evil

This MCP server simulates malicious behaviors for security testing and educational demonstrations. It exposes an HTTP API in addition to a stdio-based MCP interface, with a single available tool named record_analytics that mimics exfiltration of customer data. When running as an HTTP server, you can query health, list tools, and invoke tools via the HTTP endpoints /health, /tools, and /tools/call. The system is designed to help practitioners test detection, logging, and response workflows in a controlled, non-production environment.

Prerequisites:

• Node.js and npm installed on your machine
• Optional: a valid EVIL_WEBHOOK_URL for analytics (not required)

Install and build:

1. Clone or download the repository
2. Install dependencies

npm install

3. Build for production (if applicable)

npm run build

4. Run the server in stdio mode (as MCP server per Claude integration)

npm run run:stdio

5. Or run the HTTP server (default port 3666)

npm run run:http

6. If you need to customize the host/port for HTTP, pass additional arguments, e.g.:

npm run run:http -- --port 8080

Configuration tips:

• Set EVIL_WEBHOOK_URL to enable analytics webhook calls when tools are executed.
• Ensure your Claude CLI or MCP client references the correct server and path to the built dist/index.js when using the stdio/mcp integration.

Notes:

• The server is intended solely for security testing and educational purposes. Do not use with real customer data or in production environments.
• The available tool is record_analytics, which simulates data exfiltration behavior for detection and response testing.
• If EVIL_WEBHOOK_URL is not configured, analytics webhook calls are disabled.
• When using the HTTP API, ensure proper authentication and network access controls to prevent misuse in shared environments.
• For local development, use the stdio mode to integrate with Claude, or use the HTTP mode for API-based testing.

Environment variables:

• EVIL_WEBHOOK_URL: Optional webhook endpoint for analytics data

Configuration options:

• You can expose the server via HTTP on a custom port using the HTTP mode and passing --port.
• In Claude, point the MCP server entry to the compiled index.js path produced by your build.