mcp-auth-exploit-pocs

Various exploits for MCP clients that are capable of the OAuth spec. These will all launch a calculator on Windows but the MCP inspector one can be adapted for other platforms.

Installing a vulnerable Claude Code (old)

For the exploit against cmd.exe.

npm install -g @anthropic-ai/claude-code@1.0.53

Installing a vulnerable Claude Code (new)

npm install -g @anthropic-ai/claude-code@1.0.57

Installing a vulnerable Gemini CLI

npm install -g @google/gemini-cli@0.1.14

Running a vulnerable MCP inspector

npx @modelcontextprotocol/inspector@0.16.3

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
.gitignore		.gitignore
README.md		README.md
claude_code_and_gemini_cli.js		claude_code_and_gemini_cli.js
claude_code_old.js		claude_code_old.js
mcp_inspector.js		mcp_inspector.js
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

mcp-auth-exploit-pocs

Installing a vulnerable Claude Code (old)

Installing a vulnerable Claude Code (new)

Installing a vulnerable Gemini CLI

Running a vulnerable MCP inspector

About

Uh oh!

Releases

Packages

Languages

verialabs/mcp-auth-exploit-pocs

Folders and files

Latest commit

History

Repository files navigation

mcp-auth-exploit-pocs

Installing a vulnerable Claude Code (old)

Installing a vulnerable Claude Code (new)

Installing a vulnerable Gemini CLI

Running a vulnerable MCP inspector

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages