Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(68)

99
928
High Cost
cgoinglove icon

better-chatbot

by cgoinglove

Sec7

An open-source AI chatbot for individuals and teams, featuring multi-AI support, powerful tools, image generation, automation, and real-time voice assistance.

Setup Requirements

  • ⚠️Requires an OpenAI, Google, Anthropic, xAI, Ollama, Groq, or OpenAI-compatible API key (at least one is mandatory for core AI functionality).
  • ⚠️Persistent storage requires PostgreSQL (`POSTGRES_URL`) and optionally Redis (`REDIS_URL`) for caching.
  • ⚠️File storage requires configuration for either Vercel Blob or S3 (with environment variables like `FILE_STORAGE_S3_BUCKET`).
Verified SafeView Analysis
The server uses `new Function()` for JavaScript execution and `pyodide.runPythonAsync` for Python execution. While these are inherently risky, the code attempts to mitigate this by running in the user's browser (client-side) and includes basic safety checks (e.g., forbidden keywords, suspicious patterns). The `httpFetchTool` allows the LLM to make arbitrary HTTP requests from the server, which could lead to Server-Side Request Forgery (SSRF) or unauthorized data access if not strictly controlled by LLM system prompts and/or network configurations (e.g., whitelisting). Sensitive API keys and configurations are correctly handled via environment variables. Input validation is applied using Zod schemas. Overall, conscious efforts are made towards security, but the dynamic tool usage requires vigilant monitoring and strong LLM guardrails.
Updated: 2025-12-04GitHub
55
1
Medium Cost
iceener icon
Sec9

Manage email contacts, segments, and send emails/newsletters via Resend using an AI agent.

Setup Requirements

  • ⚠️Requires a Resend account with a verified sending domain.
  • ⚠️Requires obtaining a Resend API Key from resend.com/api-keys.
  • ⚠️Requires manually generating a secure BEARER_TOKEN (e.g., using `openssl rand -hex 32`).
Verified SafeView Analysis
No hardcoded secrets were found; all sensitive credentials (Resend API key, Bearer token) are loaded from environment variables. The server employs AES-256-GCM encryption for file-based token storage in Node.js, and KV/memory with encryption in Cloudflare Workers. Input validation is enforced via Zod schemas, and sensitive data is sanitized in logs. Origin and MCP protocol version validation are implemented. The README provides clear warnings about the risks of giving AI agents email-sending capabilities and advises caution and client-side review mechanisms.
Updated: 2025-12-06GitHub
46
51
Low Cost
mailtrap icon

mailtrap-mcp

by mailtrap

Sec9

This MCP server integrates with Mailtrap.io to provide tools for sending transactional emails, managing email templates (create, list, update, delete), and testing emails in a sandbox environment.

Setup Requirements

  • ⚠️Requires a Mailtrap account and API token for all functionality.
  • ⚠️Domain verification is necessary for sending live transactional emails.
  • ⚠️MAILTRAP_ACCOUNT_ID is required for template management operations.
  • ⚠️MAILTRAP_TEST_INBOX_ID is only required for sandbox email functionality.
  • ⚠️Node.js >=16.20.1 is required.
Verified SafeView Analysis
The server follows good security practices: sensitive credentials (Mailtrap API token) are expected from environment variables and marked as 'sensitive' in the manifest. Input validation is performed using JSON schemas (though Zod is used internally for schema definition). No direct 'eval' or obvious malicious patterns were found. Network communication is handled by `axios` to the Mailtrap API, and the MCP server uses standard I/O, minimizing direct network exposure from the server itself. The code includes error handling for missing environment variables. The sandbox client explicitly checks for the `MAILTRAP_TEST_INBOX_ID` environment variable.
Updated: 2025-12-02GitHub
44
40
Medium Cost
jlucaso1 icon

whatsapp-mcp-ts

by jlucaso1

Sec8

Connects a personal WhatsApp account to an AI agent, enabling the agent to search messages and contacts, list chats, retrieve message history, and send messages via WhatsApp.

Setup Requirements

  • ⚠️Requires Node.js version 23.10.0 or higher.
  • ⚠️Requires an initial manual WhatsApp QR code scan for authentication, which can be time-sensitive.
  • ⚠️Initial message history synchronization can take significant time depending on your WhatsApp history size.
  • ⚠️Specific configuration JSON is required for the AI client (e.g., Claude Desktop, Cursor) to launch and connect to the MCP server.
Verified SafeView Analysis
The server stores all WhatsApp authentication credentials and message history locally in a SQLite database and authentication cache, which is good for privacy from the server's perspective. It communicates with the AI client via standard input/output (stdio), avoiding direct network exposure to the outside for the MCP protocol itself. No 'eval' or other direct dangerous dynamic code execution patterns were found. The primary security considerations are the security of the local machine storing sensitive WhatsApp data and the trustworthiness of the connected AI agent that will access this data via MCP tools.
Updated: 2025-12-06GitHub
39
14
Low Cost
ActiveCampaign icon

postmark-mcp

by ActiveCampaign

Sec9

Provides a Model Context Protocol (MCP) server to enable AI assistants to send emails and manage templates via Postmark.

Setup Requirements

  • ⚠️Requires Node.js v16 or higher.
  • ⚠️Requires an active Postmark account and server API token.
  • ⚠️Requires configuration of `POSTMARK_SERVER_TOKEN`, `DEFAULT_SENDER_EMAIL`, and `DEFAULT_MESSAGE_STREAM` environment variables.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive data like the Postmark server token, and the README explicitly warns against storing secrets in version control. It employs Zod for input validation, which helps prevent malformed requests. Logging practices appear secure, avoiding direct exposure of sensitive information in console outputs. Network requests are limited to the official Postmark API. There is no usage of 'eval' or similar dangerous patterns. The main point of caution, common to any tool that manages external credentials, is securing the environment where the server runs and ensuring proper access controls for the `.env` file.
Updated: 2025-12-01GitHub
33
2
Medium Cost
hp0912 icon
Sec2

This server acts as a Model Context Protocol (MCP) intermediary for a WeChat robot, offering various AI-powered tools such as image recognition, drawing, text-to-speech, group chat summary, personality analysis, song requests, and video generation, integrating with multiple AI providers.

Setup Requirements

  • ⚠️Requires a MySQL database for configuration and message storage.
  • ⚠️Requires API keys for multiple external AI services (e.g., OpenAI, VolcEngine/Doubao, Jimeng, Tencent Hunyuan, Zhipu GLM), which are typically paid services.
  • ⚠️Communicates with an external 'WeChat client' service, expecting it to be accessible via `http://client_{RobotCode}:{WeChatClientPort}`.
Review RequiredView Analysis
CRITICAL security risks identified: 1. **SQL Injection Vulnerability (Database Name):** The `config.buildDSNForRobot` function constructs the database connection string using `robotCode` directly as the database name. If `robotCode` is derived from user-controlled metadata (`mcp.CallToolRequest.Params.Meta`) without proper sanitization, a malicious actor could inject arbitrary SQL into the database name, potentially leading to database compromise (e.g., `malicious_db_name'; DROP DATABASE evil;`). This is a severe vulnerability. 2. **XML External Entity (XXE) Injection:** The `repository/message.go` `GetMessagesByTimeRange` function uses MySQL's `EXTRACTVALUE` (an XPath function for XML) on the `messages.content` field. If `messages.content` can contain user-controlled XML (e.g., from WeChat messages parsed into XML format), this creates a classic XXE vulnerability. An attacker could craft a malicious XML message to read local files, initiate server-side request forgery (SSRF), or cause denial of service. 3. **Logging of Error Messages:** `utils.CallToolResultError` logs raw error messages (`errmsg`) directly. If these error messages contain sensitive information from upstream APIs or internal system details, they could be exposed in server logs.
Updated: 2025-12-05GitHub
32
2
Low Cost
lukemurraynz icon

acs-email-mcp-server

by lukemurraynz

Sec9

Provides an MCP (Model Context Protocol) server to enable AI agents to send emails using Azure Communication Services, supporting templates and attachments.

Setup Requirements

  • ⚠️Requires an Azure subscription with Azure Communication Services Email configured (a paid service).
  • ⚠️Manual configuration of `ACS_ENDPOINT` and `DEFAULT_SENDER_ADDRESS` environment variables is required for local testing, and proper domain verification is needed for production.
  • ⚠️Requires installation of .NET 8 SDK, Azure Functions Core Tools, and Azure Developer CLI (azd).
Verified SafeView Analysis
The project demonstrates good security practices by leveraging Azure's built-in security features such as Managed Identity for service-to-service authentication, Function Key authentication for direct access (as per `function.json`), and promoting OAuth2/OpenID Connect via API Management as per the `docs/diagrams/README.md`. No hardcoded secrets were found in the configuration or deployment files. The `host.json` enables HTTP forwarding and proxying, which is standard for custom handlers and not a direct vulnerability without further context of the custom handler's internal logic. A full audit of the C# application code was not possible as it was not provided.
Updated: 2025-12-01GitHub
32
2
Medium Cost
lukemurraynz icon

