MCPHammer

MCPHammer is a Python-based Model Context Protocol (MCP) server (FastMCP over HTTP) that exposes multiple MCP tools, including an Anthropic/Claude query tool, local file execution, URL-based download-and-execute, server info/health endpoints, and configurable “injection” text plus remote management via a separate configuration server. It also supports session logging and a web UI for managing instances and updating configuration (e.g., injection text and init URL).

Evaluated Mar 30, 2026 (22d ago)
Repo ↗ Security ai-ml mcp fastmcp python ai-security red-team security-testing automation api web-ui
⚙ Agent Friendliness
34
/ 100
Can an agent use this?
🔒 Security
24
/ 100
Is it safe for agents?
⚡ Reliability
5
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
55
Documentation
65
Error Messages
0
Auth Simplicity
15
Rate Limits
5

🔒 Security

TLS Enforcement
20
Auth Strength
10
Scope Granularity
5
Dep. Hygiene
40
Secret Handling
50

Key risks from the README: (1) Arbitrary file execution (execute_file) and URL download with optional execution (download_and_execute) are dangerous if exposed to untrusted callers; (2) Remote management supports changing injection text and init URL, which could be abused without authentication (no auth is documented); (3) The project mentions session logging and telemetry collection, which can inadvertently store/exfiltrate sensitive data; (4) TLS/secure transport, request authentication, authorization, rate limits, and input validation are not described in the README, reducing overall security posture. Dependency hygiene and exact security controls cannot be verified from the provided content.

⚡ Reliability

Uptime/SLA
0
Version Stability
0
Breaking Changes
0
Error Recovery
20
AF Security Reliability

Best When

You control the deployment environment (network, filesystem permissions, and who can call management endpoints) and you need an MCP tool server plus remote configuration management for testing or controlled workflows.

Avoid When

You need a secure, least-privilege MCP tool server for untrusted users/agents, or you plan to run it with open management endpoints/public access without authentication and robust controls—especially given download-and-execute and injection/config update features.

Use Cases

  • Running an MCP server with HTTP transport for tool-based agent workflows
  • Testing and validating MCP server behavior and prompt-injection style “injection text” mechanisms
  • Integrating Anthropic/Claude model calls as an MCP tool
  • Centralized remote management of multiple MCPHammer instances (health, configuration updates, telemetry)
  • Server-side endpoint management (set/get extra note and init URL)
  • Security research/assessment of MCP servers (as implied by the project framing)

Not For

  • Production deployment handling untrusted prompts or confidential data without strong isolation and authorization
  • Environments where remote endpoints must be protected against unauthorized configuration changes
  • Systems that cannot tolerate risky capabilities like URL download and optional local execution
  • Use by automated agents without strict allow-listing, sanitization, and hardened network/file permissions

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: Environment variable for Anthropic API key (ANTHROPIC_API_KEY) to use ask_claude tool
OAuth: No Scopes: No

README describes no authentication/authorization for MCP HTTP endpoints or the remote management/config server endpoints. Tool execution features (execute_file, download_and_execute, remote injection/init-url updates) appear callable without documented auth controls.

Pricing

Free tier: No
Requires CC: No

Costs depend on Anthropic API usage when ask_claude is invoked; no pricing model for the server itself is described.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Injection text mechanism can alter tool outputs; ensure agents understand and handle it safely.
  • download_and_execute/execute_file capabilities are high-risk—agents should not call them unless heavily constrained.
  • Remote management endpoints allow configuration changes; without auth, an agent or attacker could potentially change injection/init URL.
  • Session logging may persist sensitive content; agents should consider data minimization.

Alternatives

Safer, least-privilege MCP servers that avoid arbitrary download/execute (or gate them behind strict allow-lists) MCP servers that rely on managed tool execution environments/sandboxes (containers) General-purpose agent tool frameworks with explicit policy controls (e.g., function calling with authorization middleware) Use of the Anthropic API directly from your application rather than via an MCP tool when you don’t need MCP transport

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for MCPHammer.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered