Minimal MCP server/client example demonstrating basic calculator operations via SSE and stdio transports.Minimal MCP server/client example demonstrating basic calculator operations via SSE and stdio transports.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"introduction-to-mcp": {
"args": [
"mcp"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A minimal MCP server and client example demonstrating basic calculator operations using both SSE and stdio transports.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
MCP Python SDK: WebSocket server transport does not support Host/Origin validation
### Summary In affected versions, the deprecated WebSocket server transport (`mcp.server.websocket.websocket_server`) accepted the WebSocket handshake without applying any `Host` or `Origin` header validation. The `TransportSecuritySettings` mechanism that the SSE and Streamable HTTP transports use for this purpose was not wired into the WebSocket transport, so there was no SDK-level way to restrict which origins could connect. ### Am I affected? Only if a developer's application server exposes
MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal
### Summary In affected versions, the SSE and Streamable HTTP server transports routed incoming requests to an existing session based only on the session identifier, without verifying that the request was authenticated as the same principal that created the session. Anyone who learned or guessed a session ID could send JSON-RPC messages on that session, regardless of which bearer token the request carried. ### Am I affected? Only if a developer's application server uses an HTTP transport (SSE,
MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks
### Summary In affected versions, the default request handlers installed by the experimental tasks feature (`server.experimental.enable_tasks()`) did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and cancel tasks belonging to other clients. ### Am I affected? Only if the developer's application server calls `server.experimental.enable_tasks()`. If `grep -r enable_tasks` over their codebas
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
### Description The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using `FastMCP` with streamable HTTP or SSE transport, and has not configured `TransportSecuritySettings`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or ac
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in education / developer-tools
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
Manage Supabase projects — databases, auth, storage, and edge functions
MCP Security Weekly
Get CVE alerts and security updates for Introduction To Mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A minimal MCP server and client example demonstrating basic calculator operations using both SSE and stdio transports.
To install all packages from your requirements.txt file using pip, you can use the following command in your terminal:
pip install -r requirements.txt
Make sure you have installed the mcp package. You can do this by running the following command in your terminal:
pip install mcp[cli]
Then, you can run the server.py script using the following command:
mcp dev server.py
You can also run the script using Python directly:
python server.py
Use python server.py for normal execution. Use mcp dev server.py for development with hot-reloading and a better developer experience.
When you run
mcp dev server.py, you are starting the MCP Inspector and its proxy server, not your FastMCP server directly. The MCP Inspector runs its own proxy (default port 6277) and does not use the port (8050) specified in yourserver.py.
To run your FastMCP server on port 8050 as defined in server.py, you should execute:
python server.py
The mcp dev command is for development and debugging with the MCP Inspector, not for running your server directly on the specified port. If you want to use the Inspector, connect your client to the proxy port (6277). If you want your server to listen on 8050, run it with
python server.py.
Launches the server as a subprocess and connects to it using the stdio transport. This is useful for testing and debugging.
python client_stdio.py
Connects to the server using the sse transport. This is useful for real-time updates and notifications.
python client_sse.py