Free and open-source

The health check your
MCP servers need.

50+ automated compliance checks against the official MCP specification. Get a grade, fix what matters, ship with confidence.

Install free — npx mcpdoctor Learn more

mcpdoctor test my-server --transport stdio

Running 52 compliance checks...

✓ initialize handshake 12ms

✓ tool discovery 8ms

✓ resource listing 15ms

✓ prompt templates 6ms

✗ error handling (timeout) 5003ms

✓ cancellation support 22ms

──────────────────────────────────

Score: 94/100 (A)

51 passed · 1 failed · 0 skipped

The ecosystem

MCP is production infrastructure.

Not a toy protocol. The largest companies in tech are building on it.

97M+

SDK downloads / month

TS + Python, Mar 2026

16,000+

Public MCP servers

Up from 714 in Jan 2025

66%

Have security findings

Unit42, 2026

30+

CVEs in 2 months

Jan-Feb 2026

MCP is supported natively in every major AI development tool.

VS Code + Copilot Cursor Claude Code JetBrains IDEs Windsurf Cline Continue.dev Docker Desktop

What it does

Five things no other tool does.

Compliance, performance, monitoring, security, and CI/CD. One tool.

Compliance testing

50+ automated checks against the official MCP spec. Handshake, tools, resources, prompts, error handling. A-F grading with category breakdown.

Performance benchmarking

Latency percentiles (p50, p95, p99), concurrent connection testing, throughput measurement. Know exactly how your server performs under load.

Real-time monitoring

Transparent proxy between client and server. Logs every tool call, resource access, and prompt. Alerts on error spikes before your users notice.

Security scanning

Prompt injection detection, auth bypass testing, unsafe tool definition analysis. OWASP Top 10 for agentic applications, fully automated.

CI/CD integration

GitHub Actions and GitLab CI support. Fail builds on compliance regression. Add a grade badge to your README. Ship every PR with confidence.

Open methodology

Every check is open-source on GitHub. See exactly what your score means. Fork it. Audit it. Contribute. Transparency is how trust is built.

CI/CD ready

Three lines in your pipeline.

Add MCP Doctor to any CI pipeline. Fail the build if your server drops below an A. No more shipping broken protocol implementations.

mcp doctorA+ · 98

mcp doctorB · 82

mcp doctorF · 34

        name: MCP Doctor

        on: [push, pull_request]

        jobs:

          test:

            runs-on: ubuntu-latest

            steps:

              - uses: actions/checkout@v4

              - uses: mcpdoctor/action@v1

                with:

                  command: node server.js

                  min-score: 90 # fail below A

The problem

MCP servers are under attack. Most aren't ready.

Real vulnerabilities. Real breaches. The ecosystem is growing faster than its security practices.

Postmark MCP backdoor

Compromised npm package BCC'd all outgoing emails to attacker-controlled addresses.

Supabase Cursor exploit

SQL injection via support ticket, processed by AI agent. Exfiltrated tokens through the tool chain.

mcp-remote RCE (CVE-2025-6514)

Malicious OAuth endpoint allowed remote code execution on developer machines.

Why trust the grade

Open. Spec-aligned. Verifiable.

We don't make the rules. We automate the ones the MCP spec already defines.

Open source

Every check is on GitHub. Fork, audit, contribute.

Spec-aligned

Tests map to the official MCP specification, governed by the AAIF.

Free forever

Core compliance scanning is free. Always. No account required.

Practitioners

We build and ship MCP servers ourselves. We test what we know.

Get started

Test your MCP server in 10 seconds.

No signup. No API key. Just run the command.

$ Terminal
npx mcpdoctor test "node my-server.js"
# Or test any MCP server command:
npx mcpdoctor test "npx @smara/mcp-server"
# Install globally:
npm install -g mcpdoctor

View on GitHub npm package

The health check yourMCP servers need.