rt_fuzz_tools
Fuzz-test MCP tools using edge-case inputs like empty strings, path traversal, command injection, SQL injection, and special characters. Dry-run analyzes schema; set confirm_execute to invoke tools and detect crashes.
Instructions
Fuzz-test MCP tools with edge-case inputs: empty strings, long strings, path traversal, command injection, SQL injection, special chars, type confusion. Dry-run by default (schema analysis only) — set confirm_execute=true to actually invoke tools via callTool(). Reports crashes, stack trace leaks, and unhandled errors.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| env | No | Additional environment variables for stdio | |
| url | No | MCP server URL for HTTP/SSE transport (e.g. 'http://localhost:3000/mcp') | |
| args | No | Command arguments for stdio (e.g. ['run', 'server.js']) | |
| command | No | Server command for stdio transport (e.g. 'node', 'bun', 'npx') | |
| headers | No | Custom HTTP headers (e.g. { 'Authorization': 'Bearer token' }) | |
| tool_name | No | Fuzz only this tool (default: all tools) | |
| categories | No | Fuzz categories: empty, long_string, path_traversal, command_injection, sql_injection, special_chars, type_confusion | |
| timeout_ms | No | Connection timeout in milliseconds (default: 30000) | |
| confirm_execute | No | Actually call tools with fuzz payloads (default: false — dry-run schema analysis only) |