MCPWatch
Have I Been Pwned for MCP servers. Open-source security scanner that audits MCP servers against the OWASP MCP Top 10 and produces an A–F letter grade.
Overview
MCPWatch is a security tool for the MCP ecosystem that:
- Runs 10 automated checks derived from the OWASP MCP Top 10 on any MCP server
- Produces an A–F letter grade with per-check findings
- Exposes an MCP server interface so AI agents can audit MCPs on demand
- Provides a CLI for pre-install scanning in CI/CD pipelines
- Powers a public leaderboard at mcpwatch.pages.dev with live SVG grade badges
Installation
Use with Claude Code / Cursor / Windsurf (MCP server)
Add to your MCP configuration:
{
"mcpServers": {
"mcpwatch": {
"command": "npx",
"args": ["-y", "mcpwatch-mcp"]
}
}
}
CLI (scan before install)
npx mcpwatch-scanner /path/to/mcp-server
GitHub Action (CI/CD gate)
- uses: lazymac2x/mcpwatch-action@v1
with:
path: .
fail-below: B
MCP Tools
When running as an MCP server, MCPWatch exposes the following tools to your AI agent:
| Tool | Description |
|---|---|
scan_mcp_server | Scan a local MCP server by path — returns grade + per-check findings |
get_public_score | Fetch the live grade for any public MCP server by owner/repo slug |
list_leaderboard | Return the top/bottom N servers from the public leaderboard |
explain_check | Get a detailed explanation of any OWASP MCP Top 10 check by ID |
Example: scan before adding an MCP
Ask Claude: "Use mcpwatch to scan the filesystem-mcp server at ~/mcps/filesystem-mcp before I add it to my config."
The 10 Checks (OWASP MCP Top 10)
| ID | Check | Severity |
|---|---|---|
| MCP-01 | Command injection in tool handlers | Critical |
| MCP-02 | Path traversal in file tools | Critical |
| MCP-03 | Unauthenticated mutations | Critical |
| MCP-04 | Prompt injection via tool descriptions | High |
| MCP-05 | SSRF in URL-fetching tools | High |
| MCP-06 | Hardcoded secret leakage | High |
| MCP-07 | Over-permissive filesystem scope | Medium |
| MCP-08 | Missing rate limits | Medium |
| MCP-09 | Outdated dependencies with known CVEs | Medium |
| MCP-10 | Missing input schema validation | Low |
Grading
| Grade | Score |
|---|---|
| A | 90–100 — no Critical/High findings |
| B | 75–89 — no Critical findings |
| C | 60–74 — has Critical findings, minor impact |
| D | 40–59 — multiple Critical findings |
| F | 0–39 — severe/exploitable vulnerabilities |
Public Leaderboard & Badges
Every public MCP server on Smithery, npm, and the official registry is scanned daily.
Live badge — drop into any README:
[](https://mcpwatch.pages.dev/servers/YOUR_OWNER/YOUR_REPO)
JSON API:
GET https://api.lazy-mac.com/mcpwatch/scan/{owner}/{repo}
Architecture
mcpwatch/
├── packages/
│ ├── scanner/ # Core check engine (TypeScript, runs in Worker + CLI + Node)
│ └── cli/ # mcpwatch-scanner — npx runnable
├── workers/
│ └── crawler/ # CF Worker — scheduled crawl + scan (daily)
├── apps/
│ └── web/ # CF Pages — mcpwatch.pages.dev — public leaderboard
└── .github/
└── workflows/ # mcpwatch-action CI gate
Requirements
- Node.js 18+
- The MCP server under test must be locally accessible (for
scan_mcp_server/ CLI) - No API key required for public leaderboard lookups
License
MIT — use it, fork it, contribute checks.
Contributing
Pull requests for new checks, false-positive fixes, or leaderboard improvements are welcome. See CONTRIBUTING.md for guidelines.
Pro Report $49 (in development)
Cross-repo trend analysis + Slack/Discord webhook alerts on grade drops + private MCP scanning. Email waitlist:
- Get notified: https://coindany.gumroad.com (subscribe to free tier — Pro Report announce when ready)
Related — Lumen API + MCP Catalog
If you ship MCP servers, you might want these (one-time license, lifetime updates, MIT source):
- AI Citation Coverage MCP — Pro $19 — claim-level RAG citation scoring
- Prompt Anti-Pattern Detector — Pro $19 — 24+ prompt anti-patterns
- LLM Response Determinism Checker — Pro $29 — same prompt N times, drift score
- Prompt-Leak Detector API $25 — 30+ leak signatures
Full catalog: https://api.lazy-mac.com Profile: https://github.com/lazymac2x dev.to: https://dev.to/lazymac2x