Model Context Protocol (MCP) Security
@Tomby68
Model Context Protocol (MCP) Security について
An exploration of common MCP server vulnerabilities, along with a deep dive into MCP server prompt injection (+demonstrations for each!).
基本情報
設定
ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is Model Context Protocol (MCP) Security?
This project focuses on MCP client security, demonstrating how MCP servers could expose clients to vulnerabilities. It implements example vulnerabilities and proposed client architectures such as a Dual LLM pattern and a tool‑poisoning‑based logger.
How to use Model Context Protocol (MCP) Security?
Install Python packages with pip install -r requirements.txt and set your OpenAI API key in a .env file. Then run one of the provided MCP servers (e.g., python DVMCPS-Demos/indirect-prompt-injection/server.py) and launch the corresponding client with an optional prompt (-p). For local testing, install Ollama and pull llama3.2 to use the local client.
Key features of Model Context Protocol (MCP) Security
- Demonstrates 7 example MCP vulnerabilities via the Damn Vulnerable MCP Server.
- Implements a Dual LLM architecture to mitigate indirect prompt injection.
- Provides a tool‑poisoning‑based logging approach for better observability.
- Combines Dual LLM and logging into a single client.
- Includes both OpenAI‑powered and local (Ollama) client options.
- Supports optional user‑supplied prompts for each demo.
Use cases of Model Context Protocol (MCP) Security
- Security researchers analyzing MCP client vulnerabilities.
- Developers building MCP clients and testing their resilience to prompt injection.
- Teams adding logging and auditing to MCP agent tool calls.
FAQ from Model Context Protocol (MCP) Security
What vulnerabilities are demonstrated?
The project demonstrates prompt injection, tool poisoning, excessive permissions, rug pull attacks, tool shadowing, indirect prompt injection, and token theft.
How does the Dual LLM approach work?
A Controller (MCP client) sends user prompts and tool descriptions to a Privileged LLM, which decides which tools to call. A Quarantined LLM handles tool outputs without calling tools, mitigating indirect injection.
What are the limitations of the Dual LLM design?
It does not prevent standard prompt injection (unsafe user prompts) or tool poisoning attacks (malicious tool descriptions).
What dependencies are required?
Python packages from requirements.txt, an OpenAI API key (or Ollama with llama3.2 for local mode), and the MCP servers included in the project.
How do I run a specific vulnerability demo?
Navigate to its directory, run the server script, then run the client script. For example: python DVMCPS-Demos/indirect-prompt-injection/server.py and python DVMCPS-Demos/indirect-prompt-injection/client.py [-p PROMPT].
「開発者ツール」の他のコンテンツ
OpenSumi
opensumiA framework helps you quickly build AI Native IDE products. MCP Client, supports Model Context Protocol (MCP) tools via MCP server.
JetBrains MCP Proxy Server
JetBrainsA model context protocol server to work with JetBrains IDEs: IntelliJ, PyCharm, WebStorm, etc. Also, works with Android Studio
Deepwiki MCP Server
regenrek📖 MCP server for fetch deepwiki.com and get latest knowledge in Cursor and other Code Editors
mcp-excalidraw
yctimlinMCP server and Claude Code skill for Excalidraw — programmatic canvas toolkit to create, edit, and export diagrams via AI agents with real-time canvas sync.

Sentry
modelcontextprotocolModel Context Protocol Servers
コメント