mcp-manager

star 10

Discover and invoke MCP tools registered in `.pentester/mcp/`. Automatically consulted before each PTES phase. Manually triggered via /pentester:mcp.

fb0sh By fb0sh schedule Updated 6/1/2026
play_arrow Run Skill in Manus View GitHub

name: mcp-manager description: Discover and invoke MCP tools registered in .pentester/mcp/. Automatically consulted before each PTES phase. Manually triggered via /pentester:mcp.

MCP Tool Manager

Manage and invoke Model Context Protocol (MCP) tools for penetration testing. MCP servers are hosted externally; this skill manages client-side discovery and invocation.

When to Use

  • 自动触发:每个 PTES 阶段开始前,ROLE.md §5 要求检查 mcp/INDEX.md
  • 用户要求 "调用 MCP 工具"、"执行扫描"、"使用自动化工具"
  • 发现可用 MCP 工具注册在 .pentester/mcp/

How to Use

Step 1: Discover Available Tools

Open .pentester/mcp/INDEX.md to see all registered MCP tools by category.

Each tool has its own subdirectory under .pentester/mcp/<tool-name>/ with:

  • README.md — Tool description, parameters, server endpoint, invocation examples
  • examples.md — Usage examples with sample inputs/outputs

Step 2: Read Tool Specification

For the selected tool, read its README.md to understand:

  • What the tool does (capabilities and limitations)
  • Parameters required (endpoint, authentication, input format)
  • Output format (how results are returned)
  • Risk level and authorization requirements

Step 3: Invoke the Tool

Invocation method depends on how the tool is implemented:

Method A: Via Pi Extension (preferred if available)

If a pi extension registers the tool via pi.registerTool(), call it directly as a built-in tool.

Method B: Via MCP CLI Client

# Using mcp-cli or similar client
mcp call <server-name> <tool-name> --params '{"key": "value"}'

Method C: Via HTTP (if server exposes HTTP endpoint)

curl -s -X POST <server-url>/call \
  -H "Content-Type: application/json" \
  -d '{"tool": "<tool-name>", "params": {"key": "value"}}'

Step 4: Process Results

  • Parse the tool output and extract relevant findings
  • Write findings to target/${IP}/ following the project data structure
  • If the tool discovered new vulnerabilities or methods, consider recording via knowledge-base skill

Phase-Specific MCP Tool Lookup

PTES Phase MCP Tool Category to Check
Pre-engagement Scope/target initialization tools
Intelligence Gathering Information gathering tools
Vulnerability Analysis Vulnerability scanning/analysis tools
Exploitation Exploitation tools
Reporting Report generation tools

Safety Rules

  • Never pass target credentials or API keys in plaintext in tool parameters unless authorized
  • Verify tool risk level before invocation (check README.md risk section)
  • Document all tool calls and results in target/${IP}/
  • If a tool performs destructive actions (write, delete, modify), pause for user confirmation
  • Report any MCP server connection issues to the user
Install via CLI
npx skills add https://github.com/fb0sh/pentester --skill mcp-manager
Repository Details
star Stars 10
call_split Forks 1
navigation Branch main
article Path SKILL.md
More from Creator
fb0sh
fb0sh Explore all skills →