mcp-doctor
Diagnose, secure, and benchmark your MCP servers
mcp-doctor
Diagnose, secure, and benchmark your MCP servers.
Zero-config CLI that auto-discovers MCP server configs across Claude Code, Cursor, VS Code, Windsurf, and Claude Desktop — then tests connections, flags security issues, and benchmarks latency in seconds.
Why?
MCP servers are becoming the backbone of AI-assisted development. But as you add more servers across more tools, things break silently:
- Servers go down and you don't notice until a tool call fails mid-conversation
- Secrets leak — API keys hardcoded in config files, tokens visible in process args
- Slow servers drag down your entire AI workflow without you realizing it
- Configs drift between tools — what works in Cursor might be broken in Claude Desktop
mcp-doctor gives you a single command to check everything, across every tool, in seconds.
Quick Start
npx @wigu/mcp-doctor doctor
That's it. No config needed — it finds your servers automatically.
Commands
| Command | Description |
|---|---|
doctor | Run all checks at once (scan + security + bench) |
scan | Test all MCP server connections |
security | Audit configs for security issues |
bench | Benchmark server response times |
serve | Run as an MCP server (stdio transport) |
All commands support --json for machine-readable output.
doctor — Full checkup (recommended)
Runs scan, security, and bench in one go and prints a summary.
mcp-doctor doctor
# JSON output for CI/scripts
mcp-doctor doctor --json
scan — Test all MCP server connections
Discovers configs and verifies each server responds to a JSON-RPC handshake.
$ mcp-doctor scan
┌─────────────────────────────────────────┐
│ mcp-doctor v0.3.0 │
│ Diagnose · Secure · Benchmark │
└─────────────────────────────────────────┘
✔ Found 3 server(s)
┌──────────────┬────────────┬─────────┐
│ Server │ Source │ Status │
├──────────────┼────────────┼─────────┤
│ filesystem │ Claude │ ✔ OK │
│ postgres │ Cursor │ ✔ OK │
│ slack │ VS Code │ ✘ FAIL │
└──────────────┴────────────┴─────────┘
security — Audit configs for security issues
Checks for leaked secrets, overly broad permissions, and risky command patterns.
$ mcp-doctor security
⚠ 2 issues found
┌──────────┬──────────┬───────────────────────────────┐
│ Severity │ Server │ Issue │
├──────────┼──────────┼───────────────────────────────┤
│ HIGH │ postgres │ Plaintext password in config │
│ MEDIUM │ slack │ Token visible in args │
└──────────┴──────────┴───────────────────────────────┘
bench — Benchmark server response times
Measures JSON-RPC round-trip latency for every configured server.
$ mcp-doctor bench
┌──────────────┬──────────┬────────┐
│ Server │ Latency │ Rating │
├──────────────┼──────────┼────────┤
│ filesystem │ 12ms │ fast │
│ postgres │ 87ms │ ok │
│ slack │ timeout │ — │
└──────────────┴──────────┴────────┘
MCP Server Mode
mcp-doctor can also run as an MCP server itself, exposing scan, security, bench, and doctor as tools your AI assistant can call directly.
{
"mcpServers": {
"mcp-doctor": {
"command": "npx",
"args": ["@wigu/mcp-doctor"]
}
}
}
When invoked without arguments and stdin is piped, it automatically starts in server mode using stdio transport. You can also explicitly run:
mcp-doctor serve
This means your AI assistant can diagnose its own MCP infrastructure on demand.
GitHub Action
Use mcp-doctor in CI to catch broken servers and leaked secrets automatically:
- name: Check MCP servers
uses: realwigu/mcp-doctor@main
with:
command: doctor
fail-on-error: "true"
The action outputs JSON via ${{ steps.mcp-doctor.outputs.result }} for downstream processing.
JSON Output
All commands support --json for structured output — useful for CI pipelines, dashboards, or scripting:
mcp-doctor doctor --json | jq '.summary'
{
"servers": 3,
"healthy": 2,
"securityIssues": 1,
"avgLatencyMs": 45
}
Supported Tools
| Tool | Config Auto-Detected |
|---|---|
| Claude Code | ✅ |
| Claude Desktop | ✅ |
| Cursor | ✅ |
| VS Code | ✅ |
| Windsurf | ✅ |
mcp-doctor reads each tool's config file from its standard location and merges all discovered servers into a single view.
What It Checks
- Connection health — JSON-RPC
initializehandshake against every server - Security issues — plaintext secrets, tokens in args, dangerous shell commands
- Latency benchmarks — round-trip timing with fast / ok / slow ratings
Install
# Run directly (no install needed)
npx @wigu/mcp-doctor scan
# Or install globally
npm install -g @wigu/mcp-doctor
mcp-doctor scan
Requires Node.js 18+.
Contributing
Contributions are welcome! Open an issue or submit a pull request.
- Fork the repo
- Create a feature branch (
git checkout -b my-feature) - Commit your changes
- Open a PR
License
Related Servers
Scout Monitoring MCP
sponsorPut performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
sponsorAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Databutton
An MCP server for initial app planning and creating a good starting point for an app.
Atla
Enable AI agents to interact with the Atla API for state-of-the-art LLMJ evaluation.
ThousandEyes MCP Server
ThousandEyes Network Performance Monitoring MCP Server
Terraform MCP
A command-line tool that acts as an MCP server to interact with Terraform environments.
Gemini MCP Tool
A server for integrating with the Google Gemini CLI to perform AI-powered tasks.
Roblox Studio MCP Server
Provides AI assistants with comprehensive access to Roblox Studio projects for exploration, script analysis, debugging, and bulk editing.
Maven Package README MCP Server
Search for and retrieve detailed information, including READMEs and metadata, for Maven packages from Maven Central.
Agile Planner MCP Server
An AI-powered server for generating agile artifacts like backlogs, features, and user stories.
Geo Location Demo
Retrieves user geolocation information using EdgeOne Pages Functions and integrates it with large language models via MCP.
Sandbox MCP Server
Provides isolated Docker environments for secure code execution.