claude-inspector

Name: claude-inspector
Author: kangraemin

Warning

Claude Code Prompt Mechanism Visualizer — Electron desktop app

119stars

17forks

HTML

Installation

# Add to your Claude Code skills
git clone https://github.com/kangraemin/claude-inspector

Getting Started

Guides for using mcp servers skills like claude-inspector.

Best MCP Servers in 2026
Category-by-category picks: databases, dev tools, productivity, browser automation.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills
First-time install walkthrough for Claude Code, Codex CLI, and ChatGPT.

Security ReportWarning

Last scanned: 5/30/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@electron/rebuild: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "app-builder-lib: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "cacache: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "dmg-builder: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "electron: Electron has ASAR Integrity Bypass via resource modification",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "electron-builder: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "electron-builder-squirrel-windows: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "make-fetch-happen: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "node-gyp: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tmp: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
      "severity": "high"
    }
  ],
  "status": "WARNING",
  "scannedAt": "2026-05-30T16:28:36.737Z",
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is claude-inspector?

claude-inspector is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by kangraemin. Claude Code Prompt Mechanism Visualizer — Electron desktop app. It has 119 GitHub stars.

Is claude-inspector safe to use?

claude-inspector returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.

How do I install claude-inspector?

Clone the repository with "git clone https://github.com/kangraemin/claude-inspector" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is claude-inspector written in?

claude-inspector is primarily written in HTML. It is open-source under kangraemin on GitHub, so you can review or fork the full source.

Are there alternatives to claude-inspector?

Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh claude-inspector against similar tools.

MCP for Beginners

Build MCP servers that give AI assistants real capabilities

36 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

219,557

Popular in MCP Servers

Top skills in this category by stars

Scrapling

by D4Vinci

🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!

65,485

gopher-mcp mcp-hosted

Claude Inspector

See what Claude Code actually sends to the API.

A local MITM proxy that intercepts Claude Code CLI traffic in real-time,
lets you inspect every JSON payload, and analyzes session flows with AI.

Install · Usage · AI Analysis · What You'll Learn

English | 한국어

Install

Homebrew (Recommended)

brew install --cask kangraemin/tap/claude-inspector && sleep 2 && open -a "Claude Inspector"

Direct Download

Download the .dmg from the Releases page.

Mac (Apple Silicon)	Mac (Intel)
Claude-Inspector-arm64.dmg	Claude-Inspector-x64.dmg

Upgrade / Uninstall

# Upgrade
brew update && brew upgrade --cask claude-inspector && sleep 2 && open -a "Claude Inspector"

# Uninstall
brew uninstall --cask claude-inspector

Proxy Mode

Intercept real Claude Code CLI traffic via a local MITM proxy.

Claude Code CLI  →  Inspector (localhost:9090)  →  api.anthropic.com

1. Click Start Proxy in the app
2. Run Claude Code through the proxy:

ANTHROPIC_BASE_URL=http://localhost:9090 claude

3. Every API request/response is captured in real-time.

4 Tabs

Tab	What it shows
AI Analysis	AI-powered session analysis — flow summary, Mermaid diagram, inline chat
Request	Full JSON request body, collapsible tree, token/cost breakdown
Response	Full JSON response with tool_use results
Anatomy	Detected mechanisms (CLAUDE.md, Skills, MCP, Sub-agents) as colored chips

AI Analysis

Select captured requests and let Claude (Sonnet) analyze the full session flow.

What It Produces

Step-by-step session summary — what happened, in what order, with mechanism explanations
MCP dynamic loading chain — how ToolSearch fetches schemas, how deferred tools become callable
Skill loading flow — how slash commands trigger <command-message> → Skill tool_use
Sub-agent patterns — which requests are main vs sub-agent, and how they relate
Mermaid flowchart — visual diagram of the internal mechanism flow
Clickable references — each step links to the actual Request, scrolling to the relevant tool_use

How to Use

Capture some requests via the proxy
Click the AI Analysis tab
Select requests to analyze (click to toggle, Shift+click for range)
Click Analyze Session Flow
Watch real-time streaming as Claude processes the session
Click any Request #N badge to jump to that request's tool_use in the JSON tree

Inline Chat

After analysis, ask Claude follow-up questions about the session. The chat understands the full analysis context.

