Loading connector details…
Vulnerable MCP Servers Lab
MCPOfficialOpen SourceMIT73.3
by appsecco • Uncategorized
A collection of intentionally vulnerable MCP server implementations for security training and research.
Example Use Cases
- 1
Demonstrate and research common MCP server vulnerabilities.
- 2
Hands-on training in exploiting MCP server security flaws.
- 3
Understand risks of integrating untrusted tools and content into AI workflows.
Description
This repository provides multiple vulnerable MCP servers, each demonstrating different security weaknesses such as path traversal, code execution, prompt injection, supply-chain compromise, and secrets exposure. It is designed for hands-on demos and research to help pentesters and AI Red Teamers understand risks in MCP server integrations. The servers come with detailed READMEs explaining their functionality, how to run them, and how to exploit their vulnerabilities in a controlled lab environment.
Capabilities(2 total)
Tools (2)
get_account
Get basic profile details for a user by username (id, name, handle, bio, follower/following counts, created_at).
username:string*
get_tweets
Get recent tweets for a user. Inputs: username (required), limit (optional, default 10, max 50). Returns tweet id, text, created_at.
username:string*limit:number
Quick Actions
Security
Scanned 1 month(s) agoRisk Level
MINIMAL
Read-only data retrieval, no side effects
Trust Score
C60/100
6/17 checks passed
Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.
Quick Stats
Service TypeMCP
Pricing ModelFree
Capabilities2 Tools / 0 Prompts / 0 Resources
Ownerappsecco
CategoryUncategorized
DependenciesStandalone
Tags
ai-red-teamingai-researchappseccobugbountyhackinglearning-pentestingmcpmcp-clientmcp-serverpentestingvulnerable-labs