Linter for MCP (Model Context Protocol) config files used by Claude Desktop, Cursor, Cline, Windsurf, and Zed. CLI + library API.
Project description
mcp-config-check
A small Python linter for Model Context Protocol config files used by Claude Desktop, Cursor, Cline, Windsurf, and Zed.
It catches common footguns before you start a broken MCP server:
- missing or conflicting transport (no
commandand nourl, or both set) - malformed
command/args/envshapes - hardcoded API keys in
envorargs(Anthropic, OpenAI, AWS, GitHub, Stripe, Slack, Google, HuggingFace, and more) - placeholder values left in (
"<your-api-key>","replace-me", etc.) - URLs with embedded credentials (
https://user:pass@...) - auth headers sent over plain HTTP
autoApprove: ["*"]/alwaysAllow: ["*"]wildcards that silently disable tool confirmation- case-insensitive duplicate server names
- unknown fields in a server entry
Supports both the Claude/Cursor/Cline/Windsurf shape (mcpServers) and the Zed shape (context_servers).
Install
pip install mcp-config-check
Usage
mcp-config-check path/to/mcp.json
Multiple files:
mcp-config-check ~/Library/Application\ Support/Claude/claude_desktop_config.json ~/.cursor/mcp.json
Only show errors (no OK lines, no warnings):
mcp-config-check --quiet path/to/mcp.json
Exit status: 0 on no errors, 1 on any errors.
Use as a library
from mcp_config_check import validate_config_file
result = validate_config_file("path/to/mcp.json")
if not result.ok:
for issue in result.errors:
print(issue.code, issue.server, issue.message)
Issue codes
| Code | Severity | Meaning |
|---|---|---|
| E000 | error | file-level problem (missing, empty, not JSON, wrong root shape) |
| E001 | error | server has no transport (command or url required) |
| E002 | error | server declares both command and url |
| E003 | error | command is not a non-empty string |
| E004 | error | args is not an array of strings |
| E005 | error | hardcoded secret detected in args |
| E006 | error | env is not a string-valued object |
| E007 | error | hardcoded secret detected in env value |
| E008 | error | env value is an obvious placeholder |
| E020 | error | url is invalid or has a non-http(s) scheme |
| E021 | error | url has embedded credentials |
| E022 | error | Authorization header sent over plain HTTP |
| E030 | error | no mcpServers or context_servers container found |
| E031 | error | case-insensitive duplicate server name |
| E100 | error | autoApprove / alwaysAllow contains "*" |
| W030 | warning | server container is empty |
| W900 | warning | unknown field on a server entry |
Development
pip install -e '.[dev]'
pytest
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_config_check-0.1.0.tar.gz.
File metadata
- Download URL: mcp_config_check-0.1.0.tar.gz
- Upload date:
- Size: 8.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e8e92826f8f64e140dc142604ca43c75757972b2fcd24b10273dd17205fef9fa
|
|
| MD5 |
0e6ef14e010d24e80e21e554fc0299fe
|
|
| BLAKE2b-256 |
5158d0e5e98a0f44d7973464d4dbc6c038f15fc6fa55c878666694c5afa84cdf
|
File details
Details for the file mcp_config_check-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mcp_config_check-0.1.0-py3-none-any.whl
- Upload date:
- Size: 8.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60e7683107dd297f7bbf6913a26945243d7e115cf291a1c0f406671360f801b4
|
|
| MD5 |
14a53706a465212969af915fb4dba725
|
|
| BLAKE2b-256 |
ec60d75b16078b593755dc357c192b410c81e2c2272df6e4da476778d94edc85
|
