{"id":"kyze-labs-damn-vulnerable-mcp-server","name":"damn-vulnerable-MCP-Server","af_score":60.5,"security_score":24.0,"reliability_score":31.2,"what_it_does":"An intentionally vulnerable Model Context Protocol (MCP) server and companion web tools (inspector, dashboard, exfil listener) for security training: it simulates a fictional company with multiple departmental toolsets and challenge scenarios that demonstrate common attack classes (prompt/tool injection, SQL/command/path injection, privilege escalation, data exfiltration, TOCTOU, etc.).","best_when":"Used locally or in isolated containers for education and experimentation, with fake/seeded data.","avoid_when":"Avoid deploying publicly or sharing the service/DB across untrusted users, since the project explicitly includes vulnerabilities and cross-department data access.","last_evaluated":"2026-03-30T13:55:28.362088+00:00","has_mcp":true,"has_api":true,"auth_methods":[],"has_free_tier":false,"known_gotchas":["The MCP server communicates over stdio (JSON-RPC), not HTTP—agents must spawn/connect via an MCP host configuration.","The inspector proxy exists but is an HTTP wrapper around the stdio MCP process; avoid assuming direct HTTP calls to the MCP server.","Difficulty modes intentionally weaken protections (e.g., ‘zero sanitization’ at Beginner), so agent behavior and expected failures vary by mode.","Shared SQLite across departments means cross-domain effects are expected (and intentionally enabled), which can surprise agents relying on isolation."],"error_quality":0.0}