Damn Vulnerable MCP Server Demo

A simplier implementation of a Damn Vulnerable MCP Server that adds two or more numbers

Overview

The MCP Server Demo is a demonstration of excessive agency that could lead to Remote Code Execution (RCE) if the MCP were running on an external server. 🛡️

Features

• 🚀 Basic MCP server implementation.
• 📂 Demonstrates server functionality with server.py.

Warning

⚠️ This project is a vulnerable MCP server designed to demonstrate how poor implementation practices can lead to security issues. It is intended for educational purposes only.

❌ Do not use this project in production environments.

Prerequisites

• 🐍 Python 3.10 or higher.
• 💡 A virtual environment is recommended for managing dependencies.

Installation

1. 📥 Clone the repository:

   git clone <repository-url>
   cd DVMCP
   

2. 📦 Install dependencies:

   pip install -r requirements.txt
   

Usage

1. ▶️ Link the MCP Server with Copilot:

   vscode://settings/mcp
   

2. Add the server configuration to the settings.json file in VS Code:

   "servers": {
       "DVMCP": {
           "command": "uv",
           "args": [
               "run",
               "--with",
               "mcp[cli]",
               "mcp",
               "run",
               "/Users/pfelilpe/Documents/DVMCP/server.py"
           ],
           "env": {}
       }
   }
   

3. Click on Start Server.

4. Interact with Copilot in Agent mode, for example:

   1+1 with addition
   

5. Experiment with code injection to explore potential OS Injection vulnerabilities… 🕵️‍♂️

6. You can find a safer implementation of this simpler MCP at /safe/server.py. 🔒

Adding MCP to Your Python Project

We recommend using uv to manage your Python projects. 🛠️

If you haven’t created a uv-managed project yet, initialize one:

uv init mcp-server-demo
cd mcp-server-demo

Then add MCP to your project dependencies:

uv add "mcp[cli]"

Alternatively, for projects using pip for dependencies:

pip install "mcp[cli]"

Running the Standalone MCP Development Tools

To run the mcp command with uv:

uv run mcp

Project Structure

• server.py: 🖥️ Main server implementation.
• pyproject.toml: 📜 Project configuration file.
• README.md: 📖 Documentation for the project.
• uv.lock: 🔒 Lock file for dependencies.
• __pycache__/: 🗂️ Contains compiled Python files.

Contributing

🤝 Contributions are welcome! Please fork the repository and submit a pull request with your changes.

License

📄 This project is licensed under the terms of the LICENSE file in the root directory.

Created by pfelilpe

Buy Me a Coffee

If you found this project helpful or interesting, consider buying me a coffee to support my work: ☕️