I'm a Senior SW. I built this with a friend (who is a Staff Software Engineer) as we both want to grow in the space of MCP/ Agent security and Agents Identity and Access Management (IAM).
We build MCPShark around solving security issues in MCP adoption. For example, currently, the adoption of MCP servers expose teams into security vulnerabilities such as tool poisoning, rug-pull attack etc. Thus, we built MCPShark.
MCPShark is a Wireshark like network traffic analysis tool for MCPs. It can easily integrate with developer IDEs and we intend to solve following problem.
The problem: You have ZERO visibility into what's happening. When Claude calls your MCP server, you can't see:
- What requests are being made
- What data is being sent
- Why tool calls fail
- If there are security issues
Here's what MCPShark does:
Think tcpdump + Wireshark, but specifically for MCP protocol.
Current features:
- Capture all HTTP requests/responses between IDE and MCP servers
- Wireshark-like forensic analysis interface
- Aggregate multiple MCP servers (HTTP and stdio)
- Filter by method, status, session, server
- SQLite audit logs
Status: Alpha. Still testing, rough edges. Works with Cursor, Windsurf, Claude Desktop.
We appreciate your genuine feedback. We like to solve real problems and make an impact.
- Is lack of MCP visibility a real problem for you?
- What debugging/security features would help most?
- Developer debugging vs security monitoring - which matters more?
- Should we integrate with security tools like Invariant Labs' mcp-scan?
- Above all, are we solving a real pain point. What pain points you'd like us to solve?
We're serious about agent security and IAM. Doing this part-time but committed. Open to all feedback, especially critical feedback.
Happy to answer questions about implementation, architecture, or MCP in general.
belai•1h ago
I'm a Senior SW. I built this with a friend (who is a Staff Software Engineer) as we both want to grow in the space of MCP/ Agent security and Agents Identity and Access Management (IAM).
We build MCPShark around solving security issues in MCP adoption. For example, currently, the adoption of MCP servers expose teams into security vulnerabilities such as tool poisoning, rug-pull attack etc. Thus, we built MCPShark.
MCPShark is a Wireshark like network traffic analysis tool for MCPs. It can easily integrate with developer IDEs and we intend to solve following problem.
The problem: You have ZERO visibility into what's happening. When Claude calls your MCP server, you can't see:
- What requests are being made - What data is being sent - Why tool calls fail - If there are security issues
Here's what MCPShark does: Think tcpdump + Wireshark, but specifically for MCP protocol.
Current features:
- Capture all HTTP requests/responses between IDE and MCP servers - Wireshark-like forensic analysis interface - Aggregate multiple MCP servers (HTTP and stdio) - Filter by method, status, session, server - SQLite audit logs
Status: Alpha. Still testing, rough edges. Works with Cursor, Windsurf, Claude Desktop.
We appreciate your genuine feedback. We like to solve real problems and make an impact.
- Is lack of MCP visibility a real problem for you? - What debugging/security features would help most? - Developer debugging vs security monitoring - which matters more? - Should we integrate with security tools like Invariant Labs' mcp-scan? - Above all, are we solving a real pain point. What pain points you'd like us to solve?
Links:
GitHub: https://github.com/mcp-shark/mcp-shark Desktop app (WIP): https://github.com/mcp-shark/mcp-shark-app
We're serious about agent security and IAM. Doing this part-time but committed. Open to all feedback, especially critical feedback. Happy to answer questions about implementation, architecture, or MCP in general.