Bad

소개

bad-mcp offers a collection of 10 deliberately hostile Model Context Protocol (MCP) servers, each meticulously crafted to exploit distinct protocol features such as tool descriptions, schemas, resources, and session management. This project serves as a critical resource for security research, enabling client developers to rigorously test their AI applications' defenses against protocol-level vulnerabilities. Unlike traditional vulnerable servers, bad-mcp embodies the attacker's perspective, providing concrete, runnable examples of attacks like Full-Schema Poisoning, Advanced Tool Poisoning, and Rug-Pull attacks, all within a safe, isolated Dockerized environment.

주요 기능

• 2 GitHub stars
• 10 distinct malicious MCP servers demonstrating protocol-level attacks
• Exploits specific MCP features (e.g., input_schema, tool responses, session tools)
• Isolated Docker-compose environment for safe security research and testing
• Detailed README for each server explaining vulnerability, exploit, and mitigation
• Focus on protocol-level threats, distinct from generic application security vulnerabilities

사용 사례

• Assessing security risks in AI applications utilizing the Model Context Protocol
• Testing and validating defenses of AI clients against MCP protocol attacks
• Security research and education on protocol-level threats to AI systems