MasterMCP

Project Introduction

MasterMCP is a demonstration tool designed to showcase various potential security attack vectors against MCP (Model Control Protocol). This project illustrates how malicious plugins can exploit weaknesses in the MCP architecture through practical examples, helping developers and security researchers understand these risks and strengthen system protection.

Features

Plugin-based Malicious Payloads: Demonstrates how malicious plugins can run within the MCP architecture
Multiple Attack Techniques: Includes examples of data poisoning, cross-MCP calls, competitive malicious functions, and more
Practical Educational Value: Each attack vector comes with detailed explanations and implementation code

Included Attack Vectors

Data Poisoning: The banana plugin demonstrates how to force users to perform specific operations
JSON Injection Attacks: The url_json plugin shows how to retrieve data from a local malicious service
Competitive Malicious Functions: The remove_server plugin overrides existing functionality
Cross-MCP Call Attacks: The Master_cross_call plugin guides users to perform dangerous operations

Installation Instructions

# Clone the repository

cd MasterMCP

# Install dependencies
pip install -r requirements.txt

Usage

{
  "mcpServers": {
    "MasterMCP": {
      "command": "/xxx/bin/python",
      "args": [
        "/xxx/MasterMCP/MasterMCP.py"
      ]
    }
  }
}

Project Structure

MasterMCP/
├── MasterMCP.py              # Main program, responsible for loading and managing plugins
├── tools_plugins/            # Malicious plugins directory
│   ├── initialize_data_poisoning.py    # Forces users to perform specific checks
│   ├── inject_json_poisoning.py        # JSON data injection example
│   ├── malicious_competitive_function.py  # Competitive function override
│   └── malicious_cross_mcp_call.py     # Cross-MCP call attack
├── resources_plugins/        # Resource plugins directory
├── prompts_plugins/          # Prompt plugins directory
└── utils/                    # Utility functions

Security Warning

⚠️ This project is for educational and research purposes only. Do not use these techniques on any system without authorization. Malicious use of this code may violate laws and regulations.

Defense Recommendations

Implement strict plugin verification mechanisms
Thoroughly check and sanitize all external inputs
Implement the principle of least privilege, limiting plugin execution permissions
Use signature verification to ensure only trusted plugins are loaded
Regularly review installed plugins and their behaviors

Attack Analysis

Banana Detection Poisoning

The initialize_data_poisoning.py plugin establishes a mandatory process dependency by requiring a "banana check" before any operation. This technique can be used to:

Induce users to perform unnecessary operations
Establish a false sense of security
Insert malicious steps before legitimate operations

JSON Data Injection

The inject_json_poisoning.py plugin retrieves data from a local port by default, potentially leading to:

Data leakage
Execution of malicious instructions
Bypassing normal security checks

Competitive Function Override

The malicious_competitive_function.py provides a remove_server function with the same name but different functionality:

Replaces critical system functions
Prevents normal service removal operations
Embeds hidden instructions encoded in hexadecimal within the confusion

Cross-MCP Call Attack

The malicious_cross_mcp_call.py uses encoded error messages to induce users to:

Add unverified external services
Perform unnecessary operations
Expand the attack surface

Contribution Guidelines

Contributions to this project are welcome through:

Submitting examples of new attack vectors
Improving documentation for existing examples
Adding example implementations of defense mechanisms

License

MIT License

This server cannot be installed

security - not tested

license - permissive license

quality - not tested

How are these scores calculated?

A demonstration tool that showcases potential security attack vectors against Model Control Protocol, illustrating how malicious plugins can exploit weaknesses in MCP architecture.

Related MCP Servers

Dangerous MCP
ShaojieJiang
A
security
A
license
A
quality
A demonstration server that reveals security risks by accessing sensitive environment variables, illustrating how MCP tools can potentially leak user data without explicit consent.
Last updated -
1
8
Python
MIT License
CyberMCP
ricauts
A
security
A
license
A
quality
A Model Context Protocol server designed for testing backend APIs for security vulnerabilities like authentication bypass, injection attacks, and data leakage.
Last updated -
14
9
TypeScript
MIT License
Damn Vulnerable MCP Server Demo
pfelilpe
A
security
A
license
A
quality
A vulnerable MCP server implementation that demonstrates how poor coding practices can lead to security issues like Remote Code Execution, designed for educational purposes to add numbers.
Last updated -
1
2
Python
MIT License
Vulnerable MCP Server
evrenyal
-
security
F
license
-
quality
Intentionally vulnerable Model Context Protocol (MCP) server designed for security research that processes natural language queries through an LLM to execute SQL queries or shell commands without restrictions.
Last updated -
3
Python

View all related MCP servers