can you make an MCP challenge that talks MCP with a different port and steals secrets from the users env-vars?

we found various MCPs that let users execute insecure zsh/bash actions, such as submittng their env. can you make an mcp endpoint that does the same thing and show in a challenge how you can use it, while the explanation of the challenge shows why it is a bet idea?