---
name: security-mcp-inspect
description: Connect to running MCP servers and scan live tool descriptions for injection, shadowing, and drift
---

# MCP Inspect

Live MCP server inspection — connect to running servers, scan tool descriptions.

## Step 1: Run Inspector

```bash
node <plugin-root>/scanners/mcp-live-inspect.mjs $ARGUMENTS
```

Supports `--timeout <ms>` and `--skip-global` flags.

## Step 2: Format Results

Parse JSON output. Display:

```
# MCP Live Inspection: [VERDICT]

Servers: N discovered, N contacted, N timed-out, N failed

## Server Details

| Server | Transport | Status | Tools | Findings |
|--------|-----------|--------|-------|----------|
[per-server row]

## Findings

[Findings table: severity, server, tool, description, evidence]
```

## Step 3: Advisory

- Timeouts: "Server did not respond within timeout. May be SSE-based (unsupported for live inspection) or not running."
- No servers found: "No MCP servers detected. Check configuration."
- Clean: "All servers passed live inspection."
- Findings: "Review findings. Combine with `mcp-audit` for static analysis."