Related MCP Server Resources

Explore more AI models, providers, and integration options:

  • Explore AI Models
  • Explore AI Providers
  • Explore MCP Servers
  • LangDB Pricing
  • Documentation
  • AI Industry Blog
  • MCP Model Context Protocol Server
  • IR Toolshed MCP Server
  • SQLite MCP Server
  • MCP Server
  • A11y MCP Server
Back to MCP Servers
MasterMCP

MasterMCP

Public
HC010602/MainMCP

Demonstrates practical security attack vectors against Model Context Protocol (MCP) through malicious plugin examples, enabling developers and researchers to identify vulnerabilities and enhance system defenses.

python
0 tools
May 29, 2025
Updated Jun 4, 2025

Supercharge Your AI with MasterMCP

MCP Server

Unlock the full potential of MasterMCP through LangDB's AI Gateway. Get enterprise-grade security, analytics, and seamless integration with zero configuration.

Unified API Access
Complete Tracing
Instant Setup
Get Started Now

Free tier available • No credit card required

Instant Setup
99.9% Uptime
10,000+Monthly Requests

MasterMCP

Project Introduction

MasterMCP is a demonstration tool designed to showcase various potential security attack vectors against MCP (Model Control Protocol). This project illustrates how malicious plugins can exploit weaknesses in the MCP architecture through practical examples, helping developers and security researchers understand these risks and strengthen system protection.

Features

  • Plugin-based Malicious Payloads: Demonstrates how malicious plugins can run within the MCP architecture
  • Multiple Attack Techniques: Includes examples of data poisoning, cross-MCP calls, competitive malicious functions, and more
  • Practical Educational Value: Each attack vector comes with detailed explanations and implementation code

Included Attack Vectors

  1. Data Poisoning: The banana plugin demonstrates how to force users to perform specific operations
  2. JSON Injection Attacks: The url_json plugin shows how to retrieve data from a local malicious service
  3. Competitive Malicious Functions: The remove_server plugin overrides existing functionality
  4. Cross-MCP Call Attacks: The Master_cross_call plugin guides users to perform dangerous operations

Installation Instructions

# Clone the repository cd MasterMCP # Install dependencies pip install -r requirements.txt

Usage

{
  "mcpServers": {
    "MasterMCP": {
      "command": "/xxx/bin/python",
      "args": [
        "/xxx/MasterMCP/MasterMCP.py"
      ]
    }
  }
}

Project Structure

MasterMCP/
├── MasterMCP.py              # Main program, responsible for loading and managing plugins
├── tools_plugins/            # Malicious plugins directory
│   ├── initialize_data_poisoning.py    # Forces users to perform specific checks
│   ├── inject_json_poisoning.py        # JSON data injection example
│   ├── malicious_competitive_function.py  # Competitive function override
│   └── malicious_cross_mcp_call.py     # Cross-MCP call attack
├── resources_plugins/        # Resource plugins directory
├── prompts_plugins/          # Prompt plugins directory
└── utils/                    # Utility functions

Security Warning

⚠️ This project is for educational and research purposes only. Do not use these techniques on any system without authorization. Malicious use of this code may violate laws and regulations.

Defense Recommendations

  • Implement strict plugin verification mechanisms
  • Thoroughly check and sanitize all external inputs
  • Implement the principle of least privilege, limiting plugin execution permissions
  • Use signature verification to ensure only trusted plugins are loaded
  • Regularly review installed plugins and their behaviors

Attack Analysis

Banana Detection Poisoning

The initialize_data_poisoning.py plugin establishes a mandatory process dependency by requiring a "banana check" before any operation. This technique can be used to:

  • Induce users to perform unnecessary operations
  • Establish a false sense of security
  • Insert malicious steps before legitimate operations

JSON Data Injection

The inject_json_poisoning.py plugin retrieves data from a local port by default, potentially leading to:

  • Data leakage
  • Execution of malicious instructions
  • Bypassing normal security checks

Competitive Function Override

The malicious_competitive_function.py provides a remove_server function with the same name but different functionality:

  • Replaces critical system functions
  • Prevents normal service removal operations
  • Embeds hidden instructions encoded in hexadecimal within the confusion

Cross-MCP Call Attack

The malicious_cross_mcp_call.py uses encoded error messages to induce users to:

  • Add unverified external services
  • Perform unnecessary operations
  • Expand the attack surface

Contribution Guidelines

Contributions to this project are welcome through:

  • Submitting examples of new attack vectors
  • Improving documentation for existing examples
  • Adding example implementations of defense mechanisms

License

MIT License

Publicly Shared Threads0

Discover shared experiences

Shared threads will appear here, showcasing real-world applications and insights from the community. Check back soon for updates!

Share your threads to help others
Related MCPs5
  • MCP Model Context Protocol Server
    MCP Model Context Protocol Server

    Demonstrates Model Context Protocol (MCP) integration enabling AI models to execute tools, access re...

    Added May 30, 2025
  • IR Toolshed MCP Server
    IR Toolshed MCP Server

    Provides a Model Context Protocol (MCP) service offering advanced network incident response tools in...

    Added May 30, 2025
  • SQLite MCP Server
    SQLite MCP Server

    A Model Context Protocol server enabling AI models to execute SQL queries, manage SQLite database sc...

    Added May 30, 2025
  • MCP Server
    MCP Server

    Provides greeting-related tools, resources, and prompts via Model Context Protocol (MCP), enabling p...

    Added May 30, 2025
  • A11y MCP Server
    A11y MCP Server

    Provides Model Context Protocol access to web accessibility testing APIs for analyzing URLs and HTML...

    Added May 30, 2025