Vital signs for your MCP servers: health score, token cost, tool-confusion, migration readiness.
Project description
mcpvitals
Vital signs for your MCP servers. One command gives you a health score, plus the checks nobody else runs.
[!NOTE] An audit of ~1,850 public MCP servers found 52% abandoned and only 17% production-ready, and a separate benchmark traced 56.7% of agent failures to tool misuse (wrong tool, bad arguments). Registries have no health signal, so a broken server looks identical to a good one.
mcpvitalsis the checkup.
60-second start
No install. Point it at any MCP server (a stdio command or an http url):
uvx mcpvitals check "npx -y @your/mcp-server"
mcp health: 40 (F)
x MV020 [run_sql] tool 'run_sql' appears to contain a hard-coded secret
-> never ship keys in tool metadata; use env vars
x MV022 [run_sql] description contains model-directed instructions (poisoning surface)
-> tool descriptions should describe, not instruct the model
! MV030 [run_sql] tool 'run_sql' costs ~410 tokens to expose
-> trim the description/schema; it inflates every request
! MV040 tools 'get_user' and 'fetch_user' are 0.91 similar; agents may pick the wrong one
-> differentiate names/descriptions or merge them
i MV050 protocol 2025-03-26 predates the 2026-07-28 stateless spec
What it checks
Most linters stop at basic conformance. mcpvitals runs those, plus four things no other tool does:
| Area | What it catches |
|---|---|
| Conformance | empty tool descriptions, duplicate tool names, malformed schemas |
| Reliability | parameters with no required list, untyped params, error-path gaps |
| Security hygiene | secrets in tool metadata, over-broad tools (run_sql, exec), model-directed instructions in descriptions (the tool-poisoning surface) |
| Token cost | how many tokens each tool burns in the context window, and the total cost to connect the server |
| Tool confusion | pairs of tools an agent will mix up, predicted from name/description overlap before it happens in production |
| Migration readiness | what breaks under the 2026-07-28 stateless spec |
Every check is a pure function scored deterministically. Run mcpvitals check --json for machine output.
Add the health badge to your README
mcpvitals emits a shareable badge so a good score is visible at a glance:
mcpvitals check "npx your-server" --badge badge.svg
Or use the shields.io endpoint output to keep it live.
Use it in CI
Gate your server on every push with the bundled GitHub Action:
- uses: ContextJet-ai/mcpvitals@v0
with:
target: "python -m your_server"
strict: "true" # fail the build on any error-level finding
Track and monitor (not just a one-shot check)
Pin a server's tools and get alerted when they change. This catches rug-pulls, where a server you already approved silently mutates a tool's schema or description after the fact:
mcpvitals watch "npx your-server" # pins tools to mcp.lock
mcpvitals watch "npx your-server" --check # re-run in CI; fails if a pinned tool changed
Probe a running server for live health (uptime and latency):
mcpvitals monitor "https://your-server/mcp" --count 5
# probe 1/5: up 210ms ... uptime 100.0% avg 207ms
Why this exists
The MCP ecosystem grew faster than the tooling around it. There are thousands of servers and no standard way to tell whether one is any good, safe, or cheap to run. mcpvitals gives authors a one-command checkup before they publish, and gives everyone else a way to vet a server before they trust it.
Built by ContextJet.ai. MIT licensed. Contributions welcome, see CONTRIBUTING.md.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcpvitals-0.1.0.tar.gz.
File metadata
- Download URL: mcpvitals-0.1.0.tar.gz
- Upload date:
- Size: 27.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
05388ff2d048d6a96a6990f28cc0f57c9d82ae2baa3601ccf1c4d001590f2f20
|
|
| MD5 |
3b9e9365078475b72ef0a69a61d48383
|
|
| BLAKE2b-256 |
a0196bef05ab13b1e9c7c401a1394791c7ae42c200942bf237ec856dd27ac749
|
Provenance
The following attestation bundles were made for mcpvitals-0.1.0.tar.gz:
Publisher:
release.yml on ContextJet-ai/mcpvitals
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mcpvitals-0.1.0.tar.gz -
Subject digest:
05388ff2d048d6a96a6990f28cc0f57c9d82ae2baa3601ccf1c4d001590f2f20 - Sigstore transparency entry: 2082833597
- Sigstore integration time:
-
Permalink:
ContextJet-ai/mcpvitals@4103d1ca3afb68edd345d0f2e26a2a8fc83bb78d -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/ContextJet-ai
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@4103d1ca3afb68edd345d0f2e26a2a8fc83bb78d -
Trigger Event:
push
-
Statement type:
File details
Details for the file mcpvitals-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mcpvitals-0.1.0-py3-none-any.whl
- Upload date:
- Size: 14.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
58d6c015e71266bd6a24251cb8098c6e772e43220c8f1410c8ac1647a278b4b6
|
|
| MD5 |
12aab7ce389e9e767ef709fef7b27213
|
|
| BLAKE2b-256 |
e998a7acc73c5c8d13e4fc25b0aa02b4789dfce6bd5c82370a7a908153859322
|
Provenance
The following attestation bundles were made for mcpvitals-0.1.0-py3-none-any.whl:
Publisher:
release.yml on ContextJet-ai/mcpvitals
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mcpvitals-0.1.0-py3-none-any.whl -
Subject digest:
58d6c015e71266bd6a24251cb8098c6e772e43220c8f1410c8ac1647a278b4b6 - Sigstore transparency entry: 2082833943
- Sigstore integration time:
-
Permalink:
ContextJet-ai/mcpvitals@4103d1ca3afb68edd345d0f2e26a2a8fc83bb78d -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/ContextJet-ai
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@4103d1ca3afb68edd345d0f2e26a2a8fc83bb78d -
Trigger Event:
push
-
Statement type: