Table of Contents

  1. Welcome to SAFE-MCP!
  2. What You’ll Contribute
  3. Prerequisites
  4. Step-by-Step Contribution Guide
  5. Pro Tips for Great Contributions
  6. Common Pitfalls to Avoid
  7. Additional Resources
  8. You’re Ready to Contribute!

Welcome to SAFE-MCP!

SAFE-MCP is a comprehensive security framework for documenting threats in the Model Context Protocol (MCP) ecosystem. We adapt the proven MITRE ATT&CK methodology specifically for MCP environments, helping developers, security teams, and organizations understand and mitigate security risks in AI-powered applications.

Why contribute? By documenting attack tactics and mitigation techniques, you’re directly improving the security of AI systems worldwide. Plus, you’ll build your GitHub presence, learn about cybersecurity, and join a vibrant community of 5,000+ members.

What You’ll Contribute

SAFE-MCP documents security concerns across 14 tactical categories aligned with MITRE ATT&CK:

TacticDescription
ReconnaissanceThe adversary is trying to gather information they can use to plan future operations
Resource DevelopmentThe adversary is trying to establish resources they can use to support operations
Initial AccessHow attackers get into MCP environments
ExecutionRunning malicious code via MCP
PersistenceMaintaining foothold in systems
Privilege EscalationGaining higher-level permissions
Defense EvasionAvoiding detection mechanisms
Credential AccessStealing passwords and tokens
DiscoveryFiguring out the MCP environment
Lateral MovementMoving through environments
CollectionGathering data of interest
Command and ControlCommunicating with compromised systems
ExfiltrationStealing data from systems
ImpactManipulating or destroying systems

Note: Some tactics like Reconnaissance and Resource Development currently have no MCP-specific techniques documented—these are great opportunities for new contributors!

You’ll document specific attack techniques within these tactics, describing how they work, their potential impact, and most importantly, how to defend against them.

Prerequisites

Before you begin, make sure you have:

  • GitHub account - Create one at github.com if you don’t have one
  • Git installed - Download from git-scm.com
  • Text editor - VS Code, Sublime Text, or any editor you prefer
  • Curiosity about security - No prior experience required!

Step-by-Step Contribution Guide

Follow these steps to make your first contribution. Don’t worry—we’ll guide you through each one!

Step 1: Fork the Repository

Forking creates your own copy of the project where you can make changes safely.

  1. Visit github.com/SAFE-MCP/safe-mcp
  2. Click the “Fork” button in the top-right corner
  3. Wait for GitHub to create your fork (it takes a few seconds)

Step 2: Clone Your Fork

Cloning downloads the repository to your computer so you can work on it locally.

  1. On your fork’s page, click the green “Code” button
  2. Copy the HTTPS URL (it should look like: https://github.com/YOUR-USERNAME/safe-mcp.git)
  3. Open your terminal or command prompt
  4. Run this command (replace YOUR-USERNAME with your GitHub username):
git clone https://github.com/YOUR-USERNAME/safe-mcp.git
cd safe-mcp

Step 3: Explore the README

The README.md file contains the complete list of tactics and existing techniques. This is your roadmap.

  1. Open README.md in your text editor
  2. Look at the TTP (Tactics, Techniques, and Procedures) reference table
  3. Identify tactics with few techniques or areas you’re interested in exploring

Step 4: Choose Your Attack Vector

Now comes the creative part—selecting what security threat to document. Here are some strategies:

Strategy 1: Fill the Gaps

Look for tactics with zero or few techniques. Reconnaissance and Resource Development are currently empty—huge opportunities!

Strategy 2: Build on Existing Work

Read existing technique documentation and think about related attack vectors. If there’s a technique about “Package Backdooring,” consider “Package Typosquatting” or “Dependency Confusion Attacks.”

Strategy 3: Real-World Inspiration

Think about recent security incidents you’ve heard about. How could similar attacks target MCP systems?

Example Attack Vectors to Consider:

  • Reconnaissance: MCP server enumeration, version detection, tool discovery
  • Initial Access: Malicious MCP client connections, tool hijacking
  • Execution: Prompt injection attacks, unsafe tool parameter handling
  • Persistence: Modified configuration files, backdoored tool definitions
  • Exfiltration: Data leakage through tool responses, log file exposure

Step 5: Research Your Topic Using LLMs

Large Language Models like ChatGPT, Claude, or Gemini are powerful research assistants. Here’s how to use them effectively:

Crafting Effective Prompts

The quality of your research depends on asking the right questions. Use these prompt templates:

Prompt Template 1: Initial Exploration

"I'm researching [ATTACK TYPE] in the context of Model Context Protocol (MCP) security. Can you explain:
1. What is [ATTACK TYPE] in general cybersecurity?
2. How could this attack be adapted to target MCP implementations?
3. What are the technical requirements for this attack?
4. What would be the potential impact on an MCP system?"

