MCP Doctor

AI agents are no longer limited to chat — they read files, run commands, query databases, and modify systems through MCP servers.

That power creates a basic visibility problem: which servers are configured here, what tools do they expose, and which ones can read secrets, escape the project, or hit the network?

MCP Doctor answers those questions in one local command. No telemetry. No account. No SaaS.

• Which MCP servers are configured on this machine or project?
• What tools do those servers expose?
• Can they read or write files outside the project?
• Can they execute shell commands?
• Are secrets exposed via environment variables?
• Are packages pinned and installed safely?

One command. No account. No telemetry.

1# scan default config locations — no install
2npx @agentopssec/mcp-doctor scan
3 
4# or install globally
5npm install -g @agentopssec/mcp-doctor
6mcp-doctor scan --config ~/.config/claude/claude_desktop_config.json
7 
8# JSON for CI
9mcp-doctor scan --json --output latest-scan.json

Every tool maps to one or more categories. Use them in your policy to allow, warn, or block.

Generate a baseline policy with mcp-doctor init-policy. Tune it per project.

1{
2  "rules": {
3    "filesystem.write": "warn",
4    "filesystem.home_access": "block",
5    "shell.exec": "warn",
6    "network.external": "warn",
7    "github.write": "warn",
8    "email.send": "block",
9    "calendar.write": "warn"
10  }
11}

Stable, versioned shape — drop it into your dashboards or fail builds on it.

1{
2  "summary": {
3    "serversFound": 7,
4    "score": "C+",
5    "highestRisk": "high"
6  },
7  "findings": [{
8    "server": "filesystem",
9    "category": "filesystem",
10    "risk": "high",
11    "issue": "Broad filesystem access"
12  }]
13}