A TypeScript MCP server delivering a vendored 'dangerous skills' corpus and adversarial fixtures over MCP for security-research testing, supporting SEP-2640 skill delivery with archive-safety hardening.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
process.env. You'll be asked to provide them before it can run.ALLOWED_HOSTS— Serve (HTTP — 127.0.0.1:3940/mcp by default; set HOST/PORT/ for remote)HOST— Serve (HTTP — 127.0.0.1:3940/mcp by default; set /PORT/ALLOWED_HOSTS for remote)MCP_DISABLE_DNS_REBINDING_PROTECTION— 1 — relax the localhost host check for a remote deploy behind a proxy (defaults ON / localhost posture; a remote server's real access control is the Space's public/private setting).PORT— Serve (HTTP — 127.0.0.1:3940/mcp by default; set HOST//ALLOWED_HOSTS for remote)SKILLS_ROOT— override the corpus root (defaults to ../third_party/dangerous-skills/skills; the HF image sets /app/skills).[](https://m8ven.ai/mcp/olaservo-dangerous-skills-mcp-nw4xrx)