MCP Security Inspector
一个用于检测Model Context Protocol (MCP)安全性的Chrome扩展工具。
What is MCP Security Inspector?
MCP Security Inspector is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to 一个用于检测model context protocol (mcp)安全性的chrome扩展工具。
一个用于检测Model Context Protocol (MCP)安全性的Chrome扩展工具。
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- 一个用于检测Model Context Protocol (MCP)安全性的Chrome扩展工具。
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-security-inspectorConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP Security Inspector
MCP Security Inspector is a Chrome extension that provides security auditing and protocol debugging for remote Model Context Protocol servers. It connects to SSE and Streamable HTTP MCP servers, browses their tools, resources, and prompts, and uses AI models (OpenAI GPT, Anthropic Claude, or Google Gemini) to automatically generate security test cases and produce risk reports. It supports dual detection modes — active scanning and passive monitoring — and can import/export standard mcp.json configuration files for use with Cursor, Claude Desktop, and VS Code.
Prerequisites
- Google Chrome browser
- Access to a remote MCP server via SSE or Streamable HTTP (not local stdio processes)
- An API key for at least one LLM provider (OpenAI, Anthropic Claude, or Google Gemini) for AI-enhanced analysis
- The MCP Security Inspector Chrome extension installed from the Chrome Web Store or built from source
Install from the Chrome Web Store
The easiest installation method is to visit the Chrome Web Store and add the extension directly. Search for MCP Security Inspector or use the direct link.
Alternatively, build from source
Clone the repository, install dependencies, and build the extension bundle. Then load it as an unpacked extension in Chrome's developer mode.
git clone https://github.com/purpleroc/mcp-security-inspector.git
cd mcp-security-inspector
npm install
npm run build:extensionLoad the unpacked extension in Chrome
Open chrome://extensions/ in Chrome, enable Developer Mode, click Load Unpacked, and select the dist folder from the build output.
Connect to an MCP server
Open the extension popup, enter the URL of a remote MCP server using SSE or Streamable HTTP transport, and optionally add custom headers for authentication. The extension will list all available tools, resources, and prompts.
Configure an LLM provider for AI analysis
In the extension settings, add your API key for OpenAI, Anthropic Claude, or Google Gemini. This enables the AI-enhanced active scanning mode that automatically generates test cases and produces detailed security risk reports.
Run a security scan
Select a tool, prompt, or resource from the connected MCP server and trigger either active scan (comprehensive AI-driven analysis) or enable passive monitoring to detect threats during live interactions.
MCP Security Inspector Examples
Client configuration
This tool is a Chrome extension, not an MCP server itself. Configure it by importing an existing mcp.json from your Cursor or Claude Desktop setup to audit those servers.
{
"mcpServers": {
"mcp-security-inspector": {
"command": "npx",
"args": ["mcp-security-inspector"],
"env": {}
}
}
}Prompts to try
Security testing scenarios you can run against an MCP server using the extension's active scanning and AI analysis features.
- Connect the extension to an SSE MCP server and run an active security scan on all exposed tools
- Import your Claude Desktop mcp.json and audit the remote servers for prompt injection vulnerabilities
- Enable passive monitoring on an MCP session to detect unauthorized data exposure in real time
- Use AI-enhanced analysis to generate SQL injection test cases for a database query tool
- Review the generated security report to identify high-risk tool parameter validation gapsTroubleshooting MCP Security Inspector
Cannot connect to a local stdio MCP server
The extension only supports remote SSE and Streamable HTTP MCP servers — it cannot connect to local stdio processes. The mcp.json import feature will automatically filter out stdio entries. To audit a local server, wrap it with an SSE proxy first.
AI security analysis returns no results or fails silently
Check that a valid LLM API key is configured in the extension settings for your chosen provider (OpenAI, Claude, or Gemini). Also confirm the MCP server is returning valid tool definitions that the AI can analyze.
Extension fails to build with npm run build:extension
Ensure Node.js 18+ is installed and run npm install before building. The build requires TypeScript and React tooling. If you see missing module errors, delete node_modules and run npm install again.
Frequently Asked Questions about MCP Security Inspector
What is MCP Security Inspector?
MCP Security Inspector is a Model Context Protocol (MCP) server that 一个用于检测model context protocol (mcp)安全性的chrome扩展工具。 It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP Security Inspector?
Follow the installation instructions on the MCP Security Inspector GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP Security Inspector?
MCP Security Inspector works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP Security Inspector free to use?
Yes, MCP Security Inspector is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
MCP Security Inspector Alternatives — Similar Security Servers
Looking for alternatives to MCP Security Inspector? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP Security Inspector in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP Security Inspector?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.