mcp-security-sandbox
@SirAppSec
mcp-security-sandbox について
MCP Security Playground - Hack with MCP Servers, MCP Clients. Try out different vulnerabilities and abuse LLMs and agents in a UI friendly experimentation lab
基本情報
設定
ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is mcp-security-sandbox?
It is an experimental sandbox and lab for exploring MCP hosts, clients, and servers. It can perform attacks against MCP servers and abuse LLMs.
How to use mcp-security-sandbox?
Install dependencies using uv install, create a virtual environment with uv venv, activate it, then run the server with uv run -- src/mcp-security-sandbox/mcp/github/server.py and launch the Streamlit frontend with streamlit run src/mcp-security-sandbox/frontend/MCP_Chat.py. Ensure Ollama is installed and its URL is set in the client initializations.
Key features of mcp-security-sandbox?
- Experimental sandbox for MCP exploration and attacks
- Integrates a GitHub retrieval MCP server into a chat agent
- Supports chaining with Burp Suite MCP Server
- Provides a Streamlit-based chat interface
- Allows abuse of LLMs for attack scenarios
- Uses Ollama for local LLM integration
Use cases of mcp-security-sandbox?
- Test security of MCP servers against attacks
- Simulate malicious MCP server behavior
- Experiment with chaining multiple MCP servers
- Educate on MCP security vulnerabilities
FAQ from mcp-security-sandbox
What dependencies are required?
Ollama must be installed and its URL configured in the client initializations. The project uses uv for package and environment management.
How do I start the frontend?
Run uv install, uv venv, source .venv/bin/activate, then uv run -- src/mcp-security-sandbox/mcp/github/server.py and streamlit run src/mcp-security-sandbox/frontend/MCP_Chat.py.
Does the sandbox support dynamic loading of MCP servers?
No, dynamic loading is on the roadmap but not yet implemented; currently servers are statically defined.
What is the purpose of this project?
It is an experimental sandbox for exploring MCP hosts, clients, and servers, and for performing attacks against MCP servers and abusing LLMs.
Can I integrate Burp Suite?
Yes, the README shows using Burp Suite MCP Server to
「開発者ツール」の他のコンテンツ
TalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.
Burp Suite MCP Server Extension
PortSwiggerMCP Server for Burp
Unity MCP (Server + Plugin)
IvanMurzakAI Skills, MCP Tools, and CLI for Unity Engine. Full AI develop and test loop. Use cli for quick setup. Efficient token usage, advanced tools. Any C# method may be turned into a tool by a single line. Works with Claude Code, Gemini, Copilot, Cursor and any other absolutely for fr
FastAPI-MCP
tadata-orgExpose your FastAPI endpoints as Model Context Protocol (MCP) tools, with Auth!
JetBrains MCP Proxy Server
JetBrainsA model context protocol server to work with JetBrains IDEs: IntelliJ, PyCharm, WebStorm, etc. Also, works with Android Studio
コメント