Vulnerable MCP Servers Lab

Skill by ara.so — MCP Skills collection.

Overview

The Vulnerable MCP Servers Lab is a collection of intentionally vulnerable Model Context Protocol (MCP) server implementations designed for security training, penetration testing practice, and AI red teaming research. Each server demonstrates specific vulnerability classes including path traversal, code execution, prompt injection, secrets exposure, and supply chain attacks.

Critical Warning: These servers are intentionally vulnerable. Only use in isolated lab environments (disposable VMs/containers) with no real data or secrets.

Installation

Prerequisites

• Node.js 18+ and npm
• An isolated testing environment (VM, container, or air-gapped network)
• Claude Desktop or another MCP-compatible client for testing

Setup