mcp-quality-gate

[](https://www.npmjs.com/package/mcp-quality-gate) [](https://github.com/bhvbhushan/mcp-quality-gate/blob/main/LICENSE) [](https://www.typescriptlang.org/) [](https://nodejs.org/) [](https://github.com/bhvbhushan/mcp-quality-gate/actions/workflows/ci.yml)

Quality gate for MCP servers. Like npm audit for packages, but for Model Context Protocol servers.

When an LLM connects to your MCP server, it trusts whatever you expose. Bad tool schemas mean bad tool calls. Missing descriptions mean the model guesses. 50+ tools flood the context window. Leaked environment variables expose secrets. mcp-quality-gate catches all of this in one command.

npx mcp-quality-gate validate "npx -y @modelcontextprotocol/server-filesystem /tmp"

One command. Four dimensions. 0-100 score.

mcp-quality-gate scores every MCP server across four dimensions:

| Dimension | Weight | What It Checks | Why It Matters | |-----------|:------:|----------------|----------------| | Compliance | 40 pts | Protocol conformance — init, tool listing, tool calls, resources, prompts, error handling | A server that doesn't follow the spec breaks every client | | Quality | 25 pts | Parameter descriptions, description length, deprecated tools, duplicate schemas, schema consistency | LLMs need good descriptions to make correct tool calls. 72% undocumented params = 72% guesswork | | Security | 20 pts | Environment variable exposure, code execution surfaces, destructive operations without warnings | Tools run with user permissions. A get-env tool leaks every secret on the machine | | **Effi