A local-first CLI that measures what an MCP server costs and what it can do. Nothing leaves your machine.
Project description
Make MCP lean and honest.
mcpgawk
A local-first command that measures what a Model Context Protocol server costs and what it can do. It runs on your machine and uploads nothing.
Real output. Reproducible on your machine — no account, nothing uploaded.
Why
Connect an MCP server and it loads all its tools into your AI's context. Every request. Used or not. You pay for those tokens, and you haven't checked what the tools can do. mcpgawk shows you both, locally.
How it's different
- vs. cloud scanners (e.g. Snyk/Invariant
mcp-scan) — they upload your inventory to a server and gate the verdict. mcpgawk runs entirely on your machine; nothing is uploaded, ever. - vs. lazy-load gateways — they cut tokens but tell you nothing about the risk surface.
- mcpgawk does both — cost and trust — locally, reproducibly, in one command.
Features
- 🔌 Any transport — stdio, streamable-HTTP, SSE, and OAuth remotes (via the
mcp-remotebridge). - 💸 Token cost index — exactly what each tool adds to your context at connect.
- 🧾 Capability facts — write / exfil-capable / declared annotations, straight from the schema.
- 📌 Integrity pin + drift — catch a server that silently rewrites its tools (
--track). - 🚩 Bounded signals — injection-shaped descriptions, cross-server shadowing, under-declaring Server Cards — pointers for a human, never verdicts.
- 🔒 Zero egress, by construction — the measurement layers import no network library. Enforced by a test.
Install
pip install mcpgawk # or: uv tool install mcpgawk
Use
mcpgawk scan mcp.json # a whole config
mcpgawk scan --stdio "npx -y @modelcontextprotocol/server-filesystem /tmp"
mcpgawk scan --http https://host/mcp --header "Authorization: Bearer $TOKEN"
mcpgawk scan --sse https://host/sse
mcpgawk scan mcp.json --track # record + detect rug-pulls over time
mcpgawk scan mcp.json --json # machine-readable labels
What it reports
- Cost index — tokens each tool adds at connect (named tokenizer; a comparable index, not an absolute Claude count).
- Capability facts — write/mutating, exfil-capable, declared annotations.
- Integrity pin — a hash that changes if the server silently rewrites its tools;
--trackturns it into rug-pull detection over time. - Bounded signals — precise, low-false-positive pointers for a human to review, never verdicts: injection-shaped descriptions (tools and prompts), cross-server name shadowing, and public Server Cards that under-declare what the server actually exposes.
Guarantees
- No inventory egress. The only network is the protocol client talking to the server you point it at. The measurement layers import no network library — they cannot egress by construction (enforced by a test). Public Server Card discovery is fetched with no auth and no redirect-following.
- Facts ≠ heuristics. Exact capability facts and the token index never mix with the bounded heuristic signals — separate in code, separate in output.
- Reproducible. One command, identical numbers.
- Tracks the protocol. Built on the official
mcpSDK, which negotiates the protocol version.
Develop
uv run --extra dev --with mcp --with tiktoken --with httpx python -m pytest -q
Contributing
Issues and PRs welcome. Please read CONTRIBUTING.md first, and see the design boundaries in THREAT-MODEL.md. Security reports go through SECURITY.md (privately, not a public issue).
License
Apache-2.0 — see LICENSE. Part of the nativerse · gawk.dev family. The value is in the repo, not a cloud.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcpgawk-0.1.2.tar.gz.
File metadata
- Download URL: mcpgawk-0.1.2.tar.gz
- Upload date:
- Size: 630.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4e973b6311933c1f48922b1cc38b3ee4bd03bf7e0e2e1dc6e14d396b96b7ea33
|
|
| MD5 |
7496191d9e010cedbdf87b0d9e107667
|
|
| BLAKE2b-256 |
01ae0a026c44119c0fc2a3b7ce97726a3b027debac3b08b7bd2a7de45f31d4ce
|
File details
Details for the file mcpgawk-0.1.2-py3-none-any.whl.
File metadata
- Download URL: mcpgawk-0.1.2-py3-none-any.whl
- Upload date:
- Size: 24.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
576138e27ffa15b7c79dc1f62030ccf9267ec8c04e62424b057870ffb7a69780
|
|
| MD5 |
4ec33e677f575f5433f106d882d42751
|
|
| BLAKE2b-256 |
f62bcff6bd14f24bb3b3f161a159f23b9e0b1e1a882c7e5b47a75e46a4cffcf6
|