Skip to main content
Glama

@jshookmcp/jshook

License: AGPLv3 Node.js 22.12+ TypeScript MCP pnpm

English | 中文

An MCP server that gives AI agents 402 tools across 36 domains for JavaScript analysis and security research — browser automation, CDP debugging, network interception, JS hooks, LLM-powered code analysis, process/memory forensics, WASM reverse engineering, source-map reconstruction, AST transforms, and composite workflows in a single server.

Related MCP server: Codehooks.io MCP Server

🚀 Quick Start

No global install needed — add to your MCP client config and you're ready:

Claude Desktop / Cursor (claude_desktop_config.json):

{
  "mcpServers": {
    "jshook": {
      "command": "npx",
      "args": ["-y", "@jshookmcp/jshook@latest"],
      "env": { "JSHOOK_BASE_PROFILE": "search" }
    }
  }
}

(Windows: use npx.cmd absolute path if npx is not found)

🌟 Highlights

  • 🤖 AI-Driven Analysis — LLM-powered deobfuscation, crypto detection, AST comprehension

  • Search-First Context Efficiencysearch profile ≈ 3K tokens vs full ≈ 40K+ tokens

  • 🎯 Progressive Tierssearchworkflowfull, activate on demand

  • 🌐 Full-Stack Browser Automation — Chromium/Camoufox + CDP + anti-detection + CAPTCHA handling

  • 🔁 Runtime Recovery and Session Isolation — HTTP sessions restore activated domains, browser attach state, coverage state, and isolate browser-side session state per client

  • 🧭 Schema-First Meta Toolsdescribe_tool, validated call_tool, and coverage_report reduce parameter errors and make tool coverage visible

  • 📡 Network Interception — HTTP/2 frame building, MiTM capture, GraphQL, Burp Suite bridge

  • 🛠️ Reverse Engineering Toolchain — WASM disassembly, binary analysis, Frida, Ghidra/IDA bridges

  • 🧰 Process & Memory Forensics — Native FFI scanning, hardware breakpoints, PE introspection

  • 🧩 Dynamic Extensibility — Hot-reload plugins, declarative workflows, auto-discovered domains

Recent Runtime Notes

  • HTTP transport now multiplexes independent MCP sessions and restores runtime state after reconnects.

  • proxy_start auto-generates a local HTTPS interception CA when needed.

  • Browser CAPTCHA solving is now explicit-input driven: pass taskKind, siteKey, imageBase64, callbackName, and responseSelector as needed. Built-in widget/page signature probing is intentionally not used.

Architecture

  • Runtime Registry — Domains auto-discovered via manifest.ts; add a domain by creating one file

  • Lazy Initialization — Handlers instantiated on first call, not at startup

  • BM25 + Vector Searchsearch_tools meta-tool with hybrid ranking and adaptive weights

  • MCP ToolAnnotations — Every tool carries readOnlyHint / destructiveHint / idempotentHint / openWorldHint

Registry Snapshot

The built-in surface below is generated from the runtime registry and checked in CI.

  • Package version: 0.3.3

  • Built-in Tools: 588

  • Domains: adb-bridge, binary-instrument, boringssl-inspector, browser, canvas, coordination, core, cross-domain, dart-inspector, debugger, encoding, exploit-dev, extension-registry, graphql, instrumentation, maintenance, memory, mojo-ipc, native-bridge, native-emulator, network, platform, process, protocol-analysis, proxy, sourcemap, streaming, syscall-hook, trace, transform, v8-inspector, wasm, webgpu, workflow

  • Note: this snapshot is generated from the runtime registry; do not edit the counts by hand.

View the complete Tool Reference ↗

Project Stats

Activity

Install Server
A
license - permissive license
A
quality
B
maintenance

Maintenance

Maintainers
3hResponse time
Release cycle
Releases (12mo)
Commit activity
Issues opened vs closed

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/vmoranv/jshookmcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server