Example: "I'm researching prompt injection in the context of Model Context Protocol (MCP) security..."

Prompt Template 2: Technical Deep Dive

"For [ATTACK TECHNIQUE] targeting MCP systems:
1. Describe the step-by-step attack flow
2. What are the prerequisite conditions?
3. What system components are involved?
4. Provide a hypothetical example scenario
5. What would logs or traces of this attack look like?"

Prompt Template 3: Finding Mitigation Strategies

"What are the best practices to defend against [ATTACK TYPE] in MCP implementations?
Consider:
1. Preventive controls (stopping the attack before it happens)
2. Detective controls (identifying when an attack is occurring)
3. Response measures (what to do if an attack is detected)
4. Configuration hardening recommendations"

Prompt Template 4: Real-World Context

"Have there been any documented security incidents similar to [ATTACK TYPE] in:
1. API security
2. AI/ML systems
3. Middleware or protocol implementations
4. Related technologies (GraphQL, gRPC, REST APIs)

Provide specific examples with sources if available."

Critical: Evaluating Sources

LLMs can hallucinate or provide outdated information. ALWAYS verify their outputs. Here’s how to validate what you learn:

✓ Credible Sources to Look For:

  • MITRE ATT&CK Framework (attack.mitre.org) - The gold standard for attack documentation
  • OWASP (owasp.org) - Web application security best practices
  • NIST Guidelines (nist.gov) - Government security standards
  • CVE Database (cve.mitre.org) - Known vulnerabilities
  • Security Researchers’ Blogs - Posts from known experts in the field
  • Academic Papers - Peer-reviewed security research
  • Official Security Advisories - From software vendors and security teams

✗ Be Cautious With:

  • Random forums or Reddit posts without citations
  • Marketing materials that may exaggerate threats
  • Outdated content (check publication dates)
  • Claims without technical details or evidence

The Validation Process

For each claim or technique the LLM provides, follow this verification process:

  1. Ask for sources: “Can you provide sources or references for this information?”
  2. Cross-reference: Search for the same information in at least 2-3 credible sources
  3. Check dates: Ensure information is current (MCP is relatively new, so recent sources are better)
  4. Verify technical details: Can you find documentation or code examples that confirm the technical claims?
  5. Test feasibility: Does the attack make sense given how MCP actually works?

Example Research Workflow

Let’s walk through researching “MCP Server Enumeration” as an example:

Step 1: Initial LLM Prompt

"I'm documenting a reconnaissance technique called 'MCP Server Enumeration' for the SAFE-MCP framework. This involves an attacker discovering available MCP servers, their capabilities, and versions. Can you explain:
1. How service enumeration works in general networking security
2. What information an MCP server exposes about itself
3. How an attacker could enumerate MCP servers
4. What risks this poses"

Step 2: Analyze LLM Response

The LLM might explain that MCP servers expose capabilities through their tool lists. Note key points:

  • Protocol handshake reveals server version
  • Tool listing exposes available functionality
  • Error messages may leak implementation details

Step 3: Verify with Official Sources

Check the MCP specification at modelcontextprotocol.io:

  • Confirm how server initialization works
  • Verify what information is exposed in the protocol
  • Check if there are authentication mechanisms

Step 4: Look for Real Examples

Search GitHub for MCP server implementations:

  • How do servers announce their capabilities?
  • What metadata is returned during connection?
  • Are there any privacy or security considerations mentioned?

Step 5: Document Your Findings

Now you have verified information to write your technique documentation!

Step 6: Create Your Technique Documentation

Each technique needs its own folder and README.md file. Follow this structure:

  1. Create a new branch for your work:
git checkout -b add-technique-name

  1. Find the next available technique ID in your chosen tactic (look at the README table)

  2. Create a new folder in the techniques directory:

mkdir -p techniques/SAFE-T1XXX
cd techniques/SAFE-T1XXX
  1. Create a README.md file with this template:
# SAFE-TXXXX: [Technique Name]

## Tactic

[Tactic Name] (ATK-TAXXX)

## Description

A clear, concise description of the attack technique.
Explain what the attack does and why it matters.

