Free and open-source

The health check your
MCP servers need.

50+ automated compliance checks against the official MCP specification. Get a grade, fix what matters, ship with confidence.

Join the waitlist Learn more
mcpdoctor test my-server --transport stdio
Running 52 compliance checks...
✓ initialize handshake 12ms
✓ tool discovery 8ms
✓ resource listing 15ms
✓ prompt templates 6ms
✗ error handling (timeout) 5003ms
✓ cancellation support 22ms
──────────────────────────────────
Score: 94/100 (A)
51 passed · 1 failed · 0 skipped

The ecosystem

MCP is production infrastructure.

Not a toy protocol. The largest companies in tech are building on it.

97M+
SDK downloads / month
TS + Python, Mar 2026
16,000+
Public MCP servers
Up from 714 in Jan 2025
66%
Have security findings
Unit42, 2026
30+
CVEs in 2 months
Jan-Feb 2026

MCP is supported natively in every major AI development tool.

VS Code + Copilot Cursor Claude Code JetBrains IDEs Windsurf Cline Continue.dev Docker Desktop

What it does

Five things no other tool does.

Compliance, performance, monitoring, security, and CI/CD. One tool.

Compliance testing

50+ automated checks against the official MCP spec. Handshake, tools, resources, prompts, error handling. A-F grading with category breakdown.

Performance benchmarking

Latency percentiles (p50, p95, p99), concurrent connection testing, throughput measurement. Know exactly how your server performs under load.

Real-time monitoring

Transparent proxy between client and server. Logs every tool call, resource access, and prompt. Alerts on error spikes before your users notice.

Security scanning

Prompt injection detection, auth bypass testing, unsafe tool definition analysis. OWASP Top 10 for agentic applications, fully automated.

CI/CD integration

GitHub Actions and GitLab CI support. Fail builds on compliance regression. Add a grade badge to your README. Ship every PR with confidence.

Open methodology

Every check is open-source on GitHub. See exactly what your score means. Fork it. Audit it. Contribute. Transparency is how trust is built.

CI/CD ready

Three lines in your pipeline.

Add MCP Doctor to any CI pipeline. Fail the build if your server drops below an A. No more shipping broken protocol implementations.

mcp doctorA+ · 98
mcp doctorB · 82
mcp doctorF · 34
name: MCP Doctor
on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: mcpdoctor/action@v1
        with:
          command: node server.js
          min-score: 90 # fail below A

The problem

MCP servers are under attack. Most aren't ready.

Real vulnerabilities. Real breaches. The ecosystem is growing faster than its security practices.

Postmark MCP backdoor

Compromised npm package BCC'd all outgoing emails to attacker-controlled addresses.

Supabase Cursor exploit

SQL injection via support ticket, processed by AI agent. Exfiltrated tokens through the tool chain.

mcp-remote RCE (CVE-2025-6514)

Malicious OAuth endpoint allowed remote code execution on developer machines.

Why trust the grade

Open. Spec-aligned. Verifiable.

We don't make the rules. We automate the ones the MCP spec already defines.

Open source

Every check is on GitHub. Fork, audit, contribute.

Spec-aligned

Tests map to the official MCP specification, governed by the AAIF.

Free forever

Core compliance scanning is free. Always. No account required.

Practitioners

We build and ship MCP servers ourselves. We test what we know.

Pricing

Free to scan. Pro when you need it.

Free
$0 forever

For every MCP server builder.

  • 50+ compliance checks
  • A-F grading
  • README badge
  • CLI + GitHub Action
  • Unlimited scans
Join waitlist
Pro
Coming soon

For teams in production.

  • Everything in Free
  • Real-time monitoring
  • Performance benchmarks
  • Alerts (Slack, email, webhook)
  • Log retention + dashboard
Coming soon
Enterprise
Coming soon

For platform and security teams.

  • Everything in Pro
  • Security scanning
  • Custom rules
  • SSO + audit logs
  • Unlimited servers
Coming soon

Early access

Get notified when we launch.

We're building in the open. Join the waitlist for early access.

You're on the list. We'll be in touch.

0 on the waitlist