realwigu/mcp-doctor
RPC handshake, audits security issues, and benchmarks latency. Also runs as an MCP server itself.
Ask AI about realwigu/mcp-doctor
Powered by Claude Β· Grounded in docs
I know everything about realwigu/mcp-doctor. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
mcp-doctor
Diagnose, secure, and benchmark your MCP servers.
Zero-config CLI that auto-discovers MCP server configs across Claude Code, Cursor, VS Code, Windsurf, and Claude Desktop β then tests connections, flags security issues, and benchmarks latency in seconds.
Why?
MCP servers are becoming the backbone of AI-assisted development. But as you add more servers across more tools, things break silently:
- Servers go down and you don't notice until a tool call fails mid-conversation
- Secrets leak β API keys hardcoded in config files, tokens visible in process args
- Slow servers drag down your entire AI workflow without you realizing it
- Configs drift between tools β what works in Cursor might be broken in Claude Desktop
mcp-doctor gives you a single command to check everything, across every tool, in seconds.
Quick Start
npx @wigu/mcp-doctor doctor
That's it. No config needed β it finds your servers automatically.
Commands
| Command | Description |
|---|---|
doctor | Run all checks at once (scan + security + bench) |
scan | Test all MCP server connections |
security | Audit configs for security issues |
bench | Benchmark server response times |
serve | Run as an MCP server (stdio transport) |
All commands support --json for machine-readable output.
doctor β Full checkup (recommended)
Runs scan, security, and bench in one go and prints a summary.
mcp-doctor doctor
# JSON output for CI/scripts
mcp-doctor doctor --json
scan β Test all MCP server connections
Discovers configs and verifies each server responds to a JSON-RPC handshake.
$ mcp-doctor scan
βββββββββββββββββββββββββββββββββββββββββββ
β mcp-doctor v0.3.0 β
β Diagnose Β· Secure Β· Benchmark β
βββββββββββββββββββββββββββββββββββββββββββ
β Found 3 server(s)
ββββββββββββββββ¬βββββββββββββ¬ββββββββββ
β Server β Source β Status β
ββββββββββββββββΌβββββββββββββΌββββββββββ€
β filesystem β Claude β β OK β
β postgres β Cursor β β OK β
β slack β VS Code β β FAIL β
ββββββββββββββββ΄βββββββββββββ΄ββββββββββ
security β Audit configs for security issues
Checks for leaked secrets, overly broad permissions, and risky command patterns.
$ mcp-doctor security
β 2 issues found
ββββββββββββ¬βββββββββββ¬ββββββββββββββββββββββββββββββββ
β Severity β Server β Issue β
ββββββββββββΌβββββββββββΌββββββββββββββββββββββββββββββββ€
β HIGH β postgres β Plaintext password in config β
β MEDIUM β slack β Token visible in args β
ββββββββββββ΄βββββββββββ΄ββββββββββββββββββββββββββββββββ
bench β Benchmark server response times
Measures JSON-RPC round-trip latency for every configured server.
$ mcp-doctor bench
ββββββββββββββββ¬βββββββββββ¬βββββββββ
β Server β Latency β Rating β
ββββββββββββββββΌβββββββββββΌβββββββββ€
β filesystem β 12ms β fast β
β postgres β 87ms β ok β
β slack β timeout β β β
ββββββββββββββββ΄βββββββββββ΄βββββββββ
MCP Server Mode
mcp-doctor can also run as an MCP server itself, exposing scan, security, bench, and doctor as tools your AI assistant can call directly.
{
"mcpServers": {
"mcp-doctor": {
"command": "npx",
"args": ["@wigu/mcp-doctor"]
}
}
}
When invoked without arguments and stdin is piped, it automatically starts in server mode using stdio transport. You can also explicitly run:
mcp-doctor serve
This means your AI assistant can diagnose its own MCP infrastructure on demand.
GitHub Action
Use mcp-doctor in CI to catch broken servers and leaked secrets automatically:
- name: Check MCP servers
uses: realwigu/mcp-doctor@main
with:
command: doctor
fail-on-error: "true"
The action outputs JSON via ${{ steps.mcp-doctor.outputs.result }} for downstream processing.
JSON Output
All commands support --json for structured output β useful for CI pipelines, dashboards, or scripting:
mcp-doctor doctor --json | jq '.summary'
{
"servers": 3,
"healthy": 2,
"securityIssues": 1,
"avgLatencyMs": 45
}
Supported Tools
| Tool | Config Auto-Detected |
|---|---|
| Claude Code | β |
| Claude Desktop | β |
| Cursor | β |
| VS Code | β |
| Windsurf | β |
mcp-doctor reads each tool's config file from its standard location and merges all discovered servers into a single view.
What It Checks
- Connection health β JSON-RPC
initializehandshake against every server - Security issues β plaintext secrets, tokens in args, dangerous shell commands
- Latency benchmarks β round-trip timing with fast / ok / slow ratings
Install
# Run directly (no install needed)
npx @wigu/mcp-doctor scan
# Or install globally
npm install -g @wigu/mcp-doctor
mcp-doctor scan
Requires Node.js 18+.
Contributing
Contributions are welcome! Open an issue or submit a pull request.
- Fork the repo
- Create a feature branch (
git checkout -b my-feature) - Commit your changes
- Open a PR