Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(116)

97
405
Medium Cost
alpacahq icon
Sec9

Enables natural language trading operations for Alpaca's Trading API via AI assistants, supporting stocks, options, crypto, portfolio management, and real-time market data.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️`uv` package manager is recommended and often required for smooth installation and dependency management.
  • ⚠️Mandatory Alpaca Trading API keys are required for operation (free paper trading accounts are available).
  • ⚠️Requires a separate Model Context Protocol (MCP) client (e.g., Claude Desktop, Cursor, VS Code, PyCharm, Gemini CLI) for interaction.
Verified SafeView Analysis
Uses environment variables and `.env` files for sensitive API keys, with explicit warnings against command-line arguments in `cli.py`. Implements DNS rebinding protection for HTTP transport with configurable `allowed-hosts`. `.env` file permissions are set restrictively (0o600) on non-Windows systems. Kubernetes secrets are leveraged in Helm chart deployments for credentials. The primary inherent risk is financial loss from actual trading, which is clearly disclosed to the user.
Updated: 2025-12-15GitHub
83
304
Medium Cost
wshobson icon

maverick-mcp

by wshobson

Sec8

Personalized stock analysis, technical indicators, and portfolio optimization via Claude Desktop.

Setup Requirements

  • ⚠️Python 3.12+ required.
  • ⚠️TA-Lib C library dependency, which can be complex to install, especially on Windows.
  • ⚠️Requires TIINGO_API_KEY for stock data (free tier available).
Verified SafeView Analysis
The server is designed for local-first, personal use and explicitly states 'No Network Authentication' in its documentation, which is a critical security note for public deployment. It uses environment variables for API keys, Pydantic for input validation, and SQLAlchemy for database interactions to mitigate common vulnerabilities like SQL injection. A 'SECURITY.md' outlines a clear policy for reporting and best practices. Overall, it is considered safe for its intended local, single-user context.
Updated: 2025-12-29GitHub
81
91
Low Cost
aitrados icon
Sec8

A specialized MCP server for financial analysis and quantitative trading, designed to deploy local financial MCP services with a departmental architecture for LLM integration and algorithmic trading.

Setup Requirements

  • ⚠️Requires AITRADOS_SECRET_KEY obtained via free registration at https://www.aitrados.com/.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Broker integration (if enabled via `ENABLE_RPC_PUBSUB_SERVICE` and `auto_run_brokers`) requires the `aitrados-broker` package and specific configuration in `config.toml`.
Verified SafeView Analysis
The server dynamically loads user-defined MCP Python files using `importlib.util` and `exec_module`, which can pose a risk if untrusted code is loaded. It interacts with external financial data APIs and can integrate with brokerage services (`aitrados-broker`), requiring careful handling of API keys and broker configurations. Sensitive keys are expected to be set as environment variables and validated in request headers, which is good practice. Overall, well-designed for its intended extensibility but requires user vigilance regarding custom code and sensitive financial integrations.
Updated: 2025-11-19GitHub
57
70
Low Cost
huweihua123 icon

stock-mcp

by huweihua123

Sec8

Provides AI Agents with professional-grade stock market analysis capabilities by bridging large language models with real-time financial data.

Setup Requirements

  • ⚠️Requires Python 3.10+ and a running Redis server for caching.
  • ⚠️Optional (but highly recommended) API keys for premium data sources (Tushare, Finnhub) and web search (Tavily, Google) are needed for full functionality.
  • ⚠️MinIO server is required for caching and processing SEC filings, needing specific environment variables configured.
Verified SafeView Analysis
The project follows good security practices by loading API keys and sensitive configurations from environment variables. Input validation is in place via Pydantic models. However, it relies heavily on numerous third-party APIs (financial data, web search) which introduces external trust dependencies. Default MinIO/Redis credentials are for development and should be secured in production. The `edgartools` library used for SEC filings shares an identity (email) with the SEC, which is a privacy consideration.
Updated: 2026-01-18GitHub
55
1
High Cost

ai-trading-mcp-server

by FajarArrizki

Sec7

AI-powered cryptocurrency trading assistant for real-time market analysis, signal generation, and trade execution.

Setup Requirements

  • ⚠️Requires API Key for AI Provider (e.g., OpenRouter), which is a paid service.
  • ⚠️Requires Hyperliquid Wallet API Key and Account Address for live trading (sensitive credentials).
  • ⚠️Requires Node.js 20+ and pnpm for local development and execution.
Verified SafeView Analysis
The project uses Zod for input validation and explicitly warns about production hardening (HTTPS, authentication, rate limiting) for the streaming server. Private keys are expected via environment variables or tool parameters, which is generally good practice. However, there are hardcoded default API keys (e.g., OpenRouter, CoinMarketCap in a test script) which reduce the security score. The nature of financial trading inherently carries high risk if not deployed and managed securely, especially with explicit warnings for 'Local Development Only' without further hardening for production.
Updated: 2025-11-25GitHub
55
1
Medium Cost
openSVM icon

dflow-mcp

by openSVM

Sec9

Provides a Model Context Protocol (MCP) interface to access real-time and historical prediction market data from Kalshi/DFlow.

Setup Requirements

  • ⚠️Requires Bun (recommended) or Node.js 18+ to run.
  • ⚠️Manual MCP client integration requires specific JSON configuration for `command` and `args` pointing to the server's executable.
  • ⚠️Network requests are made to an external prediction market API (`https://prediction-markets-api.dflow.net` or `https://api.llm.dflow.org`), incurring data transfer and external API usage costs.
Verified SafeView Analysis
The server acts as a proxy for an external API. It utilizes robust JSON schema validation for all tool inputs, preventing common injection vulnerabilities. URL construction in the API client is safe, concatenating a fixed base URL with validated paths, mitigating SSRF risks. There are no direct usages of dangerous functions like `eval` or `child_process.exec` with user-controlled input in the main server logic. CORS headers are configured for public access in the Netlify deployment. The `generateCandlestickChart` function (present in the Netlify function but not `src/index.ts`) is safe, transforming numeric data into ASCII art within bounded dimensions. Overall, the implementation is solid for its purpose as a data proxy.
Updated: 2025-12-02GitHub
53
97
Medium Cost
imbenrabi icon
Sec9

Enables AI assistants to access and analyze comprehensive financial data, stock information, company fundamentals, and market insights from Financial Modeling Prep.

Setup Requirements

  • ⚠️Requires a Financial Modeling Prep API Key (Paid API subscription often required for higher usage and advanced endpoints).
Verified SafeView Analysis
The server explicitly handles API keys via environment variables or session configuration, which are not hardcoded. It uses a dedicated HTTP client (`axios`) with `try-catch` blocks for API calls, preventing raw error leakage. API keys are sent as query parameters to the FMP API, which is standard for that service. Extensive registry testing suite suggests a focus on secure deployment and configuration validation.
Updated: 2026-01-15GitHub
52
96
Medium Cost
kukapay icon

freqtrade-mcp

by kukapay

Sec8

Integrates an AI agent with the Freqtrade cryptocurrency trading bot to enable automated trading operations via its REST API.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️A running Freqtrade instance with its REST API enabled and properly configured (e.g., `api_server` section enabled, correct username/password).
  • ⚠️Requires environment variables `FREQTRADE_API_URL`, `FREQTRADE_USERNAME`, `FREQTRADE_PASSWORD` to be set with Freqtrade API credentials.
Verified SafeView Analysis
The server relies on environment variables for sensitive Freqtrade API credentials (URL, username, password), which is a good practice. It directly passes user-provided parameters to the `freqtrade-client` library without obvious direct code injection vulnerabilities (e.g., `eval`, `exec`). The `place_trade` function includes basic input validation for the 'side' parameter. The primary security risks would stem from vulnerabilities within the `freqtrade-client` library, the Freqtrade REST API itself, or improper handling of environment variables in the deployment environment. There are no clear indications of malicious patterns or severe code-level security flaws in the provided source.
Updated: 2025-12-06GitHub
52
97
Low Cost
kukapay icon
Sec8

Provides an MCP server with over 50 cryptocurrency technical analysis indicators and strategies to empower AI trading agents in analyzing market trends and developing quantitative strategies.

Setup Requirements

  • ⚠️Requires Node.js v18.x or higher and npm v8.x or higher.
  • ⚠️Requires configuration within an MCP client (e.g., Claude Desktop) to define the `command`, `args`, and `env` for the server.
  • ⚠️The `EXCHANGE_NAME` environment variable determines the data source (defaults to Binance, but can be configured to any ccxt-supported exchange).
Verified SafeView Analysis
The server fetches public OHLCV data from cryptocurrency exchanges using `ccxt`. While it uses an environment variable for the exchange name, no hardcoded API keys or sensitive credentials were found. The tool functions execute calculations on fetched data and return JSON, with no apparent 'eval' or other highly dangerous patterns. Network risks are limited to fetching market data from a configured exchange, which is standard for this type of application.
Updated: 2025-12-06GitHub
51
92
Medium Cost
zwldarren icon

akshare-one-mcp

by zwldarren

Sec8

Provides comprehensive data interfaces for the China stock market, including historical data, real-time quotes, news, and financial statements, with support for technical indicators.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️The 'uv' package manager is recommended/required for installation and running.
  • ⚠️Relies on external data sources (e.g., Eastmoney, Sina, Xueqiu) for financial data, which may have rate limits or availability issues.
Verified SafeView Analysis
The server uses standard Python libraries and the FastMCP framework. No explicit 'eval', hardcoded secrets, or malicious patterns were found in the provided source code. The HTTP mode (if enabled) configures CORS to allow all origins ('*'), which is generally not recommended for production deployments but common for local development or private tools. This is a configuration choice rather than a code vulnerability.
Updated: 2026-01-19GitHub
50
89
High Cost
narumiruna icon

yfinance-mcp

by narumiruna

Sec9

Fetches real-time and historical stock data, news, and financial charts from Yahoo Finance.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Chart generation (image output) can lead to high token usage due to base64 encoding
  • ⚠️Relies on the `uv` package installer for easy setup and execution
Verified SafeView Analysis
The server code generally follows good practices, wrapping blocking I/O (yfinance calls) with `asyncio.to_thread` and using structured error responses. There are no obvious hardcoded credentials, direct shell injections, or `eval` usage. The primary security consideration would be the underlying `yfinance` library's interaction with the Yahoo Finance API, which is outside the scope of this server's direct code.
Updated: 2026-01-11GitHub
50
62
Low Cost
alphavantage icon

alpha_vantage_mcp

by alphavantage

Sec6

Enables LLMs and agentic workflows to seamlessly interact with real-time and historical stock market data through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an Alpha Vantage API Key.
  • ⚠️Requires Python 3.13+ for the server component.
  • ⚠️The `uv` package manager is a hard dependency for building and running the server.
  • ⚠️Cloud deployment on AWS is complex, requiring manual setup of IAM roles, S3 buckets, CloudFront distributions, and an ACM certificate in `us-east-1`.
Verified SafeView Analysis
The OAuth 2.1 implementation in `server/src/oauth.py` is simplified for statelessness. It embeds the user's Alpha Vantage API key directly within base64-encoded authorization codes and uses the API key itself as the client secret for the client_credentials grant. This approach is not a robust OAuth implementation and could expose the Alpha Vantage API key if authorization codes are intercepted or if the client secret is compromised. While `base64` is not encryption, it is used for short-lived codes. Additionally, API keys can be passed via query parameters, increasing the risk of exposure in server logs. The core server application in the `server/` directory does not contain obvious malicious patterns like `eval` or command injection, and uses standard, well-maintained libraries. However, it's important to note that the companion web UI component (`web/components/Markdown.tsx`) present in the same repository utilizes `eval(onClick)` which represents a severe Cross-Site Scripting (XSS) vulnerability if user-supplied content is rendered via this component. This vulnerability is not within the server's core functionality but exists in a part of the repository.
Updated: 2026-01-19GitHub
PreviousPage 1 of 10Next