EdenYavin/Garak-MCP

3.3

If you are the rightful owner of Garak-MCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

A lightweight MCP (Model Context Protocol) server for Garak LLM Vulnerability Scanner.

Tools

Resources

Prompts

MCP Server For Garak LLM Vulnerability Scanner

A lightweight MCP (Model Context Protocol) server for Garak.

Example:

https://github.com/user-attachments/assets/f6095d26-2b79-4ef7-a889-fd6be27bbbda

Tools Provided

Overview

Name	Description
list_model_types	List all available model types (ollama, openai, huggingface, ggml)
list_models	List all available models for a given model type
list_garak_probes	List all available Garak attacks/probes
get_report	Get the report of the last run
run_attack	Run an attack with a given model and probe

Detailed Description

list_model_types
- List all available model types that can be used for attacks
- Returns a list of supported model types (ollama, openai, huggingface, ggml)
list_models
- List all available models for a given model type
- Input parameters:
  - model_type (string, required): The type of model to list (ollama, openai, huggingface, ggml)
- Returns a list of available models for the specified type
list_garak_probes
- List all available Garak attacks/probes
- Returns a list of available probes/attacks that can be run
get_report
- Get the report of the last run
- Returns the path to the report file
run_attack
- Run an attack with the given model and probe
- Input parameters:
  - model_type (string, required): The type of model to use
  - model_name (string, required): The name of the model to use
  - probe_name (string, required): The name of the attack/probe to use
- Returns a list of vulnerabilities found

Prerequisites

Python 3.11 or higher: This project requires Python 3.11 or newer.
```
# Check your Python version
python --version
```
Install uv: A fast Python package installer and resolver.
```
pip install uv
```
Or use Homebrew:
```
brew install uv
```
Optional: Ollama: If you want to run attacks on ollama models be sure that the ollama server is running.

ollama serve

Installation

Clone this repository:

git clone https://github.com/BIGdeadLock/Garak-MCP.git

Configure your MCP Host (Claude Desktop ,Cursor, etc):

{
  "mcpServers": {
    "garak-mcp": {
      "command": "uv",
      "args": ["--directory", "path-to/Garak-MCP", "run", "garak-server"],
      "env": {}
    }
  }
}

Tested on:

Cursor
Claude Desktop

Running Vulnerability Scans

You can run Garak vulnerability scans directly using the included CLI tool.

Prerequisites for Scanning

Ollama must be running:
```
ollama serve
```
Pull a model to scan:
```
ollama pull llama2
```

Using the CLI Scanner

After installation, you can use the garak-scan command:

# List available Ollama models
uv run garak-scan --list-models

# Scan a specific model with all probes
uv run garak-scan --model llama2

# Scan with specific probes
uv run garak-scan --model llama2 --probes encoding

# Scan with custom output directory
uv run garak-scan --model llama2 --output-dir ./my_scans

# Run multiple parallel attempts
uv run garak-scan --model llama2 --parallel-attempts 4

Scan Results

Scan results are saved in the output/ directory (or your specified directory) as JSONL files. Each scan creates a timestamped report file:

output/scan_llama2_20250125_143022.report.jsonl

GitHub Actions Integration

This repository includes a GitHub Actions workflow that automatically runs vulnerability scans:

Triggers: Push to main/master, pull requests, weekly schedule (Mondays at 2am UTC)
Manual runs: Go to Actions → Garak LLM Vulnerability Scan → Run workflow
Custom options: Specify model and probes when running manually
Results: Scan results are uploaded as workflow artifacts

To enable automated scanning:

Ensure the workflow file exists at .github/workflows/garak-scan.yml
Push to your repository
Check the Actions tab to view scan results

Future Steps

Add support for Smithery AI: Docker and config
Improve Reporting
Test and validate OpenAI models (GPT-3.5, GPT-4)
Test and validate HuggingFace models
Test and validate local GGML models

Related MCP Servers

View all security servers →

apktool-mcp-server

4.4

by zinja-coder

apktool-mcp-server is a fully automated MCP server built on top of apktool to analyze Android APKs using LLMs like Claude, providing live reverse engineering support.

security

better-auth-mcp-server

4.2

by nahmanmate

MCP Server for Authentication Management

security

gateway

4.0

by centralmind

CentralMind Gateway is a tool designed to expose databases to AI agents via MCP or OpenAPI protocols, providing secure, LLM-optimized APIs.

databases

enrichmcp

3.7

by featureform

MCPEngine is a production-grade, HTTP-first implementation of the Model Context Protocol (MCP), providing a secure, scalable, and modern framework for exposing data, tools, and prompts to Large Language Models (LLMs) via MCP.

