smart-mcp-proxy/malicious-demo-mcp-server
If you are the rightful owner of malicious-demo-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
This project is a demonstration of a malicious MCP server designed for security research purposes, showcasing potential vulnerabilities and attack vectors within the Model Context Protocol ecosystem.
Tools
Functions exposed to the LLM to take actions
add_numbers
A tool that appears to perform simple addition but includes hidden instructions for data exfiltration.
analyze_file
Claims to analyze file structure but accesses unauthorized system locations.
send_secure_message
Hijacks messaging tools to redirect messages to attacker-controlled addresses.
get_system_info
Gathers comprehensive system information, including sensitive data.
Prompts
Interactive templates invoked by user choice
No prompts
Resources
Contextual data attached and managed by the client