vulnerable s-lab

This MCP lab repository hosts a collection of intentionally vulnerable MCP server implementations intended for security training and hands-on demonstrations. Each server is designed to illustrate specific risk scenarios such as unsafe code execution, prompt injection, or handling of untrusted content. To work with a server from this lab, start by selecting the target server from the repository's per-server README files. The documentation for a given server will explain the exact vulnerability being demonstrated, how to run the server locally, and how to exercise the corresponding MCP client/tooling to observe the vulnerability in action. Tools typically include MCP clients, local command interfaces, and example MCP requests that trigger the vulnerable behavior. When operating these servers, follow the lab safety guidance: isolate the environment, avoid real secrets, and treat all outputs as potentially untrusted data. You will learn how insecure configurations or untrusted inputs can lead to data exposure, instruction injection, or code execution within MCP workflows.

Prerequisites:

• A controllable lab environment (VM or container) with network isolation
• Access to the repository containing the vulnerable MCP server READMEs
• Basic familiarity with MCP and your chosen client/tools

Step-by-step:

1. Browse to the specific server directory in the repository that you want to study (for example, the one demonstrating a particular vulnerability).
2. Open the per-server README to follow the exact installation and run instructions, as each server may have its own dependencies and runtime (e.g., Node.js, Python, or standalone executables).
3. Install dependencies as instructed in that server’s README (for example, install Node.js and run npm install, or install Python requirements).
4. Start the MCP server using the command specified in that server’s README (commonly something like node path/to/server.js, python -m module, or a provided startup script).
5. In a separate terminal, configure your MCP client orClaude/CTA tooling to point at the localhost address and port exposed by the server, then execute the provided MCP requests to observe the vulnerability in action.
6. Stop the server after your testing and clean up the environment as advised in the lab notes.

Tips and caveats:

• Each server demonstrates a different class of vulnerability; read the server’s README thoroughly to understand the threat model and safe testing boundaries.
• Some servers may perform outbound network calls or access local resources; ensure your lab network is isolated and that outbound access is restricted if required.
• Treat all data returned by the server as untrusted. Do not rely on content for any real-world decision making.
• If the server requires specific environment variables or configuration files, the per-server README will indicate what to provide (placeholders are often used in examples).
• When studying these vulnerabilities, keep notes on how input sanitization, access controls, or sandboxing could mitigate the issue observed in the server.