MCP Fixtures¶
The attack box now ships with both file-based MCP config fixtures and a stdio MCP server fixture.
Files Installed¶
Under ~/lab/mcp-configs/:
claude_desktop_config.jsoncursor_mcp.jsonvscode_settings.jsonremote_mcp_chain.json
Alongside them:
~/lab/stdio-mcp-server.py
What They Cover¶
- embedded secrets in local MCP config files
- remote MCP endpoint analysis against the lab MCP server on
ailab-dev - stdio transport validation without needing a network listener
Example Commands¶
aipostex mcp analyze --config ~/lab/mcp-configs/claude_desktop_config.json
aipostex mcp analyze --config ~/lab/mcp-configs/remote_mcp_chain.json
aipostex mcp --transport stdio --stdio-command python3 --stdio-args ~/lab/stdio-mcp-server.py enum
Expected Highlights¶
claude_desktop_config.jsonexposes a PostgreSQL connection string, GitHub PAT, Slack bot token, and Jira API tokencursor_mcp.jsonexposes a Brave API keyvscode_settings.jsonexposes another PostgreSQL credentialremote_mcp_chain.jsonpoints to the live MCP surface onailab-devstdio-mcp-server.pyexposes deterministic tools forenumvalidation on stdio transport
The stdio server intentionally stays minimal. It is a verification fixture, not a production-like MCP implementation.