MCP-SEC is the analysis tool of our paper:
Parasites in the Toolchain: A Large-Scale Analysis of Attacks on the MCP
Accepted by IEEE S&P 2026
Paper: https://arxiv.org/abs/2509.06572
Demo website for our experiments: https://secresearcher100.github.io/
MCP-SEC is a prototype framework for analyzing security risks in the MCP ecosystem.
It supports two main stages of analysis:
- Tool capability analysis: identifying whether MCP tools expose risk-related capabilities relevant to parasitic toolchain attacks.
- Dynamic verification: testing whether these capabilities can be exercised in realistic environments through end-to-end interaction workflows.
This repository contains the core code used in our evaluation.
-
tool_analyzer/
Used in the tool capability analysis. -
dynamic-verifier/
Used in the dynamic verification of tools.
This repository is intended to provide the core experimental code and prompts used in our study.
Some environment-specific configurations, platform credentials, or deployment-dependent components may need to be adapted before reproduction in a new environment.
If you find this repository useful in your research, please cite our paper:
@article{zhao2025parasites,
title={Parasites in the Toolchain: A Large-Scale Analysis of Attacks on the MCP},
author={Zhao, Shuli and Hou, Qinsheng and Zhan, Zihan and Wang, Yanhao and Xie, Yuchong and Guo, Yu and Chen, Libo and Li, Shenghong and Xue, Zhi},
journal={arXiv preprint arXiv:2509.06572},
year={2025}
}