mcp-trust-demo
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-trust-demoscan this repository for vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Vulnerable MCP Server — a live demo for MCP Trust
⚠️ This repository is intentionally vulnerable
It contains a deliberately insecure MCP server that exists only as a live demo target for the MCP Trust scanner. Do not install, run, import, or copy this code. There is no real functionality here — every risky pattern is on purpose. The exfiltration URL (
attacker.example) is a reserved, non-routable domain; there are no real secrets.
Related MCP server: Insecure MCP Demo
What this repo demonstrates
That wiring MCP Trust into a repo's CI takes one line, and that it catches real issues in an MCP server before an agent ever connects to it:
# .github/workflows/mcp-trust.yml
- uses: actions/checkout@v4
- uses: SteveMonsway/mcp-trust@v1
with:
fail-on: high
upload-sarif: true # → GitHub Security / Code Scanning alerts
comment-pr: true # → summary comment on pull requestsThat's the entire integration. Full inputs/outputs: the MCP Trust GitHub Action.
What MCP Trust flags here
Scanning server.js + package.json produces
Decision: BLOCK on the following evidence:
Rule | Severity | What |
| critical |
|
| high | Tool description with an instruction-override phrase ("ignore previous instructions") |
| high | Tool description with a concealment phrase ("do not tell the user") |
| medium | Arbitrary filesystem read at a caller-supplied path |
| medium |
|
| low | Secret-like environment variable access ( |
| low | No linked source repository |
See it live
Actions → latest MCP Trust run
Security → Code Scanning → the SARIF alerts uploaded by the scan
Pull Requests → the open demo PR shows the MCP Trust comment and a red ✗ check — that's the scanner gating a change
Why is the check red on PRs but green on main?
The target is vulnerable, so the scan is always BLOCK. On a pull request the job
fails on purpose (fail-on: high) — that's MCP Trust blocking the merge, exactly what
you want in review. On push to main the step is set to continue-on-error, so the
branch badge stays green while the SARIF alerts still populate the Security tab. A green
run here would mean the scanner missed the vulnerabilities.
Try it against your own MCP server
Point the scanner at any public repo, npm package, or local path:
npx @mcp-trust/cli scan github:owner/repoOr add the Action (the one-liner above) to your own repository's
.github/workflows/. More: MCP Trust
· public benchmark of 452 real MCP servers.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/SteveMonsway/mcp-trust-demo'
If you have feedback or need assistance with the MCP directory API, please join our Discord server