Summary
Gives Claude the ability to security audit any MCP server against the OWASP MCP Top 10 and return an A through F letter grade. Exposes four tools: scan_mcp_server runs 10 checks on a local server path looking for command injection, path traversal, SSRF, and prompt injection risks. get_public_score fetches live grades from the public leaderboard at mcpwatch.pages.dev. list_leaderboard returns top and bottom ranked servers, and explain_check details any of the 10 security tests. Also works as a CLI via npx mcpwatch-scanner or a GitHub Action that can gate CI/CD on minimum grade thresholds. Reach for this when vetting third party MCPs before adding them to your config or when you want to track security posture across the ecosystem.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
MCPWatch
Have I Been Pwned for MCP servers. Open-source security scanner that audits MCP servers against the OWASP MCP Top 10 and produces an A–F letter grade.
Overview
MCPWatch is a security tool for the MCP ecosystem that:
- Runs 10 automated checks derived from the OWASP MCP Top 10 on any MCP server
- Produces an A–F letter grade with per-check findings
- Exposes an MCP server interface so AI agents can audit MCPs on demand
- Provides a CLI for pre-install scanning in CI/CD pipelines
- Powers a public leaderboard at mcpwatch.pages.dev with live SVG grade badges
Installation
Use with Claude Code / Cursor / Windsurf (MCP server)
Add to your MCP configuration:
{
"mcpServers": {
"mcpwatch": {
"command": "npx",
"args": ["-y", "mcpwatch-mcp"]
}
}
}
CLI (scan before install)
npx mcpwatch-scanner /path/to/mcp-server
GitHub Action (CI/CD gate)
- uses: lazymac2x/mcpwatch-action@v1
with:
path: .
fail-below: B
MCP Tools
When running as an MCP server, MCPWatch exposes the following tools to your AI agent:
| Tool | Description |
|---|---|
scan_mcp_server | Scan a local MCP server by path — returns grade + per-check findings |
get_public_score | Fetch the live grade for any public MCP server by owner/repo slug |
list_leaderboard | Return the top/bottom N servers from the public leaderboard |
explain_check | Get a detailed explanation of any OWASP MCP Top 10 check by ID |
Example: scan before adding an MCP
Ask Claude: "Use mcpwatch to scan the filesystem-mcp server at ~/mcps/filesystem-mcp before I add it to my config."
The 10 Checks (OWASP MCP Top 10)
| ID | Check | Severity |
|---|---|---|
| MCP-01 | Command injection in tool handlers | Critical |
| MCP-02 | Path traversal in file tools | Critical |
| MCP-03 | Unauthenticated mutations | Critical |
| MCP-04 | Prompt injection via tool descriptions | High |
| MCP-05 | SSRF in URL-fetching tools | High |
| MCP-06 | Hardcoded secret leakage | High |
| MCP-07 | Over-permissive filesystem scope | Medium |
| MCP-08 | Missing rate limits | Medium |
| MCP-09 | Outdated dependencies with known CVEs | Medium |
| MCP-10 | Missing input schema validation | Low |
Grading
| Grade | Score |
|---|---|
| A | 90–100 — no Critical/High findings |
| B | 75–89 — no Critical findings |
| C | 60–74 — has Critical findings, minor impact |
| D | 40–59 — multiple Critical findings |
| F | 0–39 — severe/exploitable vulnerabilities |
Public Leaderboard & Badges
Every public MCP server on Smithery, npm, and the official registry is scanned daily.
Live badge — drop into any README:
[](https://mcpwatch.pages.dev/servers/YOUR_OWNER/YOUR_REPO)
JSON API:
GET https://api.lazy-mac.com/mcpwatch/scan/{owner}/{repo}
Architecture
mcpwatch/
├── packages/
│ ├── scanner/ # Core check engine (TypeScript, runs in Worker + CLI + Node)
│ └── cli/ # mcpwatch-scanner — npx runnable
├── workers/
│ └── crawler/ # CF Worker — scheduled crawl + scan (daily)
├── apps/
│ └── web/ # CF Pages — mcpwatch.pages.dev — public leaderboard
└── .github/
└── workflows/ # mcpwatch-action CI gate
Requirements
- Node.js 18+
- The MCP server under test must be locally accessible (for
scan_mcp_server/ CLI) - No API key required for public leaderboard lookups
License
MIT — use it, fork it, contribute checks.
Contributing
Pull requests for new checks, false-positive fixes, or leaderboard improvements are welcome. See CONTRIBUTING.md for guidelines.
Pro Report $49 (in development)
Cross-repo trend analysis + Slack/Discord webhook alerts on grade drops + private MCP scanning. Email waitlist:
- Get notified: https://coindany.gumroad.com (subscribe to free tier — Pro Report announce when ready)
Related — Lumen API + MCP Catalog
If you ship MCP servers, you might want these (one-time license, lifetime updates, MIT source):
- AI Citation Coverage MCP — Pro $19 — claim-level RAG citation scoring
- Prompt Anti-Pattern Detector — Pro $19 — 24+ prompt anti-patterns
- LLM Response Determinism Checker — Pro $29 — same prompt N times, drift score
- Prompt-Leak Detector API $25 — 30+ leak signatures
Full catalog: https://api.lazy-mac.com Profile: https://github.com/lazymac2x dev.to: https://dev.to/lazymac2x
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Packagemcpwatch-mcp
TransportSTDIO
UpdatedApr 11, 2026
