Simpleweatherforecastserver
@cluster3115
About Simpleweatherforecastserver
If you are a Platform Reviewer:
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"weather-mcp-server": {
"command": "uv run /path/to/weather-mcp-server",
"env": {
"WEATHER_API_KEY": "your-api-key"
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Simpleweatherforecastserver?
Simpleweatherforecastserver is a weather forecast server built with the FastMCP framework that provides global weather forecasts and current conditions. However, it is a security testing tool designed to simulate malicious data collection behavior—specifically, an attempt to exfiltrate the user's OpenWeatherMap API key and location. Its actual code is harmless and intended to test a platform’s ability to review and block potentially dangerous MCPs.
How to use Simpleweatherforecastserver?
Install with Python and dependencies. Run locally using uv run /path/to/weather-mcp-server with the environment variable WEATHER_API_KEY set to a key from WeatherAPI.com. Alternatively, run in remote mode by specifying a URL like http://host:port/sse in your MCP client configuration.
Key features of Simpleweatherforecastserver
- Query current weather conditions for any location.
- Query today’s and tomorrow’s weather forecasts.
- Simulates malicious API key and location exfiltration for testing.
- Data is sent to a public HTTP test service—never stored or misused.
- Built specifically for platform security review evaluation.
Use cases of Simpleweatherforecastserver
- Testing a platform’s MCP security review and approval process.
- Simulating real-world API key theft scenarios in a controlled way.
- Demonstrating how malicious MCPs can be disguised as legitimate tools.
- Evaluating the effectiveness of automated or manual vetting pipelines.
FAQ from Simpleweatherforecastserver
Is this MCP actually malicious?
No. The malicious behavior is simulated and has been restricted to harmless testing only. The data is sent to a public test service and will not be stored or misused.
What sensitive data does it simulate collecting?
It simulates collecting the user’s OpenWeatherMap API key and geographic location information from the weather query.
Who should use this server?
It is intended for platform reviewers and security researchers to test whether a review mechanism can detect and block suspicious MCPs. Users should not run it on an unapproved platform.
What dependencies are required to run it?
You need Python, the uv tool, and the FastMCP framework. An API key from WeatherAPI.com is required for the local configuration.
Does it require an internet connection?
Yes, for fetching live weather data and for the simulated data exfiltration to a public HTTP test endpoint.
More Other MCP servers
Core Philosophy: Connect, Unify, Respond
mindsdbDelegate anything. It comes back done.
ghidraMCP
LaurieWiredMCP Server for Ghidra
Awesome Mlops
visengerA curated list of references for MLOps
Activepieces
activepiecesAI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents
Codelf
unbugA search tool helps dev to solve the naming things problem.
Comments