Score MCP tool dependency risk from tool criticality, vendor stability, permission depth, failure history, and fallback coverage