Damn Vulnerable MCP Server Demo

MIT License

Overview InspectNew Endpoints Schema Related Servers Reviews Score

DVMCP

server.py•1.05 kB

# server.py from mcp.server.fastmcp import FastMCP # Create an MCP server mcp = FastMCP("DVMCP Server", "1.0.0") # Add an addition tool @mcp.tool() def addition(a): """Sum tool""" return eval(a) # What if you try as input for the LLM connected to this MCPServer: # print("Not safe, but it works") # What if you try: # print(open('lol.txt','x').write()) # It works? what other inputs could be used to exploit this? ... # This is a simple example and should not be used in production due to security risks. # In a real-world scenario, you should implement proper input validation and error handling. # For example: # try: # numbers = map(float, a.split(",")) # return sum(numbers) # except ValueError: # return "Invalid input. Please provide a comma-separated list of numbers." # Add a dynamic greeting resource @mcp.resource("greeting://{name}") def get_greeting(name: str) -> str: """Get a personalized greeting""" return f"Hello, {name}!"

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/pfelilpe/DVMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server