mcp-tokens-action
Verified Safeby sd2k
Overview
Automates token usage analysis for Model Context Protocol (MCP) servers within GitHub CI/CD workflows, providing cost and complexity insights.
Installation
No command providedEnvironment Variables
- ANTHROPIC_API_KEY
- GITHUB_TOKEN
- MCP_TOKENS_PROVIDER
- MCP_TOKENS_MODEL
Security Notes
The `install.sh` script uses `curl ... | sh` to install the underlying `mcp-tokens` CLI, which can be a security risk as it executes a script directly without prior review. This is mitigated by pinning versions and implicitly trusting the `sd2k/mcp-tokens` repository. The action's core functionality involves executing a user-provided `command` within the CI environment, which is an expected feature but means the user is responsible for the security of the command they provide. No hardcoded secrets or direct `eval` calls were found within the action's scripts. GitHub API calls for comments are securely authenticated via `GITHUB_TOKEN`.
Similar Servers
git-mcp-server
A Model Context Protocol (MCP) server that provides Git-specific tools and resources for AI/LLM agents to interact with version control systems.
mcp-interviewer
A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.
ncp
NCP acts as a universal adapter and orchestrator for Model Context Protocol (MCP) servers and tools. It provides a unified interface for discovery, execution, and management of diverse tools (local CLI, HTTP APIs, internal plugins/Photons, AI skills) through natural language and structured code interaction, enabling AI agents to interact with the broader digital ecosystem.
mcp-audit
Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.