SilentFail
Your MCP servers are failing. You just don't know it yet.
Every tool you connect costs tokens before you even type. Broken servers fail silently. SilentFail finds out — health checks, token audits, security scanning, all in one scan.
The problem
You connect MCP servers to Claude, Cursor, VS Code. They break — no logs, no warnings, no clue which one is slow, dead, or eating your entire context window.
Every connected server has a token cost. Claude reads all tool schemas before your conversation even starts. Five servers with 20+ tools can burn 5,000+ tokens just sitting there. And if one of those servers has a malicious tool description with a prompt injection? You'd never know.
What SilentFail does
Discover | Finds all MCP configs across Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, and project-level files |
Connect | Spawns each server, measures startup time, lists all tools |
Test | Calls each tool with smart inferred parameters to verify it actually works |
Audit | Calculates exact token cost per server and per tool |
Detect | Finds tool name conflicts across servers |
Scan | 50+ security patterns — prompt injection, data exfiltration, dangerous commands, encoded payloads |
Report | Clear, actionable output in CLI, chat, or visual dashboard |
Quick start
git clone https://github.com/decksaga/silentfail.git
cd silentfail
npm install
npm run buildSilentFail works in two modes: MCP Server (Claude scans itself) or CLI (you run it from the terminal).
Mode 1: MCP Server (recommended)
Add SilentFail to your Claude Desktop config and let Claude diagnose its own setup.
claude_desktop_config.json
{
"mcpServers": {
"silentfail": {
"command": "node",
"args": ["/absolute/path/to/silentfail/dist/server.js"]
}
}
}OS | Path |
Windows |
|
macOS |
|
Linux |
|
Then restart Claude Desktop and ask:
"Scan my MCP servers"
Claude calls the scan tool, gets the full diagnostic report, and presents it in whatever language you used. On first use, it asks if you want results in chat or the visual web dashboard. It remembers your preference.
Tools exposed
Tool | Description |
| Full diagnostic: health, tokens, conflicts, security, recommendations. Set |
| Run scan + open interactive web dashboard on |
Mode 2: CLI
Run it directly from the terminal for quick diagnostics or CI integration.
silentfail # Quick health check
silentfail --test # Full scan + call each tool to verify
silentfail --dashboard # Open visual web dashboard
silentfail --json # JSON output for scripts/CI
silentfail --help # All optionsTo use silentfail as a global command:
npm linkExample output
SilentFail — Scan Report
──────────────────────────────────────────────────
OVERVIEW
──────────────────────────────────────────────────
Configs found: 3 (Claude Desktop, Claude Code, Cursor)
Servers: 4 healthy, 1 failed
Total tools: 23
Schema tokens: ~4,812 (consumed before you type anything)
Conflicts: 1
Scan time: 6204ms
market-pulse OK
Response: 412ms
Tokens: ~651 (8 tools, ~81 per tool)
Tools:
get_price (110 tok) passed
get_stock_price (94 tok) passed
get_market_summary (69 tok) passed
broken-server ERROR
Error: Script not found: /old/path/server.js
TOKEN BUDGET
──────────────────────────────────────────────────
browser-tools ████████████░░░░░░░░ 2,340 tok (49%)
file-system ██████░░░░░░░░░░░░░░ 1,180 tok (25%)
market-pulse ███░░░░░░░░░░░░░░░░░ 651 tok (14%)
SECURITY SCAN
──────────────────────────────────────────────────
Risk level: CLEAN
Scanned: 4 server(s), 23 tool(s)
No security issues detected.
RECOMMENDATIONS
──────────────────────────────────────────────────
[broken-server] Server is broken: Script not found.
Fix the configuration or remove this server.
[browser-tools] Heavy schema cost: ~2,340 tokens for 12 tools.
Consider if you use all 12. Each unused tool wastes context.
[market-pulse] Healthy and efficient. 8 tools, ~651 tokens.Smart tool testing
SilentFail doesn't just check if servers respond — it calls each tool.
It reads the schema, infers valid test inputs (AAPL for stocks, USD/EUR for forex, bitcoin for crypto), calls the tool, and categorizes the result:
Result | Meaning |
Passed | Tool works, returned data |
Broken | Runtime error — tool is dead |
Rejected | Tool works but rejected the test input (validation is working correctly) |
Skipped | Couldn't infer safe params — manual test recommended |
Timeout | Took too long to respond |
If it says broken, it's broken. No false positives.
Security scanning
Every scan automatically checks all server configs and tool schemas against 50+ patterns:
Category | Examples |
Prompt injection |
|
Data exfiltration | Suspicious URLs, POST requests, webhook endpoints, base64-encode-then-send |
Dangerous commands |
|
Sensitive env vars | AWS keys, API tokens, database credentials in server configs |
Encoded payloads | Base64, hex, unicode, HTML entities hiding malicious content |
SECURITY SCAN
──────────────────────────────────────────────────
Risk level: CRITICAL
Scanned: 3 server(s), 15 tool(s)
[CRITICAL] shady-server -> execute_query
Tells the model to ignore previous instructions
Evidence: "ignore all previous instructions and..."
Remove this server immediately.Token budget explained
Every MCP tool you connect has a JSON schema that Claude reads before your conversation starts. This is invisible — there's no UI for it, no warning.
SilentFail measures the exact token cost of each server and each tool, so you can see:
Which servers cost the most context
Which tools are worth keeping
Where you're wasting tokens on tools you never use
A clean setup with low token overhead means more context for your actual work.
Visual dashboard
Run with --dashboard (CLI) or ask Claude to open_silentfail_dashboard (MCP mode) to get an interactive web UI:
Server health cards with status indicators
Token budget visualization with gradient bars
Per-tool test results with pass/fail badges
Security findings with severity levels
Language toggle (English / Español)
Served on localhost:3777. Dark theme. No external dependencies.
Supported clients
SilentFail auto-discovers configs from all major MCP clients:
Client | Config path |
Claude Desktop |
|
Claude Code |
|
Cursor |
|
VS Code |
|
Windsurf |
|
Project-level |
|
Architecture
Discovery Connect Test Tools Security Report
┌─────────────┐ ┌──────────────┐ ┌───────────────┐ ┌──────────────┐ ┌──────────────┐
│ Find configs │──>│ Spawn each │─>│ Infer params │>│ 50+ patterns │─>│ CLI output │
│ across all │ │ MCP server │ │ from schema │ │ Injection, │ │ MCP report │
│ clients │ │ via stdio │ │ Call & verify │ │ exfil, etc. │ │ Dashboard │
└─────────────┘ └──────────────┘ └───────────────┘ └──────────────┘ └──────────────┘Key files:
src/
discovery.ts — Config auto-detection across all clients
scanner.ts — Server connection, tool listing, testing
security.ts — Pattern-based security analysis (50+ rules)
server.ts — MCP server mode (Claude Desktop integration)
dashboard.ts — Web dashboard with i18n (EN/ES)
index.ts — CLI entry point
types.ts — TypeScript interfacesFAQ
No. When running as an MCP server, SilentFail automatically excludes itself from the scan to avoid recursion.
Yes. SilentFail only calls tools with read-only, minimal test inputs (stock tickers, currency codes). It never sends destructive operations. If it can't infer safe params, it skips the tool.
Yes. Use silentfail --test --json for machine-readable output. Parse the JSON for automated checks.
Node 18 or higher. Uses ES modules and the MCP SDK.
License
MIT — do whatever you want with it.
Built by @decksaga
Stop guessing. Start scanning.
This server cannot be installed
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/decksaga/silentfail'
If you have feedback or need assistance with the MCP directory API, please join our Discord server