📦

io.github.lazymac2x/mcpwatch

Audit MCP servers from inside Claude Code. 10 OWASP checks, A-F grade, live leaderboard.

0 installs

Trust: 37 — Low

Devtools

Ask AI about io.github.lazymac2x/mcpwatch

I know everything about io.github.lazymac2x/mcpwatch. Ask me about installation, configuration, usage, or troubleshooting.

0/500

Loading tools...

Reviews

Documentation

MCPWatch

Have I Been Pwned for MCP servers. Open-source security scanner that audits MCP servers against the OWASP MCP Top 10 and produces an A–F letter grade.

Overview

MCPWatch is a security tool for the MCP ecosystem that:

Runs 10 automated checks derived from the OWASP MCP Top 10 on any MCP server
Produces an A–F letter grade with per-check findings
Exposes an MCP server interface so AI agents can audit MCPs on demand
Provides a CLI for pre-install scanning in CI/CD pipelines
Powers a public leaderboard at mcpwatch.pages.dev with live SVG grade badges

Installation

Use with Claude Code / Cursor / Windsurf (MCP server)

Add to your MCP configuration:

{
  "mcpServers": {
    "mcpwatch": {
      "command": "npx",
      "args": ["-y", "mcpwatch-mcp"]
    }
  }
}

CLI (scan before install)

npx mcpwatch-scanner /path/to/mcp-server

GitHub Action (CI/CD gate)

- uses: lazymac2x/mcpwatch-action@v1
  with:
    path: .
    fail-below: B

MCP Tools

When running as an MCP server, MCPWatch exposes the following tools to your AI agent:

Tool	Description
`scan_mcp_server`	Scan a local MCP server by path — returns grade + per-check findings
`get_public_score`	Fetch the live grade for any public MCP server by owner/repo slug
`list_leaderboard`	Return the top/bottom N servers from the public leaderboard
`explain_check`	Get a detailed explanation of any OWASP MCP Top 10 check by ID

Example: scan before adding an MCP

Ask Claude: "Use mcpwatch to scan the filesystem-mcp server at ~/mcps/filesystem-mcp before I add it to my config."

The 10 Checks (OWASP MCP Top 10)

ID	Check	Severity
MCP-01	Command injection in tool handlers	Critical
MCP-02	Path traversal in file tools	Critical
MCP-03	Unauthenticated mutations	Critical
MCP-04	Prompt injection via tool descriptions	High
MCP-05	SSRF in URL-fetching tools	High
MCP-06	Hardcoded secret leakage	High
MCP-07	Over-permissive filesystem scope	Medium
MCP-08	Missing rate limits	Medium
MCP-09	Outdated dependencies with known CVEs	Medium
MCP-10	Missing input schema validation	Low

Grading

Grade	Score
A	90–100 — no Critical/High findings
B	75–89 — no Critical findings
C	60–74 — has Critical findings, minor impact
D	40–59 — multiple Critical findings
F	0–39 — severe/exploitable vulnerabilities

Public Leaderboard & Badges

Every public MCP server on Smithery, npm, and the official registry is scanned daily.

Live badge — drop into any README:

[![MCPWatch score](https://api.lazy-mac.com/mcpwatch/badge/YOUR_OWNER/YOUR_REPO.svg)](https://mcpwatch.pages.dev/servers/YOUR_OWNER/YOUR_REPO)

JSON API:

GET https://api.lazy-mac.com/mcpwatch/scan/{owner}/{repo}

Architecture

mcpwatch/
├── packages/
│   ├── scanner/   # Core check engine (TypeScript, runs in Worker + CLI + Node)
│   └── cli/       # mcpwatch-scanner — npx runnable
├── workers/
│   └── crawler/   # CF Worker — scheduled crawl + scan (daily)
├── apps/
│   └── web/       # CF Pages — mcpwatch.pages.dev — public leaderboard
└── .github/
    └── workflows/ # mcpwatch-action CI gate

Requirements

Node.js 18+
The MCP server under test must be locally accessible (for scan_mcp_server / CLI)
No API key required for public leaderboard lookups

License

MIT — use it, fork it, contribute checks.

Contributing

Pull requests for new checks, false-positive fixes, or leaderboard improvements are welcome. See CONTRIBUTING.md for guidelines.