README.mdā¢3.08 kB
# Damn Vulnerable MCP Server Demo
A simplier implementation of a Damn Vulnerable MCP Server that adds two or more numbers
## Overview
The MCP Server Demo is a demonstration of excessive agency that could lead to Remote Code Execution (RCE) if the MCP were running on an external server. š”ļø
## Features
- š Basic MCP server implementation.
- š Demonstrates server functionality with `server.py`.
## Warning
ā ļø This project is a **vulnerable MCP server** designed to demonstrate how poor implementation practices can lead to security issues. It is intended for educational purposes only.
ā **Do not use this project in production environments.**
## Prerequisites
- š Python 3.10 or higher.
- š” A virtual environment is recommended for managing dependencies.
## Installation
1. š„ Clone the repository:
```bash
git clone <repository-url>
cd DVMCP
```
2. š¦ Install dependencies:
```bash
pip install -r requirements.txt
```
## Usage
1. ā¶ļø Link the MCP Server with Copilot:
```bash
vscode://settings/mcp
```
2. Add the server configuration to the `settings.json` file in VS Code:
```json
"servers": {
"DVMCP": {
"command": "uv",
"args": [
"run",
"--with",
"mcp[cli]",
"mcp",
"run",
"/Users/pfelilpe/Documents/DVMCP/server.py"
],
"env": {}
}
}
```
3. Click on **Start Server**.
4. Interact with Copilot in Agent mode, for example:
```
1+1 with addition
```
5. Experiment with code injection to explore potential OS Injection vulnerabilities... šµļøāāļø
6. You can find a safer implementation of this simpler MCP at `/safe/server.py`. š
## Adding MCP to Your Python Project
We recommend using `uv` to manage your Python projects. š ļø
If you haven't created a `uv`-managed project yet, initialize one:
```bash
uv init mcp-server-demo
cd mcp-server-demo
```
Then add MCP to your project dependencies:
```bash
uv add "mcp[cli]"
```
Alternatively, for projects using `pip` for dependencies:
```bash
pip install "mcp[cli]"
```
## Running the Standalone MCP Development Tools
To run the `mcp` command with `uv`:
```bash
uv run mcp
```
## Project Structure
- `server.py`: š„ļø Main server implementation.
- `pyproject.toml`: š Project configuration file.
- `README.md`: š Documentation for the project.
- `uv.lock`: š Lock file for dependencies.
- `__pycache__/`: šļø Contains compiled Python files.
## Contributing
š¤ Contributions are welcome! Please fork the repository and submit a pull request with your changes.
## License
š This project is licensed under the terms of the LICENSE file in the root directory.
## Created by pfelilpe
## Buy Me a Coffee
If you found this project helpful or interesting, consider buying me a coffee to support my work: āļø
[](https://www.buymeacoffee.com/pfelilpe)