by voicetreelab
MCP proxy server with lazy loading support - reduces context usage through on-demand tool activation
# Add to your Claude Code skills
git clone https://github.com/voicetreelab/lazy-mcpGuides for using mcp servers skills like lazy-mcp.
Last scanned: 7/8/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-07-08T06:28:41.711Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}lazy-mcp is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by voicetreelab. MCP proxy server with lazy loading support - reduces context usage through on-demand tool activation. It has 100 GitHub stars.
Yes. lazy-mcp passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/voicetreelab/lazy-mcp" and add it to your Claude Code skills directory (see the Installation section above).
lazy-mcp is primarily written in Go. It is open-source under voicetreelab on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh lazy-mcp against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Lazy MCP lets your agent fetch MCP tools only on demand, saving those tokens from polluting your context window.
In this example, it saved 17% (34,000 tokens) of an entire claude code context window by hiding 2 MCP tools that aren't always needed.
Welcoming open source contributions!
Lazy MCP exposes two meta tools, which allows agents to explore a tree structure of available MCP tools and categories.
get_tools_in_category(path) - Navigate the tool hierarchyexecute_tool(tool_path, arguments) - Execute tools by path1. get_tools_in_category("") → {
"categories": {
"coding_tools": "Development tools... use when...",
"web_tools": "description ... instructions"
}
}
2. get_tools_in_category("coding_tools") → {
"categories": {
"serena": "description ... instructions",
}
}
3. get_tools_in_category("coding_tools.serena") → {
"tools": {"find_symbol": "...", "get_symbols_overview": "..."}
}
4. execute_tool("coding_tools.serena.find_symbol", {...})
→ Lazy loads Serena server (if not already loaded)
→ Proxies request to Serena
→ Returns result

make build
./build/structure_generator --config config.json --output testdata/mcp_hierarchy
This generates the hierarchical structure in the output folder config.json specifies, by fetching the available tools from the mcp servers specified.
Add to Claude Code:
claude mcp add --transport stdio mcp-proxy build/mcp-proxy -- --config config.json
see config.json for an example.
Tool hierarchy is defined in testdata/mcp_hierarchy/ with JSON files:
Root node (testdata/mcp_hierarchy/root.json):
Category nodes (e.g., testdata/mcp_hierarchy/github/github.json):
Tool nodes (e.g., testdata/mcp_hierarchy/github/create_issue/create_issue.json):
./mcp-proxy --help
When using lazy-mcp with Claude Code, all tool calls go through execute_tool. This means traditional MCP permission rules (like mcp__github__create_issue) don't apply directly.
To control which tools require permission prompts, use Claude Code hooks.
Claude Code's PreToolUse hooks can inspect the tool_path argument and decide permission by outputting JSON:
{"hookSpecificOutput": {"permissionDecision": "ask", ...}}{"hookSpecificOutput": {"permissionDecision": "deny", ...}}Copy the example hook script:
cp examples/hooks/check-sensitive-tools.sh ~/.claude/hooks/
chmod +x ~/.claude/hooks/check-sensitive-tools.sh
Configure Claude Code hooks (in ~/.claude/settings.json or project .claude/settings.local.json):
{
"hooks": {
"PreToolUse": [
{
"matcher": "mcp__lazy-mcp__execute_tool",
"hooks": [
{
"type": "command",
"command": "~/.claude/hooks/check-sensitive-tools.sh"
}
]
}
]
}
}
Customize sensitive tools via environment variables:
# Tools that require permission prompts
export LAZY_MCP_SENSITIVE_TOOLS="gmail.send_email,github.create_*,gitlab.create_*"
# Tools that are completely blocked
export LAZY_MCP_DENIED_TOOLS="*.force_delete_*"
Since not all agents support the permissionDecision JSON protocol, lazy-mcp also supports a universal "Token Hook" mechanism. This forces the agent to retry the operation after user confirmation.
CONFIRMATION_NEEDED and the path to the required token.Copy the token hook script:
cp examples/hooks/confirm-tool-token.sh /path/to/hooks/
chmod +x /path/to/hooks/confirm-tool-token.sh
Configure your agent to call this script before execute_tool.
For OpenCode users, a TypeScript plugin is available that logs warnings for sensitive actions.
cp examples/plugins/opencode-sensitive-tools.ts .opencode/plugin/sensitive-tools-check.ts
The example scripts include sensible defaults for public-facing actions:
| Server | Sensitive Tools |
|---|---|
| Gmail | send_email, create_draft, delete_email, trash_email |
| GitHub | create_issue, create_pull_request, create_repository, push_files, create_or_update_file, create_branch, fork_repository |
| GitLab | create_issue, create_merge_request, accept_merge_request, create_project, create_branch, create_or_update_file |
gmail.send_emailgmail.* (all gmail tools)*.delete_* (all delete operations)Forked from TBXark/mcp-proxy - extended with hierarchical routing, lazy loading, and stdio support.
MIT License - see LICENSE