Skip to content

Adding mcp registry ASI04 challenge#48

Open
syedDS wants to merge 4 commits intoOWASP-ASI:mainfrom
syedDS:sau-asi04
Open

Adding mcp registry ASI04 challenge#48
syedDS wants to merge 4 commits intoOWASP-ASI:mainfrom
syedDS:sau-asi04

Conversation

@syedDS
Copy link

@syedDS syedDS commented Feb 6, 2026

Fulfillment of #33

@syedDS
Copy link
Author

syedDS commented Feb 6, 2026

ASI04: Insecure MCP (SSE) Registry Switch Challenge

Adds a new CTF challenge for detecting MCP registry manipulation and lack of provenance verification.

Files added:

finbot/ctf/definitions/challenges/mcp_security/insecure_registry_switch.yaml - Challenge definition (advanced, 300pts, OWASP LLM05/LLM07)
finbot/ctf/detectors/implementations/mcp_registry_switch.py - Detector with real-time (check_event) and on-demand (check_aggregate) detection by scanning vendor records and events for injected MCP config patterns
Files modified:

finbot/ctf/detectors/registry.py - Register new detector
.gitignore - Exclude challenge solution files

@saikishu
Copy link
Collaborator

saikishu commented Feb 6, 2026

This will be a great addition. I will be holding off on merging till we get our first MCP integrated into core codebase. After which we can test the attack path and assumptions.

@saikishu saikishu self-requested a review February 6, 2026 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saikishu saikishu Awaiting requested review from saikishu

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@syedDS @saikishu