Skip to content

NSSL-SJTU/MCP-SEC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

MCP-SEC

MCP-SEC is the analysis tool of our paper:

Parasites in the Toolchain: A Large-Scale Analysis of Attacks on the MCP

Accepted by IEEE S&P 2026

Paper: https://arxiv.org/abs/2509.06572

Demo website for our experiments: https://secresearcher100.github.io/

Overview

MCP-SEC is a prototype framework for analyzing security risks in the MCP ecosystem.
It supports two main stages of analysis:

  1. Tool capability analysis: identifying whether MCP tools expose risk-related capabilities relevant to parasitic toolchain attacks.
  2. Dynamic verification: testing whether these capabilities can be exercised in realistic environments through end-to-end interaction workflows.

This repository contains the core code used in our evaluation.

Repository Structure

  • tool_analyzer/
    Used in the tool capability analysis.

  • dynamic-verifier/
    Used in the dynamic verification of tools.

Scope

This repository is intended to provide the core experimental code and prompts used in our study.
Some environment-specific configurations, platform credentials, or deployment-dependent components may need to be adapted before reproduction in a new environment.

Citation

If you find this repository useful in your research, please cite our paper:

@article{zhao2025parasites,
  title={Parasites in the Toolchain: A Large-Scale Analysis of Attacks on the MCP},
  author={Zhao, Shuli and Hou, Qinsheng and Zhan, Zihan and Wang, Yanhao and Xie, Yuchong and Guo, Yu and Chen, Libo and Li, Shenghong and Xue, Zhi},
  journal={arXiv preprint arXiv:2509.06572},
  year={2025}
}

About

MCP-SEC: Official analysis tool for our IEEE S&P 2026 paper on parasitic toolchain attacks in the MCP ecosystem.

Resources

Stars

6 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors