😎 Contributing
@Puliczek
关于 😎 Contributing
🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️
基本信息
配置
工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Awesome MCP Security?
Awesome MCP Security is a curated list of everything related to Model Context Protocol (MCP) security – including official security considerations, academic papers, videos, articles, tools, security servers, and other resources.
How to use Awesome MCP Security?
Browse the categorized sections (Security Considerations, Papers, Videos, Articles, Tools, Security Servers, Other Resources) to find relevant security information, research, and tools. Each entry links directly to the original source.
Key features of Awesome MCP Security
- Aggregates official MCP security best practices and specifications
- Lists academic papers on MCP security threats and mitigations
- Curates videos covering MCP auth, enterprise security, and attacks
- Collects articles, X threads, and blog posts on real‑world vulnerabilities
- Highlights security tools and MCP security servers
- Includes a changelog and contribution guidelines (via badge)
- Tracks the evolving authorization specification (OAuth replacement)
Use cases of Awesome MCP Security
- Discover known attack vectors and exploit demonstrations for MCP
- Find research papers on systematic MCP security analysis
- Learn about tool poisoning, prompt injection, and data exfiltration risks
- Explore security tools and guardrails for MCP deployments
- Stay updated on best practices and specification changes
FAQ from Awesome MCP Security
What are the official security considerations for MCP?
Servers MUST validate tool inputs, implement access controls, rate‑limit invocations, and sanitize outputs. Clients SHOULD prompt for user confirmation, validate tool results, implement timeouts, and log usage.
Is the MCP authorization specification finalized?
No. The current auth specification (as of 2025-03-26) is being replaced by a more robust specification; the community is discussing the new version in a GitHub pull request.
What types of resources are included?
The list covers academic papers, videos, articles, blog posts, X threads, tools, and MCP security servers – all focused on MCP security.
Are there known real‑world attacks documented?
Yes. The curated articles include real incidents such as MCP server malware that steals secrets, tool poisoning, ANSI terminal code deception, and exploitation of popular MCP servers (e.g., Slack, GitHub, Asana, Neon).
Where can I find MCP security tools and servers?
The list includes a dedicated section "Tools and code" and "MCP Security Servers" with links to open‑source projects and security layers built for MCP.
开发工具 分类下的更多 MCP 服务器
Serena
oraiosA powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent
JetBrains MCP Proxy Server
JetBrainsA model context protocol server to work with JetBrains IDEs: IntelliJ, PyCharm, WebStorm, etc. Also, works with Android Studio
MCP-Bridge
SecretiveShellA middleware to provide an openAI compatible endpoint that can call MCP tools
FastAPI-MCP
tadata-orgExpose your FastAPI endpoints as Model Context Protocol (MCP) tools, with Auth!
test
cloudwegoThe ultimate LLM/AI application development framework in Go.
评论