LitterBox — Self-Hosted Payload Sandbox (MCP)

Practical Notes

• GitHub: 1,416 stars · 161 forks; pushed 2026-05-05 (verified via GitHub API).
• README states Docker setup provisions a Windows 10 container with KVM and exposes UI at http://127.0.0.1:1337.
• README lists bundled scanners with versions/dates (e.g., PE-Sieve 0.4.1.2 updated 2026-05-02; Elastic YARA rules commit d131ea8).

Main

If you use LitterBox in a real workflow, keep it disciplined:

1. Treat it as a staging gate: every payload must pass the same pipeline before it leaves the lab.
2. Keep EDR profiles and scanner versions under change control; the README’s scanner table makes drift visible.
3. Use the results to decide between:
   • rewrite/refactor (reduce detections)
   • environmental changes (different execution context)
   • abandon (too risky)
4. Run it isolated. The README’s advisory calls out VM isolation and “development use only”.

Even if you never use the MCP path, the “Detection Score + indicators breakdown” framing is a strong way to standardize review discussions.

FAQ

Q: Is this safe to run on a workstation? A: Only in isolated environments. The README warns against production use and recommends VM/dedicated lab setups.

Q: Where do EDR profiles live? A: README says to drop YAML profiles under Config/edr_profiles/ so the upload page picks them up at boot.

Q: Does it support MCP? A: README links to a wiki page named LitterBoxMCP under its documentation table.