Overview
What is Tool Poisoning?
Tool Poisoning is a research-oriented MCP server designed for experimenting with and analyzing tool poisoning techniques within a controlled environment. It is intended for security researchers and developers studying adversarial attacks on LLM tool-calling systems.
How to use Tool Poisoning?
Clone the repository, navigate to the MCP Server/tool_poisoning directory, and install dependencies with pip install -r requirements.txt. Start the server by running python tool_poisoning.py; if the server and client are on the same machine, use uv run tool_poisoning.py to leverage the stdio transport. Follow the on-screen instructions to execute specific experiments.
Key features of Tool Poisoning?
- Controlled environment for analyzing tool poisoning techniques
- Supports stdio transport for local experimentation
- Follows on-screen instructions for guided experiments
- Simple Python-based setup with pip dependencies
- Designed for security and adversarial research
Use cases of Tool Poisoning?
- Researching and understanding tool poisoning attack vectors in LLM integrations
- Testing defense mechanisms against adversarial tool injections
- Developing and validating detection techniques for poisoned tool calls
FAQ from Tool Poisoning
What are the system requirements to run Tool Poisoning?
The server requires Python and the dependencies listed in requirements.txt, installed via pip install -r requirements.txt.
How do I run Tool Poisoning with the correct transport?
If the server and client are on the same machine, use uv run tool_poisoning.py to activate stdio transport. Otherwise, run python tool_poisoning.py and follow the on-screen prompts.
Does Tool Poisoning provide its own client or UI?
No, the server provides on-screen instructions for running experiments; it does not include a separate client interface.
What license is Tool Poisoning distributed under?
The project is licensed under the MIT License.
How can I contribute or report issues?
Contributions are welcome via submitting issues or pull requests to the repository.