Skip to main content

Vital signs for your MCP servers: health score, token cost, tool-confusion, migration readiness.

Project description

mcpvitals

Vital signs for your MCP servers. One command gives you a health score, plus the checks nobody else runs.

tests PyPI License: MIT by ContextJet.ai

[!NOTE] An audit of ~1,850 public MCP servers found 52% abandoned and only 17% production-ready, and a separate benchmark traced 56.7% of agent failures to tool misuse (wrong tool, bad arguments). Registries have no health signal, so a broken server looks identical to a good one. mcpvitals is the checkup.

60-second start

No install. Point it at any MCP server (a stdio command or an http url):

uvx mcpvitals check "npx -y @your/mcp-server"
mcp health: 40 (F)

  x MV020 [run_sql] tool 'run_sql' appears to contain a hard-coded secret
      -> never ship keys in tool metadata; use env vars
  x MV022 [run_sql] description contains model-directed instructions (poisoning surface)
      -> tool descriptions should describe, not instruct the model
  ! MV030 [run_sql] tool 'run_sql' costs ~410 tokens to expose
      -> trim the description/schema; it inflates every request
  ! MV040 tools 'get_user' and 'fetch_user' are 0.91 similar; agents may pick the wrong one
      -> differentiate names/descriptions or merge them
  i MV050 protocol 2025-03-26 predates the 2026-07-28 stateless spec

What it checks

Most linters stop at basic conformance. mcpvitals runs those, plus four things no other tool does:

Area What it catches
Conformance empty tool descriptions, duplicate tool names, malformed schemas
Reliability parameters with no required list, untyped params, error-path gaps
Security hygiene secrets in tool metadata, over-broad tools (run_sql, exec), model-directed instructions in descriptions (the tool-poisoning surface)
Token cost how many tokens each tool burns in the context window, and the total cost to connect the server
Tool confusion pairs of tools an agent will mix up, predicted from name/description overlap before it happens in production
Migration readiness what breaks under the 2026-07-28 stateless spec

Every check is a pure function scored deterministically. Run mcpvitals check --json for machine output.

Add the health badge to your README

mcpvitals emits a shareable badge so a good score is visible at a glance:

mcpvitals check "npx your-server" --badge badge.svg

Or use the shields.io endpoint output to keep it live.

Use it in CI

Gate your server on every push with the bundled GitHub Action:

- uses: ContextJet-ai/mcpvitals@v0
  with:
    target: "python -m your_server"
    strict: "true"   # fail the build on any error-level finding

Track and monitor (not just a one-shot check)

Pin a server's tools and get alerted when they change. This catches rug-pulls, where a server you already approved silently mutates a tool's schema or description after the fact:

mcpvitals watch "npx your-server"           # pins tools to mcp.lock
mcpvitals watch "npx your-server" --check    # re-run in CI; fails if a pinned tool changed

Probe a running server for live health (uptime and latency):

mcpvitals monitor "https://your-server/mcp" --count 5
# probe 1/5: up 210ms ... uptime 100.0%  avg 207ms

Why this exists

The MCP ecosystem grew faster than the tooling around it. There are thousands of servers and no standard way to tell whether one is any good, safe, or cheap to run. mcpvitals gives authors a one-command checkup before they publish, and gives everyone else a way to vet a server before they trust it.

Built by ContextJet.ai. MIT licensed. Contributions welcome, see CONTRIBUTING.md.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mcpvitals-0.1.0.tar.gz (27.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mcpvitals-0.1.0-py3-none-any.whl (14.5 kB view details)

Uploaded Python 3

File details

Details for the file mcpvitals-0.1.0.tar.gz.

File metadata

  • Download URL: mcpvitals-0.1.0.tar.gz
  • Upload date:
  • Size: 27.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for mcpvitals-0.1.0.tar.gz
Algorithm Hash digest
SHA256 05388ff2d048d6a96a6990f28cc0f57c9d82ae2baa3601ccf1c4d001590f2f20
MD5 3b9e9365078475b72ef0a69a61d48383
BLAKE2b-256 a0196bef05ab13b1e9c7c401a1394791c7ae42c200942bf237ec856dd27ac749

See more details on using hashes here.

Provenance

The following attestation bundles were made for mcpvitals-0.1.0.tar.gz:

Publisher: release.yml on ContextJet-ai/mcpvitals

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file mcpvitals-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: mcpvitals-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 14.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for mcpvitals-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 58d6c015e71266bd6a24251cb8098c6e772e43220c8f1410c8ac1647a278b4b6
MD5 12aab7ce389e9e767ef709fef7b27213
BLAKE2b-256 e998a7acc73c5c8d13e4fc25b0aa02b4789dfce6bd5c82370a7a908153859322

See more details on using hashes here.

Provenance

The following attestation bundles were made for mcpvitals-0.1.0-py3-none-any.whl:

Publisher: release.yml on ContextJet-ai/mcpvitals

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page