dr-mcp is a local-first MCP audit and cleanup tool. It scans Model Context Protocol configs for coding agents, finds stale, duplicated, risky, abandoned, and context-heavy MCP servers, and creates reversible patch plans.

Can dr-mcp reduce MCP context window usage?

dr-mcp ranks MCP servers by estimated tool load and context weight so developers can remove heavy servers from projects that do not need them.

Which MCP clients does dr-mcp support?

dr-mcp scans MCP configs for Claude Desktop, Claude Code, Codex, Cursor, Windsurf, GitHub Copilot, VS Code, VS Code Insiders, Cline, Roo Code, Continue, Zed, and project .mcp.json files.

Local-first MCP audit and cleanup

dr-mcp cleans the MCP servers your coding agent loads every day.

Scan Claude Code, Codex, Cursor, VS Code, Windsurf, GitHub Copilot, Cline, Roo Code, Continue, Zed, and project .mcp.json files. Find stale servers, abandoned packages, unused installs, context-heavy tools, risky permissions, and major upgrades before they waste context or trigger unwanted tool calls.

Audit One report for global and project MCP configs.

Analyze Context weight, tool count, version drift, and maintenance risk.

Clean Reversible patch plans with backups. No silent deletes.

Copy the first scan

npx @inferensys/dr-mcp cleanup

dr-mcp cleanup --registry --track-usage

MCP health report        74/100

Configs found: 9
Enabled servers: 18
Estimated loaded tools: 171
Context risk: high

Context space
github        ████████████ 80 tools
browser       █████░░░░░░░ 25 tools
slack         ████░░░░░░░░ 20 tools
postgres      ██░░░░░░░░░░ 10 tools

Abandoned / quiet
remove? old-docs-mcp    archived repo
review  linear-helper   no push in 421 days

Unused / long-lived
review  figma-mcp       seen 7 scans, 93 days
review  browser        heavy for this repo

Upgrade drift
major   github-mcp     0.8.1 -> 1.4.0
major   browser-mcp    1.2.0 -> 2.0.3

Patch plans
  upgrade-stale-packages
  remove-abandoned-servers
  remove-long-lived-servers
  remove-heavy-context-servers

Scan is read-only. Apply plans only after review.

What is dr-mcp?

An MCP scanner for clean, fast, predictable agent sessions.

dr-mcp is a local-first Model Context Protocol audit tool. It reads your MCP client configs, normalizes every server into one report, scores the setup, explains the risks, and creates safe cleanup plans you can apply after review.

It is built for developers and teams who use agentic coding every day and do not want stale MCP servers, broad permissions, duplicate tools, or oversized context windows quietly following them from project to project.

4 Score categories: reliability, security, context hygiene, maintainability.

13+ MCP client targets across Claude, Codex, Cursor, VS Code, Windsurf, and more.

0 Config writes during scan. Cleanup only happens through explicit patch plans.

1 Shareable Markdown, HTML, or JSON report for the whole MCP setup.

Audit, clean, analyze

The problems dr-mcp looks for before they become agent friction.

MCP cleanup is not only about deleting old entries. It is configuration hygiene for tool-calling agents: fewer irrelevant tools, cleaner permissions, better package freshness, and less context-window pressure.

Abandoned MCP packages

Checks npm metadata and GitHub repository activity so archived, missing, quiet, or likely abandoned MCP packages are visible before you keep relying on them.

Unused and forgotten installs

Optional local install-history tracking highlights MCP servers that keep showing up across scans. It helps you decide what still belongs in a daily coding setup.

Context-heavy servers

Ranks MCPs by estimated tool cardinality, so high-surface servers such as GitHub, browser automation, Slack, Jira, and filesystem tools do not load everywhere by habit.

Major upgrades pending

Compares pinned package versions against npm dist-tags.latest, classifies semantic version drift, and separates major upgrades from minor or patch updates.

Risky permissions and secrets

Flags broad filesystem access, inline secret-looking values, token-shaped command args, broken environment references, and configs that should move secrets out of plain text.

Broken launch paths

Finds missing commands, dead local paths, unsupported transports, invalid config syntax, duplicate server names, and package entries stuck on latest or no version.

How the scan works

A simple pipeline for MCP configuration hygiene.

Discover

Walk known global and project config paths for Claude, Codex, Cursor, VS Code, Windsurf, Copilot, Cline, Roo Code, Continue, Zed, and plain MCP files.

Parse

Read JSON, JSONC-style settings, TOML, and YAML where each client stores MCP server definitions.

Normalize

Map mcpServers, servers, context_servers, command args, transports, env, URLs, and package refs into one internal server model.

Score

Run static diagnostics, package freshness checks, repository maintenance heuristics, context-weight estimates, and redaction passes.

