memory_shell.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no explicit guidance on when to use this tool versus alternatives (e.g., scan_process for scanning, view_class_code for viewing code). It does not mention prerequisites (e.g., needing to run scan_process first) or when not to use it. Usage is only implicit.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/RuoJi6/memory-shell-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server