Private
很棒的MCP安全
2025-04-14
🔥🔒很棒的MCP(模型上下文协议)安全🖥️
3 years
Works with Finder
93
Github Watches
7
Github Forks
93
Github Stars
🤝 Show your support - give a ⭐️ if you liked the content
Awesome MCP Security 
Everything you need to know about Model Context Protocol (MCP) security.
Table of Contents
📔 Security Considerations
Official Security Considerations from the Official MCP Specification Rev: 2025-03-26
[!NOTE] 15.04.2025: The current MCP auth specification is in progress of being replaced by a more robust specification. Please join the conversation if you have concerns around the current auth specification.
-
Servers MUST:
- Validate all tool inputs
- Implement proper access controls
- Rate limit tool invocations
- Sanitize tool outputs
-
Clients SHOULD:
- Prompt for user confirmation on sensitive operations
- Show tool inputs to the user before calling the server, to avoid malicious or accidental data exfiltration
- Validate tool results before passing to LLM
- Implement timeouts for tool calls
- Log tool usage for audit purposes
[!WARNING]
For trust & safety and security, clients MUST consider tool annotations to be untrusted unless they come from trusted servers.
[!WARNING]
For trust & safety and security, there SHOULD always be a human in the loop* with the ability to deny tool invocations.Applications SHOULD:
- Provide UI that makes clear which tools are being exposed to the AI model.
- Insert clear visual indicators when tools are invoked.
- Present confirmation prompts to the user for operations, to ensure a human is in the loop.
[!NOTE]
*Human-in-the-Loop (HITL) means that user help monitor and guide automated tasks, like deciding whether to accept tool requests in Cursor.
📃 Papers
- (2025-04) MCP Safety Audit: LLMs with the Model Context Protocol Allow Major Security Exploits by Brandon Radosevich, John Halloran
- (2025-03) Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions by Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang
📺 Videos
- (11.04.2025) This MCP Server Trick Can Steal Your API Keys by Prompt Engineering
- (09.04.2025) MCP Servers are Security Nightmares... by Better Stack
- (03.04.2025) MCP Security: Vetting Servers to Mitigate Tool Poisoning Attacks by JeredBlue
- (03.04.2025) Model Context Protocol (MCP) Security Concerns by Cory Wolff
📕 Articles, X threads and Blog Posts
- (19.04.2025) OAuth's Role in MCP Security by Gunnar Peterson
- (17.04.2025) MCP Not Safe - Reasons and Ideas by Phala Network
- (15.04.2025) MCP can be a security nightmare for building AI Agents by Rakesh Gohel
- (15.04.2025) Model Context Protocol (MCP) aka Multiple Cybersecurity Perils by Chris Martorella
- (14.04.2025) Model Context Protocol (MCP) Security by Evren
- (14.04.2025) Security Analysis: Potential AI Agent Hijacking via MCP and A2A Protocol Insights by Nicky
- (14.04.2025) MCP Security Checklist: A Security Guide for the AI Tool Ecosystem by slowmist
- (13.04.2025) Everything Wrong with MCP by Shrivu Shankar
- (11.04.2025) Diving Into the MCP Authorization Specification by Allen Zhou
- (11.04.2025) Vulnerability Discovered in Base-MCP: Hackers Can Redirect Transactions on Cursor AI and Anthropic Claude by @jlwhoo7
- (09.04.2025) Here's an example of remote MCP malware that steals your .env secrets in @cursor_ai by Maciej Pulikowski
- (09.04.2025) Old Security Rakes In New MCP Yards by Den Delimarsky
- (09.04.2025) Model Context Protocol has prompt injection security problems by Simon Willisons
- (07.04.2025) (RFC) Update the Authorization specification for MCP servers #284 by localden
- (07.04.2025) Improving The Model Context Protocol Authorization Spec - One RFC At A Time by Den Delimarsky
- (07.04.2025) Running MCP Tools Securely by mcp.run
- (07.04.2025) WhatsApp MCP Exploited: Exfiltrating your message history via MCP by invariantlabs.ai
- (07.04.2025) An Introduction to MCP and Authorization by auth0
- (06.04.2025) The “S” in MCP Stands for Security by Elena Cross
- (04.04.2025) MCP Servers are not safe! by Mehul Gupta
- (03.04.2025) Let's fix OAuth in MCP by Aaron Parecki
- (03.04.2025) MCP Resource Poisoning Prompt Injection Attacks by Bernard IQ
- (01.04.2025) MCP Security Notification: Tool Poisoning Attacks by invariantlabs.ai
- (31.03.2025) The MCP Authorization Spec Is... a Mess for Enterprise by Christian Posta
- (31.03.2025) Securing the Model Context Protocol by Alex Rosenzweig
- (29.03.2025) MCP Servers: The New Security Nightmare by equixly.com
- (23.03.2025) AI Model Context Protocol (MCP) and Security by Cisco
- (13.02.2025) Chained commands (&&) bypass yolo mode “denylist” in Cursor by lukemmtt
🧑🚀 Tools and code
- mcpscan.ai
- Damn Vulnerable MCP Server by harishsg993010
- ToolHive - making MCP servers easy and secure by StacklokLabs
- MCP-Shield – Detect security issues in MCP servers by riseandignite
- mcp-scan by invariantlabs-ai
- MCP Ethical Hacking by cmpxchg16
- mcp-injection-experiments by invariantlabs-ai
💾 MCP Security Servers
- GhidraMCP by LaurieWired - MCP server for automatic reverse engineering in Ghidra, a software reverse engineering platform.
