mcp-audit
Verified Safeby ariefalabbasi
Overview
Analyzes and tracks token usage, costs, and efficiency of AI coding sessions across multiple CLI platforms (Claude Code, Codex CLI, Gemini CLI, Ollama CLI).
Installation
mcp-audit collect --platform gemini-cliEnvironment Variables
- HF_TOKEN
- MCP_AUDIT_THEME
- MCP_AUDIT_ASCII
- NO_COLOR
Security Notes
The tool makes external network requests to LiteLLM's public pricing API and HuggingFace/GitHub for tokenizer downloads. These are standard and widely used public services. Critical security measures like tarball member validation (`_validate_tarball_member`) are implemented to prevent path traversal attacks during asset extraction. `subprocess` calls are used to interact with `git`, `defaults`, and `codex` commands, and appear to be used defensively within the application's intended scope. No hardcoded secrets were found; HuggingFace authentication relies on environment variables or explicit arguments.
Similar Servers
octocode-mcp
The Octocode Research server enables AI agents to perform expert code forensics and deep-dive research across local filesystems (LSP, ripgrep, file I/O) and external GitHub repositories (code search, repo structure, pull requests, package search). It's optimized for architectural analysis, pattern discovery, and implementation planning.
responsible-vibe-mcp
Manages conversation state and guides LLM coding agents through structured software development workflows with long-term project memory and multi-agent collaboration.
CodeMCP
Provides deep code intelligence (symbol navigation, impact analysis, architecture maps, ownership, risk assessment) to AI assistants, CLI, and HTTP API.
codebase-context
Provides AI coding agents with real-time, context-rich insights into a codebase's patterns, libraries, architecture, and conventions to improve code generation quality and alignment with team standards.