
mcp-doctor
Diagnose, secure, and benchmark your MCP servers.
Zero-config CLI that auto-discovers MCP server configs across Claude Code, Cursor, VS Code, Windsurf, and Claude Desktop β then tests connections, flags security issues, and benchmarks latency in seconds.
<p align="center"> <img src="assets/demo-doctor.svg" alt="mcp-doctor doctor" width="820"> </p>Why?
MCP servers are becoming the backbone of AI-assisted development. But as you add more servers across more tools, things break silently:
- Servers go down and you don't notice until a tool call fails mid-conversation
- Secrets leak β API keys hardcoded in config files, tokens visible in process args
- Slow servers drag down your entire AI workflow without you realizing it
- Configs drift between tools β what works in Cursor might be broken in Claude Desktop
mcp-doctor gives you a single command to check everything, across every tool, in seconds.
Commands
| Command | Description |
|---|---|
doctor | Run all checks at once (scan + security + bench) |
scan | Test all MCP server connections |
security | Audit configs for security issues |
bench | Benchmark server response times |
serve | Run as an MCP server (stdio transport) |
All commands support --json for machine-readable output.
doctor β Full checkup (recommended)
Runs scan, security, and bench in one go and prints a summary.
mcp-doctor doctor
# JSON output for CI/scripts
mcp-doctor doctor --jsonscan β Test all MCP server connections
Discovers configs and verifies each server responds to a JSON-RPC handshake.
$ mcp-doctor scan
βββββββββββββββββββββββββββββββββββββββββββ
β mcp-doctor v0.3.0 β
β Diagnose Β· Secure Β· Benchmark β
βββββββββββββββββββββββββββββββββββββββββββ
β Found 3 server(s)
ββββββββββββββββ¬βββββββββββββ¬ββββββββββ
β Server β Source β Status β
ββββββββββββββββΌβββββββββββββΌββββββββββ€
β filesystem β Claude β β OK β
β postgres β Cursor β β OK β
β slack β VS Code β β FAIL β
ββββββββββββββββ΄βββββββββββββ΄ββββββββββsecurity β Audit configs for security issues
Checks for leaked secrets, overly broad permissions, and risky command patterns.
$ mcp-doctor security
β 2 issues found
ββββββββββββ¬βββββββββββ¬ββββββββββββββββββββββββββββββββ
β Severity β Server β Issue β
ββββββββββββΌβββββββββββΌββββββββββββββββββββββββββββββββ€
β HIGH β postgres β Plaintext password in config β
β MEDIUM β slack β Token visible in args β
ββββββββββββ΄βββββββββββ΄ββββββββββββββββββββββββββββββββbench β Benchmark server response times
Measures JSON-RPC round-trip latency for every configured server.
$ mcp-doctor bench
ββββββββββββββββ¬βββββββββββ¬βββββββββ
β Server β Latency β Rating β
ββββββββββββββββΌβββββββββββΌβββββββββ€
β filesystem β 12ms β fast β
β postgres β 87ms β ok β
β slack β timeout β β β
ββββββββββββββββ΄βββββββββββ΄βββββββββMCP Server Mode
mcp-doctor can also run as an MCP server itself, exposing scan, security, bench, and doctor as tools your AI assistant can call directly.
{
"mcpServers": {
"mcp-doctor": {
"command": "npx",
"args": ["@wigu/mcp-doctor"]
}
}
}When invoked without arguments and stdin is piped, it automatically starts in server mode using stdio transport. You can also explicitly run:
mcp-doctor serveThis means your AI assistant can diagnose its own MCP infrastructure on demand.
GitHub Action
Use mcp-doctor in CI to catch broken servers and leaked secrets automatically:
- name: Check MCP servers
uses: realwigu/mcp-doctor@main
with:
command: doctor
fail-on-error: "true"The action outputs JSON via ${{ steps.mcp-doctor.outputs.result }} for downstream processing.
JSON Output
All commands support --json for structured output β useful for CI pipelines, dashboards, or scripting:
mcp-doctor doctor --json | jq '.summary'{
"servers": 3,
"healthy": 2,
"securityIssues": 1,
"avgLatencyMs": 45
}Supported Tools
| Tool | Config Auto-Detected |
|---|---|
| Claude Code | β |
| Claude Desktop | β |
| Cursor | β |
| VS Code | β |
| Windsurf | β |
mcp-doctor reads each tool's config file from its standard location and merges all discovered servers into a single view.
What It Checks
- Connection health β JSON-RPC
initializehandshake against every server - Security issues β plaintext secrets, tokens in args, dangerous shell commands
- Latency benchmarks β round-trip timing with fast / ok / slow ratings
npx @wigu/mcp-doctor doctorQuick Start
npx @wigu/mcp-doctor doctorThat's it. No config needed β it finds your servers automatically.
Install
# Run directly (no install needed)
npx @wigu/mcp-doctor scan
# Or install globally
npm install -g @wigu/mcp-doctor
mcp-doctor scanRequires Node.js 18+.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
Licensed under MITβ you can use, modify, and redistribute it under that license's terms.