WatchTower
Cost tracking + security scanning for AI builders
Watchtower MCP
Cost tracking + security scanning for AI builders. An MCP server for Claude Code.
Watchtower runs alongside your AI coding agent and gives you visibility into what you're spending and whether your deployed apps are secure.
Install
npm install -g watchtower-mcp
Add to your Claude Code MCP config (~/.claude/settings.json):
{
"mcpServers": {
"watchtower": {
"command": "watchtower-mcp"
}
}
}
Restart Claude Code. You now have 8 new tools available.
Tools
Cost Tracking
| Tool | What it does |
|---|---|
watchtower_log_usage | Log token usage from an API call to track costs |
watchtower_spend | View spending summary (today / week / month) with model breakdown |
watchtower_budget | Set daily/weekly/monthly budget alerts |
Security Scanning
| Tool | What it does |
|---|---|
watchtower_scan_headers | Scan a deployed URL for missing security headers (CSP, HSTS, etc.) |
watchtower_scan_secrets | Scan source code for hardcoded API keys and tokens |
watchtower_scan_supabase | Audit Supabase tables for missing Row Level Security policies |
Dashboard
| Tool | What it does |
|---|---|
watchtower_status | Quick overview of spending + recent security findings |
watchtower_scan_history | View history of past security scan results |
Usage
Once installed, just ask Claude:
"What's my API spend this week?"
"Scan my project for hardcoded secrets"
"Check the security headers on https://myapp.vercel.app"
"Set a $5 daily budget alert"
"Audit my Supabase database for missing RLS policies"
How It Works
- Cost tracking: Logs token usage to a local SQLite database at
~/.watchtower/watchtower.db. Calculates costs using current Anthropic pricing. Supports budget alerts. - Security scanning: Runs checks against your live URLs, source code, and databases. Findings are persisted locally so you can track them over time.
- No external services: Everything runs locally. No data leaves your machine.
Supported Models
Claude Opus 4.6, Sonnet 4.6, Haiku 4.5, and Sonnet 3.5. Unknown models fall back to Sonnet pricing.
Requirements
- Node.js 18+
- Claude Code (or any MCP-compatible client)
psql(optional, for Supabase RLS scanning)
License
MIT
関連サーバー
Alpha Vantage MCP Server
スポンサーAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
MCP Agent Orchestration System
A state-based agent orchestration system using the Model Context Protocol (MCP).
LangSmith MCP Server
An MCP server for fetching conversation history and prompts from the LangSmith observability platform.
shadcn/ui
Provides structured data for shadcn/ui components, including descriptions, installation instructions, usage examples, and props.
Algorand
A comprehensive MCP server for tooling interactions(40+) and resource accessibility(60+) plus many useful prompts to interact with Algorand Blockchain.
MCP LLaMA
An MCP server with weather tools and LLaMA integration.
Claude TypeScript MCP Servers
A collection of TypeScript MCP servers to enhance Claude Desktop as a powerful development assistant using your Claude Pro/Max subscription.
Raymon
Stateful HTTP ingest + MCP server + terminal UI for Ray-style logs.
VICE MCP
MCP server embedded in the VICE Commodore 64/128/VIC-20/PET emulator, giving AI assistants direct access to read/write memory, set breakpoints, inspect VIC-II/SID/CIA registers, and debug 6502 assembly in real time with 63 tools.
Overture
Visual plan approval for AI coding agents. See your agent's plan as an interactive graph, attach context, choose approaches, then approve before any code is written.
Claudeus WordPress MCP
A server for integrating with WordPress sites, enabling content management and interaction via the Model Context Protocol.