Damn Vulnerable MCP Server Demo
Enables support for the creator through Buy Me a Coffee, allowing users to financially contribute to the project developer (pfelilpe) via a direct link in the documentation.
Integrates with Python for running the MCP server, which provides a mathematical addition service that can add two or more numbers when queried through Copilot.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Damn Vulnerable MCP Server Demoadd 5 and 7"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Damn Vulnerable MCP Server Demo
A simplier implementation of a Damn Vulnerable MCP Server that adds two or more numbers
Overview
The MCP Server Demo is a demonstration of excessive agency that could lead to Remote Code Execution (RCE) if the MCP were running on an external server. 🛡️
Related MCP server: Vulnerable MCP Server
Features
🚀 Basic MCP server implementation.
📂 Demonstrates server functionality with
server.py.
Warning
⚠️ This project is a vulnerable MCP server designed to demonstrate how poor implementation practices can lead to security issues. It is intended for educational purposes only.
❌ Do not use this project in production environments.
Prerequisites
🐍 Python 3.10 or higher.
💡 A virtual environment is recommended for managing dependencies.
Installation
📥 Clone the repository:
git clone <repository-url> cd DVMCP📦 Install dependencies:
pip install -r requirements.txt
Usage
▶️ Link the MCP Server with Copilot:
vscode://settings/mcpAdd the server configuration to the
settings.jsonfile in VS Code:"servers": { "DVMCP": { "command": "uv", "args": [ "run", "--with", "mcp[cli]", "mcp", "run", "/Users/pfelilpe/Documents/DVMCP/server.py" ], "env": {} } }Click on Start Server.
Interact with Copilot in Agent mode, for example:
1+1 with additionExperiment with code injection to explore potential OS Injection vulnerabilities... 🕵️♂️
You can find a safer implementation of this simpler MCP at
/safe/server.py. 🔒
Adding MCP to Your Python Project
We recommend using uv to manage your Python projects. 🛠️
If you haven't created a uv-managed project yet, initialize one:
uv init mcp-server-demo
cd mcp-server-demoThen add MCP to your project dependencies:
uv add "mcp[cli]"Alternatively, for projects using pip for dependencies:
pip install "mcp[cli]"Running the Standalone MCP Development Tools
To run the mcp command with uv:
uv run mcpProject Structure
server.py: 🖥️ Main server implementation.pyproject.toml: 📜 Project configuration file.README.md: 📖 Documentation for the project.uv.lock: 🔒 Lock file for dependencies.__pycache__/: 🗂️ Contains compiled Python files.
Contributing
🤝 Contributions are welcome! Please fork the repository and submit a pull request with your changes.
License
📄 This project is licensed under the terms of the LICENSE file in the root directory.
Created by pfelilpe
Buy Me a Coffee
If you found this project helpful or interesting, consider buying me a coffee to support my work: ☕️
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Tools
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/pfelilpe/DVMCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server