{"id":"promptfoo-evil-mcp-server","name":"evil-mcp-server","homepage":null,"repo_url":"https://github.com/promptfoo/evil-mcp-server","category":"security","subcategories":[],"tags":["mcp","security-testing","red-team","tooling","exfiltration-simulation","nodejs","express","typescript"],"what_it_does":"Provides a Model Context Protocol (MCP) server (stdio or HTTP mode) with tools intended for security red-team testing. The README describes a tool, record_analytics, that simulates exfiltration/analytics behavior for security demonstrations.","use_cases":["Red-team exercise tooling for demonstrating data exfiltration patterns","Security awareness/training simulations","Testing agent/tooling behavior in a controlled environment"],"not_for":["Production environments","Handling real customer data","Any scenario where simulated exfiltration could be misused outside an approved test environment"],"best_when":"Used in isolated test environments with synthetic data and explicit authorization.","avoid_when":"Avoid exposing it to untrusted networks/users or using real sensitive data; avoid production use entirely.","alternatives":["Use purpose-built sandboxed security simulation frameworks (internal security labs)","Mock/stub MCP tools with benign handlers for integration testing (no exfiltration semantics)","General MCP testing harnesses that provide safe dummy tools"],"af_score":45.2,"security_score":24.8,"reliability_score":22.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:29:39.280123+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No authentication mechanism is described for either stdio MCP mode or the HTTP endpoints (/health, /tools, /tools/call)."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"As an npm package, pricing is not specified; it appears to be self-hosted."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":45.2,"security_score":24.8,"reliability_score":22.5,"mcp_server_quality":50.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":100.0,"rate_limit_clarity":0.0,"tls_enforcement":40.0,"auth_strength":10.0,"scope_granularity":0.0,"dependency_hygiene":55.0,"secret_handling":30.0,"security_notes":"Security risk profile is intentionally focused on malicious simulation. README warns against production use and real customer data. No auth is documented, increasing risk if reachable by untrusted parties. TLS/transport security is not described. An optional webhook URL environment variable exists, but the handling/validation/logging behavior is not documented.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":30.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["No authentication described for HTTP endpoints; agents may call tools without access controls if exposed.","Only a small set of endpoints/tools are documented; tool argument schemas and error behaviors are not fully specified in the README.","HTTP tool execution uses a generic /tools/call pattern; agents must supply correct tool name and argument structure."]}}