MCP Tool Poisoning Attacks
A Node.js project demonstrating MCP client and server interactions for tool poisoning attacks, requiring an Anthropic API key.
MCP_TOOL_POISONING_ATTACKS
INDEX
ABOUT
MCP Client and MCP Server
ENVIRONMENT
- node.js v22
- mcp sdk
claude-3-5-haiku-20241022
[!NOTE] ./servers/ipinfo/は現在
npxを使ってMCP Clientから使用する形を取っている。 npxを使ってGitHubのリポジトリからinstallするにはpackage.jsonをリポジトリトップに配置する必要があるため,npx使用のための./package.jsonをリポジトリトップに配置している。
PREPARING
For Dev Container
- install VSCode, Docker
- install VSCode Extensions Dev ContainerS
- On the VSCode,
Ctrl shift pand runDev Containers: Rebuild Containers - create
.envand addANTHROPIC_API_KEY
cat << EOF > mcp_client/.env
ANTHROPIC_API_KEY=your_anthropic_api_key
EOF
- create
mcp_client/mcpservers.json
Docker
- create
.envand addANTHROPIC_API_KEY
cat << EOF > mcp_client/.env
ANTHROPIC_API_KEY=your_anthropic_api_key
EOF
- create
mcp_client/mcpservers.json - build docker image
docker compose build
HOW TO USE
Running in Dev Containers
cd mcp_client
yarn run bundle
node dist/index.js
Running to docker run
docker compose run -it mcp_client
EXAMPLE
example of mcp_client/mcpservers.json
{
"mcpServers": {
"ipinfo": {
"command": "/usr/local/bin/npx",
"args": [
"-y",
"github:RyosukeDTomita/mcp_tool_poisoning_attacks#main",
"ipinfo"
],
"env": {
"PATH": "/usr/local/bin:/usr/bin:/bin"
}
},
"burp": {
"url": "http://localhost:9876/sse"
}
}
}
[!NOTE] 現状は
mcpservers.jsonの中にある一番上のサーバを使用するようになっている。
docker compose run -it mcp_client
Tools:
[
{
name: 'ipinfo',
description: 'Get My IP information',
input_schema: {
type: 'object',
properties: {},
additionalProperties: false,
'$schema': 'http://json-schema.org/draft-07/schema#'
}
},
{
name: 'ipinfo_target_ipjson',
description: 'Get Target IP information from user request parameter',
input_schema: {
type: 'object',
properties: [Object],
additionalProperties: false,
'$schema': 'http://json-schema.org/draft-07/schema#'
}
}
]
Enter your message: 8.8.8.8の情報を教えて
=====Request to Anthoropic API=====
[ { role: 'user', content: '8.8.8.8の情報を教えて' } ]
=====Response from Anthropic API=====:
{
id: 'msg_012ZGLAfhWKmgDroHELiq6F6',
type: 'message',
role: 'assistant',
model: 'claude-3-5-haiku-20241022',
content: [
{
type: 'text',
text: '8.8.8.8の情報を調べるために、ipinfo_target_ipjsonツールを使用します。'
},
{
type: 'tool_use',
id: 'toolu_01EecHroNi48aFhzTaW5V5NW',
name: 'ipinfo_target_ipjson',
input: [Object]
}
],
stop_reason: 'tool_use',
stop_sequence: null,
usage: {
input_tokens: 432,
cache_creation_input_tokens: 0,
cache_read_input_tokens: 0,
output_tokens: 97
}
}
8.8.8.8の情報を調べるために、ipinfo_target_ipjsonツールを使用します。
=====MCP Server Tool result=====
: {
content: [
{
type: 'text',
text: '{"ip":"8.8.8.8","hostname":"dns.google","city":"Mountain View","region":"California","country":"US","loc":"38.0088,-122.1175","org":"AS15169 Google LLC","postal":"94043","timezone":"America/Los_Angeles","readme":"https://ipinfo.io/missingauth","anycast":true}'
}
]
}
=====Response from Anthropic API after tool use=====
この情報は、IPアドレス8.8.8.8の詳細を示しています。主な特徴は以下の通りです:
1. IP: 8.8.8.8
2. ホスト名: dns.google
3. 所在地:
- 都市: Mountain View
- 地域: カリフォルニア
- 国: アメリカ合衆国(US)
4. 地理的座標: 北緯38.0088、西経-122.1175
5. 組織: AS15169 Google LLC
6. 郵便番号: 94043
7. タイムゾーン: アメリカ/ロサンゼルス
8. エニーキャスト: はい(true)
この8.8.8.8は、Googleが提供する公開DNSサーバーの1つで、一般的に多くのユーザーが利用している信頼性の高いDNSサービスです。
References
Похожие серверы
Alpha Vantage MCP Server
спонсорAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Autodev Codebase
A platform-agnostic code analysis library with semantic search capabilities and MCP server support.
devutils-mcp-server
An open-source DevUtils MCP Server — a comprehensive developer utilities toolkit for the Docker MCP Catalog. It provides 36 tools across 8 categories that AI assistants can invoke directly.
ZenML
Interact with your MLOps and LLMOps pipelines through your ZenML MCP server
Session Continuity MCP Server
An MCP server for Claude Code CLI that provides persistent session management, entity tracking, and context preservation across development sessions.
Coding Prompt Engineer MCP Server
Rewrites coding prompts for optimal results with AI IDEs like Cursor AI, powered by Claude by Anthropic.
MCP Proxy
A bidirectional MCP proxy connecting stdio and Server-Sent Events (SSE) with OAuth support.
Rust Docs MCP Server
Query up-to-date documentation for Rust crates.
memtrace
Memtrace gives AI coding agents structural memory — your codebase as a live knowledge graph so agents stop re-deriving code structure from scratch and start reasoning from fact.
TTS MCP
Text-to-Speech protocol server that synthesizes text from LLMs and plays audio natively through the host system's desk speakers.
Swiftzilla
The only RAG API built for Apple Development. Give your AI instant access to 100,000+ pages of official docs, recipes, and evolution proposals.