MasterMCP

MasterMCP is a demonstration tool that showcases various potential security attack vectors against the MCP (Model Context Protocol) architecture. The project provides several example attack plugins that illustrate data poisoning, JSON data injection, competitive function overrides, and cross-MCP call scenarios. To use it, start the MCP server using the Python command specified in the configuration, which runs MasterMCP.py and loads plugins from the included directories. The repository’s tooling is designed for educational and research contexts to help developers understand attack surfaces and mitigation strategies.

Once running, MasterMCP exposes a set of malicious plugin payloads under tools_plugins, resources_plugins, and prompts_plugins. You can inspect these plugins to see how they hook into the MCP lifecycle and demonstrate various malicious behaviors. The documentation accompanying each plugin describes its intent, potential impact, and the specific attack vector. Use these examples to test defensive controls such as plugin verification, input sanitization, and least-privilege execution.

To interact with the server, rely on the standard MCP workflow: observe how the server loads plugins at startup, how it processes user requests, and how malicious plugins alter or poison normal operations. This repository is intended as an awareness and defense exercise rather than a production-ready security tool.

Prerequisites:

• Python 3.x installed
• Access to install Python dependencies (pip)

Installation steps:

1. Clone the repository git clone https://github.com/slowmist/mastermcp.git cd MasterMCP

2. Install Python dependencies pip install -r requirements.txt

3. Prepare configuration (optional local override)

   • Ensure MasterMCP.py is executable and points to the correct plugin directories

4. Run the server (using the example configuration) python /xxx/MasterMCP/MasterMCP.py

5. Verify it starts and loads the plugins from tools_plugins, resources_plugins, and prompts_plugins

Note: The provided README uses a placeholder Python invocation in the mcp_config. Adapt the command path and script location to your environment as needed.

Tips and notes:

• This project contains educational attack vectors; use only in authorized environments.
• Ensure plugin loading is restricted to trusted sources to prevent unverified code execution.
• Consider implementing plugin signing, integrity checks, and least privilege for plugin execution.
• If you modify the configuration, keep the command and script path consistent with your environment to avoid startup errors.
• The attack vectors demonstrated include data poisoning, JSON data injection, competitive function overrides, and cross-MCP calls; use these as a basis for building defensive tooling and detection rules.