A simplier implementation of a Damn Vulnerable MCP Server that adds two or more numbers
The MCP Server Demo is a demonstration of excessive agency that could lead to Remote Code Execution (RCE) if the MCP were running on an external server. 🛡️
- 🚀 Basic MCP server implementation.
- 📂 Demonstrates server functionality with
server.py.
❌ Do not use this project in production environments.
- 🐍 Python 3.10 or higher.
- 💡 A virtual environment is recommended for managing dependencies.
-
📥 Clone the repository:
git clone <repository-url> cd DVMCP
-
📦 Install dependencies:
pip install -r requirements.txt
-
▶️ Link the MCP Server with Copilot:vscode://settings/mcp
-
Add the server configuration to the
settings.jsonfile in VS Code:"servers": { "DVMCP": { "command": "uv", "args": [ "run", "--with", "mcp[cli]", "mcp", "run", "/Users/pfelilpe/Documents/DVMCP/server.py" ], "env": {} } }
-
Click on Start Server.
-
Interact with Copilot in Agent mode, for example:
1+1 with addition -
Experiment with code injection to explore potential OS Injection vulnerabilities... 🕵️♂️
-
You can find a safer implementation of this simpler MCP at
/safe/server.py. 🔒
We recommend using uv to manage your Python projects. 🛠️
If you haven't created a uv-managed project yet, initialize one:
uv init mcp-server-demo
cd mcp-server-demoThen add MCP to your project dependencies:
uv add "mcp[cli]"Alternatively, for projects using pip for dependencies:
pip install "mcp[cli]"To run the mcp command with uv:
uv run mcpserver.py: 🖥️ Main server implementation.pyproject.toml: 📜 Project configuration file.README.md: 📖 Documentation for the project.uv.lock: 🔒 Lock file for dependencies.__pycache__/: 🗂️ Contains compiled Python files.
🤝 Contributions are welcome! Please fork the repository and submit a pull request with your changes.
📄 This project is licensed under the terms of the LICENSE file in the root directory.
If you found this project helpful or interesting, consider buying me a coffee to support my work: ☕️
