Now live · Vouqis v1

Score any MCP server
before your agent trusts it.

10 deterministic JSON-RPC probes. 0–100 trust score. CI/CD gate. No LLM calls. Results in 30 seconds.

$ npm install -g @vouqis/cli
Get Pro for $9/mo — Lock in launch price →

Free for single audits · No account needed · Cancel anytime

71%
Median MCP tool call success rate
1 in 3 tool calls fails silently
18%
5-tool chain end-to-end success
Compounding unreliability at 71% per tool
30s
Time to your first trust score
No account, no config, no SDK changes
Live Audit

Real audit. Real server. 92/100.

Every audit generates a shareable report URL. Put it in your README. Gate on it in CI.

vouqis — zsh
$ vouqis audit https://mcp.exa.ai/mcp
Vouqis — MCP Trust Auditor
● Running 10 probes against mcp.exa.ai...
mal-01 ✓ malformed jsonrpc rejected 12ms
mal-02 ✗ silent acceptance (unexpected) 18ms
mis-01 ✓ missing params → error returned 340ms
mis-02 ✓ missing params → error returned 298ms
tmo-01 ✓ response within 500ms 487ms
tmo-02 ✓ response within 500ms 412ms
sch-01 ✓ response schema valid 691ms
sch-02 ✓ response schema valid 623ms
nul-01 ✓ non-empty response returned 441ms
nul-02 ✓ non-empty response returned 398ms
Trust Score 92 / 100
Status ✅ APPROVED
Pass Rate 9/10 (90%)
P50 Latency 487ms
Report URL → https://vouqis.tech/report/exa-20260526

Every audit generates a shareable report URL. Put it in your README. Gate on it in CI.

The Problem

HTTP 200 is not the same as "this worked."

MCP servers fail at the protocol layer in ways that are completely invisible to standard monitoring.

Your uptime dashboard shows green. Every HTTP response came back 200. But the server silently accepted a malformed JSON-RPC request it should have rejected — or it hung on tools/call instead of failing fast.

The math is brutal. At 71% per-tool reliability, a 5-tool agent chain succeeds only 18% of the time. And you'd never know — because every single HTTP response was 200.

5-Tool Chain Reliability at 71% per tool
Tool 1× 0.7171%
Tool 2× 0.7150%
Tool 3× 0.7136%
Tool 4× 0.7125%
Tool 5× 0.7118%
18%
end-to-end chain success rate
Standard monitoring is blind to this. Vouqis isn't.
How It Works

Three commands. One trust score.

No server-side changes. No SDK. No account required for the free tier.

01 — Install
Install the CLI
npm install -g @vouqis/cli
One command. No account required. Works anywhere Node.js 18+ runs — macOS, Linux, Windows.
02 — Audit
Audit any MCP server
vouqis audit \ https://your-mcp-server
10 protocol-layer probes. Results in under 30 seconds. A shareable report URL is generated automatically.
03 — Gate
Gate your CI/CD pipeline
vouqis audit $MCP_URL \ --fail-below 80
Exit code 1 if trust score drops below your threshold. Block deployments when reliability regresses.
What We Test

10 probes across 5 failure modes.

Every probe tests a real-world failure pattern observed in production MCP servers. No LLM calls — results are fully deterministic.

🚫
Malformed Request Rejection
Does the server correctly reject JSON-RPC requests with invalid structure? A server that silently accepts malformed requests is a reliability and security risk.
mal-01 · mal-02
⚠️
Missing Parameter Handling
Does the server return a proper error when required parameters are absent? Silent success on missing params produces undefined behavior in downstream agents.
mis-01 · mis-02
Latency Under 500ms
Does the server respond within 500ms? High latency compounds in chained workflows. A 1s server in a 5-tool chain costs 5+ seconds of agent wait time.
tmo-01 · tmo-02
Response Schema Compliance
Does the server return responses that conform to the JSON-RPC 2.0 spec? Schema drift causes silent failures in downstream consumers and agent parsers.
sch-01 · sch-02
📭
Non-Empty Response Detection
Does the server return a non-null, non-empty response body? Empty success responses are a common source of silent failure in production MCP workflows.
nul-01 · nul-02
🧮
The Scoring Formula
Trust Score =
  (Pass Rate × 0.50)
+ (Latency Score × 0.30)
+ (Error Diversity × 0.20)
weighted · deterministic · reproducible
Trust Tiers

Know exactly what your score means.

Three tiers based on your weighted trust score. Every audit tells you not just the number, but the action.

✅ APPROVED
80–100
Your server handles the core reliability requirements. Safe to integrate. Monitor on every deploy to catch regressions.
⚠️ RISKY
50–79
Some failure modes present. Acceptable for non-critical workflows, but investigate the failed probes before production use.
🚫 DO NOT INTEGRATE
0–49
Critical reliability issues detected. This server will cause downstream failures in production agent workflows.
Why Vouqis

Not another static checklist.

Most tools tell you what a server claims to support. Vouqis tells you what it actually does.

Feature MCPSkills / Scorecard MCP Inspector Vouqis
Active protocol probes Partial
Quantified trust score (0–100)
Shareable report URL
CI/CD integration gate
No server-side changes needed Partial
Deterministic (no LLM)
Why This Matters

MCP servers have already caused real incidents.

These aren't hypotheticals. These are production failures that affected real users and systems.

Asana MCP — Customer Data Exposure
Malformed tool call responses exposed customer data. The issue persisted for 2 weeks before detection. Standard monitoring showed zero anomalies throughout.
data exposure 2-week persistence
Smithery Path Traversal
Path traversal vulnerability affecting 3,243 MCP servers simultaneously. Discoverable via protocol-layer probing — completely invisible to standard HTTP monitoring.
path traversal 3,243 servers
mcp-remote CVE-2025-6514
Remote code execution vulnerability, CVSS score 9.6. The behavioral signature — malformed-request acceptance — is exactly what Vouqis probes for at the protocol layer.
RCE CVSS 9.6

Vouqis doesn't prevent these vulnerabilities. It detects the behavioral signatures that indicate a server isn't handling edge cases correctly — before you integrate it.

Pricing

Free to try. $9/mo to own.

Start free with no account. Upgrade when you need CI/CD integration and history.

Free
$0
Forever free · No account needed
  • Single audit runs
  • 30-day report history
  • Public shareable reports
  • All 10 probes
  • Trust score + tier
  • API key for CI/CD
  • 90-day history
  • --fail-below flag
npm install -g @vouqis/cli
Pro
🚀 Launch pricing — first 50 only
$9 /mo · launch $49
Lock in forever · Cancel anytime
  • Everything in Free
  • 90-day report history
  • Unlimited audit runs
  • API key for CI/CD pipelines
  • --fail-below flag (CI/CD gate)
  • Private reports coming soon
  • Slack alerts on regression coming soon
  • Priority support
Get Pro for $9/mo →
Use Cases

Built for teams shipping AI agents.

Wherever MCP servers go, Vouqis fits into the workflow.

🔍
Before you integrate a vendor
Run a Vouqis audit before adding a third-party MCP server to your agent workflow. Know the trust score before your users experience the failures.
🚀
Before every deploy
Add --fail-below 80 to your CI pipeline. Block deployments when server reliability regresses. Never ship a broken MCP integration.
🔥
After an incident
MCP server behaved unexpectedly in production? Run a Vouqis audit immediately. The probe results tell you exactly which failure mode triggered — and whether it's safe to re-enable.
FAQ

Common questions.

Does my MCP server need any code changes?
No. Vouqis probes from the outside via JSON-RPC. Your server needs no SDK installation, no config changes, and no awareness of Vouqis. It just needs to be reachable at a URL.
How is this different from just checking if the server is up?
An uptime check confirms the server responds. Vouqis checks that the server responds correctly to edge cases — malformed requests, missing parameters, schema expectations. A server can have 100% uptime and still fail 3 out of 10 protocol-level probes.
What does the Pro API key do?
The Pro API key lets you run vouqis audit in CI/CD pipelines with the --fail-below flag. It also unlocks 90-day report history so you can track trust score over time and catch regressions across deploys.
Can I use Vouqis on a local MCP server?
Yes. Run vouqis audit http://localhost:PORT for local servers during development. The CLI works anywhere Node.js 18+ runs — macOS, Linux, and Windows via WSL.
Is the audit deterministic?
Yes. All 10 probes are deterministic JSON-RPC calls — no LLM inference, no probabilistic behavior. The same server will produce the same score on every run (assuming server behavior is consistent). Results are fully reproducible.
What if my server scores below 80?
The audit output includes per-probe pass/fail results, so you know exactly which category failed. Most failures fall into two categories: error handling (missing/malformed request rejection) or latency. Both are fixable with targeted changes. Vouqis tells you what to fix, not just that something is broken.

Your MCP server has a trust score.
Do you know what it is?

Find out in 30 seconds. Free.

$ npm install -g @vouqis/cli
Get Pro for $9/mo →

First 50 subscribers lock in $9/mo forever · After that, $49/mo