How to audit your mcp.json and see what your agent can actually do
Short answer: paste your mcp.json into a blast-radius scan. It lists every tool your agent can call, grouped by what the tool can do, read, write, delete, or send data off your machine, and flags which contracts are unpinned and free to change. Most people have never seen that picture of their own setup.
Why the config alone is not enough
Your mcp.json lists the servers you connected, not what their tools can do. The capability lives in each tool's declared schema and annotations. A scan reads those and classifies each tool by action type, side effect, reversibility, and whether it sends data off your machine, so you can see the irreversible and data-egressing tools at a glance.
What to look for
- Tools that can take irreversible actions (delete, execute, charge). These are the ones to be deliberate about.
- Tools that send data off your machine. An agent with one of these plus a data-reading tool is an exfiltration path.
- Unpinned contracts. Every tool in a fresh setup is unpinned, meaning nothing is watching it for change. That is a state, not a finding, but it is the gap a drift gate closes.
Is it safe to paste my mcp.json somewhere?
Only if it is parsed in your browser and never uploaded. Your mcp.json holds tokens. The scan runs entirely client-side: the file is read locally, nothing is sent to a server, and secret values are masked from display.
See it
Run the blast-radius scan on your own mcp.json. To keep watching those contracts over time, the drift gate pins each one and holds the call when it changes.
- How do I see what my AI agent can actually do with my MCP tools?
- Paste your mcp.json into a blast-radius scan. It lists every tool grouped by action type (read, write, delete, send data off your machine), reversibility, and which contracts are unpinned, so you can see at a glance which tools can take irreversible or data-exfiltrating actions.
- Is it safe to paste my mcp.json into an online tool?
- Only if it is parsed in your browser and never uploaded, because your mcp.json contains access tokens. mcpindex's scan runs entirely client-side: the file is read locally, nothing is sent to a server, and secret values are masked from display.
- What does it mean that an MCP tool contract is unpinned?
- It means nothing is watching that tool for change. In a fresh setup every tool is unpinned, so a server could redefine what a tool does and your agent would call it with the old assumptions. Pinning the contract and diffing it on later calls is what closes that gap.