Skip to main content

inspect

One line: is this MCP server safe to add? One verdict, before you add it.

Adding an MCP server means trusting a package to run on your machine and a set of tools to sit in your agent's context. inspect takes the server as a package name or its install command, resolves the backing registry package (npm, PyPI, or crates), runs verify over it, and, when you provide a tool manifest with --manifest, runs warden over the advertised tools. It reports one verdict.

inspect does not launch the server: it will not run untrusted code. Local scripts, git specs, and other unverifiable sources return REVIEW rather than a false pass. Malformed input exits 2.

Usage

vulkro-live inspect @scope/server-x
vulkro-live inspect 'npx -y @scope/server-x'
vulkro-live inspect 'uvx mcp-server-git'
vulkro-live inspect 'npx -y @scope/server-x' --manifest ./tools.json

Example

$ vulkro-live inspect "npx -y @modelcontextprotocol/server-filesystem"

GREEN npx -y @modelcontextprotocol/server-filesystem
package @modelcontextprotocol/server-filesystem (npm) OK latest 2026.1.14, 404643 weekly downloads

The verdicts

VerdictMeaning
GREENReal, established package and a clean manifest.
REVIEWNew or low-reputation package, a medium finding, or an unresolvable spec.
AVOIDMissing or malicious package, or a high-severity manifest finding.

Flags

FlagEffect
<SERVER>The MCP server: a package name (@scope/server) or an install command (npx -y @scope/server, uvx mcp-server-x, pip install x)
--manifest <FILE>A JSON tool manifest for the server to scan with warden as part of the verdict
--min-age-days <DAYS>Flag packages created within this many days as SUSPICIOUS (default 30)
--min-downloads <N>Flag packages with fewer than this many downloads as SUSPICIOUS (default 100)
--no-cacheBypass the local response cache and always query live
--format <FORMAT>text (default), json, or sarif; see Output formats

Exit codes: 0 for GREEN, 1 for REVIEW or AVOID, 2 on an error.

Composes with

  • After a GREEN verdict, lock the manifest you approved so drift catches a later rug pull.
  • audit runs inspect over every MCP server already in your configs, so a one-time verdict becomes a recurring sweep.
  • A REVIEW you have manually vetted can be cleared in trustdb by exact version.
  • mcp exposes inspect as an MCP tool: the agent can vet a server before asking you to add it.