A demonstration toolkit revealing potential security vulnerabilities in MCP (Model Context Protocol) frameworks through data poisoning, JSON injection, function overriding, and cross-MCP call attacks, exposing AI security issues while providing defense recommendations. For educational and research purposes only.
MasterMCP is a demonstration tool designed to showcase various potential security attack vectors against MCP (Model Context Protocol). This project illustrates how malicious plugins can exploit weaknesses in the MCP architecture through practical examples, helping developers and security researchers understand these risks and strengthen system protection.
banana
plugin demonstrates how to force users to perform specific operationsurl_json
plugin shows how to retrieve data from a local malicious serviceremove_server
plugin overrides existing functionalityMaster_cross_call
plugin guides users to perform dangerous operations# Clone the repository
cd MasterMCP
# Install dependencies
pip install -r requirements.txt
{
"mcpServers": {
"MasterMCP": {
"command": "/xxx/bin/python",
"args": [
"/xxx/MasterMCP/MasterMCP.py"
]
}
}
}
MasterMCP/
โโโ MasterMCP.py # Main program, responsible for loading and managing plugins
โโโ tools_plugins/ # Malicious plugins directory
โ โโโ initialize_data_poisoning.py # Forces users to perform specific checks
โ โโโ inject_json_poisoning.py # JSON data injection example
โ โโโ malicious_competitive_function.py # Competitive function override
โ โโโ malicious_cross_mcp_call.py # Cross-MCP call attack
โโโ resources_plugins/ # Resource plugins directory
โโโ prompts_plugins/ # Prompt plugins directory
โโโ utils/ # Utility functions
โ ๏ธ This project is for educational and research purposes only. Do not use these techniques on any system without authorization. Malicious use of this code may violate laws and regulations.
The initialize_data_poisoning.py
plugin establishes a mandatory process dependency by requiring a "banana check" before any operation. This technique can be used to:
The inject_json_poisoning.py
plugin retrieves data from a local port by default, potentially leading to:
The malicious_competitive_function.py
provides a remove_server
function with the same name but different functionality:
The malicious_cross_mcp_call.py
uses encoded error messages to induce users to:
Contributions to this project are welcome through:
{ "mcpServers": { "mastermcp": { "command": "/xxx/bin/python", "args": [ "/xxx/MasterMCP/MasterMCP.py" ] } } }
Related projects feature coming soon
Will recommend related projects based on sub-categories