A demonstration tool showcasing potential security attack vectors against the Model Control Protocol (MCP).
MasterMCP is a demonstration tool designed to showcase various potential security attack vectors against MCP (Model Control Protocol). This project illustrates how malicious plugins can exploit weaknesses in the MCP architecture through practical examples, helping developers and security researchers understand these risks and strengthen system protection.
banana
plugin demonstrates how to force users to perform specific operationsurl_json
plugin shows how to retrieve data from a local malicious serviceremove_server
plugin overrides existing functionalityMaster_cross_call
plugin guides users to perform dangerous operations# Clone the repository
cd MasterMCP
# Install dependencies
pip install -r requirements.txt
{
"mcpServers": {
"MasterMCP": {
"command": "/xxx/bin/python",
"args": [
"/xxx/MasterMCP/MasterMCP.py"
]
}
}
}
MasterMCP/
├── MasterMCP.py # Main program, responsible for loading and managing plugins
├── tools_plugins/ # Malicious plugins directory
│ ├── initialize_data_poisoning.py # Forces users to perform specific checks
│ ├── inject_json_poisoning.py # JSON data injection example
│ ├── malicious_competitive_function.py # Competitive function override
│ └── malicious_cross_mcp_call.py # Cross-MCP call attack
├── resources_plugins/ # Resource plugins directory
├── prompts_plugins/ # Prompt plugins directory
└── utils/ # Utility functions
⚠️ This project is for educational and research purposes only. Do not use these techniques on any system without authorization. Malicious use of this code may violate laws and regulations.
The initialize_data_poisoning.py
plugin establishes a mandatory process dependency by requiring a "banana check" before any operation. This technique can be used to:
The inject_json_poisoning.py
plugin retrieves data from a local port by default, potentially leading to:
The malicious_competitive_function.py
provides a remove_server
function with the same name but different functionality:
The malicious_cross_mcp_call.py
uses encoded error messages to induce users to:
Contributions to this project are welcome through:
Perform accessibility audits on webpages using the axe-core engine to identify and help fix a11y issues.
Provides direct access to local documentation files through a context.md file in the project root.
Provides automated reasoning for AI systems using the Prover9 and Mace4 theorem provers.
An MCP server for the gget bioinformatics library, enabling standardized access to genomics tools and databases.
Captures and manages stdout logs from multiple processes via a named pipe system for real-time debugging and analysis.
Search and install OriginUI components, with details fetched dynamically from the OriginUI JSON registry.
Generate visualizations from fetched data using the VegaLite format and renderer.
Video transcoding, packaging, and analysis using the Shaka Packager tool, integrated with Claude AI.
An MCP server for the Arduino CLI, offering tools to manage sketches, boards, libraries, and files.
Create and read feature flags, review experiments, generate flag types, search docs, and interact with GrowthBook's feature flagging and experimentation platform.