by MCPJam
Testing and evaluation platform to chat, inspect, and debug MCP servers, MCP apps, and ChatGPT apps.
# Add to your Claude Code skills
git clone https://github.com/MCPJam/inspectorGuides for using mcp servers skills like inspector.
Last scanned: 4/25/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@electron-forge/cli: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/core: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/core-utils: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/maker-base: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/maker-deb: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/maker-dmg: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/maker-rpm: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/maker-squirrel: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/maker-zip: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/plugin-base: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/plugin-fuses: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/plugin-vite: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/publisher-base: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/publisher-github: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/shared-types: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/template-base: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/template-vite: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/template-vite-typescript: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/template-webpack: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron-forge/template-webpack-typescript: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron/node-gyp: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron/rebuild: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@inquirer/editor: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@inquirer/prompts: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@workos-inc/authkit-nextjs: authkit-nextjs may let session cookies be cached in CDNs",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@workos-inc/node: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: Uncontrolled recursion in XML serialization leads to DoS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "cacache: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "cookie: cookie accepts cookie name, path, and domain with out of bounds characters",
"severity": "low"
},
{
"type": "npm-audit",
"message": "electron: Electron: AppleScript injection in app.moveToApplicationsFolder on macOS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "external-editor: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "hono: hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "http-proxy-agent: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "iron-session: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "make-fetch-happen: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mermaid: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "protobufjs: Arbitrary code execution in protobufjs",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "low"
},
{
"type": "npm-audit",
"message": "streamdown: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tmp: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"severity": "low"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-04-25T05:51:05.482Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}inspector is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by MCPJam. Testing and evaluation platform to chat, inspect, and debug MCP servers, MCP apps, and ChatGPT apps. It has 2,059 GitHub stars.
inspector failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/MCPJam/inspector" and add it to your Claude Code skills directory (see the Installation section above).
inspector is primarily written in TypeScript. It is open-source under MCPJam on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh inspector against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
MCPJam is the development platform for MCP servers, MCP apps, and ChatGPT apps.
No more ngrok or ChatGPT/Claude subscription needed. MCPJam is the fastest way to iterate on any MCP project.
Open the hosted web app. No install needed.
Or run MCPJam locally for HTTP/S and local STDIO servers:
npx @mcpjam/inspector@latest
MCPJam Inspector runs three ways: a hosted web app, a desktop app for Mac and Windows, or via your terminal. The web app is HTTPS-only and has no install. Terminal and Desktop support HTTP/S and local STDIO servers.
Node.js 20+ is only required for the terminal install (npx). The hosted web app and desktop apps have no local runtime requirements.
Open app.mcpjam.com in your browser. No install required. Always on the latest version, and you can share MCP server links with teammates the same way you'd share a Google Doc.
See Hosted App docs for details.
Download the installer for your OS. Supports HTTP/S and local STDIO servers. No Node.js required.
Run the inspector via npx (supports HTTP/S and local STDIO):
npx @mcpjam/inspector@latest
After it starts, open the printed localhost URL in your browser.
Run MCPJam Inspector using Docker, bound to localhost for security:
docker run -p 127.0.0.1:6274:6274 mcpjam/mcp-inspector
The app is available at http://127.0.0.1:6274. Always use -p 127.0.0.1:6274:6274 (not -p 6274:6274) to keep the inspector local-only. On macOS/Windows, connect to host MCP servers via http://host.docker.internal:PORT instead of 127.0.0.1.
| Capability | Description |
|---|---|
| App Builder | Debug your server against a model: tool calls or in-panel chat, with Chat, Trace, and Raw. OpenAI Apps SDK and MCP app UIs, text tools, Chrome DevTools-style widget emulator. Read more |
| Chat | Multi-server chat on frontier models (free). Chat, Trace, Raw; compare up to 3 models. Read more |
| OAuth Debugger | Guided MCP OAuth conformance checks: protocol versions 03-26, 06-18, 11-25; DCR, client pre-registration, CIMD. Read more |
| MCP Server Debugging | Manually run tools, resources, templates, and elicitation; full JSON-RPC logs. |
| Skills | Skills in Chat and App Builder; local filesystem only. Read more |
| Workspaces | Shared server groups with real-time team sync. Read more |
| Evals | Test cases with expected tool calls, run across LLMs, metrics. Read more |
| CLI | Run MCPJam checks, probes, and evals from the terminal. Perfect for local dev loops and CI. Read more |
| SDK | Programmatic access to MCPJam for custom tooling, scripting, and integrations. Read more |
| CI/CD | Run MCPJam checks and evals in GitHub Actions and other CI systems to gate PRs on regressions. Read more |
Debug your server against a model using tool calls or in-panel chat, with Chat, Trace, and Raw views. Supports OpenAI Apps SDK and MCP app UIs, text tools, and a Chrome DevTools-style widget emulator to iterate on widgets locally.
window.openai messages in the logs.Trace view: every tool call, agent step, and JSON-RPC message.
Multi-server chat on frontier models for free, or bring your own API key. Chat, Trace, and Raw views; compare up to 3 models side-by-side. View your server's token usage.
Guided MCP OAuth conformance checks with step-by-step explanations. Test against every version of the OAuth spec (03-26, 06-18, and 11-25). Support for client pre-registration, Dynamic Client Registration (DCR), and Client ID Metadata Documents (CIMD).
MCPJam contains all of the tooling to test your MCP server. Manually run tools, resources, resource templates, prompts, and elicitation flows, with full JSON-RPC observability. MCPJam has all features from the original inspector and more.
Use Skills in Chat and App Builder to extend models with local, reusable behaviors. Local filesystem only. Your data never leaves your machine. Read more
Group your servers into shared workspaces with real-time team sync, so everyone on your team is testing against the same configuration. Read more
Define test cases with expected tool calls and run them across multiple LLMs. Track accuracy metrics over time to catch regressions early and improve your server with every iteration. [Read more](https://docs.mcpjam.com/i