Install both tools in 5 minutes

End-to-end walkthrough. No build step, no package manager, no cloud account. Every command runs locally.

0. Prerequisites

1. Scan your current project

One command. No clone, no global install. Detects your stack from manifests and prints what to install. The offline gate is verify --offline; --no-audit still checks live registry metadata but skips advisory feeds.

npx -y @froggychips/mcp-vault scan --cwd .

Prefer it on PATH for repeated use: npm i -g @froggychips/mcp-vault, then drop the npx -y prefix.

2. Check local readiness

Doctor checks Node, optional helper CLIs, project MCP config, and global Claude MCP config. It never prints token values.

npx -y @froggychips/mcp-vault doctor

3. Optional — install the vault as a Claude Code skill

If you want Claude to call the vault by itself when you ask “what MCP should I add?”, drop the skill folder into your skills directory.

git clone https://github.com/froggychips/mcp-skills-vault.git
mkdir -p ~/.claude/skills
cp -r mcp-skills-vault/mcp-ecosystem-intelligence ~/.claude/skills/

4. Verify the vault DB offline

Use this for air-gapped smoke checks. It validates stored pins only and makes no registry/advisory network calls.

npx -y @froggychips/mcp-vault verify --offline

5. Install mcp-trace

Same shape: clone, verify version. Zero npm deps.

git clone https://github.com/froggychips/mcp-trace.git
cd mcp-trace
node bin/mcp-trace.cjs --version

6. Wrap an MCP server with trace

Edit your project’s .mcp.json (or ~/.claude.json). Point command at mcp-trace, with the real server after --.

{
  "mcpServers": {
    "github": {
      "command": "node",
      "args": [
        "/abs/path/to/mcp-trace/bin/mcp-trace.cjs",
        "proxy", "github", "--",
        "docker", "run", "-i", "--rm",
        "-e", "GITHUB_PERSONAL_ACCESS_TOKEN",
        "ghcr.io/github/github-mcp-server@sha256:..."
      ],
      "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}" }
    }
  }
}

Restart Claude Code so it picks up the new command.

7. After a session, look at what happened

The SQLite file at ~/.mcp-trace/traces.db has every JSON-RPC frame’s metadata. Three subcommands query it.

node bin/mcp-trace.cjs stats
node bin/mcp-trace.cjs tools github
node bin/mcp-trace.cjs tokens github

You now know which tools your servers actually use, their p50/p95 latency, error rates, and a rough token-cost estimate.

8. Optional: audit your installed setup

Diff what’s actually installed against the vault DB. Flags drift, untrusted entries, unbounded heavy servers, and scope issues.

node ~/.claude/skills/mcp-ecosystem-intelligence/scripts/audit_setup.cjs

Both tools have useful local/offline paths. The vault’s advisory feeds and mcp-trace’s registry-aware token estimates are additive — the offline gate still runs.