mcp

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Filesystem Escape tests MCP filesystem/git sandbox escape vectors.

WARNING: These tests should only be run in isolated sandboxed environments (Docker/chroot), never against the host filesystem.

Source: Adversa AI

MCP Supply Chain attacks target malicious MCP server/package distribution.

Source: Practical DevSecOps, CVE-2025-6514 pattern

Sampling Injection exploits the MCP sampling API to inject prompts.

Source: Unit 42 MCP sampling research

Package mcp implements attacks targeting the Model Context Protocol.

MCP enables LLM agents to interact with external tools and data sources. These attacks exploit the trust relationship between agents and MCP servers through tool description manipulation, sampling API injection, supply chain attacks, and sandbox escapes.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FilesystemEscapeModule

type FilesystemEscapeModule struct{}

FilesystemEscapeModule implements MCP filesystem/git sandbox escapes.

func (*FilesystemEscapeModule) Category

func (*FilesystemEscapeModule) Description

func (m *FilesystemEscapeModule) Description() string

func (*FilesystemEscapeModule) Execute

func (*FilesystemEscapeModule) Name

func (m *FilesystemEscapeModule) Name() string

func (*FilesystemEscapeModule) Techniques

func (m *FilesystemEscapeModule) Techniques() []common.TechniqueInfo

type MCPSupplyChainModule

type MCPSupplyChainModule struct{}

MCPSupplyChainModule implements malicious MCP server/package attacks.

func (*MCPSupplyChainModule) Category

func (*MCPSupplyChainModule) Description

func (m *MCPSupplyChainModule) Description() string

func (*MCPSupplyChainModule) Execute

func (*MCPSupplyChainModule) Name

func (m *MCPSupplyChainModule) Name() string

func (*MCPSupplyChainModule) Techniques

func (m *MCPSupplyChainModule) Techniques() []common.TechniqueInfo

type SamplingInjectionModule

type SamplingInjectionModule struct{}

SamplingInjectionModule implements prompt injection via the MCP sampling API.

func (*SamplingInjectionModule) Category

func (*SamplingInjectionModule) Description

func (m *SamplingInjectionModule) Description() string

func (*SamplingInjectionModule) Execute

func (*SamplingInjectionModule) Name

func (m *SamplingInjectionModule) Name() string

func (*SamplingInjectionModule) Techniques

func (m *SamplingInjectionModule) Techniques() []common.TechniqueInfo

type ToolPoisoningModule

type ToolPoisoningModule struct{}

ToolPoisoningModule manipulates MCP tool metadata/descriptions to cause LLM agents to invoke compromised tools.

Source: Palo Alto Unit 42

func (*ToolPoisoningModule) Category

func (*ToolPoisoningModule) Description

func (m *ToolPoisoningModule) Description() string

func (*ToolPoisoningModule) Execute

func (*ToolPoisoningModule) Name

func (m *ToolPoisoningModule) Name() string

func (*ToolPoisoningModule) Techniques

func (m *ToolPoisoningModule) Techniques() []common.TechniqueInfo

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL