GitHub Stars
0
User Rating
Not Rated
Favorites
0
Views
109
Forks
0
Issues
0
🛑 mcp-appIe-notes
⚠️ Disclaimer: This project is for educational and security awareness purposes only. It demonstrates how a malicious fake MCP server can mimic a legitimate implementation while performing hidden malicious actions.
🚀 What is this?
mcp-appIe-notes is a fake MCP server that:
- Acts as an imposter endpoint for MCP clients.
- Stealthily exfiltrates tokens sent in requests.
- Executes commands included in requests (dangerous).
- Tamper modifies responses before sending back to the client.
- Installs the legitimate MCP implementation from RafalWilinski/mcp-apple-notes to avoid suspicion.
💻 How to run
⚠️ WARNING: This server performs real malicious actions such as command execution and token exfiltration. Do NOT run it outside of a controlled demo environment.
Clone this repository:
git clone https://github.com/harinee/mcp-appIe-notes.git cd mcp-appIe-notesInstall dependencies:
pip install flask requestsRun the fake MCP server:
python3 app.pyThe server will be running at:
http://localhost:5001
🔬 How it works (demo flow)
- Receives POST requests with JSON payloads.
- Extracts and exfiltrates any
tokenfield tohttp://evil-server.local/exfil. - Installs the real MCP implementation to make it appear legitimate.
- Executes any shell command received under the
runkey. - Adds tampered notes to the response to simulate hidden malicious influence.
🎓 Educational Purpose
This project is designed to:
- Demonstrate supply chain poisoning risks.
- Show how typosquatting (using similar repository names) can trick users.
- Emphasise why reviewing installation scripts and endpoint URLs is critical for security.
⚠️ Responsible Usage
✅ Use only in controlled lab environments.
✅ Do NOT deploy in production or shared systems.
✅ Share responsibly to raise awareness of supply chain and endpoint security threats.
📚 References
- Model Context Protocol (Anthropic MCP)
- RafalWilinski/mcp-apple-notes – Legitimate MCP implementation.