Plan

Generate explicit patch plans with JSON Pointer targets, idempotent operations, timestamped backups, and diffs before anything changes.

Technical signals

Readable for humans, specific enough for technical review.

The report uses practical static analysis and dependency metadata instead of vague cleanup language. A developer can see what was checked, why it matters, and what action is being proposed.

Signal	Method	Why it matters
Context weight	Tool cardinality estimation and server-category heuristics	Large MCP tool surfaces can add selection noise and push useful project context out of the prompt.
Version drift	Semver classification against npm `dist-tags.latest`	Old MCP packages may miss security fixes, protocol changes, or compatibility updates.
Maintenance risk	GitHub archive status, `pushed_at` recency, missing package metadata, and repository activity buckets	Archived and abandoned MCPs are more likely to break as clients, SDKs, and APIs change.
Security hygiene	Secret-key pattern detection, token-shaped value checks, env reference validation, and broad filesystem path checks	MCP configs often sit in plain files. Secrets and broad local access should be intentional, not accidental.
Config reliability	Parser diagnostics, PATH checks, local file existence checks, transport validation, and duplicate-name detection	Broken MCP entries waste startup time and create hard-to-debug client behavior.
Patch safety	Explicit operations, diff output, backups, idempotence, and no auto-install or uninstall in v1	Cleanup should be reviewable. The tool should not make hidden package or config decisions for you.

What cleanup can mean

Not every finding should be deleted. dr-mcp separates review from repair.

Safe repair plans

Remove duplicate servers, dead entries, abandoned packages, heavy context servers, or long-lived review candidates only after a named plan is selected.

Upgrade proposals

Generate package update plans for stale MCP refs, including major upgrades that should be reviewed before applying.

Redacted reporting

Export Markdown, HTML, or JSON reports with home paths, emails, tokens, secrets, and private GitHub repo URLs redacted by default.

For solo developers Keep per-project MCP setups small enough for fast, focused agent sessions.
For teams Review MCP permissions and package freshness before a shared config spreads across repos.
For security reviews Find broad filesystem mounts, inline tokens, and broken env references in one report.
For agent reliability Reduce duplicate tools, dead launch commands, and stale packages that create avoidable tool-call failures.

Supported clients

Scans the MCP configs agentic coders actually collect.

dr-mcp covers global and project-level config files across the major coding agents, editors, and MCP-compatible developer tools.

Claude Desktop json

Claude Code / cc json

OpenAI Codex toml

Cursor json

Windsurf json

GitHub Copilot json

VS Code json

VS Code Insiders json

Cline json

Roo Code json

Continue yaml

Zed json

Install

Start with one scan. Delete nothing until you approve it.

The first command gives you a redacted cleanup report. Add --registry for package freshness and repository maintenance checks. Add --track-usage when you want local install-history signals for long-lived MCPs.

Run it as a CLI when you want a quick report, or add it as an MCP server when you want dr_mcp_scan and dr_mcp_cleanup inside Claude Code, Codex, Cursor, Windsurf, VS Code, GitHub Copilot, or another MCP client.

# Quick local cleanup scan
npx @inferensys/dr-mcp cleanup

# JSON for scripts, audits, or CI
npx @inferensys/dr-mcp scan --workspace . --json --registry

# Shareable report
npx @inferensys/dr-mcp report --workspace . --format html > dr-mcp-report.html

# Run as an MCP server
npx @inferensys/dr-mcp server

# Add to Codex
codex mcp add dr-mcp -- npx -y @inferensys/dr-mcp server

# Add to Claude Code
claude mcp add dr-mcp -- npx -y @inferensys/dr-mcp server

# In your agent session
dr_mcp_scan
dr_mcp_cleanup
/dr-mcp scan

FAQ

Common questions about MCP cleanup.

Is dr-mcp safe to run?

Yes. A scan is read-only and local-first. dr-mcp only writes when you explicitly apply a patch plan, and patch application creates timestamped backups.

Does dr-mcp delete MCP servers automatically?

No. It shows cleanup candidates and produces named plans. You choose whether to apply a plan after reviewing the exact operations.

Can it find abandoned MCP servers?

Yes, when registry checks are enabled. dr-mcp checks package metadata and GitHub repository activity for archived, missing, quiet, or abandoned MCP packages.

Can it reduce context window pressure?

It identifies MCP servers with heavy estimated tool loads. That gives you a practical list of candidates to remove from projects where those tools are not needed.

Does it require internet access?

No for local config scans. Internet access is only needed when you enable registry checks for npm latest versions, package metadata, official registry matching, and repository activity.

Who is dr-mcp for?

Developers, staff engineers, platform teams, and CTOs who use coding agents daily and want MCP setups that are fast, reviewable, and easy to maintain across projects.