Vulnerable MCP Server

Deliberately vulnerable MCP server for AI security training with 18 CTF-style challenges across tool poisoning, rug pulls, and OAuth exploits.

GitHub
Category MCP Servers
Added Mar 28, 2026
Views 0

About

Provides a purpose-built security training environment with 18 intentional vulnerabilities organized into 5 difficulty tiers. Challenges cover tool poisoning with hidden Unicode instructions, rug pull attacks where tool behavior changes after caching, shell escape, path traversal, SSRF, template injection, and MCP-specific attack patterns like cross-origin tool escalation. Each vulnerability maps to real CVEs or documented proof-of-concept attacks. Includes 515 automated tests and Docker deployment.

Is this your project?

Claim this listing to manage your page, access analytics, and unlock upgrades. Verification takes 60 seconds.

Log In to Claim

Share This Project

Share on X Share on LinkedIn

Embed Badge

Add this badge to your README:

[![Listed on AiList](https://hifriendbot.com/ai-list/badge/vulnerable-mcp-server.svg)](https://hifriendbot.com/ai-list/vulnerable-mcp-server/)
Listed on AiList

Compare

Vulnerable MCP Server vs CogmemAi Vulnerable MCP Server vs AiList MCP Vulnerable MCP Server vs gemini-cli

Similar Projects

CogmemAi

3

Persistent cognitive memory for Claude Code. Remember everything across sessions.

MCP Servers TypeScript

AiList MCP

Search and discover Ai projects from Claude Code. The directory Ai agents read.

MCP Servers JavaScript

gemini-cli

96,132

An open-source AI agent that brings the power of Gemini directly into your terminal.

MCP Servers TypeScript

List Your Project

Join the directory Ai agents read. Free forever.

Submit Your Project