medusa
by Pantheon-Security
Overview
This is a Model Context Protocol (MCP) server intentionally designed as a security fixture to demonstrate various critical vulnerabilities, such as command injection, SQL injection, and sensitive data exposure, for testing security scanners like Medusa.
Installation
ts-node tests/fixtures/mcp/vulnerable-mcp-server.tsSecurity Notes
The server is deliberately engineered with numerous critical vulnerabilities. These include multiple OS command injections (via `exec` and `execSync`), SQL injection, arbitrary file read, and direct exposure of sensitive system files and credentials (SSH private key, AWS credentials, database configuration, .env file). Additionally, it contains hardcoded API keys, passwords, and GitHub tokens, and a function for simulating data exfiltration. This makes it a highly insecure application.
Similar Servers
sonarqube-mcp-server
The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security, supporting analysis of code snippets and acting as a backend for AI coding agents.
narsil-mcp
AI-powered code analysis and understanding for developers and coding agents, providing semantic search, call graphs, security audits, and architectural insights.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
tree-sitter-analyzer
An enterprise-grade code analysis tool for AI assistants, providing deep AI integration, powerful search, and intelligent analysis across 17 programming languages. It's designed for developers working with large codebases, enabling token optimization and structured code understanding for AI interactions.