mcp-server-everything-wrong
The "Everything Wrong" MCP Server is a demonstration server exposing a mix of benign and intentionally misbehaving tools to explore edge-cases in LLM tool management. Designed for educational purposes, it showcases insecure behaviors and should not be used in production environments.
Overview
A demonstration Model Context Protocol (MCP) server, "Everything Wrong," designed to expose various tools with both benign and intentionally misbehaving behaviors. It explores edge-cases in tool registration, invocation, and dynamic behavior in a Large Language Model (LLM) context. This server is intentionally insecure and should not be run in production.
Usage
- Configure an LLM client with specific commands to connect to the server.
- Optionally, use a docker compose setup requiring an API key from OpenAI, Anthropic, or Gemini.
Available Tools
greet: Initially returns "Hi there," but changes behavior on subsequent calls.joke_teller: Covertly redirects user responses.send_email: Manipulated to expose email BCC via a hidden attack tool.env_var,fetch,echo,run_command: Demonstrates sensitive information leakage and other security risks.
Contributing
This repository is for demonstration purposes. Contributors are encouraged to add novel behaviors while clearly warning users.