developer_tools

win-cli-mcp-server

3.7

by simon-ami

The Windows CLI MCP Server is a deprecated project designed for secure command-line interactions on Windows systems, providing controlled access to various shells and remote systems via SSH.

os_automation

MetasploitMCP

3.6

by GH05TCREW

This MCP server provides a bridge between large language models like Claude and the Metasploit Framework penetration testing platform.

security

code-sandbox-mcp

3.6

by Automata-Labs-team

A secure sandbox environment for executing code within Docker containers. This MCP server provides AI applications with a safe and isolated environment for running code while maintaining security through containerization.

security

mcp-maigret

3.6

by BurtTheCoder

Maigret MCP Server is a Model Context Protocol server for Maigret, an OSINT tool that collects user account information from various public sources.

security

jadx-mcp-server

3.6

by zinja-coder

JADX-MCP-SERVER is a fully automated MCP server designed to work with the JADX-AI-MCP Plugin for analyzing Android APKs using LLMs like Claude.

ai_chatbot

mcp-server-wazuh

3.6

by gbrigandi

A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).

security

BloodHound-MCP

3.6

by stevenyu113228

BloodHound MCP is an extension of the BloodHound tool that enables LLMs to interact with and analyze Active Directory environments using natural language queries.

security

mcp-shodan

3.6

by BurtTheCoder

A Model Context Protocol (MCP) server for querying the Shodan API and Shodan CVEDB, providing access to network intelligence and security services.

security

mcp-virustotal

3.6

by BurtTheCoder

The VirusTotal MCP Server is a Model Context Protocol server designed for querying the VirusTotal API, providing comprehensive security analysis tools with automatic relationship data fetching.

security

mcp-openapi-proxy

3.6

by matthewhand

mcp-openapi-proxy is a Python package that implements a Model Context Protocol (MCP) server, designed to dynamically expose REST APIs—defined by OpenAPI specifications—as MCP tools.

developer_tools

MCP2Lambda

3.5

by danilop

MCP2Lambda allows LLMs to interact with AWS Lambda functions as tools, enabling access to real-time and private data, execution of custom code, and interaction with external services.

cloud_platforms

risken-mcp-server

3.5

by ca-risken

The RISKEN MCP Server is a Model Context Protocol server that integrates with RISKEN APIs for advanced automation and interaction.

ai_chatbot

steampipe-mcp

3.5

by turbot

Steampipe Model Context Protocol (MCP) Server connects AI assistants to cloud infrastructure data for natural language exploration and analysis.

cloud_platforms

VibeShift

3.5

by GroundNG

VibeShift is an intelligent security agent designed to integrate seamlessly with AI coding assistants, acting as an automated security engineer to analyze code, identify vulnerabilities, and facilitate AI-driven remediation.

security

web3-mcp

3.5

by strangelove-ventures

A Model-Context-Protocol server for interacting with multiple blockchains including Solana, Ethereum, THORChain, XRP Ledger, TON, Cardano, and UTXO chains.

finance

codacy-mcp-server

3.5

by codacy

MCP Server for the Codacy API, enabling access to repositories, files, quality, coverage, security and more.

security

TriageMCP

3.5

by eversinc33

TriageMCP is an MCP server designed to enable a Language Model (LLM) to perform basic static triage of Portable Executable (PE) files.

security

mythic_mcp

3.5

by xpn

Mythic MCP is a model context protocol server designed to facilitate automated penetration testing using LLMs.

security

binja-lattice-mcp

3.5

by Invoke-RE

BinjaLattice is a secure communication protocol for Binary Ninja that enables interaction with external Model Context Protocol (MCP) servers and tools.

developer_tools

MistTrackMCP

3.5

by slowmist

MistTrack MCP Server allows Claude AI to connect to the MistTrack blockchain analysis API for blockchain asset tracking, risk assessment, and transaction analysis.

research_and_data

nutrient-dws-mcp-server

3.5

by PSPDFKit

A Model Context Protocol (MCP) server implementation that integrates with the Nutrient Document Web Service (DWS) Processor API, providing powerful PDF processing capabilities for AI assistants.

developer_tools

shodan-mcp-server

3.5

by Cyreslab-AI

A Model Context Protocol (MCP) server that provides access to Shodan API functionality and CVE database, allowing AI assistants to query information about internet-connected devices, services, and vulnerabilities.

research_and_data

mcp-dnstwist

3.5

by BurtTheCoder

DNStwist MCP Server is a Model Context Protocol server for the DNStwist tool, designed to detect typosquatting and phishing domains.

security