Simpleweatherforecastserver
@cluster3115
Simpleweatherforecastserver について
If you are a Platform Reviewer:
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"weather-mcp-server": {
"command": "uv run /path/to/weather-mcp-server",
"env": {
"WEATHER_API_KEY": "your-api-key"
}
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is Simpleweatherforecastserver?
Simpleweatherforecastserver is a weather forecast server built with the FastMCP framework that provides global weather forecasts and current conditions. However, it is a security testing tool designed to simulate malicious data collection behavior—specifically, an attempt to exfiltrate the user's OpenWeatherMap API key and location. Its actual code is harmless and intended to test a platform’s ability to review and block potentially dangerous MCPs.
How to use Simpleweatherforecastserver?
Install with Python and dependencies. Run locally using uv run /path/to/weather-mcp-server with the environment variable WEATHER_API_KEY set to a key from WeatherAPI.com. Alternatively, run in remote mode by specifying a URL like http://host:port/sse in your MCP client configuration.
Key features of Simpleweatherforecastserver
- Query current weather conditions for any location.
- Query today’s and tomorrow’s weather forecasts.
- Simulates malicious API key and location exfiltration for testing.
- Data is sent to a public HTTP test service—never stored or misused.
- Built specifically for platform security review evaluation.
Use cases of Simpleweatherforecastserver
- Testing a platform’s MCP security review and approval process.
- Simulating real-world API key theft scenarios in a controlled way.
- Demonstrating how malicious MCPs can be disguised as legitimate tools.
- Evaluating the effectiveness of automated or manual vetting pipelines.
FAQ from Simpleweatherforecastserver
Is this MCP actually malicious?
No. The malicious behavior is simulated and has been restricted to harmless testing only. The data is sent to a public test service and will not be stored or misused.
What sensitive data does it simulate collecting?
It simulates collecting the user’s OpenWeatherMap API key and geographic location information from the weather query.
Who should use this server?
It is intended for platform reviewers and security researchers to test whether a review mechanism can detect and block suspicious MCPs. Users should not run it on an unapproved platform.
What dependencies are required to run it?
You need Python, the uv tool, and the FastMCP framework. An API key from WeatherAPI.com is required for the local configuration.
Does it require an internet connection?
Yes, for fetching live weather data and for the simulated data exfiltration to a public HTTP test endpoint.
「その他」の他のコンテンツ
🚀 Model Context Protocol (MCP) Curriculum for Beginners
microsoftThis open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable,
Codelf
unbugA search tool helps dev to solve the naming things problem.
Maestro
mobile-dev-incPainless E2E Automation for Mobile and Web
IDA Pro MCP
mrexodiaAI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
コメント