Get the FREE Ultimate OpenClaw Setup Guide →

MCP -Vuln-Analysis

MCP server from Team-Off-course/MCP-Server-Vuln-Analysis

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio team-off-course-mcp-server-vuln-analysis python -m mcp_server_vuln_analysis \
  --env MC_LOG_LEVEL="Logging level (e.g., INFO, DEBUG)" \
  --env MC_SERVER_PORT="Port for the MCP server to listen on (default if not set)" \
  --env MC_BIND_ADDRESS="Address to bind the server on (default 0.0.0.0)"

How to use

This MCP server focuses on vulnerability analysis and security research for MCP implementations. It provides tooling and workflows to inspect MCP servers for potential weaknesses, capture and examine JSON-RPC MCP traffic, and validate indirect prompt injection scenarios in controlled environments. Once running, you can use its interfaces to submit test MCP messages, observe how the server parses and processes requests, and analyze results related to detected risky calls, input sanitization gaps, and potential exposure of sensitive data. The project emphasizes reproducible PoCs and references CVEs related to MCP server vulnerabilities, enabling security researchers to reproduce findings and propose mitigations. The tooling supports static and dynamic analysis workflows, including monitoring for dangerous function usage patterns and evaluating payload handling within MCP messages.

How to install

Prerequisites:

  • Python 3.9+ (or a supported Python version used by the project)
  • Git
  • Optional: virtual environment tooling (venv, virtualenv)

Install steps:

  1. Clone the repository: git clone https://github.com/team-off-course-mcp-server-vuln-analysis.git cd team-off-course-mcp-server-vuln-analysis

  2. (Optional) Create and activate a virtual environment: python -m venv venv

    On Windows

    venv\Scripts\activate

    On macOS/Linux

    source venv/bin/activate

  3. Install dependencies: pip install -r requirements.txt

  4. Run the MCP server (as configured in mcp_config): python -m mcp_server_vuln_analysis

  5. Verify the server starts and listens on the configured port, then use the provided MCP utilities to interact with the server (see how_to_use for usage details).

Additional notes

Notes and tips:

  • The project documents multiple CVEs related to MCP servers; use the references to understand potential exploit vectors and mitigation strategies.
  • Ensure you run in a controlled environment (local VM or isolated network) when testing PoCs to avoid unintended impact.
  • Environment variables such as MC_SERVER_PORT, MC_BIND_ADDRESS, and MC_LOG_LEVEL control runtime behavior; adjust them for your testing scenario.
  • If you encounter dependency or import errors, verify that you are using a compatible Python version and that the virtual environment is activated.
  • Review the repository's tests and any PoC code with caution, as PoCs are intended for research and should be handled responsibly and legally.
Sponsor this space

Reach thousands of developers