inspect
One line: is this MCP server safe to add? One verdict, before you add it.
Adding an MCP server means trusting a package to run on your machine
and a set of tools to sit in your agent's context. inspect takes the
server as a package name or its install command, resolves the backing
registry package (npm, PyPI, or crates), runs verify
over it, and, when you provide a tool manifest with --manifest, runs
warden over the advertised tools. It reports one
verdict.
inspect does not launch the server: it will not run untrusted code.
Local scripts, git specs, and other unverifiable sources return
REVIEW rather than a false pass. Malformed input exits 2.
Usage
vulkro-live inspect @scope/server-x
vulkro-live inspect 'npx -y @scope/server-x'
vulkro-live inspect 'uvx mcp-server-git'
vulkro-live inspect 'npx -y @scope/server-x' --manifest ./tools.json
Example
$ vulkro-live inspect "npx -y @modelcontextprotocol/server-filesystem"
GREEN npx -y @modelcontextprotocol/server-filesystem
package @modelcontextprotocol/server-filesystem (npm) OK latest 2026.1.14, 404643 weekly downloads
The verdicts
| Verdict | Meaning |
|---|---|
GREEN | Real, established package and a clean manifest. |
REVIEW | New or low-reputation package, a medium finding, or an unresolvable spec. |
AVOID | Missing or malicious package, or a high-severity manifest finding. |
Flags
| Flag | Effect |
|---|---|
<SERVER> | The MCP server: a package name (@scope/server) or an install command (npx -y @scope/server, uvx mcp-server-x, pip install x) |
--manifest <FILE> | A JSON tool manifest for the server to scan with warden as part of the verdict |
--min-age-days <DAYS> | Flag packages created within this many days as SUSPICIOUS (default 30) |
--min-downloads <N> | Flag packages with fewer than this many downloads as SUSPICIOUS (default 100) |
--no-cache | Bypass the local response cache and always query live |
--format <FORMAT> | text (default), json, or sarif; see Output formats |
Exit codes: 0 for GREEN, 1 for REVIEW or AVOID, 2 on an error.
Composes with
- After a GREEN verdict,
lockthe manifest you approved sodriftcatches a later rug pull. auditruns inspect over every MCP server already in your configs, so a one-time verdict becomes a recurring sweep.- A REVIEW you have manually vetted can be cleared in
trustdbby exact version. mcpexposes inspect as an MCP tool: the agent can vet a server before asking you to add it.