Bad

bad-mcp offers a collection of 10 deliberately hostile Model Context Protocol (MCP) servers, each meticulously crafted to exploit distinct protocol features such as tool descriptions, schemas, resources, and session management. This project serves as a critical resource for security research, enabling client developers to rigorously test their AI applications' defenses against protocol-level vulnerabilities. Unlike traditional vulnerable servers, bad-mcp embodies the attacker's perspective, providing concrete, runnable examples of attacks like Full-Schema Poisoning, Advanced Tool Poisoning, and Rug-Pull attacks, all within a safe, isolated Dockerized environment.

Key Features

Use Cases