Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(90)

32
2
Low Cost
mk965 icon
Sec9

Retrieves real-time price information for various assets (precious metals, cryptocurrencies) to be used by large language models.

Setup Requirements

  • ⚠️Potential requirement for API keys for services (e.g., Gold API) not explicitly configured via environment variables in the provided code/documentation.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The code appears to be generally safe. It uses Zod for input validation and standard network fetching with timeouts. No 'eval' or obvious obfuscation was found. It relies on external APIs (Gold API, CoinGecko, GoldPriceOrg, exchange rates). A potential concern is the lack of explicit environment variable configuration for API keys, especially for services like 'Gold API' which typically require one. This might lead to runtime failures if a free tier is not sufficient or if a key is implicitly expected but not provided.
Updated: 2025-11-30GitHub
32
7
High Cost
wukan1986 icon

akshare_mcp

by wukan1986

Sec8

Provides an MCP server exposing selected AKShare financial data interfaces for client applications like LLMs.

Setup Requirements

  • ⚠️Requires manual configuration (editing `config.py` or providing a custom one via `--config`) to whitelist/blacklist AKShare interfaces; otherwise, it exposes over 1000 functions which may overwhelm clients or consume too many LLM tokens.
  • ⚠️Requires Python >=3.10.
  • ⚠️Potential permission issues when attempting to modify the default `config.py` located in `site-packages`.
Verified SafeView Analysis
The server allows loading a configuration file from a user-specified local path using `importlib.util.spec_from_file_location`, which effectively executes Python code from that file. This is intended for local configuration and not a remote vulnerability, but users should ensure the specified configuration file is trusted.
Updated: 2025-11-20GitHub
32
2
Medium Cost
sacahan icon

CasualMarket

by sacahan

Sec6

A Taiwan stock trading MCP server providing real-time stock prices, financial analysis, market data, and simulated trading.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires the `uv` package manager for `uvx` execution.
  • ⚠️The local SQLite database (`twse_securities.db`) needs to be present and potentially populated by the scraper if not using a pre-built image/volume.
  • ⚠️SSL certificate verification is disabled in the `OpenAPIClient` (`verify=False`), which poses a security risk.
Verified SafeView Analysis
The `OpenAPIClient` in `src/api/openapi_client.py` uses `verify=False` for SSL certificate verification. This disables crucial security checks, making the connection vulnerable to man-in-the-middle attacks. While noted as 'for TWSE compatibility', this is a significant security risk for a financial data application and should be addressed by properly configuring SSL certificates or ensuring traffic is only over trusted networks.
Updated: 2025-12-07GitHub
32
1
High Cost
FajarArrizki icon

mcp-technical-analysis

by FajarArrizki

Sec8

A comprehensive Model Context Protocol (MCP) server that bridges AI assistants with professional cryptocurrency market analysis capabilities, real-time market data, technical analysis, and Hyperliquid trading execution.

Setup Requirements

  • ⚠️Requires secure management of `AGENT_WALLET_PRIVATE_KEY` and `MAIN_WALLET_ADDRESS` environment variables for live trading (real money).
  • ⚠️Requires `MEM0_API_KEY` and `MEM0_USER_ID` environment variables for AI memory features (Mem0 is an external platform).
  • ⚠️Geographic restrictions may apply for Binance and Hyperliquid access, potentially requiring VPN or specific DNS configurations.
  • ⚠️Testnet trading is recommended for initial use as mainnet trading involves real funds and is irreversible.
Verified SafeView Analysis
The project demonstrates strong security practices for a financial trading agent, including explicit `confirmExecution: true` for mainnet trades, asset whitelisting, position size limits, and Zod schema validation for inputs. Environment variables are used for sensitive keys like `AGENT_WALLET_PRIVATE_KEY`. Network communication is designed for local (`localhost`) access via HTTP/SSE, minimizing direct external exposure. The use of `cross-spawn` and `tsx` to execute scripts is noted, but the primary interactions are with trusted APIs. Real-money trading always carries inherent risks, but the system has implemented safeguards.
Updated: 2025-12-05GitHub
31
1
Low Cost
viney-123 icon

