Files
CyberStrikeAI/docs/en-US/mcp-federation.md
T
2026-07-07 14:04:18 +08:00

1.9 KiB

MCP Federation

中文

CyberStrikeAI uses MCP as the primary tool protocol. Tools can be built-in, YAML-backed, Skill-local, or provided by external MCP servers.

Built-In MCP

The internal MCP server registers:

  • YAML command tools;
  • security execution tools;
  • knowledge tools;
  • project fact tools;
  • C2 tools;
  • WebShell tools;
  • batch task tools;
  • vision analysis.

Agents usually call these internally without extra setup.

HTTP MCP

mcp:
  enabled: true
  host: 0.0.0.0
  port: 8081
  auth_header: "X-MCP-Token"
  auth_header_value: "random-secret"

Always set an auth value and restrict network access.

External MCP Lifecycle

  1. Register config: name, type, command/URL, environment.
  2. Start connection: stdio process or HTTP/SSE client.
  3. Pull tool list: names, descriptions, schemas.
  4. Expose to Agent: affected by role, tool_search, HITL.
  5. Execute: validate args, call, monitor.
  6. Recover: handle process/network failure.
  7. Stop/delete: remove runtime and config.

Debug by locating the failed step.

Tool Naming

Good names are stable, specific, and action-object oriented:

burp_send_to_repeater
asset_lookup_domain
cloud_list_public_buckets

Avoid:

run
execute
scan
tool1

Specific names improve tool_search and reduce misuse.

Security Review

Before connecting an external MCP, ask:

  • Can it read/write local files?
  • Can it execute commands?
  • What network does it access?
  • Does it send data to third parties?
  • Are tool descriptions trustworthy?
  • Can output contain prompt injection?
  • Should it run under a separate OS user or container?

Source Anchors

  • External manager: internal/mcp/external_manager.go
  • Recovery: internal/mcp/connection_recovery.go
  • Tool adapter: internal/einomcp/mcp_tools.go
  • Handler: internal/handler/external_mcp.go
  • Invoke notification: internal/einomcp/tool_invoke_notify.go