damn-vulnerable-MCP-server
A deliberately vulnerable MCP server for educational purposes, demonstrating security vulnerabilities.
- Type
- MCP
- Transport
- http
- Open source
- Yes
- GitHub Stars
- ★ 1.3k
- Source
- mcp-github
Overview
Damn Vulnerable MCP Server is an educational project designed to demonstrate security vulnerabilities in MCP implementations. It contains 10 progressively challenging tasks that showcase various types of security flaws and attack vectors. The project is suitable for security researchers, developers, and AI security professionals to understand potential security issues in MCP implementations and their mitigation strategies. Run via Docker, recommended to connect using the CLINE VSCode extension.
Capabilities
- ▪Demonstrate prompt injection vulnerabilities
- ▪Demonstrate tool poisoning vulnerabilities
- ▪Demonstrate privilege escalation vulnerabilities
- ▪Demonstrate Rug Pull attacks
- ▪Demonstrate tool shadowing attacks
- ▪Demonstrate indirect prompt injection
Use cases
Setup
docker build -t dvmcp .\data && docker run -p 9001-9010:9001-9010 dvmcp
This information was compiled by AI from public sources and may contain inaccuracies — please refer to the source.
FAQ
Who is this project for?
Suitable for security researchers, developers, and AI security professionals.
How do I run this project?
Build and run the container using Docker.
Related skills
gemini-cli
Gemini CLI is an open-source AI agent that brings Gemini's powerful capabilities directly into the terminal.
private-gpt
Provides a complete API layer for local models, supporting RAG, skills, tools, and more.
planning-with-files
File-based persistent planning skill, ideal for AI coding agents and long-running tasks.
scientific-agent-skills
Transform any AI agent into a scientific assistant with 147 ready-to-use research skills.
susi_alexa_skill
A skill that enables question-and-answer interactions between Alexa and Susi AI.
claude-context
Provides code search capabilities for Claude Code, turning the entire codebase into context.