MCP Shark Forensics

v1.0.0Developer Toolsstable

Wireshark-like forensic analysis for Model Context Protocol communications Capture, inspect, and investigate all HTTP requests and responses between your IDE and MCP servers

aauthai-agentai-agent-toolsai-agentsai-tools
Share:
167
Stars
0
Downloads
0
Weekly
0/5

What is MCP Shark Forensics?

MCP Shark Forensics is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to wireshark-like forensic analysis for model context protocol communications capture, inspect, and investigate all http requests and responses between your ide and mcp servers

Wireshark-like forensic analysis for Model Context Protocol communications Capture, inspect, and investigate all HTTP requests and responses between your IDE and MCP servers

This server falls under the Developer Tools category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Wireshark-like forensic analysis for Model Context Protocol

Use Cases

Inspect HTTP requests/responses
Wireshark-like MCP analysis
Debug agent communication
mcp-shark

Maintainer

LicenseNOASSERTION
Languagejavascript
Versionv1.0.0
UpdatedMay 13, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-shark

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Shark Forensics

MCP Shark is a security scanner and forensic analysis tool for Model Context Protocol environments, functioning like a Wireshark for AI agent communications. It applies 41 built-in security rules covering the OWASP MCP Top 10, detects toxic cross-server attack flows, and provides a live browser dashboard for capturing and inspecting JSON-RPC traffic between your IDE and MCP servers. Security engineers and developers use it to audit AI toolchains for prompt injection risks, capability misuse, and supply-chain vulnerabilities before deploying agents in production.

Prerequisites

  • Node.js 20.0.0 or higher installed
  • An MCP-enabled IDE such as Claude Desktop, Cursor, VS Code, or Windsurf
  • npx available in your PATH
  • An MCP client to run the security scanner against
1

Run a one-shot security scan

Execute MCP Shark immediately via npx without installing. It auto-detects IDE config files across 15 known locations including Claude Desktop, Cursor, VS Code, and Windsurf.

npx @mcp-shark/mcp-shark scan
2

Launch the live traffic dashboard

Start the browser-based dashboard that captures and visualizes live JSON-RPC traffic between your IDE and MCP servers in real time.

npx @mcp-shark/mcp-shark serve --open
3

Auto-fix detected issues interactively

Run a scan with the --fix flag to be prompted for automatic remediation of issues that MCP Shark can resolve without manual editing.

npx @mcp-shark/mcp-shark scan --fix
4

Generate a CI/CD report in SARIF format

Run in CI mode to produce a SARIF-format report suitable for GitHub Code Scanning, Azure DevOps, or any SARIF-compatible pipeline tool.

npx @mcp-shark/mcp-shark scan --ci --format sarif
# Or generate an HTML report:
npx @mcp-shark/mcp-shark scan --format html --output report.html
5

Create a lock file for tool pinning

Generate a .mcp-shark.lock file that pins the current tool set. Subsequent scans will alert you if new tools are added unexpectedly, protecting against supply-chain attacks.

npx @mcp-shark/mcp-shark lock
6

Keep rules up to date

Fetch the latest rule packs from the MCP Shark registry to stay current with newly discovered MCP security vulnerabilities.

npx @mcp-shark/mcp-shark update-rules

MCP Shark Forensics Examples

Client configuration

MCP Shark runs as a standalone CLI scanner — it does not require registration inside an MCP client config. Run it directly against your existing MCP environment.

{
  "mcpServers": {
    "mcp-shark": {
      "command": "npx",
      "args": ["@mcp-shark/mcp-shark", "serve"]
    }
  }
}

Prompts to try

MCP Shark is a CLI tool. Use these commands directly in your terminal to audit and monitor your MCP setup.

- Run 'npx @mcp-shark/mcp-shark scan' to audit all detected MCP servers with 41 security rules
- Run 'npx @mcp-shark/mcp-shark list' to display all MCP servers detected across your IDE configs
- Run 'npx @mcp-shark/mcp-shark doctor' to check your environment for common setup issues
- Run 'npx @mcp-shark/mcp-shark tui' to launch the interactive terminal interface
- Run 'npx @mcp-shark/mcp-shark watch' to re-scan automatically whenever MCP config files change

Troubleshooting MCP Shark Forensics

Scan reports 'no MCP servers detected' even though you have servers configured

MCP Shark scans 15 built-in IDE config paths. If your config is in a non-standard location, create a project-local ./mcp.json file or add your custom path via the .mcp-shark/ directory configuration.

Dashboard shows no traffic in live capture mode

The live traffic dashboard requires your MCP client to route through MCP Shark's proxy. Ensure you have started the server with 'npx @mcp-shark/mcp-shark serve --open' before launching your IDE session, and check that the proxy port is not blocked by a firewall.

Rule pack updates fail with a network error

Check your internet connection and any corporate proxies. The 'update-rules' command makes HTTPS calls to the MCP Shark registry. You can also add custom rules locally in .mcp-shark/rules/*.yaml without needing network access.

Frequently Asked Questions about MCP Shark Forensics

What is MCP Shark Forensics?

MCP Shark Forensics is a Model Context Protocol (MCP) server that wireshark-like forensic analysis for model context protocol communications capture, inspect, and investigate all http requests and responses between your ide and mcp servers It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Shark Forensics?

Follow the installation instructions on the MCP Shark Forensics GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Shark Forensics?

MCP Shark Forensics works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Shark Forensics free to use?

Yes, MCP Shark Forensics is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.

Browse More Developer Tools MCP Servers

Explore all developer tools servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-shark": { "command": "npx", "args": ["-y", "mcp-shark"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP Shark Forensics?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides