MCP.so
登录

mcp-security-sandbox

@SirAppSec

关于 mcp-security-sandbox

MCP Security Playground - Hack with MCP Servers, MCP Clients. Try out different vulnerabilities and abuse LLMs and agents in a UI friendly experimentation lab

基本信息

分类

开发工具

许可证

MIT

运行时

python

传输方式

stdio

发布者

SirAppSec

配置

暂无标准配置

该服务器的 README 中没有可解析的 MCP 配置块,请前往代码仓库查看安装说明。

代码仓库

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is mcp-security-sandbox?

It is an experimental sandbox and lab for exploring MCP hosts, clients, and servers. It can perform attacks against MCP servers and abuse LLMs.

How to use mcp-security-sandbox?

Install dependencies using uv install, create a virtual environment with uv venv, activate it, then run the server with uv run -- src/mcp-security-sandbox/mcp/github/server.py and launch the Streamlit frontend with streamlit run src/mcp-security-sandbox/frontend/MCP_Chat.py. Ensure Ollama is installed and its URL is set in the client initializations.

Key features of mcp-security-sandbox?

  • Experimental sandbox for MCP exploration and attacks
  • Integrates a GitHub retrieval MCP server into a chat agent
  • Supports chaining with Burp Suite MCP Server
  • Provides a Streamlit-based chat interface
  • Allows abuse of LLMs for attack scenarios
  • Uses Ollama for local LLM integration

Use cases of mcp-security-sandbox?

  • Test security of MCP servers against attacks
  • Simulate malicious MCP server behavior
  • Experiment with chaining multiple MCP servers
  • Educate on MCP security vulnerabilities

FAQ from mcp-security-sandbox

What dependencies are required?

Ollama must be installed and its URL configured in the client initializations. The project uses uv for package and environment management.

How do I start the frontend?

Run uv install, uv venv, source .venv/bin/activate, then uv run -- src/mcp-security-sandbox/mcp/github/server.py and streamlit run src/mcp-security-sandbox/frontend/MCP_Chat.py.

Does the sandbox support dynamic loading of MCP servers?

No, dynamic loading is on the roadmap but not yet implemented; currently servers are statically defined.

What is the purpose of this project?

It is an experimental sandbox for exploring MCP hosts, clients, and servers, and for performing attacks against MCP servers and abusing LLMs.

Can I integrate Burp Suite?

Yes, the README shows using Burp Suite MCP Server to

评论

开发工具 分类下的更多 MCP 服务器