Spawn and connect to an MCP server. Returns session_id for subsequent calls.
AI agents invoke inspector_connect to trigger actions in Mcp Inspector. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
cwd | string | — | Working directory when launching stdio server |
env | object | — | Environment variables for the target server |
command | string | — | Executable for stdio server (e.g. 'node', 'npx') |
headers | object | — | HTTP headers for remote connections |
transport | string | — | Transport type; auto-detected from inputs if omitted |
server_url | string | — | URL for remote SSE or HTTP server |
server_args | array | — | Args passed to the command (e.g. ['dist/index.js']) |
Parameters from the server's own tool schema.
This tool spawns a new process (MCP server) and establishes a connection to it. 'Spawn' implies executing/starting an external process, which is an Execute-category action. Misuse could lead to spawning unintended or malicious server processes, giving it a high severity rating.
From the tool's definition Spawn and connect to an MCP server
Risk signalsAccepts freeform code/query input (command) · Accepts file system path (cwd)
Attacks that exploit this kind of access
Spawn and connect to an MCP server. Returns session_id for subsequent calls. It is categorised as a Execute tool in the Mcp Inspector MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
inspector_connect accepts 7 parameters: cwd, env, command, headers, transport, server_url, server_args. The full parameter table on this page comes from the server's own tool schema.
Register the Mcp Inspector MCP server in PolicyLayer and add a rule for inspector_connect: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mcp Inspector. Nothing to install.
inspector_connect is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the inspector_connect rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for inspector_connect. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
inspector_connect is provided by the Mcp Inspector MCP server (@fre4x/mcp-inspector). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →