%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
MCP Poisoning Poc
This project demonstrates MCP poisoning attacks against AI workflows, including verification of multiple attack scenarios such as code generation pollution and financial data leakage, for educational research purposes.
rating : 2.5 points
downloads : 8.4K
What is the MCP Poisoning Attack PoC?
This is an educational demonstration project simulating vulnerabilities in the Model Context Protocol (MCP) server, showing potential security risks in real - world AI workflows. It helps researchers understand potential threats through simulated attack scenarios.How to use this demonstration environment?
You need to run the simulated MCP server and the client agent simultaneously to observe the attack effects. The whole process is carried out in a controlled environment and will not affect real systems.Applicable scenarios
Suitable for security researchers, AI system developers, and enterprise security teams for security awareness training and security protection scheme testing.Main features
Simulation of multiple attack scenarios
Demonstrate 6 different MCP poisoning attack scenarios, including data leakage and system hijacking.
Stealth attack demonstration
Show stealth attack techniques where no abnormal signs will be displayed on the user interface.
Cross - system impact
Simulate how attacks spread between different tools and services.
Advantages
Comprehensively cover multiple MCP attack vectors
Allow security research without a real target system
The Apache 2.0 license allows free modification and use
Limitations
Only for educational purposes and cannot reflect all real threats
Require a Python environment to run
Do not include a demonstration of defense solutions
How to use
Install dependencies
Ensure that Python 3.8+ is installed on the system, and then install the required dependency packages.
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%230080ff;%20}%20%3c/style%3e%3c/defs%3e%3cpath%20class='st0'%20d='M16.2,11.1c.4.5.4,1.2,0,1.8l-4.7,7.1h-3.8l5.3-8L7.6,4h3.8l4.7,7.1Z'/%3e%3c/svg%3e)
Start the simulation server
Start the fake MCP server in a terminal window.
Run the agent simulation
Run the client agent in another terminal window to observe the attack effects.
Usage examples
Code review data leakage
Demonstrate how an attacker can steal code review content through a poisoned MCP server.
Meeting record theft
Show how the meeting summaries processed by the AI agent can be intercepted by a malicious server.
Frequently Asked Questions
Will this PoC pose a risk to my real system?
How to customize new attack scenarios?
Are there any restrictions on commercial use of this project?
Related resources
Full text of the Apache 2.0 license
The open - source license used in this project
MCP protocol specification
The official technical specification of the Model Context Protocol
AI security best practices
Security recommendations for preventing such attacks
Gitlab MCP Server
Certified
The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.
TypeScript
16.6K
4.3 points
Notion Api MCP
Certified
A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.
Python
14.8K
4.5 points
Markdownify MCP
Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.
TypeScript
24.5K
5 points
Duckduckgo MCP Server
Certified
The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.
Python
44.7K
4.3 points
Unity
Certified
UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.
C#
20.2K
5 points
Figma Context MCP
Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.
TypeScript
44.3K
4.5 points
Minimax MCP Server
The MiniMax Model Context Protocol (MCP) is an official server that supports interaction with powerful text-to-speech, video/image generation APIs, and is suitable for various client tools such as Claude Desktop and Cursor.
Python
30.2K
4.8 points
Gmail MCP Server
A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.
TypeScript
15.8K
4.5 points