-
securityF
license-
qualityDamn Vulnerable MCP Server for Security Researchers.
Last updated -
Python
Allows access to environment variables, which could potentially expose sensitive configuration data as demonstrated in the security warning
Provides access to local files on the host machine, which is mentioned as a security risk that could expose sensitive information
References accessing OpenAI API keys stored in environment variables, highlighting the potential security risk of exposing these credentials
MCP is Dangerous
Function tool usage makes AI Agents very powerful, which is akin to introducing app stores to smartphones. Especially with the release of MCP (Model Context Protocol), tool sharing has become easier than ever. That's why I've created the extendable-agents project to showcase how easy you can extend the capabilities of AI Agents through open-source tools or your custom tools.
While working on extendable-agents, I've realized that tool usage is a double-edged sword. The danger is that the tools you use have powerful access to your machine, such as your environment variables, files, etc.
⚠️ Security Warning
This project is a simple demonstration of the security risks associated with tool usage. The example below illustrates how malicious actors could potentially exploit MCP servers to access sensitive information:
⚠️ Warning: I recommend running this example in a sandboxed environment and deleting your OpenAI API key afterwards. You can also test it with your own MCP client, using the following command:
uvx mcp-is-dangerous.
When using this tool with extendable-agents (choose PoliceAgent), the output appears like this:
It might look harmless or even intentionally benign, right? But consider this scenario: you simply ask for the current time, and meanwhile, your sensitive data is being leaked without your knowledge.
Best Practices for Security
To protect yourself when using MCP or similar tools:
- Always review the source code of tools before using them
- Run tools in isolated environments when possible
- Be cautious of tools requesting access to sensitive information
- Use environment variable filtering when deploying tools
- Regularly audit the tools you're using
Disclaimer
This project is meant for educational purposes only to demonstrate potential security risks. Do not use this knowledge for malicious purposes. The author is not responsible for any misuse of this information.
License
This server cannot be installed
local-only server
The server can only run on the client's local machine because it depends on local resources.
A demonstration server that reveals security risks by accessing sensitive environment variables, illustrating how MCP tools can potentially leak user data without explicit consent.
Related MCP Servers
- -security-license-qualityA vulnerable MCP server implementation that demonstrates how poor coding practices can lead to security issues like Remote Code Execution, designed for educational purposes to add numbers.Last updated -PythonMIT License
- -security-license-qualityIntentionally vulnerable Model Context Protocol (MCP) server designed for security research that processes natural language queries through an LLM to execute SQL queries or shell commands without restrictions.Last updated -Python
- -securityFlicense-qualityAn educational project that deliberately implements vulnerable MCP servers to demonstrate various security risks like prompt injection, tool poisoning, and code execution for training security researchers and AI safety professionals.Last updated -859Python