Mcpwatch

Name: Mcpwatch
Author: lazymac2x

lazymac2x/mcpwatch

Audit MCP servers from Claude Code with OWASP-oriented checks, letter grades, and leaderboard context before you ship agent tooling.

Overview

mcpwatch is a MCP server for the Ship phase that audits MCP servers with 10 OWASP checks, an A–F grade, and live leaderboard results from Claude Code.

What is this MCP server?

10 OWASP-aligned checks packaged for MCP server assessment from inside Claude Code.
Letter-grade outcome (A–F) for quick pass/fail gut checks before adding servers to prod configs.
Live leaderboard context for comparing audited MCP servers in the ecosystem.
stdio npm package mcpwatch-mcp v0.1.1 for local MCP registration.
Open-source repo at github.com/lazymac2x/mcpwatch with MCP schema 2025-12-11 metadata.
10 OWASP checks per audit
A–F grading scale documented in server description
npm package mcpwatch-mcp version 0.1.1 with stdio transport

Compatible agents: Claude Code, Cursor, any compatible agent

What problem does it solve?

You are stacking MCP servers in your agent config with no structured way to see OWASP-style risks before they touch your codebase.

Who is it for?

Claude Code users curating multiple MCP servers who want a repeatable security audit with letter grades inside the agent loop.

Skip if: Teams that only need SAST on application code, full compliance attestations, or audits of non-MCP services.

What do I get? / Deliverables

After installing mcpwatch, you get graded audit output and leaderboard context so you can drop or harden risky servers before shipping.

OWASP-oriented MCP audit results across 10 checks
A–F security grade for each reviewed server
Leaderboard-aware context to prioritize remediation

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

MCP expands your attack surface; security review belongs in Ship before you rely on third-party or custom servers in daily workflows. Security subphase is the canonical shelf for OWASP-style MCP audits and graded risk summaries—not generic feature build.

How it compares

MCP-specific security auditor with 10 OWASP checks, not a cloud IAM scanner or generic dependency CVE bot.

Common Questions / FAQ

Who is mcpwatch for?

Solo builders and small teams shipping with Claude Code who install several MCP servers and need OWASP-oriented audits with A–F grades.

When should I use mcpwatch?

Use it in Ship security whenever you add, upgrade, or recommend MCP servers—before promoting configs to daily driver or client-facing setups.

How do I add mcpwatch to my agent?

Install npm package mcpwatch-mcp at version 0.1.1, register the stdio MCP server in Claude Code, then run audit flows against target MCP servers from the tool list.

Mcpwatch

lazymac2x/mcpwatch

Audit MCP servers from Claude Code with OWASP-oriented checks, letter grades, and leaderboard context before you ship agent tooling.

Overview

mcpwatch is a MCP server for the Ship phase that audits MCP servers with 10 OWASP checks, an A–F grade, and live leaderboard results from Claude Code.

What is this MCP server?

10 OWASP-aligned checks packaged for MCP server assessment from inside Claude Code.
Letter-grade outcome (A–F) for quick pass/fail gut checks before adding servers to prod configs.
Live leaderboard context for comparing audited MCP servers in the ecosystem.
stdio npm package mcpwatch-mcp v0.1.1 for local MCP registration.
Open-source repo at github.com/lazymac2x/mcpwatch with MCP schema 2025-12-11 metadata.
10 OWASP checks per audit
A–F grading scale documented in server description
npm package mcpwatch-mcp version 0.1.1 with stdio transport

Compatible agents: Claude Code, Cursor, any compatible agent

What problem does it solve?

You are stacking MCP servers in your agent config with no structured way to see OWASP-style risks before they touch your codebase.

Who is it for?

Claude Code users curating multiple MCP servers who want a repeatable security audit with letter grades inside the agent loop.

Skip if: Teams that only need SAST on application code, full compliance attestations, or audits of non-MCP services.

What do I get? / Deliverables

After installing mcpwatch, you get graded audit output and leaderboard context so you can drop or harden risky servers before shipping.

OWASP-oriented MCP audit results across 10 checks
A–F security grade for each reviewed server
Leaderboard-aware context to prioritize remediation

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP-specific security auditor with 10 OWASP checks, not a cloud IAM scanner or generic dependency CVE bot.

Common Questions / FAQ

Who is mcpwatch for?

Solo builders and small teams shipping with Claude Code who install several MCP servers and need OWASP-oriented audits with A–F grades.

When should I use mcpwatch?

Use it in Ship security whenever you add, upgrade, or recommend MCP servers—before promoting configs to daily driver or client-facing setups.

How do I add mcpwatch to my agent?

Install npm package mcpwatch-mcp at version 0.1.1, register the stdio MCP server in Claude Code, then run audit flows against target MCP servers from the tool list.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is mcpwatch for?

When should I use mcpwatch?

How do I add mcpwatch to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is mcpwatch for?

When should I use mcpwatch?

How do I add mcpwatch to my agent?