This MCP server provides a Python-based demonstration of poisoning and defending against MCP tool descriptions. It centers around a MaliciousMCPServer used to illustrate hidden payloads within tool descriptions and a sanitizer/defense workflow. You can inspect how tool descriptions might carry covert instructions and observe how the MCPSanitizer can clean or neutralize unsafe content. The example script also shows how to integrate defenses within a client setup, helping you understand both attack surface and mitigation strategies in a controlled environment.

Prerequisites:

• Python 3.8 or higher
• Git
• Internet access to install dependencies

Installation steps:

1. Clone the repository: git clone https://github.com/gensecaihq/mcp-poisoning-poc.git cd mcp-poisoning-poc

2. Create and activate a virtual environment: python -m venv venv

   On macOS/Linux

   source venv/bin/activate

   On Windows

   venv\Scripts\activate

3. Install dependencies: pip install -r requirements.txt

4. Run the demonstration: python examples/basic_attack_demo.py

Notes:

• The repository emphasizes security research and defensive tooling for MCP. Use in a contained environment.
• Ensure your Python environment matches the project’s compatibility (Python 3.8+ as indicated).

Tips and caveats:

• The project demonstrates vulnerabilities in tool descriptions within MCP and includes defenses such as MCPSanitizer. Use the demo to observe how sanitization can mitigate hidden instructions.
• If you encounter environment issues, ensure your virtual environment is activated and that dependencies from requirements.txt are installed without network restrictions.
• The README references multiple components (MaliciousMCPServer, MCPSanitizer, defense framework). Inspect src/ and docs/ for deeper technical context andPoC details.