atomic-red-team-mcp
Verified Safeby cyberbuff
Overview
Provides an MCP server to access, validate, and execute Atomic Red Team security tests, primarily for integration with AI assistants and development tools.
Installation
uvx atomic-red-team-mcpEnvironment Variables
- ART_MCP_TRANSPORT
- ART_MCP_HOST
- ART_MCP_PORT
- ART_DATA_DIR
- ART_GITHUB_URL
- ART_GITHUB_USER
- ART_GITHUB_REPO
- ART_EXECUTION_ENABLED
- ART_AUTH_TOKEN
- ART_AUTH_CLIENT_ID
- ART_AUTH_SCOPES
Security Notes
The server includes a critical `execute_atomic` tool that runs system commands, inherently posing a high security risk. However, it is disabled by default (`ART_EXECUTION_ENABLED=false`) with explicit warnings in the documentation. Input validation is implemented for file paths and technique IDs (e.g., in `read_atomic_document` and `query_atomics`) to prevent path traversal and malformed inputs. Authentication via a static bearer token is supported but disabled by default, which is a significant risk for remote deployments, especially if `execute_atomic` is enabled and the server listens on `0.0.0.0` (default host). Users must implement proper network isolation and authentication when deploying remotely with execution enabled.
Similar Servers
octomind-mcp
Enables AI agents to programmatically create, execute, and manage end-to-end tests on the Octomind platform.
mcplint
A comprehensive security and quality assurance platform for Model Context Protocol (MCP) servers, supporting protocol validation, vulnerability scanning, fuzzing, and AI-assisted explanations to integrate security into development pipelines.
MCP-Security-Framework
Automated security assessment and vulnerability detection for Model Context Protocol (MCP) servers.
mcp-fortress
Provides automated security scanning, runtime protection, and vulnerability detection for Model Context Protocol (MCP) servers and AI agent tools within developer environments.