MCP Server Quality Checker

Five checks: (1) HTTP reachability via HEAD request, (2) MCP initialize JSON-RPC handshake, (3) tools/list — tool count and schema validity (name, description, inputSchema), (4) latency measurement, (5) agent-native manifest detection (.well-known/ai-plugin.json or x402). Each check contributes to the 0–100 quality score.

80+ is excellent — the server responds correctly to the full MCP handshake, exposes well-formed tools, and is fast. 60–79 is good. 40–59 means it works but has issues. Below 40 means the server is either unreachable or not implementing MCP correctly.

The Config Auditor checks your claude_desktop_config.json file for config errors (missing tokens, bad paths, security flags) — it never makes network requests and runs 100% in your browser. This tool probes a live server over the network and evaluates runtime quality.

We block all requests to private/reserved IP ranges (127.x, 10.x, 192.168.x, 172.16–31.x, etc.) to prevent SSRF attacks. Only public internet URLs can be probed. We also set strict timeouts and do not follow cross-origin redirects.

We send protocolVersion: "2024-11-05" in the initialize request — the current stable MCP spec. Servers advertising newer or older versions will still pass as long as they return a valid JSON-RPC response.

This free tool does not support auth headers. If your server requires a Bearer token or API key, the initialize check will fail (likely returning 401). Authenticated probing is on the roadmap for our paid quality registry.

POST to https://hatchloop.dev/tools/mcp-check/api/probe with {"url": "https://your-server/mcp"}. Returns the full JSON report including score, checks, and reasons. Rate limit: reasonable use, no bulk scanning.