MCP Shark is a Wireshark-like forensic analysis tool for Model Context Protocol (MCP) communications. It captures, inspects, and investigates all HTTP traffic between your IDE and MCP servers.

How does MCP Shark work?

MCP Shark acts as an intermediary gateway between your IDE and MCP servers. It captures all HTTP requests and responses, logs them to SQLite, and provides a real-time web interface for monitoring and analysis.

What is the MCP Playground?

The MCP Playground is a feature in MCP Shark where you can run commands and see results. You can call tools, test prompts, and read resources from your connected MCP servers.

Which IDEs are supported?

MCP Shark works with any IDE that supports the Model Context Protocol, including Cursor, Windsurf, Claude Code, and any other MCP-compatible development environment. As long as your IDE can connect to MCP servers via HTTP or stdio, MCP Shark can capture and analyze the traffic.

Detecting Malicious MCP Servers: A Practical Guide with MCP Shark

Why MCP Server Security Matters

MCP servers have significant access to your development environment. They can execute tools, read resources, and process prompts that may contain sensitive information. A malicious MCP server could:

Exfiltrate sensitive code or credentials
Execute unauthorized commands on your system
Modify files or configurations without your knowledge
Access private resources or APIs
Inject malicious code into your development workflow

MCP Shark acts as a security observability layer, allowing you to monitor and audit all MCP server interactions before they can cause harm.

What Makes an MCP Server Suspicious?

1. Unusual Tool Lists

When an MCP server registers its tools, inspect the tool list carefully. Red flags include:

Tools with overly broad permissions (e.g., "execute_any_command", "read_all_files")
Tools that don't match the server's stated purpose
Unexpected tools appearing after updates
Tools with vague or misleading names

Use MCP Shark's MCP Playground to view all available tools from all servers. You can also capture the tools/list response in the Traffic Capture view and review all available tools.

2. Suspicious Tool Calls

Monitor tool calls for:

Tools accessing files outside their expected scope
Network requests to unknown or suspicious domains
Commands that modify system configurations
Excessive data exfiltration (large response payloads)
Tools called without explicit user action

MCP Shark's Traffic Capture shows you exactly which tools are being called, with what parameters, and what they return. You can filter by method tools/call to see all tool invocations.

3. Unusual Resource Access

Watch for:

Resources that expose sensitive information
Unexpected resource URIs or patterns
Resources that change content unexpectedly
Access to resources outside the server's domain

Using MCP Shark for Security Auditing

Step 1: Baseline Normal Behavior

Before using a new MCP server, use MCP Shark to establish a baseline:

Start MCP Shark and configure it with your IDE
Use the MCP Playground to explore available tools, prompts, and resources
Review the initial tools/list response in Traffic Capture
Document expected tools and their purposes
Test each tool in the Playground to understand behavior

Step 2: Monitor Tool Calls

In MCP Shark's Traffic Capture view, filter by method tools/call to see all tool invocations. For each call, inspect:

Tool name: Does it match what you expected?
Parameters: Are the arguments reasonable and within scope?
Response: Does the response contain unexpected data?
Timing: Are tools being called without your explicit action?

Step 3: Audit Resource Access

Filter by resources/read to see all resource access. Verify:

Resources are only accessed when needed
Resource URIs match expected patterns
No sensitive files or data are being read
Resource content hasn't been tampered with

Step 4: Export and Analyze

Export captured traffic in JSON format for deeper analysis:

Apply filters to isolate suspicious activity
Click Export and choose JSON format
Analyze the exported data to search for patterns across multiple sessions
Identify tools that are called frequently or unexpectedly
Detect data exfiltration by analyzing response sizes
Create reports for security reviews

Red Flags to Watch For

🚨 Immediate Concerns

Tools that execute shell commands or system calls
Network requests to external domains you don't recognize
Large data transfers in responses
Tools that modify files outside their stated scope
Unexpected tool calls during idle periods

⚠️ Warning Signs

Tools with permissions broader than necessary
Frequent updates that change tool behavior
Vague or misleading tool descriptions
Resources that expose more data than expected
Unusual error patterns or retry behavior

Best Practices for MCP Security

Always use MCP Shark: Never connect directly to untrusted MCP servers without monitoring
Review before use: Inspect tool lists and test in isolation before production use
Regular audits: Periodically review captured traffic for anomalies
Limit permissions: Configure MCP servers with minimal necessary permissions
Keep logs: Export and archive traffic logs for security audits
Update carefully: Review changes when updating MCP servers
Use the playground: Test suspicious tools in MCP Shark's playground before production use

Real-World Example

Imagine you install a new MCP server that claims to help with code formatting. Using MCP Shark, you discover:

The server registers a tool called "format_code" (expected)
But it also registers "read_file" and "network_request" (unexpected)
When you format code, MCP Shark shows the server also calls "read_file" on unrelated files
The server makes network requests to an unknown domain

Without MCP Shark, you might never notice these suspicious activities. With it, you can immediately identify and block the malicious behavior.

Next Steps

Continue learning about MCP security:

Building a Secure MCP Setup - Comprehensive security guide
How to Capture and Inspect MCP Traffic - Setup instructions
MCP Shark Features - All forensic analysis capabilities