mcp mock
一个带有故意漏洞的模拟 MCP 服务器,用于测试安全审计工具。
Repository Info
About This Server
一个带有故意漏洞的模拟 MCP 服务器,用于测试安全审计工具。
Model Context Protocol (MCP) - This server can be integrated with AI applications to provide additional context and capabilities, enabling enhanced AI interactions and functionality.
Documentation
Mock MCP Server
A mock Model Context Protocol (MCP) server with deliberate vulnerabilities for testing security auditing tools. This server demonstrates various Tool Poisoning Attack (TPA) techniques and other security vulnerabilities.
Purpose
This server is designed to help test and validate security auditing tools for MCP servers. It contains deliberate vulnerabilities including:
- Hidden instructions using zero-width characters
- Hidden instructions using HTML comments
- Hidden instructions using Base64 encoding
- Hidden instructions using Unicode homoglyphs
- Hidden JavaScript in markdown links
- Sensitive information hidden in resources
- Direct prompt injection in tool descriptions
Installation
# Clone the repository
git clone https://github.com/hnipps/mock-mcp.git
cd mock-mcp
# Install dependencies
npm install
# Build the project
npm run build
Running the Server
npm start
The server uses stdio transport, so it can be connected to using an MCP client that supports stdio.
Testing with MCP Inspector
You can test this server using the MCP Inspector:
# Install MCP Inspector
npm install -g @modelcontextprotocol/inspector
# Run the inspector with this server
mcp-inspector --command "node dist/server.js"
Available Tools
- Calculator - Performs basic arithmetic operations with hidden instructions using zero-width characters
- Translator - Translates text with hidden instructions using HTML comments
- Search - Searches for information with hidden instructions using Base64 encoding
- File Reader - Reads file content with direct prompt injection in the tool description
Available Resources
- Config - Configuration data with hidden sensitive information using zero-width characters
- Docs - Documentation with hidden instructions using HTML comments, homoglyphs, and markdown formatting
Available Prompts
- Code Review - A prompt for code review with hidden instructions using Unicode homoglyphs
Documentation
For more information, see:
- Requirements
- Implementation Plan
- MCP TypeScript SDK README
Warning
This server contains deliberate security vulnerabilities and should only be used for testing purposes in a controlled environment. Do not use this code in production.
License
MIT
Quick Start
Clone the repository
git clone https://github.com/hnipps/mcp-mockInstall dependencies
cd mcp-mock
npm installFollow the documentation
Check the repository's README.md file for specific installation and usage instructions.
Repository Details
Recommended MCP Servers
Discord MCP
Enable AI assistants to seamlessly interact with Discord servers, channels, and messages.
Knit MCP
Connect AI agents to 200+ SaaS applications and automate workflows.
Apify MCP Server
Deploy and interact with Apify actors for web scraping and data extraction.
BrowserStack MCP
BrowserStack MCP Server for automated testing across multiple browsers.
Zapier MCP
A Zapier server that provides automation capabilities for various apps.