Is SharkMCP safe to use?

SharkMCP has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install SharkMCP?

SharkMCP can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can SharkMCP do?

SharkMCP provides 7 tools: Requirements, Installation, Configuration, Tools, Session and 2 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with SharkMCP?

SharkMCP is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is SharkMCP actively maintained?

SharkMCP is actively maintained — last commit was 20 days ago. It has 67 GitHub stars.

SharkMCP

Name: SharkMCP
Author: weirdmachine64

by weirdmachine64

A swiss-knife MCP server for analysing PCAP files

67 7 tools GitHub

No known CVEs

MIT license

Actively maintained

Last commit 20d ago

Works with most clients

Transport: stdio

7 tools · ~204 tok

Grade A · 0.1% of 200K ctx

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "sharkmcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/sharkmcp)](https://mcppedia.org/s/sharkmcp)

Read me

What SharkMCP does

An MCP server that exposes sharkd — Wireshark's programmatic interface — as a set of tools for LLMs. Load PCAP/PCAPNG files and analyse them with natural language.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

66/100across 5 weighted dimensions

How we score →

0255075100

−34

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (7)

Click any tool to inspect its schema.

~204 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is SharkMCP safe to use?: SharkMCP has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install SharkMCP?: SharkMCP can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can SharkMCP do?: SharkMCP provides 7 tools: Requirements, Installation, Configuration, Tools, Session and 2 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with SharkMCP?: SharkMCP is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is SharkMCP actively maintained?: SharkMCP is actively maintained — last commit was 20 days ago. It has 67 GitHub stars.

Similar servers

Others in other

View all →

io.github.wyre-technology/spanning-mcp90

MCP server for Spanning Cloud Backup — M365/GWS/Salesforce backups, restores, audit.

io.github.codeofaxel/kiln88

AI agent control of 3D printers — 432 tools for OctoPrint, Moonraker, Bambu, Prusa, Elegoo

18 11

io.github.wyre-technology/autotask-mcp88

MCP server for Kaseya Autotask PSA — companies, tickets, projects, time entries, and more.

36 6

io.github.AnchorRegistry/ar-mcp88

On-chain provenance lookup for AnchorRegistry. Resolve AR-IDs, hashes, and full trees. Authless.

MCP Security Weekly

Get CVE alerts and security updates for SharkMCP and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "sharkmcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/sharkmcp)](https://mcppedia.org/s/sharkmcp)

Read me

What SharkMCP does

An MCP server that exposes sharkd — Wireshark's programmatic interface — as a set of tools for LLMs. Load PCAP/PCAPNG files and analyse them with natural language.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

SharkMCP

An MCP server that exposes sharkd — Wireshark's programmatic interface — as a set of tools for LLMs. Load PCAP/PCAPNG files and analyse them with natural language.

Requirements

Python 3.10+
Wireshark (provides sharkd)

Installation

git clone https://github.com/weirdmachine64/sharkmcp.git
cd sharkmcp
pip install -e .

Or run directly from the repo without installing:

uvx --from git+https://github.com/weirdmachine64/sharkmcp sharkmcp

Configuration

Add to your .mcp.json:

{
  "mcpServers": {
    "sharkmcp": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/weirdmachine64/sharkmcp", "sharkmcp"],
      "env": {
        "SHARKMCP_TIMEOUT": "300"
      }
    }
  }
}

Env var	Default	Description
`SHARKMCP_SHARKD_BIN`	`sharkd`	Path to sharkd binary
`SHARKMCP_TIMEOUT`	`300`	Per-request timeout in seconds

Tools

Each loaded PCAP gets a dedicated sharkd subprocess. Results from expensive scans (conversations, expert info, export objects) are cached in memory so paginated follow-up calls are served without re-scanning.

Session

Tool	Description
`load_pcap(path, alias?)`	Load a PCAP/PCAPNG file
`list_pcaps()`	List all loaded PCAPs
`unload_pcap(alias)`	Terminate session and free memory

Overview

Tool	Description
`pcap_summary(alias)`	Frame count, duration, file size, protocols seen
`server_info(alias)`	All available tap types, follow protocols, field types

Packet Inspection

Tool	Description
`list_packets(alias, filter?, columns?, refs?)`	Paginated frame list with display filter
`packet_detail(alias, frame, include_bytes?, include_hidden?)`	Full protocol tree for one frame
`extract_fields(alias, fields, filter?)`	Extract arbitrary fields per packet as a table

Utilities

Tool	Description
`validate(alias, filter?, field?)`	Validate a display filter and/or field name
`complete(alias, field?, pref?)`	Autocomplete field or preference names by prefix
`get_preference(alias, preference?)`	Read dissector preferences
`set_preference(alias, name, value)`	Set a dissector preference for this session
`set_frame_comment(alias, frame, comment)`	Annotate a frame (session-scoped)

Traffic Structure

Tool	Description
`protocol_hierarchy(alias, filter?)`	Nested protocol tree with frame/byte counts
`io_stats(alias, interval_ms?, filter?)`	Per-interval frame and byte counts
`iograph(alias, graphs, interval_ms?, filters?)`	Multi-line traffic graph; supports `packets`, `bytes`, `bits`, `sum:<field>`, `avg:<field>`, `min:<field>`, `max:<field>`, `load:<field>`, `frames:<field>`
`follow_stream(alias, protocol, filter)`	Reassemble a stream (`tcp`, `udp`, `tls`, `http`, `http2`, `quic`, `sip`, `dccp`, `websocket`)

Conversations & Topology

Tool	Description
`conversations(alias, type?, sort_by?)`	Conversation table — bytes/frames per peer pair
`endpoints(alias, type?, sort_by?)`	Endpoint table — tx/rx per host

Supported layer types for both: tcp, udp, ip, ipv6, eth, sctp, dccp, mptcp, wifi, bluetooth, zigbee, fc, fddi, usb, and more.

Protocol Statistics

Tool	Description
`expert_info(alias, filter?)`	Per-frame anomaly detection — errors, warnings, notes, chats
`protocol_stats(alias, protocol)`	Aggregate stats for `dns`, `http`, `http_requests`, `http_server`, `sip`, `dhcp`, `h225`, `http2`, `rtsp`
`service_response_time(alias, protocol)`	Request/response latency for `smb`, `smb2`, `snmp`, `ldap`, `diameter`, `rpc`, `gtp`, and more
`response_time

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

66/100across 5 weighted dimensions

How we score →

0255075100

−34

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (7)

Click any tool to inspect its schema.

~204 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is SharkMCP safe to use?: SharkMCP has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install SharkMCP?: SharkMCP can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can SharkMCP do?: SharkMCP provides 7 tools: Requirements, Installation, Configuration, Tools, Session and 2 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with SharkMCP?: SharkMCP is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is SharkMCP actively maintained?: SharkMCP is actively maintained — last commit was 20 days ago. It has 67 GitHub stars.