httptoolkit-mcp

An MCP server that enables AI assistants to control HTTP Toolkit for intercepting, inspecting, and debugging HTTP(S) traffic from browsers, mobile devices, and Docker containers. It provides tools for server management, interceptor activation, and sending HTTP requests through natural language commands.

→ fdciabdul/httptoolkit-mcp · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 1 credential: HTK_SERVER_TOKEN

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configHTK_ADMIN_URL— Mockttp admin API URL http://127.0.0.1:45456

🔐 secretHTK_SERVER_TOKEN— Auth token (auto-detected from desktop app) Auto-detected

configHTK_SERVER_URL— HTTP Toolkit management API URL http://127.0.0.1:45457

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/fdciabdul-httptoolkit-mcp-zvvnz4)](https://m8ven.ai/mcp/fdciabdul-httptoolkit-mcp-zvvnz4)

commit: b61087a7e271a8e9cd4bcbc7b4f9f0bf4b42fa92

code hash: 43126e5bcc996c7e6ab72ee18b95cac0cc40a4e70c30061ebbb01786fef9a1ec

verified: 4/11/2026, 2:32:55 PM

view raw JSON →