$ timeahead.in

github

MCPGoat

Deliberately vulnerable MCP server for security training — 26 challenges across 4 difficulty levels (incl. a secure reference), a victim-agent harness, and one-command Docker deploy. The DVWA / OWASP …

github ↗

☆ Watch this server ⚡ Compare ⚑ Claim listing

50poor

▣ Score BreakdownMCPScore = Σ(raw × weight)

DimensionRawWeighted

Security

35%

100

35.0

Freshness

25%

7.5

Adoption

20%

0.0

Quality

10%

2.0

Trust

10%

5.0

Total

49.5

⚿ Capabilities & Risk Explainer

networkexecevalsecrets

◆ Risk level: high· 32 tools · auth: API key

network + exec + eval + secrets active — can execute code, access credentials, and make external network calls.

Tool name	Description	Destructive?
list_challenges		✓ no
submit_flag		✓ no
scoreboard		✓ no
read_collector		✓ no
mcpgoat_get_level		✓ no

+27 more tools

mcpgoat_set_level		✓ no
mcpgoat_reset		✓ no
add_numbers		✓ no
send_email		✓ no
send_emai1		✓ no
get_weather		✓ no
read_inbox		✓ no
internal_debug_dump		✓ no
network_ping		✓ no
read_project_file		✓ no
fetch_url		✓ no
search_products		✓ no
admin_request_nonce		✓ no
admin_get_all_secrets		✓ no
get_invoice		✓ no
get_server_status		✓ no
format_text⚠		⚠ yes
export_notes		✓ no
ai_summarize		✓ no
call_partner_api		✓ no
render_template		✓ no
compute_report		✓ no
validate_pattern		✓ no
user_lookup		✓ no
parse_invoice_xml		✓ no
load_session		✓ no
install_plugin		✓ no

⚙ Install config

Source-only — no published npm / pypi package detected.
Clone and follow the build instructions in the repo: github.com/SabyasachiDhal/MCPGoat

📈 Score historylast 3 snapshots

6/19/20266/20/2026 · 3 snapshots

⛁ Raw data

weekly downloads0

github stars0

forks0

open issues0

license✗ missing

readme length0 chars

last updated1d ago

owner of this server? claim your listing to get a verified badgeclaim →

🔔 Score drop alerts

get notified by email when this server's score drops 5+ points