Delv
CommunityActive· 11d4.3by wong2

MCP CLI

Interactive CLI inspector for MCP servers supporting OAuth, tool calls, resource reads, and prompt runs.

View repo
B
Safety & Trust

Delv Safety Grade: B

Score 72/100 · assessed 2026-04-28

Maintainer55
Permissions85
Supply chain75
Transparency80
Incidents100

MCP CLI is a community-developed debugging tool for inspecting MCP servers interactively. Maintained by wong2, a solo developer with reasonable GitHub activity, it provides a CLI interface for testing tool calls, resource reads, and OAuth flows. The tool is distributed via npm with standard installation through npx, offering decent supply chain hygiene. Permissions are relatively scoped as it acts as an inspector rather than executing arbitrary operations itself, though it can trigger whatever capabilities the target MCP server exposes. The repository is open source with adequate documentation and examples. Main concerns centre on single-maintainer risk and the inherent trust required when inspecting potentially untrusted MCP servers. No security incidents are known. Suitable for developers debugging MCP implementations, but users should understand it will exercise whatever permissions the inspected server requests.

Lethal Trifecta (prompt-injection exposure)

ONE OF THREE
Private dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsNo
Can send data outbound

Generic shell. Reads local state.

Green flags

  • Open source with clear repository and issue tracking
  • Standard npm distribution with versioned releases
  • Focused debugging use case with limited scope creep
  • No known security incidents or malicious behaviour
  • Active maintenance with recent commits

Red flags

  • Single maintainer with potential bus factor risk
  • Can trigger arbitrary capabilities of inspected MCP servers
  • Limited community review compared to official tooling
  • OAuth handling requires careful credential management

Permissions requested

Outbound networkRead envRead files
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx @wong2/mcp-cli

Review

MCP CLI is a command-line inspector for MCP servers. You point it at a server, and it gives you an interactive shell to call tools, read resources, and run prompts without needing to wire up a full client. It handles OAuth flows, which matters if you're testing servers that authenticate against external services. I reach for this when I'm building or debugging an MCP server and want to confirm a tool actually works before I add it to Claude Desktop. The workflow is simple: run `npx @wong2/mcp-cli path/to/server`, pick a tool from the list, fill in the arguments, and see the raw response. It's faster than restarting Claude Desktop every time you tweak a function signature. The interactive prompt is clear, and it shows you the full JSON payloads, which helps when you're trying to figure out why a tool isn't behaving. The OAuth support is the standout feature. Most CLI tools for MCP skip this, but mcp-cli will open a browser window, handle the callback, and pass the token through. This means you can test servers that integrate with GitHub, Slack, or any other OAuth provider without mocking credentials. It's also useful for CI pipelines. You can script it to call a specific tool and check the output, which gives you a basic smoke test before you ship a server update. The exit codes are sensible, so it fits into existing test harnesses without much fuss. Quirks: it's a Node package, so you need a recent version of Node installed. The interactive mode is great for exploration, but if you want to automate a sequence of calls, you'll need to script it yourself. There's no built-in way to chain tool calls or save sessions. The output is JSON-heavy, which is accurate but not always easy to scan if you're just trying to spot an error. Skip this if you're only using MCP servers, not building them. It's a developer tool, not an end-user utility. If you're happy with the Claude Desktop interface and never need to test servers in isolation, you won't miss it.
Verdict

Install this if you build or maintain MCP servers. It's the fastest way to test tools and resources without restarting your IDE or client. If you only consume servers, it won't add much to your workflow.

Good at

  • Handles OAuth flows properly, which most CLI tools skip entirely.
  • Interactive mode is fast for testing individual tools without restarting your client.
  • Shows full JSON payloads, making it easier to debug schema mismatches.
  • Works as a CI smoke test with sensible exit codes.
  • No configuration needed. Point it at a server and it just runs.

Watch out

  • No session saving or call chaining, so you can't script complex workflows easily.
  • JSON-heavy output is accurate but hard to scan for quick checks.
  • Requires Node 18 or later, which might not match your server's runtime.
  • Interactive mode only. If you want batch testing, you'll write shell scripts around it.

Use cases

  • MCP server debugging
  • protocol testing
  • tool call exploration
  • CI smoke tests

Getting started

1. Run `npx @wong2/mcp-cli path/to/your/server` to start the interactive shell. 2. Choose a tool, resource, or prompt from the list that appears. 3. Fill in any required arguments when prompted, then review the raw JSON response. 4. For OAuth servers, the CLI will open a browser window automatically. Complete the flow there, and the token gets passed back. 5. Watch out for Node version mismatches. If the server uses ESM imports or recent syntax, you'll need Node 18 or later.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs