Kangraemin MITM Analysis (Claude Inspector)

• Entity ID: ent-20260423-r31a000000057
• Type: project
• Scope: private
• Status: active

Description

macOS desktop app ('Claude Inspector') built to intercept Claude Code's real-time API traffic. Key findings: CLAUDE.md is sent on every request, not just the first (as a system-reminder block on every turn's user message); MCP tools use lazy-loaded schemas while built-in tools ship full schemas every request; single screenshots add hundreds of KB via base64 encoding; skills vs commands handled fundamentally differently (local commands like /clear send only output; skills like /commit inject full prompt text that persists).

Key claims

• CLAUDE.md is re-injected on every request, not just the first
• Screenshots add hundreds of KB to the request via base64 encoding
• Skills vs commands are handled fundamentally differently
• MCP tools ship lazy schemas; built-in tools ship full schemas every request

Relations

• Kangraemin MITM Analysis (Claude Inspector) --[uses]--> Proxy Verification Methodology

Sources

src-20260423-542f02260352