Gives Claude the ability to security audit any MCP server against the OWASP MCP Top 10 and return an A through F letter grade. Exposes four tools: scan_mcp_server runs 10 checks on a local server path looking for command injection, path traversal, SSRF, and prompt injection risks. get_public_score fetches live grades from the public leaderboard at mcpwatch.pages.dev. list_leaderboard returns top and bottom ranked servers, and explain_check details any of the 10 security tests. Also works as a CLI via npx mcpwatch-scanner or a GitHub Action that can gate CI/CD on minimum grade thresholds. Reach for this when vetting third party MCPs before adding them to your config or when you want to track security posture across the ecosystem.
claude mcp add --transport stdio lazymac2x-mcpwatch uvx mcpwatch