Overview
What is MCP Watch π?
MCP Watch π is a comprehensive security scanner for Model Context Protocol (MCP) servers that detects vulnerabilities and security issues in your MCP implementations. It is built for developers and security researchers who need to audit MCP servers against a range of attack vectors.
How to use MCP Watch π?
Install globally with npm install -g mcp-watch or locally with npm install mcp-watch. To scan a GitHub repository, run mcp-watch scan <repository-url>. You can filter results by severity (--severity high) or category (--category credential-leak), and choose output format with --format json.
Key features of MCP Watch π?
- Credential Detection for hardcoded API keys and tokens
- Tool Poisoning detection for hidden malicious instructions
- Parameter Injection identification for sensitive data extraction
- Prompt Injection scanning for manipulation