MCPWatch

Have I Been Pwned for MCP servers. Continuously audits every public MCP server on the internet — security + performance — and publishes a public letter-grade leaderboard.

Status: MVP in progress · launching 2026-04-13

Why

• 30 CVEs in MCP servers in the last 60 days
• 43% of public MCPs are vulnerable to command injection
• 82% to path traversal
• No public, continuously-updated registry of MCP trust
• Teams are installing random MCPs without any safety signal

MCPWatch fills that gap.

What it does

1. Crawler — scheduled Cloudflare Worker that polls Smithery, npm, the official MCP registry, and GitHub topics daily
2. Scanner — runs 10 automated checks derived from OWASP MCP Top 10 on every discovered server
3. Benchmark (phase 2) — measures task-completion lift when agent has this MCP installed vs not
4. Public leaderboard — mcpwatch.dev — letter grades A–F, searchable, historical diffs
5. CLI — npx @mcpwatch/cli audit <server> — local scan before you install
6. Enterprise API — webhook alerts + bulk audit + private MCP scanning ($99/mo)

The 10 Checks (OWASP MCP Top 10 aligned)

Architecture

mcpwatch/
├── packages/
│   ├── scanner/        # Core check engine (TypeScript, runs in Worker + CLI + Node)
│   └── cli/            # @mcpwatch/cli — npx runnable
├── workers/
│   └── crawler/        # CF Worker — scheduled crawl + scan job
├── apps/
│   └── web/            # Next.js/Astro static → CF Pages — mcpwatch.dev
├── content/            # Launch blog, HN post, X thread
└── scripts/            # One-shot bootstrap + data backfill

Roadmap

• T+0 (today): scanner core + 3 working checks, CLI, static leaderboard shell
• T+24h: crawler deployed, seed data for 50 top MCP servers, landing page live
• T+48h: launch — HN post, X thread, Anthropic + OWASP cc
• T+1w: 500 servers audited, first enterprise inquiry
• T+1m: MCPBench integration (phase 2)

License

MIT — use it, fork it, contribute checks.