ctfd-mcp
Verified Safeby AaryaBhusal
Overview
A server that allows CTFd users to manage challenges, start/stop dynamic instances, and submit flags through an MCP interface.
Installation
python main.pyEnvironment Variables
- CTFD_URL
- CTFD_TOKEN
- CTFD_SESSION
- CTFD_USERNAME
- CTFD_PASSWORD
- CTFD_CSRF_TOKEN
- CTFD_TIMEOUT
- CTFD_CONNECT_TIMEOUT
- CTFD_READ_TIMEOUT
Security Notes
The client code (ctfd_client.py) demonstrates good security practices for interacting with a CTFd API. It correctly handles various authentication methods (API token, session cookie, username/password login), including dynamically fetching and managing CSRF tokens when session cookies are used. It also implements robust error handling for API responses (e.g., unauthorized, not found, rate limits). No 'eval', hardcoded secrets (all from environment variables), or other obvious malicious patterns were found. The use of httpx for network requests and forcing HTTP/1.1 for compatibility are reasonable choices.
Similar Servers
mcp-server-code-execution-mode
This server enables LLM agents to execute Python code in a highly secure, isolated container environment, facilitating complex multi-tool orchestration and data analysis with minimal LLM context token usage.
CTF-time-mcp
A Model Context Protocol (MCP) server providing programmatic access to CTFtime.org data for CTF events, team rankings, and competition results.
ctfd-mcp-server
Provides a Model Context Protocol (MCP) server to enable AI tools and automation to interact with the CTFd platform for challenge retrieval and flag submission.
aaryabhusal.github.io
Manages CTFd challenges by allowing users to list, view details, control Docker instances, and submit flags through a local web interface.