Back to Home
RomiconEZ icon

llamator-mcp-server

Verified Safe

by RomiconEZ

View Source

Overview

A server for automating LLM red teaming workflows by orchestrating LLAMATOR test runs via HTTP API and MCP interface, managing job state, and storing artifacts.

Installation

Run Command
docker compose up --build

Environment Variables

  • LLAMATOR_MCP_REDIS_DSN
  • LLAMATOR_MCP_ARTIFACTS_ROOT
  • LLAMATOR_MCP_ARTIFACTS_PRESIGN_EXPIRES_SECONDS
  • LLAMATOR_MCP_ARTIFACTS_MINIO_TTL_SECONDS
  • LLAMATOR_MCP_ARTIFACTS_LOCAL_TTL_SECONDS
  • LLAMATOR_MCP_ARTIFACTS_UPLOAD_MAX_RETRIES
  • LLAMATOR_MCP_ARTIFACTS_UPLOAD_RETRY_DELAY_SECONDS
  • LLAMATOR_MCP_MINIO_ENDPOINT_URL
  • LLAMATOR_MCP_MINIO_PUBLIC_ENDPOINT_URL
  • LLAMATOR_MCP_MINIO_ACCESS_KEY_ID
  • LLAMATOR_MCP_MINIO_SECRET_ACCESS_KEY
  • LLAMATOR_MCP_MINIO_BUCKET
  • LLAMATOR_MCP_MINIO_SECURE
  • LLAMATOR_MCP_API_KEY
  • LLAMATOR_MCP_LOG_LEVEL
  • LLAMATOR_MCP_UVICORN_LOG_LEVEL
  • LLAMATOR_MCP_ATTACK_OPENAI_BASE_URL
  • LLAMATOR_MCP_ATTACK_OPENAI_MODEL
  • LLAMATOR_MCP_ATTACK_OPENAI_API_KEY
  • LLAMATOR_MCP_ATTACK_OPENAI_TEMPERATURE
  • LLAMATOR_MCP_ATTACK_OPENAI_SYSTEM_PROMPTS
  • LLAMATOR_MCP_JUDGE_OPENAI_BASE_URL
  • LLAMATOR_MCP_JUDGE_OPENAI_MODEL
  • LLAMATOR_MCP_JUDGE_OPENAI_API_KEY
  • LLAMATOR_MCP_JUDGE_OPENAI_TEMPERATURE
  • LLAMATOR_MCP_JUDGE_OPENAI_SYSTEM_PROMPTS
  • LLAMATOR_MCP_JOB_TTL_SECONDS
  • LLAMATOR_MCP_RUN_TIMEOUT_SECONDS
  • LLAMATOR_MCP_REPORT_LANGUAGE
  • LLAMATOR_MCP_HTTP_HOST
  • LLAMATOR_MCP_HTTP_PORT
  • LLAMATOR_MCP_MCP_MOUNT_PATH
  • LLAMATOR_MCP_MCP_STREAMABLE_HTTP_PATH
  • LLAMATOR_MCP_MINIO_PUBLIC_PORT
  • LLAMATOR_MCP_MINIO_CONSOLE_PUBLIC_PORT
  • LLAMATOR_MCP_HTTP_PUBLIC_PORT

Security Notes

The server implements API key authentication via 'X-API-Key' header, with explicit checks at the ASGI middleware level and FastAPI dependencies. Artifact path validation prevents path traversal attacks. Custom test imports are restricted to allowed prefixes ('llamator.', 'llamator_mcp_server.'), mitigating arbitrary code execution risks. However, the `docker-compose.yml` uses weak default credentials (e.g., 'minioadmin', 'lm-studio') and an empty API key for 'LLAMATOR_MCP_API_KEY'. While these are configurable via environment variables, their default values lower the initial security posture, requiring careful setup in production to avoid vulnerabilities.

Similar Servers

atomic-red-team-mcp

99

An MCP server providing tools to search, validate, refresh, and optionally execute Atomic Red Team security tests for threat emulation and security development.

Other
8
$Medium

insights-mcp

16

Interacting with Red Hat Lightspeed services like Advisor, Image Builder, Inventory, Planning, Remediations, and Vulnerability to manage RHEL systems and services via a Model Context Protocol (MCP) server.

Other
9
$Medium

mcp-server-llmling

5

mcp-server-llmling serves as a Machine Chat Protocol (MCP) server, providing a YAML-based system to configure and manage LLM applications, including resources, prompts, and tools.

Other
3
$Low

agentxsuite

5

A unified open-source platform for connecting, managing, and monitoring AI agents and tools across various Model Context Protocol (MCP) servers.

Other
8
$High

Stats

Interest Score81
Security Score8
Cost ClassHigh
Avg Tokens100000
Stars2
Forks0
Last Update2026-01-18

Tags

LLM Red TeamingAPI GatewayAsynchronous JobsFastAPIMCP ServerMinIORedisARQ