PDF Action Inspector

PDF Action Inspector – An MCP Server for PDF Security Analysis

The PDF Action Inspector addresses a critical gap in AI‑enabled document security workflows: the ability to programmatically interrogate embedded JavaScript actions within PDF files. PDFs can contain a variety of executable actions—such as form scripts, document open/close handlers, or annotation triggers—that may be leveraged for malicious purposes. Traditional PDF parsers expose raw data streams but leave the extraction of actionable metadata to custom tooling. This MCP server bridges that divide, offering a structured, machine‑readable interface that AI assistants can consume directly to flag or analyze potential threats.

At its core, the server implements a three‑layer architecture. The Core Inspector Layer performs the heavy lifting: it parses PDFs using PyPDF2, walks through each document element (pages, annotations, form fields), and extracts all defined actions. The output is a set of native Python dictionaries and lists, ensuring minimal overhead when the data is later serialized. The MCP Tools Layer translates these structures into JSON strings that adhere to the Model Context Protocol, handling input validation and error reporting so that AI clients receive clean, consistent responses. Finally, the FastMCP Framework Layer manages network communication and protocol handling, exposing the tools as remote services that can be invoked from any MCP‑compatible client, such as Claude or other AI assistants.

The server ships with a suite of ready‑to‑use tools tailored for security analysts and researchers. produces a prompt that summarizes all extracted actions, highlighting suspicious patterns and recommending further investigation. gives developers raw access to every action object, while and provide high‑level metadata and annotation contexts. For more granular queries, tools like enable fuzzy matching of form fields, and retrieves the textual content associated with a specific page. Together, these utilities allow AI assistants to answer questions such as “Which JavaScript actions are triggered on document open?” or “Does this PDF contain any hidden form fields that execute code?”

In real‑world scenarios, the PDF Action Inspector becomes indispensable for incident response teams, compliance auditors, and security researchers. By integrating it into an AI workflow, analysts can ask natural‑language questions about a PDF’s behavior and receive instant, structured answers without writing custom parsing scripts. For example, an AI assistant could ingest a suspicious file, invoke , and present a concise risk assessment to the analyst. Similarly, developers building secure PDF generators can use during testing to ensure no unintended scripts are embedded.

What sets this MCP server apart is its seamless blend of performance and usability. The three‑layer design guarantees that the computationally intensive parsing remains isolated from protocol handling, reducing latency for AI clients. Moreover, by exposing high‑level analysis tools alongside raw extraction functions, the server caters to both quick threat assessments and deep forensic investigations. Its open‑source nature and compatibility with FastMCP make it easy to deploy in existing AI ecosystems, empowering developers and security professionals alike to elevate their PDF analysis capabilities.