mcpinspect
Verified Safeby MatMercer
Overview
A CLI tool to inspect MCP (Model Context Protocol) servers configured for Claude Code.
Installation
mcpinspectSecurity Notes
The `stdio` server type executes arbitrary commands and arguments directly from the `.claude.json` configuration file via `exec.CommandContext`. If the config file is compromised or contains malicious entries (e.g., a `stdio` server with `command: "rm", args: ["-rf", "/"]`), running `mcpinspect <server-name>` for such a server could lead to arbitrary code execution. The tool correctly uses the macOS keychain for OAuth tokens instead of hardcoding, which is a good security practice. However, the direct execution of user-defined commands for `stdio` servers presents a significant risk if the user's configuration file is not implicitly trusted.
Similar Servers
aderyn
A Rust-based Solidity static analyzer that identifies vulnerabilities in smart contracts and provides developer tooling such as LSP and an MCP server for integration with other development environments and AI agents.
enrichmcp
Exposes structured data models as a semantic, discoverable API for AI agents.
graphlit-mcp-server
The Model Context Protocol (MCP) Server integrates with the Graphlit platform to ingest diverse data sources, build a searchable knowledge base, and enable LLM-powered search, retrieval, RAG, and generative capabilities for MCP clients.
chapplin
A framework for building type-safe ChatGPT Apps using the OpenAI Apps SDK with JSX-based UI rendering, streamlining the development and build process for Model Context Protocol (MCP) servers.