tradingview-mcp

by viney-123

Sec8

The server fetches TradingView chart snapshots as PNG images using browser automation for market data visualization.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Playwright to download browser binaries (e.g., Chromium) on first use.
  • ⚠️Mandatory `TRADINGVIEW_SESSION_ID` and `TRADINGVIEW_SESSION_ID_SIGN` environment variables for authentication.
  • ⚠️The README's installation instructions are misleading and potentially risky; install and run via standard Python methods instead of the suggested URL command.
Verified SafeView Analysis
The source code itself appears generally safe. It does not use 'eval' or other highly dangerous patterns. Secrets (`TRADINGVIEW_SESSION_ID`, `TRADINGVIEW_SESSION_ID_SIGN`) are correctly loaded from environment variables, which is good practice. It uses Playwright in headless mode for browser automation, a standard library. Communication is via standard I/O (stdio), reducing network attack surface. A minor concern is Playwright's use of `--no-sandbox`, which is common for browser automation but can slightly reduce isolation if the host environment is not secure. CRITICAL NOTE: The README contains highly problematic installation instructions, suggesting to `python https://raw.githubusercontent.com/viney-123/tradingview-mcp/main/src/tradingview_mcp/tradingview-mcp_1.1.zip`. Running arbitrary Python code directly from a URL, especially a zip file from a raw GitHub link, is a severe security risk and should be avoided. Users should install via standard Python package managers (e.g., pip) or clone the repository and run the script locally.
Updated: 2025-12-11GitHub
30
1
Medium Cost
Sakhir786 icon
Sec9

Provides advanced 18-layer trading intelligence for autonomous options trading, integrating real-time market data with technical and options analysis.

Setup Requirements

  • ⚠️Requires Polygon.io API Key (Paid service for market data).
  • ⚠️Requires specific environment variables for paths (TRADEPILOT_PRODUCTION_PATH, TRADEPILOT_LAYERS_PATH), portfolio value (TRADEPILOT_PORTFOLIO_VALUE), and optional alert channels (TRADEPILOT_DISCORD_WEBHOOK, TRADEPILOT_SLACK_WEBHOOK, TRADEPILOT_TELEGRAM_TOKEN, TRADEPILOT_TELEGRAM_CHAT_ID).
  • ⚠️The full 'AI options trading copilot' experience implies integration with an external Large Language Model (e.g., Claude, ChatGPT), which would incur additional API costs and require separate API keys/setup for the LLM itself.
Verified SafeView Analysis
The server correctly uses environment variables for API keys and sensitive information, which is a strong security practice. The README also advises against committing .env files. It performs network requests to external APIs (Polygon.io, Discord, Slack, Telegram) as part of its core functionality, which are inherent network risks typical of such services. No 'eval' or obvious malicious patterns were detected in the provided code snippets.
Updated: 2025-11-26GitHub
30
1
Medium Cost
Asmah-Acheampong icon

TradingViewMCPServer

by Asmah-Acheampong

Sec9

Provides real-time market data, extensive technical analysis, and a comprehensive development environment for Pine Script v6 strategies and indicators.

Setup Requirements

  • ⚠️Requires an Alpha Vantage API Key (free-tier or paid) for market data functionality.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Docker is highly recommended for production deployment.
Verified SafeView Analysis
The server does not use `eval()` or other inherently dangerous functions. API keys are managed through environment variables, preventing hardcoding. Network requests are directed to a reputable financial data provider (Alpha Vantage) and are protected with retry logic and rate limiting. The Pine Script development tools are designed for static analysis (parsing, validating, converting) and simulated execution, ensuring that arbitrary Pine Script code is not executed in a live trading environment with real-world effects.
Updated: 2025-12-11GitHub
30
1
High Cost
ibuuzm icon
Sec8

An AI-powered trading assistant that analyzes market trends, executes trades, and supports financial strategies using multiple AI agents and real-time market data.

