inspector-assessment
by triepod-ai
Overview
Provides a comprehensive automated assessment platform for Model Context Protocol (MCP) servers, analyzing their security, functionality, protocol compliance, documentation, and various extended metrics. It acts as an inspector and auditing tool for MCP server developers and maintainers.
Installation
npm run devEnvironment Variables
- HOST
- PORT
- CLIENT_PORT
- ALLOWED_ORIGINS
- DANGEROUSLY_OMIT_AUTH
- MCP_PROXY_AUTH_TOKEN
- LOG_LEVEL
- INSPECTOR_MCP_AUDITOR_URL
- CLAUDE_CODE_HTTP_API_KEY
- CLAUDE_CODE_TRANSPORT
Security Notes
The server component (proxy) is designed to execute arbitrary commands (`spawn-rx`) and make network requests to target MCP servers as part of its core security assessment functionality. This implies a high level of privilege is required to run this tool. Authentication for the proxy uses a session token with `timingSafeEqual` for robustness. Filename sanitization is applied to assessment output files to prevent simple path traversal. The client-side code defines numerous advanced attack patterns, but these are for testing *other* MCP servers, not vulnerabilities within this project itself. The tool performs checks for hardcoded secrets and insecure configurations in *assessed* MCP servers. Running this tool requires trusting its capabilities to interact with your system and network.
Similar Servers
mcp-interviewer
A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
mcp-jest
A testing framework for Model Context Protocol (MCP) servers, allowing automated validation of AI agent tools, resources, and prompts.