Model Context Protocol
MCP Shark: Secure and inspect MCP tools locally with static scans and proxy monitoring #715
Replies: 1 comment
-
|
Local scanning + proxy monitoring is a strong combination because static analysis and runtime observation catch different classes of failure.\n\nIf you are looking for the most useful validation set, I would definitely include both:\n- obvious dangerous tool calls\n- near-miss benign cases that mention risky concepts but should not trigger enforcement\n\nThat second bucket matters a lot for adoption. A tool can look great on dramatic demos and still become painful in real workflows if it over-flags security docs, test fixtures, policy files, or admin notes that contain scary strings without actually being actionable.\n\nThe other useful split is by boundary: user input, retrieved docs, tool results, generated tool args, outbound content. False positives and false negatives often vary a lot across those surfaces. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Pre-submission Checklist
What would you like to share?
Hi everyone,
I wanted to share MCP Shark, a local-first security scanner and traffic inspection tool for MCP setups.
MCP Shark has two main parts:
1. Static security scanning
It scans MCP configs and tool metadata locally on your machine and flags risky findings, including toxic-flow style capability pairings between servers.
2. Local proxy + monitoring UI
It can aggregate IDE traffic across multiple MCP servers and lets you inspect requests and responses in one place.
A few things I focused on while building it:
MCP setups can quickly combine secrets, broad tool access, and multiple servers in a single agent context, which makes the overall risk harder to understand.
Some examples of what it tries to help with:
Quick start
Relevant Links
Beta Was this translation helpful? Give feedback.
All reactions