Insecure MCP Demo
@kenhuangus
关于 Insecure MCP Demo
暂无概览
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"mcp-vulnerable-server-demo": {
"command": "python",
"args": [
"good-mcp-client.py",
"vuln-mcp.py"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Insecure MCP Demo?
Insecure MCP Demo is an educational project that demonstrates a deliberately vulnerable MCP server along with both a good client and a proof‑of‑concept attack client. It is designed to showcase common security vulnerabilities in MCP servers and to teach secure implementation practices.
How to use Insecure MCP Demo?
Install the Python dependencies with pip install -r requirements.txt. Start the server and good client by running python good-mcp-client.py vuln-mcp.py in one terminal. Run the attack client with python attack-mcp-client.py vuln-mcp.py in another terminal to see automatic exploitation of the vulnerabilities.
Key features of Insecure MCP Demo
- Vulnerable server exposes four insecure tools.
insert_recordtool is prone to SQL injection.query_recordstool exposes all data without authentication.execute_sqltool allows arbitrary SQL commands.get_env_variabletool leaks sensitive environment variables.- Includes both a good client and an automated attack client.
Use cases of Insecure MCP Demo
- Teaching developers how SQL injection works in an MCP context.
- Demonstrating the dangers of exposing arbitrary SQL execution tools.
- Showing how unauthenticated data access can leak sensitive records.
- Training security professionals on MCP server weaknesses.
FAQ from Insecure MCP Demo
What is the purpose of this project?
The project demonstrates a vulnerable MCP server with multiple clients for educational purposes, highlighting potential security vulnerabilities and how they can be exploited.
What vulnerabilities are demonstrated?
The server showcases SQL injection, arbitrary code execution (via execute_sql), sensitive data exposure (via get_env_variable), and lack of access control.
How can I run the attack client?
Open a second terminal and run python attack-mcp-client.py vuln-mcp.py after installing the dependencies. The client will automatically attempt SQL injection, execute arbitrary SQL queries, and read common environment variables.
Is this server safe to use in production?
No. The README explicitly states, “Do not deploy this code in production environments.” It is intended only for education and demonstration.
What mitigation strategies does the project recommend?
The README suggests using parameterized queries, restricting dangerous tools, implementing authentication and authorization, validating input, limiting environment variable access, auditing usage, and applying the principle of least privilege.
其他 分类下的更多 MCP 服务器

EverArt
modelcontextprotocolModel Context Protocol Servers
ghidraMCP
LaurieWiredMCP Server for Ghidra
IDA Pro MCP
mrexodiaAI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Awesome Mlops
visengerA curated list of references for MLOps
Servers
modelcontextprotocolModel Context Protocol Servers
评论