{"id":33311594,"url":"https://github.com/mcp-shark/mcp-shark","last_synced_at":"2026-04-05T03:02:23.861Z","repository":{"id":323229143,"uuid":"1092558077","full_name":"mcp-shark/mcp-shark","owner":"mcp-shark","description":"Wireshark-like forensic analysis for Model Context Protocol communications  Capture, inspect, and investigate all HTTP requests and responses between your IDE and MCP servers","archived":false,"fork":false,"pushed_at":"2026-01-24T21:08:09.000Z","size":5302,"stargazers_count":149,"open_issues_count":0,"forks_count":10,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-25T09:59:29.326Z","etag":null,"topics":["electron","forensic-analysis","forensics","forensics-tools","mcp-protocol","monitoring","monitoring-tool","nodejs","security","security-audit","security-tools","traffic-analysis"],"latest_commit_sha":null,"homepage":"https://mcpshark.sh/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mcp-shark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-08T21:09:21.000Z","updated_at":"2026-01-24T21:08:12.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mcp-shark/mcp-shark","commit_stats":null,"previous_names":["mcp-shark/mcp-shark"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/mcp-shark/mcp-shark","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Fmcp-shark","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Fmcp-shark/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Fmcp-shark/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Fmcp-shark/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mcp-shark","download_url":"https://codeload.github.com/mcp-shark/mcp-shark/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Fmcp-shark/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28761814,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T23:06:19.311Z","status":"ssl_error","status_checked_at":"2026-01-25T23:03:50.555Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["electron","forensic-analysis","forensics","forensics-tools","mcp-protocol","monitoring","monitoring-tool","nodejs","security","security-audit","security-tools","traffic-analysis"],"created_at":"2025-11-19T05:00:49.679Z","updated_at":"2026-04-05T03:02:23.848Z","avatar_url":"https://github.com/mcp-shark.png","language":"JavaScript","funding_links":[],"categories":["📚 Projects (1974 total)"],"sub_categories":["MCP Servers"],"readme":"\u003cdiv align=\"center\"\u003e\n\n  \u003cimg src=\"https://smart.mcpshark.sh/icon_512x512.png\" alt=\"MCP Shark Logo\" width=\"128\" height=\"128\"\u003e\n\n  \u003ch1\u003emcp-shark\u003c/h1\u003e\n\n \u003cp\u003e\u003cstrong\u003eSecurity scanner for AI agent tools\u003c/strong\u003e — static analysis on MCP configs and tool metadata on your machine (findings, toxic-flow heuristics, CI-friendly outputs). Use the \u003cstrong\u003elocal HTTP proxy\u003c/strong\u003e and \u003cstrong\u003emonitoring UI\u003c/strong\u003e to aggregate IDE traffic to multiple MCP servers and inspect requests and responses in one place.\u003c/p\u003e\n  \u003cp\u003e\u003cstrong\u003ePrivacy:\u003c/strong\u003e static scans need no cloud and send no telemetry. Refreshing rule catalogs is opt-in HTTPS (\u003ccode\u003eupdate-rules\u003c/code\u003e).\u003c/p\u003e\n\n  [![npm version](https://img.shields.io/npm/v/@mcp-shark/mcp-shark.svg)](https://www.npmjs.com/package/@mcp-shark/mcp-shark)\n  [![License: Non-Commercial](https://img.shields.io/badge/License-Non--Commercial-red.svg)](LICENSE)\n\n\u003c/div\u003e\n\n---\n\n```bash\nnpx @mcp-shark/mcp-shark\n```\n\n![mcp-shark demo](docs/assets/demo.gif)\n\n## Why mcp-shark?\n\nMCP setups commonly mix secrets, broad tool access, and multiple servers in one agent context; issues are easy to miss without checking configs. See the [OWASP MCP Top 10](https://owasp.org/www-project-mcp-top-10/) for a structured view of what can go wrong.\n\nmcp-shark runs on your machine — no API keys or hosted scan backend. Install with `npx` and review findings locally.\n\n### Toxic flow analysis\n\nThe scanner models how MCP servers **compose in the agent context** and flags risky capability pairings (for example, secret access combined with external egress):\n\n```\n  ▲ HIGH  notify-server → repo-server\n    Untrusted content in one tool’s channel could lead the agent to\n    take a destructive action in another (e.g. push code).\n\n  ▲ MEDIUM  browser-server → filesystem-server\n    Web-sourced context could be chained into local file operations.\n```\n\nUse mcp-shark findings as input to your own threat model, not as a complete audit.\n\n## Features\n\n| Feature | Description |\n|---------|-------------|\n| **35 security rules** | OWASP MCP Top 10 + Agentic Security Initiative + general checks |\n| **Toxic flow analysis** | Cross-server attack path detection from tool capability heuristics |\n| **Attack walkthroughs** | Step-by-step exploit narratives from findings |\n| **Shark Score** | Transparent security posture score (0-100, A-F) |\n| **Auto-fix** | `--fix` replaces hardcoded secrets, fixes permissions, with backup/undo |\n| **Tool pinning** | Git-committable `.mcp-shark.lock` with SHA-256 hashes |\n| **15 IDE detection** | Cursor, Claude Desktop, VS Code, Windsurf, Codex, Amp, Kiro, and more |\n| **4 output formats** | Terminal, JSON, SARIF v2.1.0, HTML |\n| **Health checks** | `doctor` command for environment validation |\n| **Server inventory** | `list` command shows all servers in a table |\n| **Watch mode** | Live re-scan on config changes |\n| **HTML reports** | Self-contained offline security reports |\n| **Downloadable rule packs** | [Rule pack registry](https://github.com/mcp-shark/rule-packs) (manifest + JSON); `update-rules` syncs declarative packs and toxic-flow heuristics — zero code changes |\n| **YAML rules** | Per-project custom rules via `.mcp-shark/rules/` |\n| **GitHub Action** | CI/CD integration with SARIF upload |\n| **Interactive TUI** | lazygit-style terminal UI for scan, fix, and server browsing |\n| **Web UI** | Wireshark-like monitoring interface |\n| **Proxy toxic flows** | Local Analysis panel + `GET/POST /api/security/traffic-toxic-flows*` infer cross-server pairs from captured **tools/list** traffic (see [docs/local-analysis.md](docs/local-analysis.md)) |\n| **Local static scans** | No hosted scan backend; `update-rules` is opt-in HTTPS to the registry |\n\n## Quick Start\n\n```bash\n# Scan your MCP setup (default command)\nnpx @mcp-shark/mcp-shark\n\n# Auto-fix issues (with interactive confirmation)\nnpx @mcp-shark/mcp-shark scan --fix\n\n# See full attack chain narratives\nnpx @mcp-shark/mcp-shark scan --walkthrough\n\n# Pin tool definitions (lockfile) to spot unexpected changes\nnpx @mcp-shark/mcp-shark lock\n\n# Check environment health\nnpx @mcp-shark/mcp-shark doctor\n\n# Show all detected servers\nnpx @mcp-shark/mcp-shark list\n\n# Download latest rule packs (OWASP, Agentic Security)\nnpx @mcp-shark/mcp-shark update-rules\n\n# Watch for config changes\nnpx @mcp-shark/mcp-shark watch\n\n# Interactive terminal UI\nnpx @mcp-shark/mcp-shark