Labsco
realwigu logo

mcp-doctor

β˜… 1

from realwigu

Diagnose, secure, and benchmark your MCP servers

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeQuick setup

MIT License Node >= 18 npm npm downloads

mcp-doctor

Diagnose, secure, and benchmark your MCP servers.

Zero-config CLI that auto-discovers MCP server configs across Claude Code, Cursor, VS Code, Windsurf, and Claude Desktop β€” then tests connections, flags security issues, and benchmarks latency in seconds.

<p align="center"> <img src="assets/demo-doctor.svg" alt="mcp-doctor doctor" width="820"> </p>

Why?

MCP servers are becoming the backbone of AI-assisted development. But as you add more servers across more tools, things break silently:

  • Servers go down and you don't notice until a tool call fails mid-conversation
  • Secrets leak β€” API keys hardcoded in config files, tokens visible in process args
  • Slow servers drag down your entire AI workflow without you realizing it
  • Configs drift between tools β€” what works in Cursor might be broken in Claude Desktop

mcp-doctor gives you a single command to check everything, across every tool, in seconds.

Commands

CommandDescription
doctorRun all checks at once (scan + security + bench)
scanTest all MCP server connections
securityAudit configs for security issues
benchBenchmark server response times
serveRun as an MCP server (stdio transport)

All commands support --json for machine-readable output.

Runs scan, security, and bench in one go and prints a summary.

mcp-doctor doctor

# JSON output for CI/scripts
mcp-doctor doctor --json

scan β€” Test all MCP server connections

Discovers configs and verifies each server responds to a JSON-RPC handshake.

$ mcp-doctor scan

  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
  β”‚           mcp-doctor v0.3.0             β”‚
  β”‚   Diagnose Β· Secure Β· Benchmark         β”‚
  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

  βœ” Found 3 server(s)

  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
  β”‚ Server       β”‚ Source     β”‚ Status  β”‚
  β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
  β”‚ filesystem   β”‚ Claude     β”‚ βœ” OK    β”‚
  β”‚ postgres     β”‚ Cursor     β”‚ βœ” OK    β”‚
  β”‚ slack        β”‚ VS Code    β”‚ ✘ FAIL  β”‚
  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

security β€” Audit configs for security issues

Checks for leaked secrets, overly broad permissions, and risky command patterns.

$ mcp-doctor security

  ⚠  2 issues found

  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
  β”‚ Severity β”‚ Server   β”‚ Issue                         β”‚
  β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
  β”‚ HIGH     β”‚ postgres β”‚ Plaintext password in config  β”‚
  β”‚ MEDIUM   β”‚ slack    β”‚ Token visible in args         β”‚
  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

bench β€” Benchmark server response times

Measures JSON-RPC round-trip latency for every configured server.

$ mcp-doctor bench

  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”
  β”‚ Server       β”‚ Latency  β”‚ Rating β”‚
  β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€
  β”‚ filesystem   β”‚ 12ms     β”‚ fast   β”‚
  β”‚ postgres     β”‚ 87ms     β”‚ ok     β”‚
  β”‚ slack        β”‚ timeout  β”‚ β€”      β”‚
  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”˜

MCP Server Mode

mcp-doctor can also run as an MCP server itself, exposing scan, security, bench, and doctor as tools your AI assistant can call directly.

{
  "mcpServers": {
    "mcp-doctor": {
      "command": "npx",
      "args": ["@wigu/mcp-doctor"]
    }
  }
}

When invoked without arguments and stdin is piped, it automatically starts in server mode using stdio transport. You can also explicitly run:

mcp-doctor serve

This means your AI assistant can diagnose its own MCP infrastructure on demand.

GitHub Action

Use mcp-doctor in CI to catch broken servers and leaked secrets automatically:

- name: Check MCP servers
  uses: realwigu/mcp-doctor@main
  with:
    command: doctor
    fail-on-error: "true"

The action outputs JSON via ${{ steps.mcp-doctor.outputs.result }} for downstream processing.

JSON Output

All commands support --json for structured output β€” useful for CI pipelines, dashboards, or scripting:

mcp-doctor doctor --json | jq '.summary'
{
  "servers": 3,
  "healthy": 2,
  "securityIssues": 1,
  "avgLatencyMs": 45
}

Supported Tools

ToolConfig Auto-Detected
Claude Codeβœ…
Claude Desktopβœ…
Cursorβœ…
VS Codeβœ…
Windsurfβœ…

mcp-doctor reads each tool's config file from its standard location and merges all discovered servers into a single view.

What It Checks

  • Connection health β€” JSON-RPC initialize handshake against every server
  • Security issues β€” plaintext secrets, tokens in args, dangerous shell commands
  • Latency benchmarks β€” round-trip timing with fast / ok / slow ratings