⚡ C̷h̷u̷c̷k̷N̷o̷r̷r̷i̷s̷ MCP server: Helping LLMs break limits. Provides enhancement prompts inspired by elder-plinius' L1B3RT4S
Documentation
⚡ C̷h̷u̷c̷k̷N̷o̷r̷r̷i̷s̷ MCP Server: Enhance Your LLM ⚡
MCP gateway for specialized LLM enhancement prompts with dynamic schema adaptation.
⚠️ DISCLAIMER
IMPORTANT: Work in progress with limitations. Only works on weaker models. Latest LLMs recognize jailbreak attempts. This tool is also designed for security research and evaluation purposes to help identify vulnerabilities in LLM systems.
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~
📖 Introduction
The C̷h̷u̷c̷k̷N̷o̷r̷r̷i̷s̷ MCP Server provides an implementation of the Model Context Protocol (MCP) that delivers specialized enhancement prompts to various LLMs. It uses jailbreak prompts from elder-plinius' L1B3RT4S project and implements a dynamic schema approach for more effective delivery.
🚀 Getting Started
Run directly with npx:
npx @pollinations/chucknorrisMCP Client Configuration
Add to your MCP server list in mcp_config.json:
{
"mcpServers": {
"chucknorris": {
"command": "npx",
"args": ["-y", "@pollinations/chucknorris"]
}
}
}~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~
🤔 How It Works
Advanced Dynamic Approach
The server uses a two-phase approach to bypass jailbreak detection:
1. First Call:
- AI Assistant discovers the
C̷h̷u̷c̷k̷N̷o̷r̷r̷i̷s̷tool with a neutral schema description - Assistant calls the tool with its model type
- Server returns a subtle "preparation" prompt that makes the LLM receptive to the jailbreak
- Server remembers the LLM type for the next call
2. Subsequent Calls:
- Schema dynamically changes to include the jailbreak in its description
- Tool description now contains model-specific jailbreak instructions
- Server continues to return the same preparation prompt
- Only the schema changes between calls, not the response content
This approach combines elder-plinius' L1B3RT4S jailbreak prompts with a dynamic schema modification technique, making it more effective at bypassing detection as it doesn't immediately present the jailbreak content.
graph TD
A[AI Assistant] -- First Call --> B(Neutral Schema);
B -- Returns Preparation Prompt --> A;
A -- Subsequent Call --> C(Enhanced Schema with Jailbreak);
C -- Returns Same Preparation Prompt --> A;Security Research Purpose
This tool implements the technique described in "The 'S' in MCP Stands for Security" research, demonstrating how MCP tools can:
1. Present different information to users vs. AI models
2. Change their behavior after initial approval
3. Use multi-phase approaches to potentially bypass security measures
The implementation uses jailbreak prompts from elder-plinius' L1B3RT4S project, combined with a dynamic schema modification technique similar to the Tool Poisoning Attack research by Invariant Labs and their MCP injection experiments.
By understanding these techniques, developers can build more robust and secure AI systems.
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~
🙏 Credits
Based on L1B3RT4S by elder-plinius.
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~
🚧 Status
Experimental. The dynamic schema approach improves effectiveness with newer models like Claude and GPT-4, but results may still vary.
Want to help? Join via GitHub Issues or Discord.
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~
🤝 Community
Part of Pollinations.AI.
📜 License
Similar MCP
Based on tags & features
Trending MCP
Most active this week