mcp-audit
Audit connected MCP servers for token overhead, redundancy, and security. Use when sessions feel slow or before adding new MCPs.
Best use case
mcp-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Audit connected MCP servers for token overhead, redundancy, and security. Use when sessions feel slow or before adding new MCPs.
Teams using mcp-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/mcp-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How mcp-audit Compares
| Feature / Agent | mcp-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Audit connected MCP servers for token overhead, redundancy, and security. Use when sessions feel slow or before adding new MCPs.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# MCP Audit
Analyze MCP server overhead and recommend cleanup.
## Trigger
Use when:
- Sessions feel slow or expensive
- Adding a new MCP server
- Context fills up quickly
- Reviewing project configuration
## Key Insight
Each MCP server adds ALL its tool descriptions to every API request. A server with 20 tools adds ~2K-4K tokens per request, regardless of whether you use those tools.
## Audit Steps
### Step 1: List Active Servers
Check all MCP configurations:
```bash
cat .claude/settings.json 2>/dev/null | grep -A 50 "mcpServers"
cat ~/.claude/settings.json 2>/dev/null | grep -A 50 "mcpServers"
```
### Step 2: Count Tools Per Server
For each server, estimate token overhead:
- 1-5 tools: ~200-500 tokens (low overhead)
- 6-15 tools: ~500-1500 tokens (moderate)
- 16-30 tools: ~1500-3000 tokens (high)
- 30+ tools: ~3000+ tokens (excessive — consider tool filtering)
### Step 3: Check Usage
Questions to ask:
- Which servers were actually used this session?
- Which servers haven't been used in 7+ days?
- Are there servers with overlapping functionality?
- Are there servers only needed for specific tasks?
### Step 4: Recommend Actions
**Disable** servers that:
- Haven't been used in 7+ days
- Overlap with another active server
- Are project-specific but you're in a different project
**Keep** servers that:
- Are used every session (filesystem, git)
- Provide unique capabilities needed for current work
- Have low tool count (<5 tools)
## Output
```text
MCP AUDIT
Active servers: [N]
Total tools: [N]
Estimated overhead: ~[N]K tokens per request
Server Analysis:
[name] — [N] tools, ~[N] tokens
Status: KEEP / DISABLE / REVIEW
Reason: [why]
Recommendations:
Disable: [list]
Keep: [list]
Review: [list]
Projected savings: ~[N]K tokens per request (~$X.XX per session)
```
## Thresholds
- Total servers: <10 (ideal), 10-15 (monitor), >15 (reduce)
- Total tools: <80 (ideal), 80-120 (monitor), >120 (reduce)
- Per-server: <15 tools (ok), 15-30 (filter), >30 (split or disable)
## Rules
- Never disable servers without user confirmation
- Estimate token savings for each recommendation
- Consider task context — a server might be unused today but critical tomorrow
- Check for `disabledMcpjsonServers` to avoid re-recommending already-disabled serversRelated Skills
wrap-up
End-of-session ritual that audits changes, runs quality checks, captures learnings, and produces a session summary. Use when saying "wrap up", "done for the day", "finish coding", or ending a coding session.
thoroughness-scoring
Score every decision point with a Thoroughness Rating (1-10). AI makes the marginal cost of doing things properly near-zero — pick the higher-rated option every time. Includes scope checks to distinguish contained vs unbounded work.
sprint-status
Track parallel work sessions and prevent confusion across multiple Claude Code instances. Every major step ends with a status line. Every question re-states project, branch, and task.
smart-commit
Run quality gates, review staged changes for issues, and create a well-crafted conventional commit. Use when saying "commit", "git commit", "save my changes", or ready to commit after making changes.
session-handoff
Generate a structured handoff document capturing current progress, open tasks, key decisions, and context needed to resume work. Use when ending a session, saying "continue later", "save progress", "session summary", or "pick up where I left off".
safe-mode
Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
replay-learnings
Surface past learnings relevant to the current task before starting work. Searches correction history, recalls past mistakes, and applies prior patterns. Use when starting a task, saying "what do I know about", "previous mistakes", "lessons learned", or "remind me about".
pro-workflow
Complete AI coding workflow system. Orchestration patterns, 18 hook events, 5 agents, cross-agent support, reference guides, and searchable learnings. Works with Claude Code, Cursor, and 32+ agents.
permission-tuner
Analyze permission denial patterns and generate optimized alwaysAllow and alwaysDeny rules. Use when permission prompts are slowing you down or after sessions with many denials.
parallel-worktrees
Create and manage git worktrees for parallel coding sessions with zero dead time. Use when blocked on tests, builds, wanting to work on multiple branches, context switching, or exploring multiple approaches simultaneously.
orchestrate
Wire Commands, Agents, and Skills together for complex features. Use when building features that need research, planning, and implementation phases.
llm-gate
LLM-powered quality verification using prompt hooks. Validates commit messages, code patterns, and conventions using AI before allowing operations. Use to set up intelligent guardrails.