Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(157)

32
1
Low Cost
nemesiscodex icon

pulse-tm

by nemesiscodex

Sec9

Pulse is a terminal-based task manager designed for developers to manage projects and tasks, offering CLI, TUI, and seamless integration with AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Bun 1.0.0 or higher; Node.js is not supported.
  • ⚠️Tasks are stored in local YAML files within a '.pulse/' directory, not cloud-synced.
  • ⚠️Automatic project root detection (via .git folder) might place the .pulse/ directory in an unexpected location if not explicitly specified with '--working-dir'.
Verified SafeView Analysis
The MCP server uses StdioServerTransport, communicating over standard I/O rather than network ports, which inherently limits direct network exposure. Task data is stored locally in YAML files within a .pulse directory. The project explicitly states no data is sent to remote servers by default and warns users about AI tools potentially reading/modifying local tasks. Input parsing for tool arguments includes validation (e.g., parseInt, trim, sanitizeTagName). No 'eval' or direct arbitrary command execution via child processes were identified in the provided runtime code.
Updated: 2025-12-02GitHub
32
2
Low Cost
DanielAvdar icon

dev-kit-gh-mcp-server

by DanielAvdar

Sec2

A GitHub Model Context Protocol server designed for automation, bots, and AI agents to perform focused repository operations.

Setup Requirements

  • ⚠️Critical Bug: The server's `create_server.py` and `fastmcp_server.py` import `RepoFastMCPServerError` and alias it as `FastMCP`, then attempt to run it as the server. This is a critical functional bug that will prevent the server from starting.
  • ⚠️Requires `uv` installed via `pipx` (`pipx install uv`).
  • ⚠️Requires `GITHUB_TOKEN` environment variable for GitHub API authentication.
  • ⚠️Requires being run within a local Git repository or providing a GitHub repository URL directly via the `--root-dir` argument.
Review RequiredView Analysis
The server's `create_server.py` and `fastmcp_server.py` files explicitly import `RepoFastMCPServerError` (which, by convention, indicates an exception class) and alias it as `FastMCP`. It then attempts to instantiate and run this aliased class as the main server instance. This is a critical functional bug that will prevent the server from starting or operating correctly. If this core functional bug were resolved, the server's handling of sensitive `GITHUB_TOKEN` via environment variables is appropriate, and its operations are wrappers around standard PyGithub API calls, which are generally secure. No 'eval', obfuscation, hardcoded secrets, or obvious malicious patterns are present within the operational code itself.
Updated: 2025-12-12GitHub
32
1
Low Cost
ryar001 icon

finance_mcp

by ryar001

Sec8

Provides structured financial statements (Income Statement, Balance Sheet, Cash Flow) from public companies for consumption by LLMs via an MCP server.

Setup Requirements

  • ⚠️Relies on `yfinance` for data, which scrapes Yahoo Finance; respect Yahoo Finance's terms of service to avoid potential IP bans or service interruptions.
  • ⚠️Requires `uv` package manager (or `uvx`) for the recommended quick installation and execution method.
  • ⚠️While documentation mentions `GEMINI_API_KEY`, the current implementation directly uses `yfinance` and does not incur LLM token costs for data retrieval, but this might change in future iterations based on project history.
Verified SafeView Analysis
The server primarily uses the `yfinance` library to scrape data from Yahoo Finance, which carries a note in the README about respecting Yahoo Finance's terms of service. There are no explicit `eval` or direct code injection vulnerabilities observed. The logging configuration includes async handlers which is good. Firestore integration is present but not actively used for core data retrieval by the MCP tools. While `GEMINI_API_KEY` is referenced in documentation, the current implementation bypasses LLM for data fetching, thus reducing direct exposure to potential LLM-related prompt injection risks from this component. The server runs as a local process and communicates via standard I/O for MCP, which generally limits direct network exposure.
Updated: 2025-12-10GitHub
31
1
Medium Cost
dilettacal icon

bug-buster-ai

by dilettacal

Sec4

A cybersecurity AI agent that analyzes Python code for vulnerabilities using OpenAI's LLMs and Semgrep, deployable on Azure and GCP.

Setup Requirements

  • ⚠️Requires Docker for recommended local setup, or Node.js and `uv` for local development.
  • ⚠️Requires OpenAI API Key (paid service) and Semgrep App Token for core functionality.
  • ⚠️Requires significant Azure CLI and Terraform setup for cloud deployment, including manual Key Vault secret population and Container App secret linking post-Terraform apply.
  • ⚠️The presence of `eval(expr)` in `backend/airline.py` is a critical security risk; ensure `airline.py` is not used in a production or user-facing context, or remove it entirely.
Review RequiredView Analysis
The `backend/airline.py` file, which is part of the provided source code, contains a `calculate` function that uses `eval(expr)`. If this function were exposed to untrusted user input, it would be a severe remote code execution vulnerability. While `backend/server.py` (the core API) does not appear to directly use this `airline.py` file, its presence in the repository's backend makes it a significant security risk if the architecture were ever changed or if `airline.py` were invoked in an insecure context. Other aspects, like handling API keys via Key Vault and OIDC for deployment, are good practices. Diagnostic endpoints `/network-test` and `/semgrep-test` provide system information, which could be a minor information disclosure risk, but are common for health checks.
Updated: 2025-11-23GitHub
31
1
Medium Cost
NicolasWs icon
Sec8

An MCP server for integrating Mistral AI's Codestral and general language models, providing AI-powered code assistance and general reasoning capabilities.

Setup Requirements

  • ⚠️Requires Mistral AI API Key (Paid Service)
  • ⚠️Requires Node.js and npm installed
Verified SafeView Analysis
The server uses Zod for robust input validation. It loads the Mistral API key from environment variables, which is good practice. No 'eval' or obvious obfuscation is present. File write operations (outputPath) exist; if an untrusted client could control the path, it might pose a local file system risk. However, for its intended use with trusted MCP clients like IDEs, this is generally acceptable.
Updated: 2025-12-07GitHub
30
1
Low Cost
canstralian icon

parrot_mcp_server

by canstralian

Sec3

A Raspberry Pi 5 Bash script library for system maintenance, automation, and structured message exchange between AI agents and local tools/services.

Setup Requirements

  • ⚠️Requires 'sudo' for many system maintenance operations (e.g., apt, tar).
  • ⚠️Full functionality (e.g., JSON validation, precise load checks, email notifications) depends on external tools like 'jq', 'bc', and 'mailutils' which may need to be installed.
  • ⚠️The default IPC mechanism is critically insecure (file-based in /tmp) and requires immediate configuration/migration to secure alternatives (e.g., named pipes, Unix sockets) as detailed in 'docs/IPC_SECURITY.md'.
  • ⚠️The 'daily_workflow.sh' script does not source 'common_config.sh', meaning it does not benefit from centralized configuration, validation, or updated logging, and remains highly vulnerable to input-related attacks.
Review RequiredView Analysis
CRITICAL: The server relies on insecure file-based Inter-Process Communication (IPC) via '/tmp/mcp_in.json' and '/tmp/mcp_bad.json'. This is explicitly documented as a major security vulnerability (race conditions, world-readable files, predictable paths, symlink attacks, no authentication/authorization). The 'start_mcp_server.sh' script still uses this insecure default. Input validation is incomplete across scripts; while 'common_config.sh' introduces validation functions, critical scripts like 'daily_workflow.sh' do not source it, making them highly vulnerable to command injection (e.g., via email notifications or unvalidated paths). The 'setup_cron.sh' script uses insecure temporary files. No robust authentication or authorization is implemented.
Updated: 2025-11-26GitHub
30
1
Low Cost
demiliani icon
Sec8

A Visual Studio Code extension to automate the installation and configuration of the Dynamics 365 Business Central Admin MCP server for GitHub Copilot integration.

Setup Requirements

  • ⚠️Requires .NET 9 runtime to be installed for the actual MCP server (separate from Node.js/npm).
  • ⚠️Global npm package installation may require elevated permissions (admin/sudo) depending on system configuration.
Verified SafeView Analysis
The extension uses `child_process.exec` and `execSync` to run system commands (npm install/update/uninstall, Node.js/npm version checks, process management). While commands are mostly hardcoded or derived from trusted sources, installing global npm packages introduces a supply chain risk (dependency on `@demiliani/d365bc-admin-mcp`). File system operations are confined to expected configuration (`mcp.json`) and temporary directories. No direct use of `eval` or obvious obfuscation. Process termination logic (`taskkill`, `pkill`) targets specific executables, reducing broader system risk. The `.NET 9` requirement for the *installed* MCP server (not this extension itself) implies a dependency on another runtime. Overall, the implementation appears robust for its stated purpose, but inherent risks of running system commands and external package installations exist.
Updated: 2025-12-11GitHub
30
1
Low Cost
seanivore icon

claud-grants

by seanivore

Sec7

Facilitates grant application management and development roadmap tracking for a decentralized AI developer knowledge sharing protocol, while outlining its technical implementation.

Setup Requirements

  • ⚠️Requires Solana development environment (Rust, Solana CLI)
  • ⚠️Requires Web3 client-side libraries for interaction
Verified SafeView Analysis
This repository primarily contains documentation and high-level code snippets for a grant application, not the full executable MCP server code. Therefore, it poses no direct security risks from running server-side code from this specific repository. However, the described $CLAUD protocol involves smart contracts, tokenomics, and decentralized systems, which are inherently complex and prone to vulnerabilities. The documentation mentions plans for external security audits and robust measures for the actual protocol implementation (claud-coin), but these cannot be fully validated from the provided truncated source code.
Updated: 2025-11-29GitHub
30
1
High Cost
gesslar icon

fluffos-mcp

by gesslar

Sec8

Enables AI assistants to validate and debug LPC (LPMud) source code by interacting with local FluffOS driver CLI tools for compilation checks, bytecode disassembly, and documentation lookup.

