Nurbak Watch — Scan your site. Then keep watching.
For apps built with Cursor, Lovable, Bolt or v0

Your AI-built app has security holes.
I'll show you the worst ones in 30 seconds.

Paste your URL and in 30 seconds I'll show you the holes Cursor, Lovable, Bolt or v0 left behind: exposed API keys, an open database, /admin with no login — plus 100+ checks across security, SEO and AI visibility. Every finding ships with the fix, ready to paste into your AI. Then Watch keeps checking, every 60 seconds, forever.

https://
Free scan · 100+ checks in 30s · You only pay if we find issues
Plans from $19/mo · cancel anytime

Built by a cybersecurity engineer — the same checks a pentester runs, automated.

demo — sample datayour-app.com
Running security probes…0%
No exposed API keys in client bundleSECURITY0 found
SQL injection probesSECURITY12 endpoints · clean
!Security headersSECURITYCSP missing
SSL certificate & chainSECURITYvalid · 71 days
!Meta & OpenGraph tagsSEOog:image missing
robots.txt & sitemapSEOok
AI citabilityAEOno llms.txt
Sample report. Yours takes 30 seconds — scan above.
Built in public · core checks open source · cancel anytime

Use it as an MCP server

The report

Know exactly how bad it is.

Every scan ends in a severity map: what's critical, what can wait, and a fix prompt for each finding.

demo — sample datayour-app.com72 / 100
23ISSUES4CRITICAL7HIGH12MEDIUM
Supabase service_role key reachable from clientSECURITYcritical
No rate limiting on the login route
Cross-site scripting vector on search parameter
DMARC record missing for transactional email
AI crawlers blocked by robots.txt misconfiguration
+ 18 more findings in the full report

Plans from $19/mo · cancel anytime

Fix with AI

Every finding ships with a prompt your AI can fix.

You don't need to know what a Content-Security-Policy is. Copy the prompt, paste it into your AI editor, ship the fix. Each prompt includes your framework, your hosting and the exact issue we found.

LLovableClaude CodeCursorWindsurfv0VS Code
MCP server

Ask your AI assistant "is my site OK?" and get live answers — scans, uptime, latency — without leaving your editor.

add the MCP server
$ claude mcp add nurbak-watch npx @nurbak/watch mcp
run_scanget_uptimeget_latencylist_incidentsget_fix_prompt
FIX PROMPTTuned to: Next.js 14 · Vercel
My Next.js 14 app (app router, deployed on Vercel) is missing a
Content-Security-Policy header. Add a strict but workable CSP via
the headers() config in next.config.js. I use: Google Fonts,
Supabase (wss + https), and Vercel Analytics. Include
frame-ancestors 'none' and explain anything I should test after.
Works in:LLovableClaude CodeCursor
The first watch

That scan you just ran?
Watch never stops running it.

A scan tells you what's broken right now. Watch tells you the moment anything breaks again — every 60 seconds, from 4 regions, plus from inside your server.

demo — sample datayour-app.comscanned once72 / 100
Homepage upUPTIME200 · 212 ms
API /api/checkoutUPTIME200 · 340 ms
SSL certificateSECURITYvalid · 71 days
!Response contains "undefined"CONTENT1 page
demo — sample datayour-app.comevery 60 s · 4 regions99.98% · 30d
last 90 minutes1 incident · 42 s
us-east212 ms200 OK
eu-west188 ms200 OK
sa-east241 ms200 OK
ap-south310 ms200 OK
P50 internal
48 ms
P95 internal
230 ms
P99 internal
612 ms

Same checks, same card — now it never blinks. Alerts via Slack, email or WhatsApp.

⊙ From outside · zero install

Paste a URL. That's it.

External checks hit your site like a real user would, from 4 global regions.

  • Every 60 seconds from us-east, eu-west, sa-east, ap-south
  • SSL & domain expiry warnings before they bite
  • Content checks — catch "undefined", empty states, error pages
  • Alerts via Slack, email or WhatsApp
⊕ From inside · 5 lines of code

See what the outside can't.

Internal execution monitoring inside your Next.js process.

terminal
$ npm install @nurbak/watch
  • P50 / P95 / P99 latency per route, per region
  • Slow queries & cold starts — invisible from outside
  • 5 lines in your layout.tsx and you're live
60 s check interval4 global regionsP50·P95·P99 internal latencycatches "200 OK but broken"Slack · email · WhatsApp

Run your first watch.

One scan, 30 seconds. Pick a plan to keep watching.

https://

Plans from $19/mo · cancel anytime

Resources

Ship fast. Stay safe.