{"id":"pawelkozy-mcp-breach-to-fix-labs","name":"mcp-breach-to-fix-labs","af_score":46.0,"security_score":28.5,"reliability_score":20.0,"what_it_does":"Provides a Dockerized set of Model Context Protocol (MCP) security lab servers with intentionally vulnerable and corresponding hardened implementations for multiple common vulnerability classes (e.g., path traversal, SQL injection, prompt/tool-response injection, command injection). Includes challenge walkthroughs and proof artifacts meant to reproduce exploit-to-mitigation flows end-to-end.","best_when":"You need a reproducible, local training/regression environment to compare vulnerable vs. hardened MCP server patterns.","avoid_when":"You cannot isolate the environment (e.g., no Docker sandbox, no network restrictions) or you need a fully production-grade SaaS/API platform.","last_evaluated":"2026-03-30T13:49:02.601047+00:00","has_mcp":true,"has_api":false,"auth_methods":["Not specified in README; likely local-only lab access to MCP stream endpoints (no external auth described)."],"has_free_tier":false,"known_gotchas":["These labs intentionally include exploitable behavior; agents may attempt exploitation steps that cause state changes or data exfiltration attempts.","Because the project includes vulnerable modes, an agent that is not constrained could perform actions beyond the intended learning scope.","Auth/rate-limit behavior is not documented in the README; an agent should not assume production-like guardrails."],"error_quality":0.0}