WatchTower
Cost tracking + security scanning for AI builders
Watchtower MCP
Cost tracking + security scanning for AI builders. An MCP server for Claude Code.
Watchtower runs alongside your AI coding agent and gives you visibility into what you're spending and whether your deployed apps are secure.
Install
npm install -g watchtower-mcp
Add to your Claude Code MCP config (~/.claude/settings.json):
{
"mcpServers": {
"watchtower": {
"command": "watchtower-mcp"
}
}
}
Restart Claude Code. You now have 8 new tools available.
Tools
Cost Tracking
| Tool | What it does |
|---|---|
watchtower_log_usage | Log token usage from an API call to track costs |
watchtower_spend | View spending summary (today / week / month) with model breakdown |
watchtower_budget | Set daily/weekly/monthly budget alerts |
Security Scanning
| Tool | What it does |
|---|---|
watchtower_scan_headers | Scan a deployed URL for missing security headers (CSP, HSTS, etc.) |
watchtower_scan_secrets | Scan source code for hardcoded API keys and tokens |
watchtower_scan_supabase | Audit Supabase tables for missing Row Level Security policies |
Dashboard
| Tool | What it does |
|---|---|
watchtower_status | Quick overview of spending + recent security findings |
watchtower_scan_history | View history of past security scan results |
Usage
Once installed, just ask Claude:
"What's my API spend this week?"
"Scan my project for hardcoded secrets"
"Check the security headers on https://myapp.vercel.app"
"Set a $5 daily budget alert"
"Audit my Supabase database for missing RLS policies"
How It Works
- Cost tracking: Logs token usage to a local SQLite database at
~/.watchtower/watchtower.db. Calculates costs using current Anthropic pricing. Supports budget alerts. - Security scanning: Runs checks against your live URLs, source code, and databases. Findings are persisted locally so you can track them over time.
- No external services: Everything runs locally. No data leaves your machine.
Supported Models
Claude Opus 4.6, Sonnet 4.6, Haiku 4.5, and Sonnet 3.5. Unknown models fall back to Sonnet pricing.
Requirements
- Node.js 18+
- Claude Code (or any MCP-compatible client)
psql(optional, for Supabase RLS scanning)
License
MIT
เซิร์ฟเวอร์ที่เกี่ยวข้อง
Alpha Vantage MCP Server
ผู้สนับสนุนAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Recent Go MCP Server
Provides Go language updates and best practices in a structured Markdown format for LLM coding agents.
MCP Code Executor
Allows LLMs to execute Python code within a specified and configurable Python environment.
MapleStory MCP Server
Access NEXON MapleStory open API data for character info, union details, guild data, rankings, and game mechanics.
Slowtime MCP Server
A server for secure time-based operations, featuring timing attack protection and timelock encryption.
MCP Servers Nix
A Nix-based configuration framework for deploying MCP servers with ready-to-use packages, supporting modular and reproducible builds.
Kestra Python MCP Server
A Python implementation of a Model Context Protocol server for interacting with Kestra.
Nucleus MCP
Local-first, cross-platform memory sync for AI coding tools (Cursor, Claude, Windsurf) with persistent engrams and hypervisor security.
Visus Agent Sandbox
Pre-execution simulation and policy enforcement for AI agent actions. Prevents agents from accidentally or maliciously destroying production infrastructure through high-fidelity sandboxed simulations and YAML-based policy rules.
QRRapido
QR Rápido is an ultra-fast QR code generator built for AI agents and automations.
NmapMCP
Integrates the Nmap network scanning tool with MCP, enabling network scanning capabilities within MCP-compatible environments.