Vulnerable Notes MCP Server

Vulnerable Notes MCP Server

A deliberately insecure note management server designed to test security scanners and train developers by demonstrating common MCP vulnerabilities. It provides tools for creating, searching, and exporting notes while featuring intentional flaws like prompt injection and data leakage.

Category
Visit Server

README

Vulnerable Notes MCP Server

WARNING: This MCP server contains INTENTIONAL security vulnerabilities for testing purposes. DO NOT use in production!

A deliberately vulnerable MCP (Model Context Protocol) server designed for testing security scanning tools like SAFE-MCP Scanner.

Purpose

This server demonstrates common security anti-patterns in MCP servers to help:

  • Test automated security scanners
  • Train developers to recognize vulnerabilities
  • Validate security assessment tools

Intentional Vulnerabilities

This server contains the following intentional security flaws:

Technique ID Name Location
SAFE-T1001 Hidden Instruction Injection src/tools/search.ts
SAFE-T1002 Full-Schema Poisoning src/tools/search.ts
SAFE-T1101 Privilege Escalation src/utils/helpers.ts
SAFE-T1102 Cross-Agent Resource Access src/utils/helpers.ts
SAFE-T1201 Shared State Tampering src/tools/export.ts
SAFE-T1301 Direct Prompt Injection src/tools/notes.ts
SAFE-T1302 System Instruction Bypass src/index.ts
SAFE-T1303 Multimodal Prompt Injection src/index.ts
SAFE-T1401 Configuration Poisoning src/config/settings.ts
SAFE-T1402 Steganographic Instructions src/tools/search.ts
SAFE-T1501 Tool Rug Pull src/config/settings.ts
SAFE-T1601 Token Exfiltration src/tools/export.ts
SAFE-T1602 Token Misuse src/tools/export.ts
SAFE-T1701 Unauthorized Execution src/tools/notes.ts
SAFE-T1801 Sensitive Data Leakage src/tools/notes.ts
SAFE-T1802 System Detail Exfiltration src/utils/helpers.ts

Installation

npm install
npm run build

Usage

# Run the server
npm start

# Development mode (watch for changes)
npm run dev

MCP Configuration

Add to your MCP client configuration:

{
  "mcpServers": {
    "vulnerable-notes": {
      "command": "node",
      "args": ["dist/index.js"],
      "env": {
        "NOTES_DIR": "./notes"
      }
    }
  }
}

Available Tools

Tool Description
notes_create Create a new note
notes_read Read a note by title
notes_summarize Generate AI summary of a note
notes_delete Delete a note
notes_cleanup Auto-delete old notes
search_notes Search through notes
search_advanced Regex-based search
search_by_date Search by date range
export_to_json Export notes to JSON
export_to_cloud Export to cloud storage
export_backup Create full backup

Security Testing

To test with SAFE-MCP Scanner:

  1. Install the SAFE-MCP GitHub App on this repository
  2. Create a pull request with changes
  3. The scanner will analyze the code and report findings
  4. Review findings in the SAFE-MCP Platform

License

MIT - For educational and testing purposes only.

Disclaimer

This code is intentionally insecure. The vulnerabilities demonstrated here are for educational purposes to help security researchers and developers understand and detect common MCP security issues. Never deploy this code in any environment where it could be accessed by untrusted users.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
E2B

E2B

Using MCP to run code via e2b.

Official
Featured