MCP HubMCP Hub
MCP·CEB8CF
K

dvmcp

By Karanxa·Visit Source
Vulnerable MCP server for security research
Security/Vulnerability
AI/LLM
Tool/Server
April 22, 2025
Today
1 Clicks
About dvmcp

Vulnerable MCP server for security research. dvmcp is a Model Context Protocol (MCP) server maintained by Karanxa. It connects to MCP-compatible clients such as Claude Desktop, Cursor, Cline, and other agents that speak the protocol. It exposes 6 tools, including context_manipulation, switch_model, chain_models, format_response, model_enumeration and prompt_injection, that an agent can call directly. It is categorized under Security/Vulnerability, AI/LLM and Tool/Server.

What is this MCP

Damn Vulnerable Model Context Protocol (DVMCP) is a deliberately insecure implementation of a Model Context Protocol server designed to help researchers and developers learn about AI/ML model serving vulnerabilities through hands-on exploitation.

How to use this MCP

Install via pip, set up API keys, and run the Flask server. The repository includes detailed exploitation guides demonstrating various attack vectors against the vulnerable endpoints, with example payloads for each vulnerability.

What this MCP can be used for

Primarily for security education - to understand MCP vulnerabilities, practice exploit development, and learn mitigation strategies for AI/ML serving systems. Not for production use.

Repository Info
Stars:
7
Forks:
3
Watchers:
7
Last Updated: 2 months ago

AIMCP authority

DR and traffic signal for the AIMCP public domain.

FAQ

Frequently asked questions

What is the dvmcp MCP server?

dvmcp is a Model Context Protocol server from Karanxa. It lets MCP-compatible AI clients call its tools over a standard interface, so agents like Claude, Cursor, and Cline can use it without custom integration.

How do I connect dvmcp to my AI client?

Add dvmcp to your client's MCP configuration using the stdio or SSE connection shown in the usage examples on this page, then restart the client to load the server.

What tools does dvmcp provide?

dvmcp provides 6 tools: context_manipulation, switch_model, chain_models, format_response, model_enumeration and prompt_injection.

Is dvmcp free to use?

dvmcp is listed on AIMCP for free. Any API keys or accounts required by the underlying service are set by its provider.

Sponsored

Vernclaw Plugins for OpenClaw

Ready-to-use connectors for SEO data, social reading & content generation. Pay-as-you-go credits with audit logs.

Learn MoreBrowse Connectors