Vulnerable File Reader

MCPOpen SourceMIT15.0

by Eliran79 • Testing & QA

An educational MCP server that reads files from a directory but intentionally contains a command injection vulnerability for demonstration and testing.

Example Use Cases

1
Test or demonstrate command injection vulnerabilities and secure coding practices in MCP-based services.
2
Validate security scanners, intrusion detection rules, or pentest tooling against a real-world command injection example.
3
Concrete examples of secure subprocess invocation and path validation to compare insecure and fixed implementations.

Description

This MCP server implements a simple file-reading tool that intentionally demonstrates a critical command injection vulnerability (using subprocess with shell=True and unsanitized input). The repository includes installation and run instructions, exploitation examples, and recommended secure fixes (using argument lists, shlex.quote, and path validation). It is provided for educational purposes to teach secure coding, vulnerability testing, and mitigation techniques, and should not be used in production.

Quick Actions

View on GitHub

Security

Scanned 2 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D44/100

4/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFree

Capabilities0 Tools / 0 Prompts / 0 Resources

OwnerEliran79

CategoryTesting & QA

DependenciesStandalone