WatchTower
Cost tracking + security scanning for AI builders
Watchtower MCP
Cost tracking + security scanning for AI builders. An MCP server for Claude Code.
Watchtower runs alongside your AI coding agent and gives you visibility into what you're spending and whether your deployed apps are secure.
Install
npm install -g watchtower-mcp
Add to your Claude Code MCP config (~/.claude/settings.json):
{
"mcpServers": {
"watchtower": {
"command": "watchtower-mcp"
}
}
}
Restart Claude Code. You now have 8 new tools available.
Tools
Cost Tracking
| Tool | What it does |
|---|---|
watchtower_log_usage | Log token usage from an API call to track costs |
watchtower_spend | View spending summary (today / week / month) with model breakdown |
watchtower_budget | Set daily/weekly/monthly budget alerts |
Security Scanning
| Tool | What it does |
|---|---|
watchtower_scan_headers | Scan a deployed URL for missing security headers (CSP, HSTS, etc.) |
watchtower_scan_secrets | Scan source code for hardcoded API keys and tokens |
watchtower_scan_supabase | Audit Supabase tables for missing Row Level Security policies |
Dashboard
| Tool | What it does |
|---|---|
watchtower_status | Quick overview of spending + recent security findings |
watchtower_scan_history | View history of past security scan results |
Usage
Once installed, just ask Claude:
"What's my API spend this week?"
"Scan my project for hardcoded secrets"
"Check the security headers on https://myapp.vercel.app"
"Set a $5 daily budget alert"
"Audit my Supabase database for missing RLS policies"
How It Works
- Cost tracking: Logs token usage to a local SQLite database at
~/.watchtower/watchtower.db. Calculates costs using current Anthropic pricing. Supports budget alerts. - Security scanning: Runs checks against your live URLs, source code, and databases. Findings are persisted locally so you can track them over time.
- No external services: Everything runs locally. No data leaves your machine.
Supported Models
Claude Opus 4.6, Sonnet 4.6, Haiku 4.5, and Sonnet 3.5. Unknown models fall back to Sonnet pricing.
Requirements
- Node.js 18+
- Claude Code (or any MCP-compatible client)
psql(optional, for Supabase RLS scanning)
License
MIT
Máy chủ liên quan
Scout Monitoring MCP
nhà tài trợPut performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
nhà tài trợAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Prompt MCP Server for Amazon Q
An MCP server for the Amazon Q Developer CLI to manage local prompt files.
webrtcperf
WebRtcPerf is an open-source tool designed for testing WebRTC services with multiple concurrent client connections, measuring the most important RTC statistics and collecting them in an easy way.
Cygnus MCP Server
An MCP server demonstrating Cygnus tools for reading text files and invoking local APIs.
velixar-mcp-server
Persistant AI Memory
Context7
Provides up-to-date, version-specific documentation and code examples for libraries directly into your prompt.
ContextKeeper
Provides perfect memory for AI-assisted development by capturing project context snapshots, enabling natural language search, evolution tracking, and code intelligence.
DeepSeek-Claude MCP Server
Enhance Claude's reasoning capabilities by integrating DeepSeek's advanced engine.
Recent Go MCP Server
Provides Go language updates and best practices in a structured Markdown format for LLM coding agents.
Storybook MCP
A universal MCP server that connects to any Storybook site and extracts documentation in real-time using Playwright. Use it with any AI or client that supports MCP (Model Context Protocol)—Cursor, Claude Desktop, Windsurf, or other MCP hosts.
Android MCP
An MCP server that provides control over Android devices through ADB. Offers device screenshot capture, UI layout analysis, package management, and ADB command execution capabilities.