MCP Security Inspector

v1.0.0Securitystable

一个用于检测Model Context Protocol (MCP)安全性的Chrome扩展工具。

mcpmcp-inspectormcp-security
Share:
37
Stars
0
Downloads
0
Weekly
0/5

What is MCP Security Inspector?

MCP Security Inspector is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to 一个用于检测model context protocol (mcp)安全性的chrome扩展工具。

一个用于检测Model Context Protocol (MCP)安全性的Chrome扩展工具。

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • 一个用于检测Model Context Protocol (MCP)安全性的Chrome扩展工具。

Use Cases

Detect MCP security vulnerabilities using a Chrome extension tool for security analysis and inspection.
purpleroc

Maintainer

LicenseMIT
Languagetypescript
Versionv1.0.0
UpdatedApr 19, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-security-inspector

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Security Inspector

MCP Security Inspector is a Chrome extension that provides security auditing and protocol debugging for remote Model Context Protocol servers. It connects to SSE and Streamable HTTP MCP servers, browses their tools, resources, and prompts, and uses AI models (OpenAI GPT, Anthropic Claude, or Google Gemini) to automatically generate security test cases and produce risk reports. It supports dual detection modes — active scanning and passive monitoring — and can import/export standard mcp.json configuration files for use with Cursor, Claude Desktop, and VS Code.

Prerequisites

  • Google Chrome browser
  • Access to a remote MCP server via SSE or Streamable HTTP (not local stdio processes)
  • An API key for at least one LLM provider (OpenAI, Anthropic Claude, or Google Gemini) for AI-enhanced analysis
  • The MCP Security Inspector Chrome extension installed from the Chrome Web Store or built from source
1

Install from the Chrome Web Store

The easiest installation method is to visit the Chrome Web Store and add the extension directly. Search for MCP Security Inspector or use the direct link.

2

Alternatively, build from source

Clone the repository, install dependencies, and build the extension bundle. Then load it as an unpacked extension in Chrome's developer mode.

git clone https://github.com/purpleroc/mcp-security-inspector.git
cd mcp-security-inspector
npm install
npm run build:extension
3

Load the unpacked extension in Chrome

Open chrome://extensions/ in Chrome, enable Developer Mode, click Load Unpacked, and select the dist folder from the build output.

4

Connect to an MCP server

Open the extension popup, enter the URL of a remote MCP server using SSE or Streamable HTTP transport, and optionally add custom headers for authentication. The extension will list all available tools, resources, and prompts.

5

Configure an LLM provider for AI analysis

In the extension settings, add your API key for OpenAI, Anthropic Claude, or Google Gemini. This enables the AI-enhanced active scanning mode that automatically generates test cases and produces detailed security risk reports.

6

Run a security scan

Select a tool, prompt, or resource from the connected MCP server and trigger either active scan (comprehensive AI-driven analysis) or enable passive monitoring to detect threats during live interactions.

MCP Security Inspector Examples

Client configuration

This tool is a Chrome extension, not an MCP server itself. Configure it by importing an existing mcp.json from your Cursor or Claude Desktop setup to audit those servers.

{
  "mcpServers": {
    "mcp-security-inspector": {
      "command": "npx",
      "args": ["mcp-security-inspector"],
      "env": {}
    }
  }
}

Prompts to try

Security testing scenarios you can run against an MCP server using the extension's active scanning and AI analysis features.

- Connect the extension to an SSE MCP server and run an active security scan on all exposed tools
- Import your Claude Desktop mcp.json and audit the remote servers for prompt injection vulnerabilities
- Enable passive monitoring on an MCP session to detect unauthorized data exposure in real time
- Use AI-enhanced analysis to generate SQL injection test cases for a database query tool
- Review the generated security report to identify high-risk tool parameter validation gaps

Troubleshooting MCP Security Inspector

Cannot connect to a local stdio MCP server

The extension only supports remote SSE and Streamable HTTP MCP servers — it cannot connect to local stdio processes. The mcp.json import feature will automatically filter out stdio entries. To audit a local server, wrap it with an SSE proxy first.

AI security analysis returns no results or fails silently

Check that a valid LLM API key is configured in the extension settings for your chosen provider (OpenAI, Claude, or Gemini). Also confirm the MCP server is returning valid tool definitions that the AI can analyze.

Extension fails to build with npm run build:extension

Ensure Node.js 18+ is installed and run npm install before building. The build requires TypeScript and React tooling. If you see missing module errors, delete node_modules and run npm install again.

Frequently Asked Questions about MCP Security Inspector

What is MCP Security Inspector?

MCP Security Inspector is a Model Context Protocol (MCP) server that 一个用于检测model context protocol (mcp)安全性的chrome扩展工具。 It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Security Inspector?

Follow the installation instructions on the MCP Security Inspector GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Security Inspector?

MCP Security Inspector works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Security Inspector free to use?

Yes, MCP Security Inspector is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

MCP Security Inspector Alternatives — Similar Security Servers

Looking for alternatives to MCP Security Inspector? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-security-inspector": { "command": "npx", "args": ["-y", "mcp-security-inspector"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP Security Inspector?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides