Paste your URL and in 30 seconds I'll show you the holes Cursor, Lovable, Bolt or v0 left behind: exposed API keys, an open database, /admin with no login — plus 100+ checks across security, SEO and AI visibility. Every finding ships with the fix, ready to paste into your AI. Then Watch keeps checking, every 60 seconds, forever.
Built by a cybersecurity engineer — the same checks a pentester runs, automated.
Every scan ends in a severity map: what's critical, what can wait, and a fix prompt for each finding.
Plans from $19/mo · cancel anytime
You don't need to know what a Content-Security-Policy is. Copy the prompt, paste it into your AI editor, ship the fix. Each prompt includes your framework, your hosting and the exact issue we found.
Ask your AI assistant "is my site OK?" and get live answers — scans, uptime, latency — without leaving your editor.
$ claude mcp add nurbak-watch npx @nurbak/watch mcp
My Next.js 14 app (app router, deployed on Vercel) is missing a Content-Security-Policy header. Add a strict but workable CSP via the headers() config in next.config.js. I use: Google Fonts, Supabase (wss + https), and Vercel Analytics. Include frame-ancestors 'none' and explain anything I should test after.
A scan tells you what's broken right now. Watch tells you the moment anything breaks again — every 60 seconds, from 4 regions, plus from inside your server.
Same checks, same card — now it never blinks. Alerts via Slack, email or WhatsApp.
External checks hit your site like a real user would, from 4 global regions.
Internal execution monitoring inside your Next.js process.
$ npm install @nurbak/watch
One scan, 30 seconds. Pick a plan to keep watching.
Plans from $19/mo · cancel anytime
The 20 checks that matter before you charge your first customer.
Read →You built it with AI. Here's how to make sure AI didn't leave the door open.
Read →RLS, service keys, edge config — the stack-specific gotchas.
Read →