Setup Requirements

  • ⚠️Requires a local installation of FluffOS with 'symbol' and 'lpcc' binaries available in the specified FLUFFOS_BIN_DIR.
  • ⚠️Requires Node.js version 16 or higher to run the server.
  • ⚠️Environment variables `FLUFFOS_BIN_DIR` and `MUD_RUNTIME_CONFIG_FILE` are mandatory, and `FLUFFOS_DOCS_DIR` is needed for documentation lookup.
Verified SafeView Analysis
The server executes external FluffOS CLI tools (`symbol`, `lpcc`, `search_docs.sh`) via `child_process.spawn`. User-provided file paths and search queries are passed as arguments in an array, which is generally safer than direct shell execution (`exec`) as arguments are not implicitly shell-interpreted. However, the security relies on the robustness of the underlying FluffOS tools and the `search_docs.sh` script to correctly handle potentially malicious input passed as arguments. Paths are normalized by the server to be relative to the mudlib directory where possible. No hardcoded secrets or 'eval' usage were found. Requires a trusted local FluffOS installation and careful configuration of environment variables.
Updated: 2025-12-08GitHub
29
1
High Cost
josefbacik icon

kerneldev-mcp

by josefbacik

Sec7

An MCP server for intelligent Linux kernel configuration management, building, and filesystem regression testing, including advanced device management for performance optimization.

Setup Requirements

  • ⚠️Requires `virtme-ng` (install via `pip install virtme-ng`).
  • ⚠️Requires `QEMU` (system-level package, e.g., `qemu-system-x86_64` for x86_64 targets).
  • ⚠️Requires `LVM2` tools (`lvm2` system-level package) for LVM Device Pools.
  • ⚠️Requires cross-compilation toolchains (e.g., `gcc-aarch64-linux-gnu`) for cross-compilation targets.
  • ⚠️Requires the user account running the MCP server to have passwordless `sudo` access configured for various system commands (e.g., `pvcreate`, `vgcreate`, `lvcreate`, `losetup`, `modprobe`, `chown`, `umount`, `mount`, `blockdev`, `udevadm`, `sgdisk`, `dd`).
Verified SafeView Analysis
The server heavily relies on `subprocess.run` and `subprocess.Popen` to execute system commands (`make`, `git`, `lvm` tools, `virtme-ng`, `qemu`, `sudo`). It is designed for kernel developers with appropriate system privileges. The documentation explicitly states that it requires `sudo` access for many operations (e.g., LVM device management, `modprobe`, `chown`) without password prompts, implying a trust relationship with the user running the MCP server. Arbitrary shell commands/scripts can be executed inside isolated VMs via `boot_test` and `boot_with_custom_command` tools, which is documented as intentional for flexibility and requires trusted input. There is no direct `eval` from user input in the core server logic. Remote code execution would be possible if the server is run by an untrusted user with configured passwordless sudo access.
Updated: 2025-11-21GitHub
0
0
Medium Cost
Hariharan-bit-star icon

MCP_Server

by Hariharan-bit-star

Sec9

Configures Model Context Protocol (MCP) integrations for Jira and GitHub, enabling structured interactions and agent-based automation with these development platforms.

Setup Requirements

  • ⚠️Requires Node.js and npm to execute the `npx` commands for the underlying MCP servers.
  • ⚠️Requires a JIRA_API_TOKEN, which typically involves setting up an API token within a Jira Cloud account.
  • ⚠️Requires a GITHUB_PERSONAL_ACCESS_TOKEN with appropriate permissions for GitHub interactions.
Verified SafeView Analysis
The provided source code is a configuration file that utilizes environment variables for sensitive tokens (JIRA_API_TOKEN, GITHUB_PERSONAL_ACCESS_TOKEN), which is a good security practice. There are no direct instances of 'eval', obfuscation, or hardcoded secrets within this configuration file itself. The overall security posture will heavily depend on the invoked `npx` packages (`mcp-jira-stdio` and `@modelcontextprotocol/server-github`), which are external dependencies and not part of the analyzed source code.
Updated: 2025-12-12GitHub
0
0
Low Cost
Maha234Zaidi icon

mcp-server-practice

by Maha234Zaidi

Sec10

Serves as a developer's profile link within a repository, with no server-specific functionality present in the provided source code snippet.

Verified SafeView Analysis
The provided source code is a static Markdown file (`mahazaidi.md`) containing only text and a URL. It does not contain any executable server code, 'eval', obfuscation, hardcoded secrets (other than a public GitHub URL), or network-related functionality. Therefore, this specific file itself poses no direct security risks. A comprehensive security audit for an 'MCP Server' cannot be performed as no actual server code was provided.
Updated: 2025-11-23GitHub
PreviousPage 4 of 14Next