Session Detection

Requests are automatically grouped by session using message content fingerprinting. Different sessions (main conversation, sub-agents, stop hooks) get different colored borders in the sidebar.

What You'll Learn

All discovered from real captured traffic. See what Claude Code hides from you.

1. CLAUDE.md is injected into every single request

You type hello. Claude Code silently prepends ~12KB before your message:

Block	What's inside	Size
`content[0]`	Available skills list	~2KB
`content[1]`	CLAUDE.md + rules + memory	~10KB
`content[2]`	What you actually typed	few bytes

Injection order: Global CLAUDE.md → Global rules → Project CLAUDE.md → Memory

This ~12KB payload is re-sent with every request. A 500-line CLAUDE.md quietly burns tokens on every API call. Keep it lean.

2. MCP tools are lazy-loaded — watch `tools[]` grow

Built-in tools (27) ship their full JSON schemas every request. MCP tools start as names only.

Step	What happens	`tools[]` count
Initial request	27 built-in tools loaded	27
Model calls `ToolSearch("context7")`	Full schema for 2 MCP tools returned	29
Model calls `ToolSearch("til")`	6 more MCP tool schemas added	35

Unused MCP tools never consume tokens. Watch tools[] grow as the model discovers what it needs.

3. Images are base64-encoded inline

When Claude Code reads a screenshot or image, it's base64-encoded and embedded directly in the JSON body:

{
  "type": "image",
  "source": {
    "type": "base64",
    "media_type": "image/png",
    "data": "iVBORw0KGgo..."
  }
}

A single screenshot can add hundreds of KB to the request payload. Inspector shows you the exact size.

4. Skill ≠ Command — completely different injection paths

Typing /something triggers one of three completely different mechanisms:

	Local Command	User Skill	Assistant Skill
Example	`/mcp`, `/clear`	`/commit`	`Skill("finish")`
Who triggers	User	User	Model
Injection	`<local-command-stdout>`	Full prompt in user msg	`tool_use` → `tool_result`
Model sees	Result only	Full prompt	Full prompt

Commands run locally and only pass the result. Skills inject the entire prompt text — and it stays in every subsequent request until the session ends.

5. Previous messages pile up — use `/clear` often

Claude Code re-sends the entire messages[] array with every request:

Turns	Approx. cumulative transfer
1	~15KB
10	~200KB
30	~1MB+

Most of it is old conversation you no longer need. Running /clear resets the context and drops the accumulated weight.

6. Sub-agents run in fully isolated contexts

When Claude Code spawns a sub-agent (via the Agent tool), it creates a completely separate API call:

	Parent API call	Sub-agent API call
`messages[]`	Full conversation history	Only the task prompt — no parent history
CLAUDE.md	Included	Included (independently)
tools[]	All loaded tools	Fresh set
Context	Accumulated	Starts from zero

Inspector captures both calls side by side, and AI Analysis automatically detects and labels sub-agent sessions.

Development

git clone https://github.com/kangraemin/claude-inspector.git
cd claude-inspector
npm install
npm start          # Dev mode
npm run test:unit  # Unit tests
npm run test:e2e   # E2E tests (Playwright)

Tech Stack

Layer	What	Why
Electron	Desktop shell, IPC	Native macOS titlebar, code-signed + notarized DMG
Vanilla JS	Zero frameworks	Entire UI in a single `index.html` — no bundler, no React
Node `http`/`https`	MITM proxy	Intercepts Claude Code ↔ API traffic, reassembles SSE streams
Mermaid.js	Flowchart rendering	AI Analysis mechanism diagrams
claude -p	AI analysis engine	Session flow analysis + inline chat via Claude Sonnet

Privacy: All proxy traffic stays on localhost. AI Analysis runs locally via claude -p (your own Claude Code CLI).

License

MIT