{"id":"modelcontextprotocol-inspector","name":"inspector","homepage":"https://modelcontextprotocol.io","repo_url":"https://github.com/modelcontextprotocol/inspector","category":"devtools","subcategories":[],"tags":["mcp","developer-tools","debugging","web-ui","testing","proxy-bridge","nodejs","typescript"],"what_it_does":"MCP Inspector is a developer tool for testing and debugging Model Context Protocol (MCP) servers. It includes a React web UI and a Node.js proxy that bridges to MCP servers over multiple transports (stdio, SSE, streamable-http), exposing a browser-based workflow for configuring, running, and inspecting MCP tools.","use_cases":["Debugging MCP server tool calls and responses during development","Validating MCP server connectivity across different transport types (stdio, SSE, streamable-http)","Generating reusable MCP client configuration snippets (mcp.json export)","Testing long-running or interactive MCP tools with configurable client-side timeouts"],"not_for":["Using as a public-facing service to connect untrusted clients or networks","Interpreting or validating security properties of an MCP server beyond basic connectivity/testing","Production deployments requiring strict uptime/SLA guarantees"],"best_when":"You are developing an MCP server locally (or in a trusted dev environment) and need an interactive way to exercise tools and inspect traffic/results.","avoid_when":"Avoid exposing the proxy server to untrusted networks or disabling proxy authentication.","alternatives":["@modelcontextprotocol/inspector-cli","Custom lightweight MCP clients built against the MCP SDK","Browser-based MCP clients/console tools that directly connect to your MCP server transport"],"af_score":51.2,"security_score":56.2,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T14:55:29.788215+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["TypeScript","JavaScript"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Bearer token authentication (for proxy HTTP requests / SSE connections)"],"oauth":false,"scopes":false,"notes":"Proxy authentication uses a random session token printed to console by default; auth can be disabled via DANGEROUSLY_OMIT_AUTH (explicitly warned as dangerous)."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Appears to be a local developer tool distributed via npm/npx and a container image; no usage pricing mentioned in provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":51.2,"security_score":56.2,"reliability_score":32.5,"mcp_server_quality":85.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":75.0,"scope_granularity":20.0,"dependency_hygiene":50.0,"secret_handling":70.0,"security_notes":"Proxy binds by default to localhost and requires authentication using a random session token for requests; includes Origin-header validation to mitigate DNS rebinding. Warns explicitly against disabling auth (DANGEROUSLY_OMIT_AUTH) because the proxy has permissions to spawn local processes and can connect to any specified MCP server. Token may be stored in browser local storage for convenience.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":30.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Proxy server can spawn local processes and connect to specified MCP servers—must be treated as local/trusted-only.","Authentication token handling is required unless explicitly (and dangerously) disabled.","Clients/browsers may store proxy token in local storage; query params take precedence for some settings.","Timeout settings apply to the inspector as an MCP client and are independent from server-side timeouts."]}}