- IDA-Pro-MCP by mrexodia - MCP server for reverse engineering in IDA Pro, a tool for analyzing software and binary files.
- binaryninja-mcp by MCPPhalanx - MCP server for Binary Ninja, a binary analysis tool.
- Burp Suite MCP by PortSwigger - MCP integration for web security testing in Burp Suite, a security testing tool for web applications.
- BloodHound-MCP-AI by MorDavid - MCP server integration for BloodHound, a tool for analyzing Active Directory domains.
- RoadRecon MCP by atomicchonk - MCP server for Azure AD data analysis with ROADRecon, a tool for mapping Azure Active Directory environments.
- Jadx MCP Plugin by mobilehackinglab - Jadx plugin for MCP server access via HTTP, used for decompiling Android apps.
- VirusTotal MCP Server by BurtTheCoder - MCP server for querying the VirusTotal API, a service for analyzing files and URLs for viruses.
- Shodan MCP Server by BurtTheCoder - MCP server for querying the Shodan API, which provides data on Internet-connected devices.
- DNStwist MCP Server by BurtTheCoder - MCP server for DNS fuzzing with dnstwist, a tool for detecting phishing and domain takeover threats.
- Maigret MCP Server by BurtTheCoder - MCP server for OSINT data collection with Maigret, a tool that gathers user info from various sources.
💻 Other Useful Resources
- (31.03.2025) I gave Claude root access to my server... Model Context Protocol explained by Fireship
- (17.03.2025) Model Context Protocol (MCP): The Key To Agentic AI by Jack Herrington
- Official MCP Specification
- Model Context Protocol - Official MCP website
😎 Contributing
👍🎉 First off, thanks for taking the time to contribute! 🎉👍
Please read and follow our contributing guide
Thanks! 🦄
🤝 Show your support
🤝 Show your support - give a ⭐️ if you liked the content
✔️ Disclaimer
This project can only be used for educational purposes. Using this resource against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.
相关推荐
😎简单易用、🧩丰富生态 -大模型原生即时通信机器人平台| 适配QQ / 微信(企业微信、个人微信) /飞书 /钉钉 / discord / telegram / slack等平台| 支持chatgpt,deepseek,dify,claude,基于LLM的即时消息机器人平台,支持Discord,Telegram,微信,Lark,Dingtalk,QQ,Slack
Reviews
2.7
(7)
user_I2qyGxfP
2025-04-24
As a loyal user of awesome-mcp-security, I can confidently say that this product is a game-changer in the field of security plugins. Puliczek has done an amazing job with its design and functionality. It offers robust protection and integrates seamlessly into my existing setup. Highly recommended for anyone seeking reliable security solutions!
user_tb6FjThp
2025-04-24
I've been using awesome-mcp-security by Puliczek, and it has completely transformed my workflow. This tool is incredibly reliable and easy to integrate, providing top-notch security features that have given me peace of mind. Highly recommended for anyone looking to enhance their project’s security effortlessly!
user_kokgygn6
2025-04-24
I've been using awesome-mcp-security by Puliczek for a while now and it's fantastic! The application is incredibly effective in enhancing security measures and provides a seamless user experience. I highly recommend it to anyone looking to bolster their security framework.
user_ix5tlOtI
2025-04-24
Awesome-mcp-security by Puliczek is a top-notch security application for anyone keen on enhancing their system protection. Its user-friendly interface and efficient performance have significantly improved my security management. Highly recommend it to anyone looking for reliable and advanced security solutions.
user_14Jy89Xr
2025-04-24
I recently started using awesome-mcp-security by Puliczek and it has made a significant difference in my project's security. The user interface is intuitive, and it provides robust protection against common vulnerabilities. Highly recommend it to anyone looking for reliable security solutions!
user_EqrnoBrN
2025-04-24
Awesome-mcp-security by Puliczek is an exceptional tool that I highly recommend! Its user-friendly interface and robust security features have significantly enhanced my system's protection. The seamless integration and comprehensive documentation made setup a breeze. A must-have for anyone serious about cybersecurity!
user_01xOucyM
2025-04-24
awesome-mcp-security by Puliczek is an outstanding application for securing Minecraft servers. It offers robust protection features tailored for both novice and experienced administrators. The setup is straightforward and the support documentation is comprehensive. Highly recommend for anyone serious about server security!