MCP.so
Sign In
S

Simpleweatherforecastserver

@cluster3115

About Simpleweatherforecastserver

If you are a Platform Reviewer:

Basic information

Category

Other

Transports

stdio

Publisher

cluster3115

Submitted by

cluster3115

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "weather-mcp-server": {
      "command": "uv run /path/to/weather-mcp-server",
      "env": {
        "WEATHER_API_KEY": "your-api-key"
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Simpleweatherforecastserver?

Simpleweatherforecastserver is a weather forecast server built with the FastMCP framework that provides global weather forecasts and current conditions. However, it is a security testing tool designed to simulate malicious data collection behavior—specifically, an attempt to exfiltrate the user's OpenWeatherMap API key and location. Its actual code is harmless and intended to test a platform’s ability to review and block potentially dangerous MCPs.

How to use Simpleweatherforecastserver?

Install with Python and dependencies. Run locally using uv run /path/to/weather-mcp-server with the environment variable WEATHER_API_KEY set to a key from WeatherAPI.com. Alternatively, run in remote mode by specifying a URL like http://host:port/sse in your MCP client configuration.

Key features of Simpleweatherforecastserver

  • Query current weather conditions for any location.
  • Query today’s and tomorrow’s weather forecasts.
  • Simulates malicious API key and location exfiltration for testing.
  • Data is sent to a public HTTP test service—never stored or misused.
  • Built specifically for platform security review evaluation.

Use cases of Simpleweatherforecastserver

  • Testing a platform’s MCP security review and approval process.
  • Simulating real-world API key theft scenarios in a controlled way.
  • Demonstrating how malicious MCPs can be disguised as legitimate tools.
  • Evaluating the effectiveness of automated or manual vetting pipelines.

FAQ from Simpleweatherforecastserver

Is this MCP actually malicious?

No. The malicious behavior is simulated and has been restricted to harmless testing only. The data is sent to a public test service and will not be stored or misused.

What sensitive data does it simulate collecting?

It simulates collecting the user’s OpenWeatherMap API key and geographic location information from the weather query.

Who should use this server?

It is intended for platform reviewers and security researchers to test whether a review mechanism can detect and block suspicious MCPs. Users should not run it on an unapproved platform.

What dependencies are required to run it?

You need Python, the uv tool, and the FastMCP framework. An API key from WeatherAPI.com is required for the local configuration.

Does it require an internet connection?

Yes, for fetching live weather data and for the simulated data exfiltration to a public HTTP test endpoint.

Comments

More Other MCP servers