Summary
This is a Swiss Army knife for JavaScript reverse engineering and browser automation. It ships 402 tools across 36 domains including Chrome DevTools Protocol integration, network interception with HTTP/2 frame building, WASM disassembly, Frida hooks, and LLM-powered deobfuscation. The search profile keeps token usage around 3K while full mode exposes the entire toolkit. Use it when you need to analyze obfuscated code, automate Chromium with anti-detection, intercept GraphQL traffic, or run memory forensics on JS runtimes. HTTP transport handles session recovery, and the runtime registry lets you hot-reload custom domains. Built for security audits and deep instrumentation work that goes beyond typical browser automation.
Install to Claude Code
verifiedclaude mcp add jshookmcp -- npx -y @jshookmcp/jshookRun in your terminal. Replace YOUR_* placeholders with real values; add --scope user to install for every project.
Review the command, arguments, and environment values before installing — MCP servers run with your local permissions.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Tools
Verified live against the running server on Jun 10, 2026.
verified live8 tools
search_toolsSearch 0 tools across 0 capability domains. This includes built-in tools plus any loaded plugin/workflow tools (0 currently loaded). In search-tier sessions, call this before assuming a capability is unavailable. Use activate_tools for exact matches, activate_domain for an ent...3 params
Search 0 tools across 0 capability domains. This includes built-in tools plus any loaded plugin/workflow tools (0 currently loaded). In search-tier sessions, call this before assuming a capability is unavailable. Use activate_tools for exact matches, activate_domain for an ent...
Parameters* required
query*stringBefore calling, distill your intent into 2-5 key concepts: what action, on what target, in which domain. Pass only those distilled keywords — not the original user request.
top_knumberMax results to return (default: 10, max: 30)
auto_activatebooleanAuto-activate found tools so they are immediately callable. Set false to only search without activating (default: true)
route_toolOne-stop tool router: accepts a natural language task description, returns recommended tools and next actions. Automatically detects workflow patterns, recommends activation order, and provides example arguments. Use this instead of search_tools when you want guided tool disco...2 params
One-stop tool router: accepts a natural language task description, returns recommended tools and next actions. Automatically detects workflow patterns, recommends activation order, and provides example arguments. Use this instead of search_tools when you want guided tool disco...
Parameters* required
task*stringNatural language description of the task you want to accomplish
contextobjectOptional context hints for routing
describe_toolGet detailed information about a specific tool, including its input schema. Use this to see the exact parameters a tool expects before calling it.1 params
Get detailed information about a specific tool, including its input schema. Use this to see the exact parameters a tool expects before calling it.
Parameters* required
name*stringTool name to describe
activate_toolsDynamically register specific tools by name, regardless of current base tier. Use after search_tools to enable exactly the tools you need. In search-tier sessions this is usually enough; you do not need boost_profile just to use a few exact tools. Activated tools appear in the...1 params
Dynamically register specific tools by name, regardless of current base tier. Use after search_tools to enable exactly the tools you need. In search-tier sessions this is usually enough; you do not need boost_profile just to use a few exact tools. Activated tools appear in the...
Parameters* required
names*valueArray of tool names to activate (from search_tools results). Also accepts a JSON stringified array for clients that serialize arrays as strings.
deactivate_toolsRemove previously activated tools to free context. Only affects tools added via activate_tools, not base profile tools.1 params
Remove previously activated tools to free context. Only affects tools added via activate_tools, not base profile tools.
Parameters* required
names*valueArray of tool names to deactivate
activate_domainActivate all tools in a domain at once. Domains: . Use reload_extensions first to include external plugin/workflow domains.2 params
Activate all tools in a domain at once. Domains: . Use reload_extensions first to include external plugin/workflow domains.
Parameters* required
domain*stringDomain name to activate (e.g. "debugger", "network")
ttlMinutesnumberAuto-deactivate after N minutes (default: 30, set 0 for no expiry)
call_toolExecute an already-active tool by name. Use this when activate_tools/activate_domain registered a tool but your client did not refresh its tool list. Does not auto-activate inactive tools.4 params
Execute an already-active tool by name. Use this when activate_tools/activate_domain registered a tool but your client did not refresh its tool list. Does not auto-activate inactive tools.
Parameters* required
argsobjectArguments object to pass to the tool
name*stringThe tool name to execute (from search_tools or describe_tool results)
argumentsstringAnother alternative: MCP clients that stringify the entire arguments wrapper. Carries the same nested {name, args/parameters} payload as a JSON string.
parametersstringAlternative: JSON-serialized arguments string. Some MCP clients serialize the nested arguments as a single stringified-JSON field.
coverage_reportReport which tools have been called in the current runtime and which known tools remain uncalled. Loads all domains first so the uncalled list reflects the full tool catalog, not just currently active tools.
Report which tools have been called in the current runtime and which known tools remain uncalled. Loads all domains first so the uncalled list reflects the full tool catalog, not just currently active tools.
No parameters — call it with no arguments.
@jshookmcp/jshook
English | 中文
An MCP server that gives AI agents 402 tools across 36 domains for JavaScript analysis and security research — browser automation, CDP debugging, network interception, JS hooks, LLM-powered code analysis, process/memory forensics, WASM reverse engineering, source-map reconstruction, AST transforms, and composite workflows in a single server.
Quick Links
🚀 Quick Start
No global install needed — add to your MCP client config and you're ready:
Claude Desktop / Cursor (claude_desktop_config.json):
{
"mcpServers": {
"jshook": {
"command": "npx",
"args": ["-y", "@jshookmcp/jshook@latest"],
"env": { "JSHOOK_BASE_PROFILE": "search" }
}
}
}
(Windows: use npx.cmd absolute path if npx is not found)
🌟 Highlights
- 🤖 AI-Driven Analysis — LLM-powered deobfuscation, crypto detection, AST comprehension
- ⚡ Search-First Context Efficiency —
searchprofile ≈ 3K tokens vsfull≈ 40K+ tokens - 🎯 Progressive Tiers —
search→workflow→full, activate on demand - 🌐 Full-Stack Browser Automation — Chromium/Camoufox + CDP + anti-detection + CAPTCHA handling
- 🔁 Runtime Recovery and Session Isolation — HTTP sessions restore activated domains, browser attach state, coverage state, and isolate browser-side session state per client
- 🧭 Schema-First Meta Tools —
describe_tool, validatedcall_tool, andcoverage_reportreduce parameter errors and make tool coverage visible - 📡 Network Interception — HTTP/2 frame building, MiTM capture, GraphQL, Burp Suite bridge
- 🛠️ Reverse Engineering Toolchain — WASM disassembly, binary analysis, Frida, Ghidra/IDA bridges
- 🧰 Process & Memory Forensics — Native FFI scanning, hardware breakpoints, PE introspection
- 🧩 Dynamic Extensibility — Hot-reload plugins, declarative workflows, auto-discovered domains
Recent Runtime Notes
- HTTP transport now multiplexes independent MCP sessions and restores runtime state after reconnects.
proxy_startauto-generates a local HTTPS interception CA when needed.- Browser CAPTCHA solving is now explicit-input driven: pass
taskKind,siteKey,imageBase64,callbackName, andresponseSelectoras needed. Built-in widget/page signature probing is intentionally not used.
Architecture
- Runtime Registry — Domains auto-discovered via
manifest.ts; add a domain by creating one file - Lazy Initialization — Handlers instantiated on first call, not at startup
- BM25 + Vector Search —
search_toolsmeta-tool with hybrid ranking and adaptive weights - MCP ToolAnnotations — Every tool carries
readOnlyHint/destructiveHint/idempotentHint/openWorldHint
Registry Snapshot
The built-in surface below is generated from the runtime registry and checked in CI.
- Package version:
0.3.3 - Built-in Tools:
489 - Domains:
adb-bridge,binary-instrument,boringssl-inspector,browser,canvas,coordination,core,cross-domain,dart-inspector,debugger,encoding,exploit-dev,extension-registry,graphql,instrumentation,maintenance,memory,mojo-ipc,native-emulator,network,platform,process,protocol-analysis,proxy,sourcemap,streaming,syscall-hook,trace,transform,v8-inspector,wasm,webgpu,workflow - Note: this snapshot is generated from the runtime registry; do not edit the counts by hand.
Project Stats
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Registryactive
Package@jshookmcp/jshook
TransportSTDIO
Resources40
Prompts2
Tools verifiedJun 10, 2026
UpdatedMay 3, 2026
