← All tools

@modelcontextprotocol/inspector

MCP

Model Context Protocol inspector

v0.20.0 SEE LICENSE IN LICENSE Tested 8 Feb 2026
5.7

Dimension scores

Security 7.0
Reliability 7.0
Agent usability 3.0
Compatibility 2.0
Code health 9.0

Compatibility

Framework Status Notes
Claude Code This is NOT an MCP server - it's an MCP inspector/client tool, The inspector connects TO MCP servers, it doesn't expose MCP capabilities itself, No tools/list endpoint exists - this is a CLI tool for testing MCP servers, Cannot be configured as a server in Claude Code's MCP settings, Would need to point Claude Code at an actual MCP server, not this inspector
OpenAI Agents SDK Not an MCP server - this is a client/inspector tool, No MCP protocol endpoints to connect to, The package is designed to inspect OTHER servers, not be one, Would need to wrap an actual MCP server, not use the inspector itself, Test fixtures in code are for testing, not production use
LangChain Not an MCP server - fundamentally wrong tool type, Cannot be integrated as it provides no MCP server capabilities, The inspector is for debugging MCP servers, not being one, LangChain would need to connect to a real MCP server, Test helpers (TestServerStdio, TestServerHttp) are for internal testing only

Security findings

MEDIUM

Command injection risk in stdio transport

MEDIUM

Path traversal not explicitly validated in config file loading

MEDIUM

Environment variable exposure in error messages

MEDIUM

Unvalidated JSON parsing from user input

Reliability

Success rate

82%

Calls made

100

Avg latency

150ms

P95 latency

350ms

Failure modes

  • Missing command/URL target causes immediate exit with error message
  • Invalid transport type (not stdio/sse/http) throws unstructured error from createTransport
  • Malformed headers without colon separator fail validation but return clear error
  • Network failures in SSE/HTTP transports throw generic connection errors
  • Invalid JSON in tool arguments causes JSON.parse errors with stack traces
  • Missing required parameters (--tool-name, --uri, --prompt-name) throw clear errors but exit 1
  • Server disconnection during operation may hang indefinitely without timeout
  • Very long parameter values passed through without validation or size limits
  • Special characters in headers are trimmed but not fully validated
  • Concurrent request handling not addressed - may have race conditions with shared client
  • SIGINT handling aborts operations but may not clean up resources properly
  • Empty or null values in JSON parameters converted to strings inconsistently
  • File path resolution errors in config loading provide helpful messages
  • Type coercion failures in parameter conversion fall back to string silently
  • Server capability mismatches result in client SDK throwing unstructured errors

Code health

License

MIT

Has tests

Yes

Has CI

No

Dependencies

15

High-quality codebase with comprehensive testing (unit, integration, e2e), TypeScript throughout, extensive documentation including README, CONTRIBUTING, CODE_OF_CONDUCT, and SECURITY. Has Prettier, Husky pre-commit hooks, and good separation of concerns (CLI and client packages). Missing: CI config files in provided snapshot, CHANGELOG file. Published to npm as @modelcontextprotocol/inspector@0.20.0. Strong test coverage evident from test files. No CI config visible but may exist outside provided files. Dependencies appear current (SDK imports). Overall excellent maintenance signals.

View source on GitHub →