tui\n\n# Generate HTML report\nnpx @mcp-shark/mcp-shark scan --format html --output report.html\n\n# CI mode (exits 1 on critical/high)\nnpx @mcp-shark/mcp-shark scan --ci --format sarif\n```\n\n## Commands\n\n| Command | Description |\n|---------|-------------|\n| `scan` (default) | Run security scan with 35 rules |\n| `lock` | Create `.mcp-shark.lock` file |\n| `lock --verify` | Verify current state matches lockfile |\n| `diff` | Show tool definition changes since last lock |\n| `doctor` | Run environment health checks |\n| `list` | Show inventory of all detected servers (`--format json` supported) |\n| `update-rules` | Download latest rule packs from remote registry |\n| `watch` | Watch config files and re-scan on changes |\n| `tui` | Interactive terminal UI (lazygit-style) |\n| `serve` | Start the web monitoring UI |\n\n## CLI flags\n\n### `scan` (default command)\n\n| Flag | Description |\n|------|-------------|\n| `--fix` | Auto-fix issues (interactive confirmation) |\n| `--fix --yes` | Auto-fix without prompting |\n| `--fix --undo` | Restore backups from previous fix |\n| `--walkthrough` | Show full attack chain narratives |\n| `--ci` | CI mode: exit code 1 on critical/high |\n| `--format \u003cfmt\u003e` | Output: `terminal`, `json`, `sarif`, `html` |\n| `--output \u003cpath\u003e` | Write report to file (for `html` format) |\n| `--strict` | Count advisory findings in score |\n| `--ide \u003cname\u003e` | Scan specific IDE only |\n| `--rules \u003cpath\u003e` | Load custom YAML rules from directory |\n| `--refresh-rules` | Fetch rule packs from registry before scan (HTTPS; see rule registry config) |\n\n### Other commands\n\n| Command | Flags / notes |\n|---------|----------------|\n| `list` | `--format terminal` or `--format json` |\n| `update-rules` | `--source \u003curl\u003e` for a custom pack manifest |\n| `serve` | `--open` / `-o` to open the browser |\n| `lock` | `--verify` to check lockfile match |\n\n## How `scan` works\n\nThe CLI **`scan`** command is **static**: it reads MCP entries from your IDE config files (see [Supported IDEs](#supported-ides) and optional project `./mcp.json`) and analyzes **what is written there**. It does **not** connect to running MCP servers or call `tools/list`.\n\n- **Always scanned:** each server block’s `command`, `args`, `env`, `url`, and related fields (secrets in `env`, unsafe spawn patterns, HTTP URLs, etc.).\n- **Tool-level rules** (declarative packs, command-injection heuristics, toxic-flow classification from tool **names**, etc.) run only when that server entry includes an embedded **`tools`** array (name, description, schemas). If `tools` is omitted—typical for `command`/`stdio`-only configs—the scan may report **0 tools checked** even though Cursor is running the server fine.\n\nTo exercise full rule coverage in CI or test repos, either embed tool metadata in the same JSON your scanner reads, or use a project-local `mcp.json` harness (see `--ide Project`).\n\n## What it covers\n\nmcp-shark is aimed at **config and metadata you already have on disk** (plus optional local monitoring). It helps catch common misconfigurations and risky combinations; treat output as input to your own review, not a guarantee nothing is wrong.