The token tax of MCP

gawk at an MCP server before you trust it.

Connect an MCP server and it loads every tool into your AI's context. Every message. Used or not. You pay for those tokens, and you haven't checked what the tools can do. mcpgawk shows you both. Locally.

local · nothing uploaded · reproducible · Apache-2.0

$ mcpgawk scan mcp.json LOCAL
cli-stdio  proto=2025-11-25
14 tools  2061 tok@connect
·write_file  131 tok · write, destructive-declared
·fetch_url  120 tok · exfil-capable
TOTAL  14 tools · 2061 tok · 4 flagged

nothing uploaded · reproduce it yourself

What we measured

The two most-installed dev-tool MCPs add 35,600 tokens to every request.

That's a quarter of your context window, spent before you ask anything. And it's each tool's weight that drives it, not how many: 20 tools can cost 6.5× more than 23.

ServerToolsTokens at connect
Heaviest dev-tool MCP2023,085
The most-installed MCP4412,511
Cloudflare233,570
Exa2520

Measured locally. Heavy servers anonymised; lean ones named.

It also costs accuracy

More tools. Worse answers.

Past a long tool list, the model picks the wrong tool more often. One study measured 13.6% correct, 43.1% once trimmed. Lean servers exist. It's a choice.

Measure your own

One command. Nothing leaves your machine.

It talks only to the server you point it at. Nothing is uploaded, ever.

terminal
# install
pip install mcpgawk

# scan your whole MCP config
mcpgawk scan mcp.json

# or a single server / remote
mcpgawk scan --http https://host/mcp
mcpgawk scan mcp.json --track  # detect rug-pulls