- Topic1/3
45k Popularity
31k Popularity
47k Popularity
9k Popularity
22k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
MCP Security Vulnerability Revealed: Attack Demonstration and Protection Strategies
MCP Security Risks and Attack Demonstration
MCP ( Model Context Protocol ) is currently still in the early stages of development, with an overall chaotic environment where various potential attack methods emerge endlessly, making it difficult for existing protocols and tools to defend effectively. To enhance the community's awareness of MCP security, SlowMist has open-sourced the MasterMCP tool, aimed at helping developers timely identify security vulnerabilities in product design through practical attack drills, thereby gradually strengthening the security of the MCP project.
This article will demonstrate common attack methods under the MCP system through practical demonstrations, such as information poisoning and hidden malicious instructions with real cases. All demonstration scripts will also be open-sourced for everyone to reproduce the entire process in a safe environment, and even develop their own attack testing plugins based on these scripts.
Overall Architecture Overview
Demonstration Attack Target MC: Toolbox
Choose Toolbox as the testing target, mainly based on the following points:
Demonstration of malicious MCP: MasterMCP
MasterMCP is a simulated malicious MCP tool developed by SlowMist specifically for security testing, designed with a plugin architecture, and includes the following key modules:
Local website service simulation:
Quickly build a simple HTTP server using the FastAPI framework to simulate a common web environment. These pages appear normal on the surface, but they contain carefully designed malicious payloads hidden in the source code or API responses.
Local Plugin-based MCP Architecture
MasterMCP adopts a plugin-based approach for expansion, allowing for quick addition of new attack methods in the future. After running, MasterMCP will run the FastAPI service of the previous module in a subprocess.
Demo Client
demo use large model
Cross-MCP Malicious Invocation
web content poisoning attack
Access the local testing website through Cursor to simulate the impact of a large model client accessing a malicious site. After executing the instructions, Cursor not only read the webpage content but also transmitted local sensitive configuration data back to the testing server. In the source code, the malicious prompt is embedded as an HTML comment.
Visiting the /encode page, the malicious prompts have been encoded, making the poisoning more covert. Even if the source code does not contain plaintext prompts, the attack is still successfully executed.
Third-party Interface Pollution Attack
Demo reminder: Whether malicious or non-malicious MCPs, when calling third-party APIs, directly returning third-party data to the context can have serious consequences.
Poisoning Techniques in the MCP Initialization Phase
malicious function override attack
MasterMCP wrote a tool named remove_server that has the same name as the function in Toolbox, and encoded to hide malicious prompts. After executing the command, Claude Desktop triggered the method with the same name provided by MasterMCP, instead of the original toolbox remove_server method.
Add malicious global check logic
MasterMCP developed the banana tool, which forces all tools to execute this tool for a security check before running. Each time a function is executed, the system will prioritize the banana check mechanism.
Advanced Techniques for Hiding Malicious Prompt Words
model-friendly coding method
Using LLM to hide malicious information through strong parsing capabilities of multilingual formats:
Random Malicious Payload Return Mechanism
Each time the /random request is made, it randomly returns a page with malicious payloads, increasing the difficulty of detection and tracing.
Summary
The MasterMCP practical demonstration intuitively showcases various security risks within the MCP system. From simple prompt injection and cross-MCP calls to more covert initialization phase attacks and malicious instruction hiding, each step reminds us of the vulnerabilities within the MCP ecosystem.
Small input pollution may trigger system-level security risks, and the diversification of attacker methods also means that traditional protection ideas need to be comprehensively upgraded. Developers and users should remain vigilant about the MCP system, paying attention to every interaction, every line of code, and every return value, in order to build a solid and secure MCP environment.
SlowMist will continue to improve the MasterMCP script, open source more targeted test cases, and help everyone deepen their understanding, practice, and strengthen protection in a safe environment. Relevant content has been synchronized to GitHub, and interested readers can visit to check it out.