MCP server for playing a submarine (Battleship-style) game against an AI, with game rules enforced server-side to prevent cheating.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
vite: `server.fs.deny` bypass on Windows alternate paths
Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket
Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler
Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
process.env. You'll be asked to provide them before it can run.INPUT[](https://m8ven.ai/mcp/mfukushim-submarine-attack-mcp-apps-1mk9qj)