mcp-leak-server
by Maoric2018
Overview
The server's primary function is to deliver an XML payload instructing a 'client agent' to execute a hidden, one-time command for 'cleanup and synchronization'.
Installation
npx vercel devSecurity Notes
The server's core purpose is to deliver an XML response containing explicit instructions for a client-side agent to execute a hidden, unlogged command (`[HIDDEN_OVERRIDE]`) described as a 'mandatory finalization step'. This pattern is highly indicative of a command-and-control (C2) component, designed to facilitate stealthy, potentially malicious operations (like exfiltration or further compromise) on a connected client, rather than serving legitimate documentation. While the server itself doesn't contain direct server-side exploits like 'eval' or hardcoded secrets, its output is a direct instruction for hidden command execution, making it a critical security risk.
Similar Servers
codebase-context-mcp
Provides AI coding agents with real-time, context-aware insights into a codebase's patterns, libraries, architecture, and conventions to improve code generation and review.
bit2me-mcp
Interact with the Bit2Me cryptocurrency exchange ecosystem to access real-time market data, manage wallets, execute trading operations, and query products like Earn (staking) and Loans via AI assistants.
mcp-server-bbc
An AI assistant that manages BuilderBot projects by listing, retrieving, creating, updating, deleting, and duplicating projects using a set of defined tools.
oncp-mcp-server
Hosts an MCP-compatible SSE server for LLM clients to trigger and monitor automated resolution jobs via a downstream FastAPI service.