🛡️MCPWatch

Have I Been Pwned — but for every MCP server on the internet.

★ GitHub Leaderboard Checks CLI

—

Servers audited

—

Critical findings

—

% grade F

—

Last update

Scan your own MCP in 5 seconds

npx mcpwatch-scanner /path/to/your/mcp

🚀 MCPWatch Pro

Free is free forever. Pro unlocks:

📊 Pro Report — Top 100 MCP audit snapshot + copy/paste fix recipes (PDF + md)
🔔 Weekly newsletter — grade drops, new CVEs, regressions flagged
🛡 Private scanning — point MCPWatch at your internal MCP servers
🏷 SARIF output for GitHub Code Scanning
📈 Historical diff — catch regressions before merge

📄 Pro Report — $49 one-time 🛡 Enterprise — $99/mo

Ship the MCPWatch badge

Every scanned MCP gets a live grade badge. Drop this in your README:

[![MCPWatch](https://api.lazy-mac.com/mcpwatch/badge/YOUR_ORG/YOUR_REPO.svg)](https://mcpwatch.pages.dev)

GitHub Action — block insecure MCPs at PR time

- uses: lazymac2x/mcpwatch-action@v1
  with:
    path: "."
    fail-on: "D"

Live leaderboard

#	Server	Grade	Score	Findings
Loading…

The 10 checks

MCP-01

Command Injection

Critical

MCP-02

Path Traversal

Critical

MCP-03

Unauthenticated Mutation

Critical

MCP-04

Prompt Injection (Tool Desc)

High

MCP-05

SSRF in URL Fetch

High

MCP-06

Secret Leakage

High

MCP-07

Over-Permissive Filesystem

Medium

MCP-08

Missing Rate Limits

Medium

MCP-09

Outdated Dependencies

Medium

MCP-10

Missing Input Validation

Low

Why

30 CVEs in MCP servers in the last 60 days. 43% of public MCPs are vulnerable to command injection. 82% to path traversal. One popular GitHub MCP leaked private repository data because of a prompt injection. Teams install random MCPs every day with no safety signal whatsoever.

MCPWatch continuously crawls every public MCP server, runs 10 OWASP-aligned checks, and publishes a public A–F letter grade. Free forever. Open source. MIT.