## How It Works

1. Step-by-step breakdown
2. Technical details
3. Prerequisites
4. Expected outcome

## Examples

Provide a realistic scenario:
"An attacker could..."

## Impact

- Confidentiality: [High/Medium/Low]
- Integrity: [High/Medium/Low]
- Availability: [High/Medium/Low]

Explain the potential consequences.

## Detection

How defenders can identify this attack:

- Log patterns to watch for
- Behavioral indicators
- Monitoring strategies

## Mitigation

How to prevent or minimize this attack:

1. Configuration hardening
2. Access controls
3. Input validation
4. Monitoring requirements

## References

- Link to MITRE ATT&CK technique (if applicable)
- Link to security advisories
- Link to technical documentation
- Link to research papers

## MITRE ATT&CK Mapping

ATT&CK Technique: [TXXXX - Technique Name]
ATT&CK Tactic: [Tactic Name]

Step 7: Update the Main README

Add your technique to the TTP reference table in the main README.md file:

  1. Open README.md in your text editor
  2. Find the table row for your tactic
  3. Add a link to your technique in the appropriate cell
  4. Update the statistics at the bottom (total techniques count)

Example table entry:

| ATK-TA0043 | Reconnaissance | [SAFE-T1301](/techniques/SAFE-T1301/README.md) | MCP Server Enumeration | Discover available MCP servers and their capabilities |

Step 8: Commit Your Changes

Save your work to Git:

git add techniques/SAFE-T1XXX/
git add README.md
git commit -m "Add SAFE-T1XXX: [Technique Name]"
git push origin add-technique-name

Step 9: Create a Pull Request

Time to submit your contribution!

  1. Go to your fork on GitHub (github.com/YOUR-USERNAME/safe-mcp)
  2. Click the “Compare & pull request” button that appears
  3. Write a clear title: “Add SAFE-T1XXX: [Technique Name]”
  4. In the description, explain:
    • What attack technique you documented
    • Why it’s relevant to MCP security
    • What research you conducted
    • Any questions or areas where you’d like feedback
  5. Click “Create pull request”

Step 10: Engage in Review

Community members will review your PR. This is a learning opportunity!

  • Respond to feedback promptly and professionally
  • Ask questions if you don’t understand a suggestion
  • Make requested changes by pushing new commits to your branch
  • Learn from the discussion - reviews help you grow!

Pro Tips for Great Contributions

Writing Quality Documentation

  • Be specific: Avoid vague terms like “could be exploited.” Explain exactly how.
  • Use examples: Concrete scenarios help readers understand the attack
  • Balance detail: Provide enough information to be useful, but stay focused
  • Think defensively: Emphasize mitigations as much as attack vectors
  • Cite sources: Always link to your references

Choosing Impactful Techniques

  • Focus on realistic threats: Document attacks that could actually happen
  • Consider the defender’s perspective: What would be most useful to know?
  • Look at trends: Research current MCP security discussions
  • Don’t duplicate: Check if someone already covered similar ground

Peer Review Best Practices

Reviewing others’ PRs is equally valuable! When reviewing:

  • Be constructive: Suggest improvements, don’t just criticize
  • Test accuracy: Verify claims against sources
  • Check completeness: Does it follow the template?
  • Look for clarity: Would a beginner understand this?
  • Acknowledge effort: Thank the contributor for their work

Common Pitfalls to Avoid

  • Relying solely on LLM output: Always verify with real sources
  • Overly theoretical attacks: Focus on practical, exploitable vectors
  • Ignoring mitigations: The defensive guidance is just as important
  • Poor formatting: Follow the template structure
  • Missing MITRE mapping: Link to ATT&CK when applicable
  • Duplicate technique IDs: Always check for the next available ID

Additional Resources

Official Documentation

Security Research

Community

  • AI Agents Community (5,000+ members) - Join our weekly hackathons
  • Linux Foundation Bi-Weekly Meeting - Every Monday at 1 PM
  • GitHub Discussions - Ask questions, share insights

You’re Ready to Contribute!

You now have everything you need to make meaningful contributions to SAFE-MCP. Remember:

  • Start small - even documenting one technique is valuable
  • Ask questions - the community is here to help
  • Verify everything - quality over quantity
  • Engage with others - review PRs, share knowledge
  • Have fun - you’re making the internet safer!

Join us at our weekly hackathons and let’s build something great together!

━━━━━━━━━━━━━━━━━━━━━━━━━

Questions? Reach out to the SAFE-MCP community!

github.com/SAFE-MCP/safe-mcp