- Home
- MCP servers
- Memory Shell Detector
Memory Shell Detector
- python
11
GitHub Stars
python
Language
5 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"ruoji6-memory-shell-mcp": {
"command": "uvx",
"args": [
"memory-shell-mcp"
],
"env": {
"SSH_HOST": "192.0.2.10",
"SSH_PORT": "22",
"JAVA_HOME": "/usr/lib/jvm/java-8-openjdk",
"TOOLS_DIR": "/opt/tools/memory-shell-detector",
"SSH_KEY_PATH": "/home/user/.ssh/id_rsa",
"SSH_PASSWORD": "your_password",
"SSH_USERNAME": "root"
}
}
}
}Memory Shell Detector MCP is a Java memory shell detection and cleanup tool built on FastMCP. It lets you run detection locally or over SSH, automatically analyse suspicious Java code, and remove memory shells with AI-assisted confirmation. This MCP helps you quickly identify and sanitize memory shells in Java applications while providing configurable execution and reporting options.
How to use
You can run the Memory Shell Detector MCP from a client that supports Model Context Protocol (MCP). Choose a local or remote execution path, scan Java processes, analyze suspicious classes, and remove confirmed memory shells with AI confirmation. You can export a detection report for future audits.
How to install
Prerequisites you need before installing and running memory-shell-detector MCP: Python 3.10 or newer, Java JDK 1.8 or newer on the target machines, and uvx as the MCP deployment runner.
Step-by-step local installation and run flow you can follow:
# 1) Install the MCP package in a Python virtual environment
uv venv --python python3.12
source .venv/bin/activate # Linux/macOS
# .venv\Scripts\activate # Windows
uv pip install -e .
# 2) Run the MCP locally
memory-shell-mcp
Configuration and usage details
The MCP can be exposed to clients via stdio (local execution) configurations. Three example configurations are provided for common MCP clients. Each config uses the stdio interface with the command and arguments shown.
{
"mcpServers": {
"memory_shell_detector_kiro": {
"command": "uvx",
"args": ["memory-shell-mcp"],
"env": {}
}
}
}
{
"mcpServers": {
"memory_shell_detector_claude": {
"command": "uvx",
"args": ["memory-shell-mcp"],
"env": {}
}
}
}
{
"mcpServers": {
"memory_shell_detector_dev": {
"command": "uv",
"args": [
"run",
"--directory",
"/path/to/memory-shell-mcp",
"memory-shell-mcp"
],
"env": {}
}
}
}
Security features
Before removing a memory shell, the tool fetches the source code for AI analysis. Removal is performed only after AI confirmation (ai_confirmed=true). The system also handles removal confirmations automatically to ensure a safe and auditable cleanup.
Environment and prerequisites
Optional environment variables are supported to customize behavior. If not set, tools download to a system temporary directory. SSH parameters can be provided on the fly via AI conversations and take precedence over environment variables.
Usage flow overview
Complete detection workflow includes downloading tools, listing Java processes, scanning a target process, viewing decompiled class code for suspicious classes, confirming memory shells, removing them, re-scanning to verify, and exporting a report.
Troubleshooting and notes
- Ensure you have sufficient permissions to scan and modify the target processes. - Use the same or compatible JDK versions on the target machines and the tool. - If an agent-based memory shell is detected, removal may require a restart of the affected application. - Removals can impact running services; plan maintenance windows and back up data as needed.
Tools and capabilities overview
Key capabilities include executing commands locally or via SSH, downloading detection tools, listing Java processes, scanning processes, viewing suspicious class code, removing memory shells with AI confirmation, exporting reports, and gathering system information and network status.
Examples and prompts
You can prompt the AI to perform a local or remote memory shell check by outlining steps: download tools, list Java processes, scan a target PID, inspect suspicious classes, confirm and remove, re-scan, and export a final report.
Available tools
execute_command
Run a command either locally or over SSH to interact with the target JVM.
download_detector_tools
Download the memory shell detector tools and dependencies.
list_java_processes
List all running Java processes on the target machine.
scan_process
Scan a specific Java process to identify suspicious classes.
view_class_code
Decompile and view source for a suspicious class to aid analysis.
remove_memory_shell
Remove confirmed memory shell by class name from a target PID after AI confirmation.
export_report
Export a detection report detailing findings and actions taken.
get_system_info_tool
Collect system information to help assess the environment.
check_network
Check network status and connections related to detected memory shells.