WatchTower
Cost tracking + security scanning for AI builders
Watchtower MCP
Cost tracking + security scanning for AI builders. An MCP server for Claude Code.
Watchtower runs alongside your AI coding agent and gives you visibility into what you're spending and whether your deployed apps are secure.
Install
npm install -g watchtower-mcp
Add to your Claude Code MCP config (~/.claude/settings.json):
{
"mcpServers": {
"watchtower": {
"command": "watchtower-mcp"
}
}
}
Restart Claude Code. You now have 8 new tools available.
Tools
Cost Tracking
| Tool | What it does |
|---|---|
watchtower_log_usage | Log token usage from an API call to track costs |
watchtower_spend | View spending summary (today / week / month) with model breakdown |
watchtower_budget | Set daily/weekly/monthly budget alerts |
Security Scanning
| Tool | What it does |
|---|---|
watchtower_scan_headers | Scan a deployed URL for missing security headers (CSP, HSTS, etc.) |
watchtower_scan_secrets | Scan source code for hardcoded API keys and tokens |
watchtower_scan_supabase | Audit Supabase tables for missing Row Level Security policies |
Dashboard
| Tool | What it does |
|---|---|
watchtower_status | Quick overview of spending + recent security findings |
watchtower_scan_history | View history of past security scan results |
Usage
Once installed, just ask Claude:
"What's my API spend this week?"
"Scan my project for hardcoded secrets"
"Check the security headers on https://myapp.vercel.app"
"Set a $5 daily budget alert"
"Audit my Supabase database for missing RLS policies"
How It Works
- Cost tracking: Logs token usage to a local SQLite database at
~/.watchtower/watchtower.db. Calculates costs using current Anthropic pricing. Supports budget alerts. - Security scanning: Runs checks against your live URLs, source code, and databases. Findings are persisted locally so you can track them over time.
- No external services: Everything runs locally. No data leaves your machine.
Supported Models
Claude Opus 4.6, Sonnet 4.6, Haiku 4.5, and Sonnet 3.5. Unknown models fall back to Sonnet pricing.
Requirements
- Node.js 18+
- Claude Code (or any MCP-compatible client)
psql(optional, for Supabase RLS scanning)
License
MIT
Related Servers
Scout Monitoring MCP
sponsorPut performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
sponsorAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Svelte Documentation
Remote server (SSE/Streamable) for the latest Svelte and SvelteKit documentation
Micronaut Fun
It exposes Micronaut framework documentation and guides as MCP resources, it offers tools to search the docs and prompts to help you write tests and perform tasks in an idiomatic way
UI Prototype
A modern web application prototype built with React, TypeScript, and Material-UI, featuring authentication, internationalization, and Figma integration.
Distance Tools MCP
A remote MCP server example deployable on Cloudflare Workers, featuring customizable tools and no authentication.
Remote MCP Server (Authless)
An example of a remote MCP server deployable on Cloudflare Workers, without authentication.
BlenderMCP
Connects Blender to Claude AI via the Model Context Protocol (MCP), enabling direct AI interaction for prompt-assisted 3D modeling, scene creation, and manipulation.
ICP MCP
A developer-friendly and type-safe TypeScript SDK for the ICP MCP API.
Remote MCP Server (Authless)
An example of a remote MCP server deployable on Cloudflare Workers, without authentication.
Ollama MCP Bridge
A bridge API service connecting Ollama with Model Context Protocol (MCP) servers.
AI Agent Playwright
An AI agent for the Playwright MCP server, enabling automated web testing and interaction.