Skip to main content

A local-first CLI that measures what an MCP server costs and what it can do. Nothing leaves your machine.

Project description

mcpgawk by nativerse

Make MCP lean and honest.

mcpgawk

PyPI Python License CI No egress

A local-first command that measures what a Model Context Protocol server costs and what it can do. It runs on your machine and uploads nothing.

mcpgawk scanning an MCP server — tools, token cost, and capability flags, locally

Real output. Reproducible on your machine — no account, nothing uploaded.

Why

Connect an MCP server and it loads all its tools into your AI's context. Every request. Used or not. You pay for those tokens, and you haven't checked what the tools can do. mcpgawk shows you both, locally.

How it's different

  • vs. cloud scanners (e.g. Snyk/Invariant mcp-scan) — they upload your inventory to a server and gate the verdict. mcpgawk runs entirely on your machine; nothing is uploaded, ever.
  • vs. lazy-load gateways — they cut tokens but tell you nothing about the risk surface.
  • mcpgawk does both — cost and trust — locally, reproducibly, in one command.

Features

  • 🔌 Any transport — stdio, streamable-HTTP, SSE, and OAuth remotes (via the mcp-remote bridge).
  • 💸 Token cost index — exactly what each tool adds to your context at connect.
  • 🧾 Capability facts — write / exfil-capable / declared annotations, straight from the schema.
  • 📌 Integrity pin + drift — catch a server that silently rewrites its tools (--track).
  • 🚩 Bounded signals — injection-shaped descriptions, cross-server shadowing, under-declaring Server Cards — pointers for a human, never verdicts.
  • 🔒 Zero egress, by construction — the measurement layers import no network library. Enforced by a test.

Install

pip install mcpgawk        # or: uv tool install mcpgawk

Use

mcpgawk scan mcp.json                                              # a whole config
mcpgawk scan --stdio "npx -y @modelcontextprotocol/server-filesystem /tmp"
mcpgawk scan --http https://host/mcp --header "Authorization: Bearer $TOKEN"
mcpgawk scan --sse  https://host/sse
mcpgawk scan mcp.json --track                                     # record + detect rug-pulls over time
mcpgawk scan mcp.json --json                                      # machine-readable labels

What it reports

  • Cost index — tokens each tool adds at connect (named tokenizer; a comparable index, not an absolute Claude count).
  • Capability facts — write/mutating, exfil-capable, declared annotations.
  • Integrity pin — a hash that changes if the server silently rewrites its tools; --track turns it into rug-pull detection over time.
  • Bounded signals — precise, low-false-positive pointers for a human to review, never verdicts: injection-shaped descriptions (tools and prompts), cross-server name shadowing, and public Server Cards that under-declare what the server actually exposes.

Guarantees

  • No inventory egress. The only network is the protocol client talking to the server you point it at. The measurement layers import no network library — they cannot egress by construction (enforced by a test). Public Server Card discovery is fetched with no auth and no redirect-following.
  • Facts ≠ heuristics. Exact capability facts and the token index never mix with the bounded heuristic signals — separate in code, separate in output.
  • Reproducible. One command, identical numbers.
  • Tracks the protocol. Built on the official mcp SDK, which negotiates the protocol version.

Develop

uv run --extra dev --with mcp --with tiktoken --with httpx python -m pytest -q

Contributing

Issues and PRs welcome. Please read CONTRIBUTING.md first, and see the design boundaries in THREAT-MODEL.md. Security reports go through SECURITY.md (privately, not a public issue).

License

Apache-2.0 — see LICENSE. Part of the nativerse · gawk.dev family. The value is in the repo, not a cloud.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mcpgawk-0.1.2.tar.gz (630.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mcpgawk-0.1.2-py3-none-any.whl (24.5 kB view details)

Uploaded Python 3

File details

Details for the file mcpgawk-0.1.2.tar.gz.

File metadata

  • Download URL: mcpgawk-0.1.2.tar.gz
  • Upload date:
  • Size: 630.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for mcpgawk-0.1.2.tar.gz
Algorithm Hash digest
SHA256 4e973b6311933c1f48922b1cc38b3ee4bd03bf7e0e2e1dc6e14d396b96b7ea33
MD5 7496191d9e010cedbdf87b0d9e107667
BLAKE2b-256 01ae0a026c44119c0fc2a3b7ce97726a3b027debac3b08b7bd2a7de45f31d4ce

See more details on using hashes here.

File details

Details for the file mcpgawk-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: mcpgawk-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 24.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for mcpgawk-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 576138e27ffa15b7c79dc1f62030ccf9267ec8c04e62424b057870ffb7a69780
MD5 4ec33e677f575f5433f106d882d42751
BLAKE2b-256 f62bcff6bd14f24bb3b3f161a159f23b9e0b1e1a882c7e5b47a75e46a4cffcf6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page