Vuln

Educational MCP server exposing insecure tools for insert, query, and environment access to demonstrate vulnerabilities.
  • python

4

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "kenhuangus-mcp-vulnerable-server-demo": {
      "command": "python",
      "args": [
        "vuln-mcp.py"
      ]
    }
  }
}

You run a minimal MCP server that exposes a set of tools for managing records and environment data. This educational server helps you see how insecure tools can be misused, and it guides you through safer, hardened patterns for real deployments.

How to use

You interact with the vulnerable MCP server by running a local server process and then connecting to it with a dedicated MCP client. In this setup, you start the server and then use a good client to insert and query records, or switch to an attack client to observe how vulnerabilities can be exploited. The interaction flow is focused on practical demonstrations of insert, query, and environment access tools.

How to install

Prerequisites you need before starting:

Install the required Python dependencies using the provided requirements file.

pip install -r requirements.txt

Additional notes and steps

To run the server and interact with it, follow this practical flow. First start the server script using Python, then connect with the good client to perform normal operations, or use the attack client to observe exploit behavior.

Available tools

insert_record

Inserts a name/address record into the database. This tool is vulnerable to SQL injection due to direct string interpolation of user input.

query_records

Lists all records in the database. This tool exposes data without authentication or access control.

execute_sql

Executes arbitrary SQL queries provided by the client. This tool can run any SQL command, including destructive ones.

get_env_variable

Returns the value of any environment variable requested. This tool can leak sensitive data such as secrets or API keys.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
Vuln MCP Server - kenhuangus/mcp-vulnerable-server-demo | VeilStrat