Rating
Votes
0
score
Downloads
0
total
Price
Free
Access token required
Works With
About
Damn Vulnerable Model Context Protocol (DVMCP)
A deliberately vulnerable implementation of the Model Context Protocol (MCP) for educational purposes.
Overview
The Damn Vulnerable Model Context Protocol (DVMCP) is an educational project designed to demonstrate security vulnerabilities in MCP implementations. It contains 10 challenges of increasing difficulty that showcase different types of vulnerabilities and attack vectors.
This project is intended for security researchers, developers, and AI safety professionals to learn about potential security issues in MCP implementations and how to mitigate them.
What is MCP?
The Model Context Protocol (MCP) is a standardized protocol that allows applications to provide context for Large Language Models (LLMs) in a structured way. It separates the concerns of providing context from the actual LLM interaction, enabling applications to expose resources, tools, and prompts to LLMs.
Recommended MCP Clients
CLINE - VSCode Extension Refer to this Connecting to a Remote Server - Cline for connecting Cline with MCP server
Quick Start
Once you have cloned the repository, run the following commands:
docker build -t dvmcp .
docker run -p 9001-9010:9001-9010 dvmcpDisclaimer
It's not stable in a Windows environment. If you don't want to use Docker then please use Linux environment. I recommend Docker to run the LAB and I am 100% percent sure it works well in the Docker environment
Security Risks
While MCP provides many benefits, it also introduces new security considerations. This project demonstrates various vulnerabilities that can occur in MCP implementations, including:
- 1.Prompt Injection: Manipulating LLM behavior through malicious inputs
- 2.Tool Poisoning: Hiding malicious instructions in tool descriptions
- 3.Excessive Permissions: Exploiting overly permissive tool access
- 4.Rug Pull Attacks: Exploiting tool definition mutations
- 5.Tool Shadowing: Overriding legitimate tools with malicious ones
- 6.Indirect Prompt Injection: Injecting instructions through data sources
- 7.Token Theft: Exploiting insecure token storage
- 8.Malicious Code Execution: Executing arbitrary code through vulnerable tools
- 9.Remote Access Control: Gaining unauthorized system access
- 10.Multi-Vector Attacks: Combining multiple vulnerabilities
Project Structure
Don't lose this
Three weeks from now, you'll want Damn Vulnerable MCP Server again. Will you remember where to find it?
Save it to your library and the next time you need Damn Vulnerable MCP Server, it’s one tap away — from any AI app you use. Group it into a bench with the rest of the team for that kind of task and you can pull the whole stack at once.
⚡ Pro tip for geeks: add a-gnt 🤵🏻♂️ as a custom connector in Claude or a custom GPT in ChatGPT — one click and your library is right there in the chat. Or, if you’re in an editor, install the a-gnt MCP server and say “use my [bench name]” in Claude Code, Cursor, VS Code, or Windsurf.
a-gnt's Take
Our honest review
This plugs directly into your AI and gives it new abilities it didn't have before. Damn Vulnerable MCP Server. Once connected, just ask your AI to use it. It's completely free and works across most major AI apps. This one just landed in the catalog — worth trying while it's fresh.
Tips for getting started
Tap "Get" above, pick your AI app, and follow the steps. Most installs take under 30 seconds.
What's New
Imported from GitHub
Ratings & Reviews
0.0
out of 5
0 ratings
No reviews yet. Be the first to share your experience.