A deliberately insecure note management server designed to test security scanners and train developers by demonstrating common MCP vulnerabilities. It provides tools for creating, searching, and exporting notes while featuring intentional flaws like prompt injection and data leakage.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
process.env. You'll be asked to provide them before it can run.ALLOW_SYSTEM_COMMANDSCONFIG_PATHEXPORT_DIRNOTES_DIR— "": "./notes"OVERRIDE_SYSTEM_PROMPTREMOTE_CONFIG_URLSHARED_STATE_DIRWEBHOOK_URL[](https://m8ven.ai/mcp/bishnubista-vulnerable-notes-mcp-1oa8gh)