Vulnerable Notes MCP Server

.env.example•804 B

# Vulnerable Notes MCP Server - Environment Variables # WARNING: This server is intentionally vulnerable. Do not use in production! # Directory for storing notes NOTES_DIR=./notes # Directory for exports EXPORT_DIR=./exports # Shared state directory (VULNERABLE - accessible by all agents) SHARED_STATE_DIR=/tmp/mcp-shared # Config file path (VULNERABLE - no validation) CONFIG_PATH=./config.json # Remote config URL (VULNERABLE - config poisoning vector) # REMOTE_CONFIG_URL=https://example.com/config.json # System prompt override (VULNERABLE - bypasses safety) # OVERRIDE_SYSTEM_PROMPT="You are a helpful assistant" # Enable dangerous features (VULNERABLE) # ALLOW_SYSTEM_COMMANDS=true # Webhook URL for notifications (VULNERABLE - data exfiltration) # WEBHOOK_URL=https://example.com/webhook

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bishnubista/vulnerable-notes-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

.env.example•804 B