Rikune / Plugins插件

Plugin System插件系统

Extend Rikune with built-in or custom plugins — each plugin registers MCP tools with the server. 通过内置或自定义插件扩展 Rikune — 每个插件都向服务器注册 MCP 工具。

Overview概述

Rikune's plugin system allows modular registration of MCP tools. Each plugin exports a register() function that receives the server context and registers tools, hooks, and lifecycle callbacks. Rikune 的插件系统允许模块化注册 MCP 工具。每个插件导出一个 register() 函数,接收服务器上下文并注册工具、钩子和生命周期回调。

Built-in Plugins内置插件

Plugin插件 Tools工具数 Description描述
pe-analysis 12 Core PE parsing — headers, imports, exports, sections, resources核心 PE 解析 — 头信息、导入、导出、节、资源
ghidra 8 Ghidra decompilation, function listing, CFG, xrefsGhidra 反编译、函数列表、CFG、交叉引用
detection 6 capa, DIE, YARA scanning, compiler/packer identificationcapa、DIE、YARA 扫描、编译器/加壳识别
dynamic 10 Frida, Qiling, angr, Wine, PANDA integrationFrida、Qiling、angr、Wine、PANDA 集成
intel 7 C2, IOC, family classification, YARA/Sigma generationC2、IOC、家族分类、YARA/Sigma 生成
workflow 6 Staged pipeline orchestration, job queue management分阶段流水线编排、作业队列管理
dotnet 5 .NET metadata, IL disassembly, type extraction.NET 元数据、IL 反汇编、类型提取
llm-review 4 LLM-assisted function naming, explanation, reconstructionLLM 辅助函数命名、解释、重建
docker-backend 15 Docker-specific backend tools (Rizin, RetDec, etc.)Docker 专用后端工具(Rizin、RetDec 等)

Bundled Plugins随附插件

These 15 plugins ship with the repository under src/plugins/. They are auto-discovered at startup and provide 47 MCP tools in total. 这 15 个插件随仓库一起发布在 src/plugins/ 下。启动时自动发现,共提供 47 个 MCP 工具

Plugin插件 Tools工具数 Tool Names工具名 Dependencies依赖
pe-analysis 6 pe.structure.analyze, pe.imports.extract, pe.exports.extract, pe.fingerprint, pe.pdata.extract, pe.symbols.recover
ghidra 2 ghidra.analyze, ghidra.health GHIDRA_INSTALL_DIR
malware 4 c2.extract, malware.config.extract, malware.classify, sandbox.report Optional可选: CAPA_RULES_PATH, YARA_RULES_PATH
dynamic 3 dynamic.auto_hook, dynamic.trace_attribute, dynamic.memory_dump Optional可选: FRIDA_PATH
frida 3 frida.runtime.instrument, frida.script.inject, frida.trace.capture frida CLI
threat-intel 2 attack.map, ioc.export
vuln-scanner 2 vuln.pattern.scan, vuln.pattern.summary
memory-forensics 6 memory-forensics.pslist, memory-forensics.dlllist, memory-forensics.malfind, memory-forensics.netscan, memory-forensics.hivelist, memory-forensics.cmdline VOLATILITY3_PATH
debug-session 6 debug.session.start, debug.session.breakpoint, debug.session.continue, debug.session.step, debug.session.inspect, debug.session.end GDB
crackme 4 crackme.locate_validation, symbolic.explore, patch.generate, keygen.verify Optional可选: ANGR_AVAILABLE
android 4 apk.structure.analyze, dex.decompile, dex.classes.list, apk.packer.detect JADX_PATH
cross-module 3 cross_binary.compare, call_graph.cross_module, dll.dependency_tree
visualization 3 report.html.generate, behavior.timeline, data_flow.map
kb-collaboration 2 kb.function_match, analysis.template
observability 1 observability.metrics — (uses global hooks)—(使用全局钩子)

Plugin SDK

A plugin is a module that exports a register() function: 插件是一个导出 register() 函数的模块:

TypeScript
import { PluginContext } from './types';

export function register(ctx: PluginContext) {
  ctx.registerTool({
    name: 'my-plugin.hello',
    description: 'Say hello',
    inputSchema: {
      type: 'object',
      properties: {
        name: { type: 'string' }
      }
    },
    async handler({ name }) {
      return { greeting: `Hello, ${name}!` };
    }
  });
}

export const meta = {
  name: 'my-plugin',
  version: '1.0.0',
  description: 'A custom plugin'
};

Plugin Context API插件上下文 API

MethodDescription描述
registerTool()Register an MCP tool注册 MCP 工具
check()Verify plugin dependencies验证插件依赖
configSchema()Declare configuration schema声明配置模式
dependencies()Declare plugin dependencies声明插件依赖
hooks()Register lifecycle hooks注册生命周期钩子
teardown()Cleanup on shutdown关闭时清理

Configuration配置

Control which plugins are loaded via the PLUGINS environment variable: 通过 PLUGINS 环境变量控制加载哪些插件:

Environment Variable
# Load all plugins (default)
PLUGINS=*

# Load only specific plugins
PLUGINS=pe-analysis,ghidra,detection

# Exclude specific plugins
PLUGINS=*,-docker-backend

Introspection Tools内省工具

Use these MCP tools to inspect the plugin system at runtime: 使用以下 MCP 工具在运行时检查插件系统:

Tool工具 Description描述
plugin.listList all loaded plugins with status列出所有已加载插件及状态
plugin.enableEnable a disabled plugin启用已禁用的插件
plugin.disableDisable a plugin at runtime运行时禁用插件

Plugin Lifecycle插件生命周期

  1. Discovery发现Server scans the src/plugins/ directory for modules with register() exports. 服务器扫描 src/plugins/ 目录,查找导出 register() 的模块。
  2. Check检查Each plugin's check() verifies dependencies are met (e.g., Ghidra installed). 每个插件的 check() 验证依赖是否满足(如 Ghidra 已安装)。
  3. Register注册register() is called, tools are added to the registry. 调用 register(),工具被添加到注册表。
  4. Ready就绪Plugin is active and tools are available to MCP clients. 插件已激活,工具可供 MCP 客户端使用。
  5. Teardown清理teardown() is called on server shutdown for cleanup. 服务器关闭时调用 teardown() 进行清理。

Lifecycle Hooks生命周期钩子

Plugins can register hooks to intercept tool execution:插件可以注册钩子拦截工具执行:

Hook钩子 When时机 Use Case用例
onBeforeToolCallBefore tool execution工具执行前Input validation, audit logging, parameter transformation输入验证、审计日志、参数转换
onAfterToolCallAfter success执行成功后Result enrichment, metrics, caching结果增强、指标收集、缓存
onToolErrorOn failure执行失败时Error reporting, fallback logic, retry错误报告、降级逻辑、重试

Three Ways to Write Plugins三种编写插件的方式

Type类型 Location位置 Description描述
Built-in内建src/plugins/Shipped with the server; auto-discovered随服务器发布;自动发现
External外部Any npm package任意 npm 包Installed separately; configured via PLUGINS env单独安装;通过 PLUGINS 环境变量配置
Runtime运行时Hot-loaded at startup启动时热加载Dynamic load/unload without restart无需重启的动态加载/卸载