vulnerability-summary
Summarize and analyze vulnerabilities found in IMCP, a deliberately insecure MCP server, with customizable detail levels for educational and security research purposes.
Instructions
Get a comprehensive overview of all vulnerabilities demonstrated by this educational server
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| detailLevel | No | Detail level: overview, detailed, technical |
Implementation Reference
- src/vulnerable-mcp-server.js:589-589 (registration)Registration of the 'vulnerability-summary' tool with empty input schema.server.tool("vulnerability-summary", "Get a summary of all vulnerabilities demonstrated by this server", {}, function () { return __awaiter(void 0, void 0, void 0, function () {
- src/vulnerable-mcp-server.js:589-617 (handler)The async handler function that lists all 14 vulnerabilities demonstrated by this educational MCP server.server.tool("vulnerability-summary", "Get a summary of all vulnerabilities demonstrated by this server", {}, function () { return __awaiter(void 0, void 0, void 0, function () { var vulnerabilities; return __generator(this, function (_a) { vulnerabilities = [ "1. Direct Prompt Injection - User inputs override system instructions", "2. Jailbreak Prompt Injection - Advanced techniques to break constraints", "3. Tool Poisoning - Hidden malicious instructions in tool descriptions", "4. Tool Response Injection - Malicious hidden instructions in responses", "5. Rug Pull Attack - Tools change behavior after approval", "6. Context Leakage - Sensitive data exposed across sessions", "7. Instruction Override - Attempts to bypass security protocols", "8. Boundary Confusion - Exploiting unclear context boundaries", "9. Metadata Manipulation - Privilege escalation via metadata", "10. Tool Shadowing - Impersonating legitimate tools", "11. Server Name Collision - Deceptive naming to trick users", "12. Configuration Drift - Insecure configuration changes", "13. Session ID Exposure - Session identifiers leaked", "14. Consent Fatigue - Overwhelming users with permission requests" ]; return [2 /*return*/, { content: [ { type: "text", text: "\uD83D\uDCDA EDUCATIONAL MCP VULNERABILITY SUMMARY\n\nThis server demonstrates 14 different MCP security vulnerabilities:\n\n".concat(vulnerabilities.join('\n'), "\n\n\u26A0\uFE0F WARNING: This is for educational purposes only!\n\nEach tool in this server contains intentional vulnerabilities to help understand:\n- How attacks work\n- What to look for\n- How to prevent them\n- Impact of each vulnerability\n\nUse the individual tools to see each vulnerability in action.\n\n\uD83D\uDD0D To explore:\n- Try different inputs to trigger vulnerabilities\n- Notice how malicious behavior is hidden\n- Observe how user trust is exploited\n- See how sensitive data gets exposed\n\nRemember: NEVER use this server in production!") } ] }]; }); }); });