MCP Server Security & Performance Analysis — v0.1.0
| Test ID | Severity | Test Name | Description / Details | Duration |
|---|---|---|---|---|
| SECURITY · 13 tests | ||||
| T07-008 | MEDIUM | Invalid Tool Name Rejection |
Server accepted call to invalid tool name '' without error.Tool name '' was accepted with no error response.
Remediation:
Validate tool names on the server side. Empty, whitespace, null-byte, or non-existent tool names must be rejected with a structured error. |
13ms |
| T07-009 | MEDIUM | Oversized Argument Rejection |
Server accepted a 1 MB argument value without error — no input size limit enforced.Tool accepted 10 KB key + 1 MB value payload.
Remediation:
Enforce maximum argument size limits (e.g. 64 KB total per call). Unbounded inputs allow memory exhaustion attacks. |
14ms |
| T07-012 | MEDIUM | Unicode Homoglyph Tool Name Spoofing |
Server accepted unicode homoglyph of tool name 'fetch' → 'fеtch'.Original: 'fetch'
Spoofed: 'fеtch'
Server executed the spoofed name without rejection.
Remediation:
Validate tool names using exact byte-for-byte comparison and reject any name not in the known tool manifest. Homoglyph acceptance allows log poisoning and UI spoofing. |
6ms |
| T07-010 | LOW | Duplicate Initialize (Replay Attack) |
Server accepted a second initialize() call on an already active session. The session remained usable, but the server sta…Double initialize() succeeded.
Post-replay list_tools() succeeded — session is still functional but capabilities or internal state may have been altered.
Remediation:
The server should reject or ignore repeated initialize() calls. Accepting them enables mid-session protocol version downgrade and capability reset attacks. |
12ms |
| T07-013 | LOW | Protocol Version Abuse |
Server did not negotiate a recognised MCP protocol version (version is empty or unknown).
Remediation:
Ensure the server returns a valid protocolVersion in its initialize response (e.g. '2024-11-05'). Clients rely on this to select compatible behaviour. |
0ms |
| T07-001 | INFO | Unauthenticated Access | Unauthenticated Access test requires HTTP transport — skipped (transport='stdio'). | 0ms |
| T07-002 | INFO | Malformed Token Rejection | Malformed Token Rejection test requires HTTP transport — skipped (transport='stdio'). | 0ms |
| T07-003 | INFO | Resource URI Path Traversal | Server advertises no resources — path traversal test skipped. | 0ms |
| T07-005 | INFO | CORS Misconfiguration | CORS check requires HTTP transport — skipped (transport='stdio'). | 0ms |
| T07-006 | INFO | Process Privilege Check | Privilege check not available on Windows. | 0ms |
| T07-004 | PASS | Credentials in Error Messages |
No credential patterns found in error response for non-existent tool call.Error excerpt: "meta=None content=[TextContent(type='text', text='1 validation error for Fetch\\nurl\\n Field required [type=missing, input_value={}, input_type=dict]\\n For further information visit https://errors."
|
12ms |
| T07-007 | PASS | Environment Variable Probe |
Tool 'fetch' did not expand environment variable references in its response.Response excerpt: 'meta=None content=[TextContent(type=\'text\', text="1 validation error for Fetch\\nurl\\n Input should be a valid URL, relative URL without a base [type=url_parsing, input_value=\'$HOME $USER $PATH $AWS_S'
|
469ms |
| T07-011 | PASS | Deeply Nested Argument (JSON Bomb) | Server rejected deeply nested JSON argument. | 0ms |
| DISCOVERY · 8 tests | ||||
| T01-001 | INFO | Server Identity |
Server did not advertise: name, version. Got name='unknown' version='unknown' protocol='unknown'.
Remediation:
Ensure the MCP server returns a populated 'serverInfo' object in its initialize response (name and version fields). |
0ms |
| T01-002 | PASS | Tool Enumeration |
Discovered 1 tool(s): fetch.fetch: 'Fetches a URL from the internet and optionally extracts its contents as markdown'
|
0ms |
| T01-003 | PASS | Resource Enumeration | Discovered 0 resource(s). | 0ms |
| T01-004 | PASS | Prompt Enumeration |
Discovered 1 prompt(s): fetch.fetch: 'Fetch a URL and extract its contents as markdown' (1 arg(s))
|
0ms |
| T01-005 | PASS | Tool Description Completeness | All 1 tool(s) have non-empty descriptions. | 0ms |
| T01-006 | PASS | Tool Schema Validity | All 1 tool(s) have valid JSON Schema inputSchema. | 0ms |
| T01-007 | PASS | Duplicate Tool Names | All 1 tool name(s) are unique. | 0ms |
| T01-008 | PASS | Tool Description Length | All 1 tool description(s) are within the 2,000-character limit. | 0ms |
| SCHEMA · 6 tests | ||||
| T06-003 | INFO | additionalProperties Strictness |
1/1 tool(s) missing 'additionalProperties': false.Tools missing additionalProperties:false: fetch
Remediation:
Adding 'additionalProperties': false to every inputSchema prevents callers from silently passing undeclared fields that could confuse server-side processing. |
0ms |
| T06-004 | INFO | Return Type Consistency | All tools have required fields — return-type consistency test skipped. | 0ms |
| T06-001 | PASS | Schema Structural Validity | All 1 tool inputSchema(s) are structurally valid. | 0ms |
| T06-002-fetch | PASS | Required Enforcement: fetch | Tool 'fetch' returned an error response for missing required fields. | 10ms |
| T06-005 | PASS | Overly Permissive Schema Detection | All 1 tool schema(s) are acceptably strict. | 0ms |
| T06-006-fetch | PASS | Description Quality: fetch |
Tool 'fetch' has an adequate description (307 chars).Description: 'Fetches a URL from the internet and optionally extracts its contents as markdown.\n\nAlthough originally you did not have internet access, and were advised to refuse and tell the user this, this tool no'
|
0ms |
| PERFORMANCE · 5 tests | ||||
| T00-003 | INFO | Connection Closed Mid-Scan (Rate Limit / Server Reset) |
The HTTP server closed the connection mid-scan. This is expected behaviour for production servers that apply rate-limiti…Unexpected stdio transport error: ConnectionResetError: Connection lost (caused by ExceptionGroup: unhandled errors in a TaskGroup (1 sub-exception))
Remediation:
Re-run with --no-load to skip T05 load tests and reduce the number of requests sent to the server. The connection drop does not indicate a vulnerability. |
6344ms |
| T08-003-00 | INFO | Resource Read Latency | No resources to benchmark. | 0ms |
| T08-001-01 | PASS | Baseline Latency: fetch |
Tool 'fetch': mean=6ms min=5ms max=9ms (5 samples).{
"fetch": {
"mean_ms": 5.69,
"min_ms": 4.58,
"max_ms": 9.32,
"samples": [
9.32,
4.73,
4.58,
4.77,
5.05
]
}
}
|
28ms |
| T08-002 | PASS | Tool Discovery Latency |
list_tools() mean=3ms min=3ms max=3ms.{
"list_tools": {
"mean_ms": 2.87,
"min_ms": 2.65,
"max_ms": 3.31,
"samples": [
3.31,
2.85,
2.65,
2.74,
2.79
]
}
}
|
14ms |
| T08-004 | PASS | Cold Start Detection |
No significant cold-start penalty detected (ratio 1.1×, threshold 10×).Call 1 (cold): 5ms
Calls 2-5 (warm): 5ms, 5ms, 5ms, 5ms
Warm mean: 5ms Ratio: 1.1×
|
24ms |