MCP server compromise
the MCP (Model Context Protocol) server itself is the failure locus — leaked server credentials, impersonated server identity, server-side tool-definition tampering, or permission escalation in the server's tool-grant ledger. evidence is the server audit log, the client-invocation trail showing what the LLM thinks it called vs what the server actually executed, the tool-call attribution graph, and the OAuth scope grant ledger. distinct from ai-agent-runaway (agent did this with a benign server) and llm-prompt-injection (input bent the model · server was clean). a compromised server can fool both honest models and honest agents.
a guided path, not automation — each step opens a tool you run yourself; nothing uploads. progress is saved only in this browser.
wraps the MCP server compromise — audit kit preset — drop MCP server audit + client invocation logs → permission escalation → tool-call graph → report
guided steps
- mcp model context protocol server audit log forensic analyzer
parse server audit log — credential leak + tool-definition tamper rows
- mcp client invocation log forensic analyzer
parse client invocation trail — what LLM thinks it called vs server executed
- mcp server permission escalation detector
detect permission escalation in server tool-grant ledger
- mcp tool call graph reconstructor
reconstruct tool-call attribution graph across server + client logs
- case report generator
draft report linking server tamper to client invocation divergence
suggested options · title: MCP server compromise — audit assessment
when you're done
export a run summary — a small JSON record of which steps you marked done, your notes, and a self-hash so the record can't be silently altered. it is your reproducibility note, not a per-tool receipt: each tool emits its own input→output receipt when you run it.