inspector
by mohamedsalahnassar
Overview
The MCP Inspector serves as a client UI for interacting with and debugging Model Context Protocol (MCP) servers, allowing users to visualize resources, prompts, tools, and monitor API traffic, notifications, and manage OAuth authentication flows.
Installation
npm startEnvironment Variables
- HOST
- CLIENT_PORT
- SERVER_PORT
- DANGEROUSLY_OMIT_AUTH
- ALLOWED_ORIGINS
Security Notes
The server component (Inspector Proxy) allows arbitrary command execution via the 'stdio' transport type if query parameters `command` and `args` are controlled by an untrusted client. The `shell-quote` library is used to parse arguments, which is generally robust, but executing user-controlled strings via `spawn` without strict whitelisting of commands or rigorous sanitization represents a critical remote code execution vulnerability if the proxy is exposed to untrusted networks or users. Session token authentication for the proxy improves security, but the underlying `stdio` transport design carries inherent risk.
Similar Servers
inspector
A web-based client and proxy server for inspecting and interacting with Model Context Protocol (MCP) servers, allowing users to browse resources, prompts, and tools, perform requests, and debug OAuth authentication flows.
octocode
An intelligent code indexer and semantic search engine that builds knowledge graphs of codebases, providing AI-powered assistance for development tasks like natural language search, smart commits, and code reviews, with local-first and multi-language support.
cov-loupe
Provides an MCP server, CLI, and Ruby library for analyzing SimpleCov test coverage data, primarily to enable AI assistants to query and report on codebase coverage.
acp-inspector
A visual testing and debugging tool for Agent Client Protocol (ACP) servers and agents.