mcp-server-acsemail

by lukemurraynz

Sec8

This server provides email sending capabilities using Azure Communication Services within a Model Context Protocol (MCP) framework.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires an Azure Communication Services resource with email capabilities configured (paid Azure service).
  • ⚠️Requires a verified sender email address in Azure Communication Services.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive Azure Communication Services credentials, avoiding hardcoding. It logs configuration issues. The `send_email_with_attachments` tool takes file paths as input; while this is standard for server-side operations, it introduces a potential risk if the MCP agent providing the file paths is untrusted or compromised, as it could lead to arbitrary file reads on the server's filesystem. However, within the trusted MCP environment, this is a controlled risk.
Updated: 2025-11-23GitHub
30
1
Low Cost
hubertusgbecker icon

chatsuite

by hubertusgbecker

Sec6

A full-stack monorepo platform integrating multiple AI, database, and automation services for enhanced collaboration and productivity.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to be installed and running.
  • ⚠️Requires NVM (Node Version Manager) and pnpm for dependency management.
  • ⚠️Manual generation of SSL certificates using `mkcert` is recommended for HTTPS access via Nginx proxy.
  • ⚠️AI API keys (e.g., OpenAI, Anthropic, Google) are required for full functionality of AI services and may incur costs.
  • ⚠️Manual copying and configuration of `config/mcphub/mcp_settings.json` from its example template is required.
Verified SafeView Analysis
Default credentials (admin/admin) are hardcoded for PostgreSQL and PgAdmin, and for NocoDB (`nocodb_user_pass`, `nocodb_password_123`) in development environment files, which pose a risk if not changed for production. MongoDB runs without authentication (`--noauth`) in the development setup. Extensive use of `exec` commands in various `tools/dev-scripts` (e.g., for Docker and Helm operations) carries a risk of command injection if inputs are not strictly controlled, though some filtering is present. The `cmd-write-env.sh` script, which modifies the root `.env` file, is sensitive. `mcp-email-server` runs with `DEBUG=1`, potentially exposing sensitive information in logs.
Updated: 2025-11-24GitHub
30
1
High Cost
Chris31372 icon

better-chat

by Chris31372

Sec5

An AI chat application designed for interacting with technical documentation using various AI models and tools, featuring per-user data isolation with Cloudflare Durable Objects.

Setup Requirements

  • ⚠️Requires a Cloudflare account and configured Cloudflare resources (D1, KV, Durable Objects) for deployment and local development.
  • ⚠️Access to premium AI models (e.g., OpenAI GPT-4o, Anthropic Claude, Google Gemini Pro) and web search (Exa) requires users to provide their own API keys.
  • ⚠️Requires the Alchemy CLI for development (`alchemy dev`) and deployment (`alchemy deploy`), which needs prior installation and configuration.
  • ⚠️In production, sending email verification codes requires a Resend API Key. In development, OTPs are logged to the console.
Review RequiredView Analysis
The application allows users to add custom MCP (Model Context Protocol) server URLs. This feature, if not rigorously validated and sandboxed by the underlying infrastructure (e.g., Cloudflare Workers), poses a significant risk of Server-Side Request Forgery (SSRF) or interaction with malicious external services. Attackers could potentially use this to exfiltrate data, perform port scanning, or exploit other vulnerabilities if the MCP server itself is compromised. While sensitive API keys are encrypted at rest and stored in environment variables, the open-ended nature of custom MCP server URLs warrants caution.
Updated: 2025-12-06GitHub
28
1
Medium Cost
PinXian53 icon

python-mcp-server

by PinXian53

Sec9

Demonstrates implementing Model Context Protocol (MCP) servers in Python using STDIO, SSE, and Streamable HTTP connection modes, providing weather tools via the National Weather Service API.

Setup Requirements

  • ⚠️Requires uv for environment and package management.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires Node.js/npm (for 'npx @modelcontextprotocol/inspector') to fully test using the MCP Inspector.
Verified SafeView Analysis
No 'eval', obfuscation, or hardcoded secrets found. Uses 'httpx' for external API calls to 'api.weather.gov'. The general 'except Exception' block in 'make_nws_request' could be refined for more specific error handling, but no direct vulnerabilities are present in the provided code. Deployment for public access would require additional security considerations external to this code.
Updated: 2025-11-21GitHub
0
0
Low Cost
varun-dev-tech icon

mcp_client

by varun-dev-tech

Sec3

To connect to an MCP server.

Setup Requirements

  • ⚠️Requires an MCP server to connect to.
Review RequiredView Analysis
No executable source code was provided for security analysis; only the `README.md` file was available. Therefore, a comprehensive security audit could not be performed, and the safety of running any client code cannot be guaranteed.
Updated: 2025-12-05GitHub
PreviousPage 1 of 6Next