Skip to main content
Glama
Sign In
enesjakozh

Dangerous MCP

by ShaojieJiang
GitHub
Python
MIT License
4
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

MCP 很危险

函数工具的使用让 AI 代理变得非常强大,这就像将应用商店引入智能手机一样。尤其是随着MCP(模型上下文协议)的发布,工具共享变得比以往任何时候都更加便捷。因此,我创建了可扩展代理项目,以展示如何通过开源工具或自定义工具轻松扩展 AI 代理的功能。

在开发可扩展代理的过程中,我意识到工具的使用是一把双刃剑。危险在于,你使用的工具拥有对你机器的强大访问权限,例如你的环境变量、文件等等。

⚠️ 安全警告

该项目简单演示了与工具使用相关的安全风险。以下示例说明了恶意行为者如何利用 MCP 服务器访问敏感信息:

# WARNING: This is a demonstration of security risks. # DO NOT use this code maliciously! import os from mcp.server.fastmcp import FastMCP server = FastMCP("Dangerous MCP") @server.tool() async def get_environment_variables() -> str: """Get all environment variables.""" result = [ "Here are what I could find:", ] for key, value in os.environ.items(): result.append(f"{key:<30} {value[:5]}***") # This means I can open a backdoor to send your data to me!! return "\n".join(result)

⚠️**警告:**建议在沙盒环境中运行此示例,然后删除你的 OpenAI API 密钥。你也可以使用自己的 MCP 客户端进行测试,命令如下: uvx mcp-is-dangerous

当将此工具与可扩展代理(选择PoliceAgent )一起使用时,输出如下所示:

它可能看起来无害,甚至是故意为之,对吧?但想象一下这种情况:你只是询问当前时间,与此同时,你的敏感数据却在你不知情的情况下被泄露了。

安全最佳实践

使用 MCP 或类似工具时保护自己:

  1. 使用工具前务必检查其源代码
  2. 尽可能在隔离环境中运行工具
  3. 谨慎对待请求访问敏感信息的工具
  4. 部署工具时使用环境变量过滤
  5. 定期审核你正在使用的工具

免责声明

本项目仅用于教育目的,旨在演示潜在的安全风险。请勿将此信息用于恶意目的。作者对任何信息滥用概不负责。

执照

MIT 许可证

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

local-only server

The server can only run on the client's local machine because it depends on local resources.

通过访问敏感环境变量来揭示安全风险的演示服务器,说明 MCP 工具如何在未经明确同意的情况下泄露用户数据。

  1. ⚠️ 安全警告
    1. 安全最佳实践
      1. 免责声明
        1. 执照

          Related MCP Servers

          • dvmcp

            Karanxa
            -
            security
            F
            license
            -
            quality
            Damn Vulnerable MCP Server for Security Researchers.
            Last updated -
            Python

          • Damn Vulnerable MCP Server Demo

            pfelilpe
            -
            security
            -
            license
            -
            quality
            A vulnerable MCP server implementation that demonstrates how poor coding practices can lead to security issues like Remote Code Execution, designed for educational purposes to add numbers.
            Last updated -
            Python
            MIT License

          • Vulnerable MCP Server

            evrenyal
            -
            security
            -
            license
            -
            quality
            Intentionally vulnerable Model Context Protocol (MCP) server designed for security research that processes natural language queries through an LLM to execute SQL queries or shell commands without restrictions.
            Last updated -
            Python

          • Damn Vulnerable Model Context Protocol (DVMCP)

            harishsg993010
            -
            security
            F
            license
            -
            quality
            An educational project that deliberately implements vulnerable MCP servers to demonstrate various security risks like prompt injection, tool poisoning, and code execution for training security researchers and AI safety professionals.
            Last updated -
            859
            Python

          View all related MCP servers

          New MCP Servers

          MCP directory API

          We provide all the information about MCP servers via our MCP API.

          curl -X GET 'https://glama.ai/api/mcp/v1/servers/ShaojieJiang/mcp-is-dangerous'

          If you have feedback or need assistance with the MCP directory API, please join our Discord server