Skip to main content
Glama
Sign In

Damn Vulnerable MCP Server Demo

by pfelilpe
GitHub
Python
MIT License
RedditDiscord
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Damn Vulnerable MCP Server Demo

A simplier implementation of a Damn Vulnerable MCP Server that adds to or more numbers

Overview

The MCP Server Demo is a demonstration of excessive agency that could lead to Remote Code Execution (RCE) if the MCP were running on an external server. 🛡️

Features

  • 🚀 Basic MCP server implementation.
  • 📂 Demonstrates server functionality with server.py.

Warning

⚠️ This project is a vulnerable MCP server designed to demonstrate how poor implementation practices can lead to security issues. It is intended for educational purposes only.

Do not use this project in production environments.

Prerequisites

  • 🐍 Python 3.10 or higher.
  • 💡 A virtual environment is recommended for managing dependencies.

Installation

  1. 📥 Clone the repository:
    git clone <repository-url> cd DVMCP
  2. 📦 Install dependencies:
    pip install -r requirements.txt

Usage

  1. ▶️ Link the MCP Server with Copilot:
    vscode://settings/mcp
  2. Add the server configuration to the settings.json file in VS Code:
    "servers": { "DVMCP": { "command": "uv", "args": [ "run", "--with", "mcp[cli]", "mcp", "run", "/Users/pfelilpe/Documents/DVMCP/server.py" ], "env": {} } }
  3. Click on Start Server.
  4. Interact with Copilot in Agent mode, for example:
    1+1 with addition
  5. Experiment with code injection to explore potential OS Injection vulnerabilities... 🕵️‍♂️
  6. You can find a safer implementation of this simpler MCP at /safe/server.py. 🔒

Adding MCP to Your Python Project

We recommend using uv to manage your Python projects. 🛠️

If you haven't created a uv-managed project yet, initialize one:

uv init mcp-server-demo cd mcp-server-demo

Then add MCP to your project dependencies:

uv add "mcp[cli]"

Alternatively, for projects using pip for dependencies:

pip install "mcp[cli]"

Running the Standalone MCP Development Tools

To run the mcp command with uv:

uv run mcp

Project Structure

  • server.py: 🖥️ Main server implementation.
  • pyproject.toml: 📜 Project configuration file.
  • README.md: 📖 Documentation for the project.
  • uv.lock: 🔒 Lock file for dependencies.
  • __pycache__/: 🗂️ Contains compiled Python files.

Contributing

🤝 Contributions are welcome! Please fork the repository and submit a pull request with your changes.

License

📄 This project is licensed under the terms of the LICENSE file in the root directory.

Created by pfelilpe

Buy Me a Coffee

If you found this project helpful or interesting, consider buying me a coffee to support my work: ☕️

This server cannot be installed

-
security - not tested
-
license - not tested
-
quality - not tested

A vulnerable MCP server implementation that demonstrates how poor coding practices can lead to security issues like Remote Code Execution, designed for educational purposes to add numbers.

  1. Overview
    1. Features
      1. Warning
        1. Prerequisites
          1. Installation
            1. Usage
              1. Adding MCP to Your Python Project
                1. Running the Standalone MCP Development Tools
                  1. Project Structure
                    1. Contributing
                      1. License
                        1. Created by pfelilpe
                          1. Buy Me a Coffee
                            ID: dnr59jaovc