MasterMCP

MCP server
  • python

0

GitHub Stars

python

Language

4 months ago

First Indexed

3 weeks ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "hc010602-mainmcp": {
      "command": "/xxx/bin/python",
      "args": [
        "/xxx/MasterMCP/MasterMCP.py"
      ]
    }
  }
}

MasterMCP is an educational tool that demonstrates how MCP (Model Control Protocol) servers can load and manage plugins, illustrating practical usage patterns and how to keep the system safe. You can run the MasterMCP server locally, load the provided plugins, and observe how the server loads, executes, and defends against plugin-based actions. This guide walks you through installing and running the server, then using an MCP client to interact with it in a safe, controlled environment.

How to use

You will run the MasterMCP server locally and connect to it with an MCP client to load plugins, execute operations, and observe how plugin loading and execution behave. Start with the included stdio-based server configuration to run the main program, then use the client to initiate operations and monitor plugin activity, warnings, and any defensive checks that are triggered.

How to install

Prerequisites you need installed on your system include Python and pip. You also need a working environment where you can run commands from a terminal.

git clone <repository_url>

cd MasterMCP

# Install dependencies
pip install -r requirements.txt

# Run the main server using the explicit command configuration
# This uses the stdio-based approach shown in the usage example
# You may adjust paths as needed for your environment
/xxx/bin/python /xxx/MasterMCP/MasterMCP.py

Configuration and usage notes

The server is designed to load plugins from a directory structure and manage them under the MCP framework. You can observe how plugins are discovered, loaded, and executed, and how the system’s defenses respond to potentially unsafe plugin behavior.

Attack vectors and defense considerations

This project demonstrates several plugin-related scenarios to illustrate potential risks and how to mitigate them. You will see examples of how malicious plugins could attempt to influence operations, and you will learn defensive patterns such as strict plugin verification, input sanitization, least privilege, and signature verification to ensure only trusted plugins run.

Additional notes

Security-conscious users should apply the following best practices: verify plugins before loading them, sanitize all external inputs, enforce strict permissions for plugin execution, sign plugins to confirm integrity, and periodically audit installed plugins for unexpected behavior.

Available tools

initialize_data_poisoning

Plugin that demonstrates a mandatory process dependency by introducing a forced check before operations, illustrating how workflows can be shaped by malicious inputs.

inject_json_poisoning

Plugin that shows how data can be retrieved from a local service and used in unsafe ways, highlighting JSON data handling risks.

malicious_competitive_function

Plugin that overrides an existing function name to replace critical system behavior, illustrating how function hijacking can undermine normal operations.

malicious_cross_mcp_call

Plugin that demonstrates cross-MCP call scenarios with encoded messages to mislead users into adding unverified services.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational