Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(157)

0
0
Low Cost
ticket1 icon

MCP-testing

by ticket1

Sec5

A testing environment for a Minecraft Protocol (MCP) server, likely for development and protocol analysis.

Setup Requirements

  • ⚠️Java Development Kit (JDK) required
  • ⚠️Maven or Gradle build tool likely required for compilation and execution
Review RequiredView Analysis
Source code was not provided in the prompt for analysis. Therefore, a comprehensive security audit for malicious patterns, 'eval' usage, hardcoded secrets, or network risks could not be performed. The assigned score reflects an inability to verify safety rather than an assessment of specific vulnerabilities.
Updated: 2025-12-06GitHub
0
0
Low Cost
areeba-awan icon

mcp-server-prac

by areeba-awan

Sec1

A practice server designed for learning or developing applications that interact with the Minecraft Protocol.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE)
  • ⚠️May require specific Minecraft client version to connect
Review RequiredView Analysis
No source code was provided for analysis. Therefore, a comprehensive security audit is impossible. Without visibility into the codebase, potential risks such as 'eval' usage, obfuscation, network vulnerabilities, hardcoded secrets, or malicious patterns cannot be identified. Defaulting to the lowest score due to critical lack of information.
Updated: 2025-12-03GitHub
0
0
Medium Cost
mikelovesrobots icon

bedrock-kb-mcp

by mikelovesrobots

Sec8

This server is designed to provide an API endpoint for a knowledge base, likely interacting with the Model Context Protocol.

Setup Requirements

  • ⚠️TypeScript Execution: The `start` script `node src/index.ts` will likely fail as Node.js cannot directly execute `.ts` files. It requires `ts-node` (not listed as a dependency) or a prior TypeScript compilation step (no explicit `build` script or `prestart` hook).
  • ⚠️Model Context Protocol Configuration: Interaction with `@modelcontextprotocol/sdk` will require specific configuration (e.g., API keys, endpoint URLs) for the Model Context Protocol, which are not defined in the provided code.
Verified SafeView Analysis
No explicit security risks like 'eval', code obfuscation, or hardcoded secrets were found in the provided truncated source code. It utilizes standard and common libraries like Express and Zod. The `@modelcontextprotocol/sdk` dependency includes `express-rate-limit`, which is a positive security practice for API servers. A full security audit would require access to the complete application logic.
Updated: 2025-11-23GitHub
0
0
Medium Cost
MeeraChothe259 icon

mcp-server

by MeeraChothe259

Sec1

Acts as a backend server, potentially related to a specific protocol or application, but its exact functionality cannot be determined without source code.

Review RequiredView Analysis
Source code not provided, unable to perform any security audit. Cannot confirm safety or identify potential risks like 'eval', obfuscation, or hardcoded secrets.
Updated: 2025-11-24GitHub
0
0
Medium Cost
zhangchark icon

jadx-mcp-server

by zhangchark

Sec8

This server acts as an MCP (Microservice Communication Protocol) proxy to a local JADX-AI-MCP Plugin, enabling programmatic interaction for Android reverse engineering tasks.

Setup Requirements

  • ⚠️Requires a JADX-AI-MCP Plugin instance running locally on a specified port (default 8650).
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Requires `fastmcp` and `httpx` Python packages to be installed.
Verified SafeView Analysis
The server connects to a JADX-AI-MCP Plugin instance that is hardcoded to run on `127.0.0.1` (localhost). This design significantly limits the direct network attack surface of the sensitive reverse engineering data it exposes. The code itself does not contain obvious malicious patterns, 'eval' usage, or hardcoded secrets. Error handling for network requests is present. The primary security risk would arise if the MCP server itself is exposed publicly without robust authentication or access controls, which is not the intended or default deployment.
Updated: 2025-11-24GitHub
0
0
Medium Cost
dmitry-melnishin icon

mcp-client-and-server

by dmitry-melnishin

Sec8

An MCP server that provides AI-agent callable tools and resources for managing guitar product inventory and customer orders, integrated with a product catalog and fulfillment API.

Setup Requirements

  • ⚠️Requires multiple services (products-api, fulfillment-api, mcp-order-server, frontend, admin) to be run concurrently for full functionality.
  • ⚠️Services use specific local ports: products-api (8082), fulfillment-api (8080), mcp-order-server (9533), admin (3001), frontend (5173). Ensure these ports are available.
  • ⚠️Uses 'pnpm' as the package manager; 'npm' or 'yarn' are not directly supported.
  • ⚠️The 'kill:port' scripts are Windows PowerShell specific.
Verified SafeView Analysis
The system uses Express.js and makes HTTP requests between local services. CORS is configured with `origin: '*'` in all APIs (`products-api`, `fulfillment-api`, `mcp-order-server`), which is highly insecure for production environments but acceptable for local development/demonstration. There are no obvious hardcoded secrets in the provided snippets, 'eval' usage, or malicious patterns. For production deployment, CORS policies must be restricted, and all inter-service communication should use HTTPS.
Updated: 2025-11-30GitHub
0
0
Low Cost
cocolizh icon

mcp-demo-2048

by cocolizh

Sec9

This server provides a web-based implementation of the classic 2048 game, accessible through a browser and using WebSockets for real-time game state updates.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm installed locally (if not using Docker)
  • ⚠️Docker is recommended for simplified deployment and execution.
Verified SafeView Analysis
The source code analysis reveals no use of 'eval', obfuscation, hardcoded secrets, or overtly malicious patterns. It utilizes standard Node.js libraries (Express, ws) for a simple web game. Network exposure on port 8080 is standard for a web application.
Updated: 2025-11-20GitHub
0
0
Medium Cost
mozhaa icon

mcp-sbt-shell

by mozhaa

Sec4

Execute sbt commands in a persistent shell session to interact with Scala projects and their build processes.

Setup Requirements

  • ⚠️Requires sbt to be installed and accessible in the system PATH.
  • ⚠️Requires a Scala project with a 'build.sbt' file in the specified working directory.
  • ⚠️The sbt prompt detection logic is 'tested on Windows with sbt.bat' and uses a specific byte sequence, which might behave differently or fail on non-Windows operating systems (e.g., macOS, Linux).
Review RequiredView Analysis
The server executes arbitrary sbt commands provided by the client without input sanitization for the 'command' parameter. If exposed to untrusted networks or users, this poses a significant command injection risk, allowing execution of potentially malicious sbt commands or underlying system commands. Requires careful deployment to ensure only trusted clients can access it, preferably within a sandboxed environment.
Updated: 2025-11-30GitHub
0
0
Low Cost
Brahhime icon
Sec6

Set up a Modular Control Protocol (MCP) server for application logic and integrations.

Setup Requirements

  • ⚠️Docker required for `docker-compose` setup
  • ⚠️Go development environment needed for direct execution or customization
  • ⚠️Familiarity with the Yokai Go framework is beneficial for extension and advanced configuration
Verified SafeView Analysis
The default configuration in `config.yaml` and `config.prod.yaml` exposes several debug endpoints (e.g., config, routes, build, modules) by default, which can lead to sensitive information disclosure if deployed without proper network security or explicit disabling. The `docker-compose.yaml` mounts the entire project directory into the container, a common practice for development but a potential risk in production if sensitive files are present in the host directory. It is crucial to review and disable unnecessary endpoints and harden deployment configurations for production environments.
Updated: 2025-12-14GitHub
0
0
Low Cost
julienld icon
Sec8

The MCP Server Tester is a FastMCP-based harness designed to launch, proxy, and manage other MCP servers over stdio for testing and development purposes.

Setup Requirements

  • ⚠️Requires an MCP client (e.g., Codex CLI) to interact with the server's control tools.
  • ⚠️Child servers managed by this tester must be MCP-compliant and communicate over stdio.
Verified SafeView Analysis
The server's core function involves launching arbitrary commands and passing environment variables to subprocesses based on user input. While `shlex.split` is used for command parsing, direct execution of user-provided commands (e.g., `tester_control_start_server`) means that if the harness itself is exposed to untrusted input, it presents a command injection risk. However, this is an inherent feature for a testing harness designed to control child servers, not a vulnerability in its intended use by trusted developers in a controlled environment. No explicit 'eval' or hardcoded secrets were found in the `mcp-server-tester`'s source code. The demo credentials in the install script are for a separate child server.
Updated: 2025-12-05GitHub
0
0
Low Cost
CrackingShells icon

mcp-servers

by CrackingShells

Sec10

This repository serves as a temporary list for compiling Systems Biology MCP servers.

Verified SafeView Analysis
The provided 'SOURCE CODE' consists solely of a README.md file. There is no executable code (e.g., JavaScript, Python, Dockerfiles) to audit for 'eval', obfuscation, hardcoded secrets, or network risks within this repository itself. The repository is inert; security risks would only arise from visiting the external links listed within the README, which are outside the scope of this repository's code.
Updated: 2025-12-02GitHub
0
0
Low Cost
cocolizh icon
Sec1

Analysis is severely limited as no source code was provided. Based on the repository name 'demo-algorithms-repo' and the description 'MCP Server', it likely demonstrates algorithms within a server context, but specifics regarding its exact function are unknown.

Setup Requirements

  • ⚠️Source code not provided for analysis, preventing detailed evaluation of requirements or friction points.
Review RequiredView Analysis
CRITICAL: The source code was not provided for analysis, making a comprehensive security audit impossible. Without code, it's impossible to check for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Therefore, the server cannot be deemed safe to run.
Updated: 2025-11-24GitHub
PreviousPage 6 of 14Next