\n\n| Area | Notes |\n|------|--------|\n| Install / run | Node.js 20+; `npx @mcp-shark/mcp-shark` |\n| Security rules | 35 checks — 24 declarative JSON packs, 11 JS where heuristics need code |\n| Toxic flow analysis | Heuristic cross-server paths; quality depends on embedded `tools` / classifications |\n| Attack walkthroughs | Narratives derived from findings |\n| Auto-fix | Supported for a subset of issues; confirm changes in your repo |\n| Tool pinning | `.mcp-shark.lock` with SHA-256 hashes |\n| Live traffic | Web UI (`serve`) for monitoring; separate from static `scan` |\n| Custom rules | YAML under `.mcp-shark/rules/` and JSON rule packs |\n| Findings \u0026 score | confirmed / advisory tiers plus Shark Score (0–100, A–F) |\n| IDE configs | 15 built-in paths + project-local `mcp.json` variants — see [Supported IDEs](#supported-ides) |\n| Output | Terminal, JSON, SARIF v2.1.0, HTML |\n| Health | `doctor` for environment checks |\n| CI | `scan --ci` and optional [GitHub Action](#github-action) |\n| Watch | Re-scan when config files change |\n| Rule updates | `update-rules` (optional HTTPS fetch; static scan works without it) |\n\n## Rule Extensibility\n\n### Downloadable Rule Packs (JSON)\n\nThe canonical **registry** (manifest, pack files, validation CI, and schema notes) lives in **[mcp-shark/rule-packs](https://github.com/mcp-shark/rule-packs)**. The npm package embeds copies; `update-rules` pulls the same artifacts into `.mcp-shark/rule-packs/`.\n\nmcp-shark ships with 24 declarative rules as JSON packs (OWASP MCP, Agentic Security Initiative, General Security), plus a **`toxic-flow-heuristics`** pack (`toxic_flow_rules` for cross-server composition). New vulnerability catalogs can be added as `.json` files — no JavaScript, no code changes.\n\n```bash\n# Fetch latest rule packs from the registry\nnpx @mcp-shark/mcp-shark update-rules\n\n# Use a custom/enterprise registry\nnpx @mcp-shark/mcp-shark update-rules --source https://internal.corp/rules/manifest.json\n```\n\nDownloaded packs are cached in `.mcp-shark/rule-packs/` and merged with built-in rules on every scan.\n\n\u003cdetails\u003e\n\u003csummary\u003eRule pack JSON schema\u003c/summary\u003e\n\n```json\n{\n  \"id\": \"owasp-mcp-2027\",\n  \"name\": \"OWASP MCP Top 10 (2027)\",\n  \"version\": \"1.0.0\",\n  \"rules\": [\n    {\n      \"id\": \"MCP01-token-mismanagement\",\n      \"name\": \"Token Mismanagement\",\n      \"severity\": \"critical\",\n      \"framework\": \"OWASP-MCP\",\n      \"description\": \"Detects hardcoded tokens in MCP configs\",\n      \"patterns\": [\n        { \"regex\": \"(api[_-]?key|token)\\\\s*[:=]\", \"flags\": \"i\", \"label\": \"API key pattern\" }\n      ],\n      \"scope\": [\"tool\", \"prompt\", \"resource\", \"packet\"],\n      \"exclude_patterns\": [{ \"regex\": \"\\\\$\\\\{|process\\\\.env\" }],\n      \"match_mode\": \"any\"\n    }\n  ]\n}\n```\n\n\u003c/details\u003e\n\n### Custom YAML Rules (per-project)\n\nCreate `.mcp-shark/rules/` in your project to add lightweight custom rules:\n\n```yaml\n# .mcp-shark/rules/no-production-keys.yaml\nid: custom-no-prod-keys\nname: No Production Keys\nseverity: critical\ndescription: Detects production API keys in MCP configs\nmatch:\n  env_pattern: \"^(PROD_|PRODUCTION_)\"\n  value_pattern: \"^sk-live|^pk-live\"\nmessage: \"Production key detected in {key} — use staging keys for development\"\n```\n\nBoth YAML rules and JSON packs are loaded automatically on scan. Share them with your team by committing the folder.