A vulnerable Model Context Protocol server demo that performs basic addition of numbers while illustrating potential security risks like remote code execution for educational and testing purposes.
Unlock the full potential of Damn Vulnerable MCP Server Demo through LangDB's AI Gateway. Get enterprise-grade security, analytics, and seamless integration with zero configuration.
Free tier available • No credit card required
A simplier implementation of a Damn Vulnerable MCP Server that adds two or more numbers
The MCP Server Demo is a demonstration of excessive agency that could lead to Remote Code Execution (RCE) if the MCP were running on an external server. 🛡️
server.py
.⚠️ This project is a vulnerable MCP server designed to demonstrate how poor implementation practices can lead to security issues. It is intended for educational purposes only.
❌ Do not use this project in production environments.
📥 Clone the repository:
git clone cd DVMCP
📦 Install dependencies:
pip install -r requirements.txt
▶️ Link the MCP Server with Copilot:
vscode://settings/mcp
Add the server configuration to the settings.json
file in VS Code:
"servers": { "DVMCP": { "command": "uv", "args": [ "run", "--with", "mcp[cli]", "mcp", "run", "/Users/pfelilpe/Documents/DVMCP/server.py" ], "env": {} } }
Click on Start Server.
Interact with Copilot in Agent mode, for example:
1+1 with addition
Experiment with code injection to explore potential OS Injection vulnerabilities... 🕵️♂️
You can find a safer implementation of this simpler MCP at /safe/server.py
. 🔒
We recommend using uv
to manage your Python projects. 🛠️
If you haven't created a uv
-managed project yet, initialize one:
uv init mcp-server-demo cd mcp-server-demo
Then add MCP to your project dependencies:
uv add "mcp[cli]"
Alternatively, for projects using pip
for dependencies:
pip install "mcp[cli]"
To run the mcp
command with uv
:
uv run mcp
server.py
: 🖥️ Main server implementation.pyproject.toml
: 📜 Project configuration file.README.md
: 📖 Documentation for the project.uv.lock
: 🔒 Lock file for dependencies.__pycache__/
: 🗂️ Contains compiled Python files.🤝 Contributions are welcome! Please fork the repository and submit a pull request with your changes.
📄 This project is licensed under the terms of the LICENSE file in the root directory.
If you found this project helpful or interesting, consider buying me a coffee to support my work: ☕️
Discover shared experiences
Shared threads will appear here, showcasing real-world applications and insights from the community. Check back soon for updates!