Web tool
MCP Config Validator
Paste any MCP config JSON and get an instant report: format check, missing fields, empty API keys, bad URLs, and common security issues. Runs entirely in your browser.
Input (JSON)
Paste any MCP JSON config — Claude Desktop, VS Code, Zed, or a single server object. The validator checks structure, missing fields, empty API keys, and common security issues.
Results
← Paste a JSON config to validate it
What gets checked
🏗️
Structure
- Top-level key (mcpServers / servers / context_servers)
- Each server has command or url
- args is an array, env is an object
🔑
Missing API keys
- env vars with empty string values
- headers with empty Bearer tokens
- Highlights exactly which keys need to be filled in
🔒
Security
- Possible secrets hardcoded in args or env values
- HTTP URLs (should be HTTPS)
- IP-based endpoints
- Dangerous flags (--no-verify, --insecure)
📐
Format
- Detects Claude Desktop, VS Code, Zed formats
- Flags single-server objects missing a wrapper
- Warns about unrecognized extra fields
Config breaking after app updates?
MCPBolt manages your configs so they survive Claude Desktop, Cursor, and VS Code updates automatically. No more hunting for broken JSON paths.