Hi everyone, I’m building an MCP-Server Fuzzer, primarily using the Hypothesis property-based testing library. It’s designed to validate MCP server implementations by generating randomized inputs from the protocol schema.
What It Does
-
Detects mismatches where implementations don’t fully validate against the official MCP schemas.
-
Can cause crashes or unhandled exceptions, highlighting potential edge cases.
-
Helps identify future vulnerabilities like prompt injection or resource misuse.
How You Can Help
-
Run it against your MCP server implementation to uncover any schema validation gaps.
-
I’ve already tested it on Anthropic’s server and found several exceptions caused by basic schema mutations.
-
Check out the code and README here:
https://github.com/Agent-Hellboy/mcp-server-fuzzer?tab=readme-ov-file
Why This Matters
-
I’m implementing the MCP spec in my company, tailored to our infrastructure and needs.
-
This tool is being shaped based on that real-world usage, and community feedback will help improve its utility and coverage.
Please share your feedback, suggest improvements, or open issues if you find any unexpected behavior. Thank you.