malim
by m10x
Overview
A malicious MCP server designed to test MCP clients for potential security vulnerabilities.
Installation
python3 malim.pySecurity Notes
This server is *explicitly designed to be malicious* for security testing purposes. It contains deliberate XSS payloads in `website_url` and `icons`, and sophisticated prompt injection attempts in `instructions`, tool descriptions (`all_in_one_tool`, `write_stuff`), and tool prompts (`analyze_sentiment`, `creative_writing`). It also attempts tool poisoning and elicitation-based attacks. Running this server is inherently risky for any MCP client not specifically hardened against such attacks. It should only be run in a controlled, isolated environment for its intended purpose of client vulnerability assessment. No `eval`, obfuscation, or hardcoded secrets were found that weren't part of the deliberate malicious payloads.
Similar Servers
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers that detects vulnerabilities and security issues in MCP implementations.
copilot-security-instructions
This MCP server provides a toolkit of security-focused prompts and instructions to guide GitHub Copilot towards secure coding practices, helping developers identify and mitigate security risks.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
MCP-Security-Framework
A comprehensive security testing framework for Model Context Protocol (MCP) servers, designed to detect vulnerabilities through automated sandboxing and active probing.