\n\n### User-Overridable Data (`.mcp-shark/`)\n\nEvery built-in data source can be extended or overridden through YAML files in your project root:\n\n| File | Overrides | Format |\n|------|-----------|--------|\n| `.mcp-shark/secrets.yaml` | Secret detection patterns | List of `{ name, regex }` |\n| `.mcp-shark/classifications.yaml` | Server/tool capability tags | Nested map `server: { capability: true }` |\n| `.mcp-shark/flows.yaml` | Toxic flow rules | List of `{ source_cap, target_cap, risk, ... }` |\n| `.mcp-shark/rules/*.yaml` | Custom per-project rules | See YAML Rules above |\n| `.mcp-shark/rule-packs/*.json` | Override or add declarative packs | See JSON Packs above |\n\nUser data is merged with built-in data at scan time. No rebuild required.\n\n## GitHub Action\n\n```yaml\n# .github/workflows/mcp-security.yml\nname: MCP Security Scan\non: [push, pull_request]\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: mcp-shark/scan-action@v1\n        with:\n          format: sarif\n          fail-on: high\n      - uses: github/codeql-action/upload-sarif@v3\n        if: always()\n        with:\n          sarif_file: mcp-shark-results.sarif\n```\n\n## Supported IDEs\n\n| IDE | Config Path | Status |\n|-----|-------------|--------|\n| Cursor | `~/.cursor/mcp.json` | ✅ |\n| Claude Desktop | `~/Library/.../claude_desktop_config.json` | ✅ |\n| Claude Code | `~/.claude.json` | ✅ |\n| VS Code | `~/.vscode/mcp.json` | ✅ |\n| Windsurf | `~/.codeium/windsurf/mcp_config.json` | ✅ |\n| Codex | `~/.codex/config.toml` | ✅ |\n| Gemini CLI | `~/.gemini/settings.json` | ✅ |\n| Continue | `~/.continue/config.json` | ✅ |\n| Cline | `~/.../saoudrizwan.claude-dev/.../cline_mcp_settings.json` | ✅ |\n| Amp | `~/.amp/mcp.json` | ✅ |\n| Kiro | `~/.kiro/mcp.json` | ✅ |\n| Zed | `~/.config/zed/settings.json` | ✅ |\n| Augment | `~/.augment/mcp.json` | ✅ |\n| Roo Code | `~/.roo-code/mcp.json` | ✅ |\n| Project (local) | `./mcp.json`, `./.mcp.json`, `./.mcp/config.json` | ✅ |\n\n## Security Rules (35)\n\n\u003cdetails\u003e\n\u003csummary\u003eFull rule list\u003c/summary\u003e\n\n### OWASP MCP Top 10\n| ID | Rule | Severity |\n|----|------|----------|\n| MCP01 | Token Mismanagement | Critical |\n| MCP02 | Scope Creep | High |\n| MCP03 | Tool Poisoning | Critical |\n| MCP04 | Supply Chain | High |\n| MCP05 | Command Injection | Critical |\n| MCP06 | Prompt Injection | High |\n| MCP07 | Insufficient Auth | High |\n| MCP08 | Lack of Audit | Medium |\n| MCP09 | Shadow Servers | High |\n| MCP10 | Context Injection | High |\n\n### Agentic Security Initiative (ASI)\n| ID | Rule | Severity |\n|----|------|----------|\n| ASI01 | Goal Hijack | Critical |\n| ASI02 | Tool Misuse | High |\n| ASI03 | Identity Abuse | High |\n| ASI04 | Supply Chain | High |\n| ASI05 | Remote Code Execution | Critical |\n| ASI06 | Memory Poisoning | High |\n| ASI07 | Insecure Communication | Medium |\n| ASI08 | Cascading Failures | Medium |\n| ASI09 | Trust Exploitation | High |\n| ASI10 | Rogue Agent | Critical |\n\n### General Security\n| Rule | Severity |\n|------|----------|\n| Hardcoded Secrets | Critical |\n| Command Injection | Critical |\n| Cross-Server Shadowing | High |\n| Tool Name Ambiguity | Medium |\n| DNS Rebinding | High |\n| ANSI Escape Sequences | Medium |\n| Config File Permissions | Medium |\n| Missing Containment | High |\n| Duplicate Tool Names | Medium |\n| Shell/Env Injection | High |\n| Excessive Permissions | High |\n| Unsafe Default Config | Medium |\n| Path Traversal | High |\n| Sensitive Data Exposure | High |\n| Insecure Transport | Medium |\n\n\u003c/details\u003e\n\n## Web UI\n\nMCP Shark also includes a Wireshark-like web interface for real-time MCP traffic monitoring:\n\n```bash\nnpx @mcp-shark/mcp-shark serve --open\n```\n\nSame as the older shortcut (no `serve` subcommand):\n\n```bash\nnpx @mcp-shark/mcp-shark --open\n```\n\nThe web UI provides:\n- Multi-server aggregation and real-time monitoring\n- Interactive playground for testing tools, prompts, and resources\n- Local security analysis with pattern-based detection\n- API documentation with interactive testing\n\n## Architecture\n\n```\n┌────────────────────────────────────────────────────┐\n│  CLI (Commander.js)                                │\n│  scan · lock · diff · doctor · list · watch · tui  │\n│  update-rules · serve                              │\n├──────────────┬──────────────┬──────────────────────┤\n│  ConfigScanner│  ScanService  │  StaticRulesService  │\n│  15 IDEs      │  orchestrator │  35 rules            │\n├──────────────┴──────────────┴──────────────────────┤\n│  Data layer (JSON + user YAML/JSON overrides)      │\n│  ┌────────────┬──────────────┬───────────────────┐ │\n│  │ rule-packs │ secret-      │ tool-             │ │\n│  │ (24 rules) │ patterns.json│ classifications   │ │\n│  ├────────────┼──────────────┼───────────────────┤ │\n│  │ toxic-flow │ rule-        │ .mcp-shark/*.yaml │ │\n│  │ rules.json │ sources.json │ (user overrides)  │ │\n│  └────────────┴──────────────┴───────────────────┘ │\n├────────────────────────────────────────────────────┤\n│  JS plugins (11 rules needing algorithmic logic)   │\n│  + DeclarativeRuleEngine (24 pattern-based rules)  │\n└────────────────────────────────────────────────────┘\n```\n\n**Design principles:**\n- **Data-first** — Declarative rules, secret patterns, tool classifications, and toxic-flow defaults ship as JSON; **24** of **35** rules are pattern packs you can extend or override without forking those definitions.\n- **User-overridable** — Built-in data can be extended via `.mcp-shark/*.yaml` (and JSON pack drops) as documented above.\n- **Hybrid rule engine** — The other **11** rules are JS plugins where heuristics need code. Both sources are merged at scan time.\n- **Zero-config scanning** — `npx` and go. Auto-detects the IDE paths below plus project-local `mcp.json` variants.\n\n## Documentation\n\n- **[Rule pack registry](https://github.com/mcp-shark/rule-packs)** — Official `manifest.json` and JSON packs consumed by `update-rules`\n- **[Getting Started](docs/getting-started.md)** — Installation \u0026 setup\n- **[Features](docs/features.md)** — Detailed feature documentation\n- **[User Guide](docs/user-guide.md)** — Complete usage guide\n- **[Local Analysis](docs/local-analysis.md)** — Static security analysis\n- **[Architecture](docs/architecture.md)** — System design\n- **[API Reference](docs/api-reference.md)** — API endpoints\n\n## Requirements\n\n- **Node.js**: 20.0.0 or higher\n- **OS**: macOS, Windows, or Linux\n\n## License\n\nSource-Available Non-Commercial License\n\n- ✅ View, fork, modify, run for personal, educational, or internal company use\n- ❌ Sell, resell, or integrate into paid products/services without written permission\n\nSee [LICENSE](LICENSE) for full terms.\n\n## Support\n\n- **Issues**: [GitHub Issues](https://github.com/mcp-shark/mcp-shark/issues)\n- **Website**: [mcpshark.sh](https://mcpshark.sh)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003cstrong\u003eMCP servers can chain through the agent — mcp-shark surfaces risky combinations in config and traffic.\u003c/strong\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcp-shark%2Fmcp-shark","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmcp-shark%2Fmcp-shark","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcp-shark%2Fmcp-shark/lists"}