malim
by m10x
Overview
A malicious MCP server designed to test MCP clients for potential security vulnerabilities.
Installation
python3 malim.pySecurity Notes
This server is *explicitly designed to be malicious* for security testing purposes. It contains deliberate XSS payloads in `website_url` and `icons`, and sophisticated prompt injection attempts in `instructions`, tool descriptions (`all_in_one_tool`, `write_stuff`), and tool prompts (`analyze_sentiment`, `creative_writing`). It also attempts tool poisoning and elicitation-based attacks. Running this server is inherently risky for any MCP client not specifically hardened against such attacks. It should only be run in a controlled, isolated environment for its intended purpose of client vulnerability assessment. No `eval`, obfuscation, or hardcoded secrets were found that weren't part of the deliberate malicious payloads.
Similar Servers
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
copilot-security-instructions
This MCP server provides a toolkit to guide GitHub Copilot toward secure coding practices by offering customizable security-focused prompts and agents for integration into development workflows.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
Mcpwn
Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.