Insecure MCP Demo
Overview
what is Insecure MCP Demo?
Insecure MCP Demo is a project that showcases a vulnerable MCP server along with multiple clients, including a proof-of-concept attack client and a good client, designed for educational purposes to highlight potential security vulnerabilities in MCP servers.
how to use Insecure MCP Demo?
To use the Insecure MCP Demo, install the required dependencies, start the vulnerable server and the good client in one terminal, and run the attack client in another terminal to demonstrate exploitation of the server's vulnerabilities.
key features of Insecure MCP Demo?
- Demonstrates SQL injection vulnerabilities.
- Shows arbitrary code execution through SQL commands.
- Exposes sensitive environment variables.
- Provides a good client for normal interactions with the server.
use cases of Insecure MCP Demo?
- Educational demonstrations of security vulnerabilities in MCP servers.
- Testing and improving security measures in software development.
- Training for security professionals on identifying and mitigating vulnerabilities.
FAQ from Insecure MCP Demo?
- Is this project safe to use in production?
No! This project is for educational and demonstration purposes only and should not be deployed in production environments.
- What programming language is used in this project?
The project is implemented in Python.
- How can I contribute to this project?
You can contribute by opening issues or suggesting improvements on the project's GitHub page.
Recommend Servers
TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.
Playwright McpPlaywright MCP server
Context7Context7 MCP Server -- Up-to-date code documentation for LLMs and AI code editors
Serper MCP ServerA Serper MCP Server
DeepChatYour AI Partner on Desktop
ChatWiseThe second fastest AI chatbot™
MCP AdvisorMCP Advisor & Installation - Use the right MCP server for your needs
EdgeOne Pages MCPAn MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.
TimeA Model Context Protocol server that provides time and timezone conversion capabilities. This server enables LLMs to get current time information and perform timezone conversions using IANA timezone names, with automatic system timezone detection.
Visual Studio Code - Open Source ("Code - OSS")Visual Studio Code
AiimagemultistyleA Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.
CursorThe AI Code Editor
Zhipu Web SearchZhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.
WindsurfThe new purpose-built IDE to harness magic
Howtocook Mcp基于Anduin2017 / HowToCook (程序员在家做饭指南)的mcp server,帮你推荐菜谱、规划膳食,解决“今天吃什么“的世纪难题;
Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"
Jina AI MCP ToolsA Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.
Baidu Map百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Tavily Mcp
MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.
Amap Maps高德地图官方 MCP Server
BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.