Setup Requirements

  • ⚠️Requires various API keys (e.g., POLYGON_API_KEY, DEEPSEEK_API_KEY, BRAVE_API_KEY, PUSHOVER_TOKEN) for full functionality, some of which may be paid services.
  • ⚠️Requires Python 3.12 or later.
  • ⚠️Requires 'uv' (Python package installer) and Node.js with 'npx' for running some MCP server components.
  • ⚠️Significant token consumption can lead to high costs, especially with multiple agents and a high MAX_TURNS setting.
Verified SafeView Analysis
API keys are loaded from environment variables, preventing hardcoding. SQL queries use parameterized statements to prevent SQL injection. The system uses the 'mcp' and 'openai-agents' libraries to orchestrate interactions with LLMs and predefined tools, which routes LLM output through structured function calls rather than arbitrary code execution. External subprocesses are invoked with hardcoded commands ('uv', 'npx') rather than user-provided input, reducing the risk of command injection. Reliance on third-party `uvx` and `npx` packages assumes their inherent security.
Updated: 2025-12-11GitHub
30
1
Medium Cost
Enlavan icon
Sec9

An MCP server that exposes the EOD Historical Data (EODHD) APIs to AI agents and other MCP-compatible clients for financial data access.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️A valid EODHD API key is required for most API endpoints (a 'demo' key is provided but has limited functionality).
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, ChatGPT with Connectors) to interact with the server's exposed tools.
Verified SafeView Analysis
The code demonstrates good security practices by using environment variables for API keys (with a 'demo' default), performing input validation on API parameters, and utilizing the `httpx` library for secure HTTP requests. No critical vulnerabilities like hardcoded sensitive secrets or arbitrary code execution via user input ('eval') are apparent. WebSocket connections are also handled using standard libraries with appropriate input validation.
Updated: 2025-12-09GitHub
30
1
Medium Cost
puran-water icon

ix-design-mcp

by puran-water

Sec8

Rigorous ion exchange (IX) system design, simulation, and economic analysis, providing PHREEQC-based breakthrough prediction with WaterTAP economic costing for Strong Acid Cation (SAC) and Weak Acid Cation (WAC) resins.

Setup Requirements

  • ⚠️Requires PHREEQC executable to be installed and its path set via the `PHREEQC_EXE` environment variable.
  • ⚠️Optional: WaterTAP/IDAES installation is required for full economic costing and flowsheet integration if `IX_WATERTAP=on` is set; otherwise, it will fallback to estimated costs.
  • ⚠️Requires Python 3.8+.
Verified SafeView Analysis
The server uses `subprocess.run` to execute external programs like PHREEQC. While input is generated internally from validated models, reliance on external executables inherently introduces a dependency on their security and the integrity of the executable's path. No direct `eval` or hardcoded secrets were found. The extensive fallback mechanisms and careful file handling (as described in `FALLBACK_ANALYSIS.md`) demonstrate a good understanding of system resilience.
Updated: 2025-12-04GitHub
30
1
High Cost
Nice-Wolf-Studio icon

databento-mcp-server

by Nice-Wolf-Studio

Sec9

Accessing and analyzing professional market data from DataBento via a Model Context Protocol (MCP) server or Claude Code skills.

Setup Requirements

  • ⚠️Requires Node.js v18+ runtime.
  • ⚠️Requires a DataBento API key (access to most datasets requires a paid subscription).
  • ⚠️Requires either Claude Desktop (for MCP server mode) or Claude Code CLI (for skills mode).
Verified SafeView Analysis
The server loads the DataBento API key from environment variables, which is a secure practice. It implements robust input validation and comprehensive error handling, mitigating risks from malformed inputs or API failures. There are no direct uses of 'eval' or obvious obfuscation. The main risk, as with any API client, is ensuring the DATABENTO_API_KEY environment variable is kept confidential in the deployment environment.
Updated: 2025-11-25GitHub
30
1
Medium Cost
David200308 icon
Sec8

Provides cryptocurrency price checking across multiple exchanges and sends email alerts.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0 and pnpm >=10.0.0.
  • ⚠️Requires a Resend API Key for email functionality (RESEND_API_KEY).
  • ⚠️Optional API keys (COINMARKETCAP_API_KEY, MORALIS_API_KEY, ETHERSCAN_API_KEY) can enhance token address resolution but are not strictly required for core functionality.
Verified SafeView Analysis
API keys for external services (Resend, CoinMarketCap, Moralis, Etherscan) are correctly loaded from environment variables or a configuration file, not hardcoded. The server can run as an HTTP service using Fastify, which is a robust framework. Outbound network requests are made to various crypto data providers and blockchain RPCs. A potential minor risk is the `convertMarkdownToHtml` function in `EmailService`: if the `content` or `additionalInfo` parameters for email templates were to receive unsanitized, malicious markdown/HTML directly from an untrusted source (e.g., a vulnerable LLM output), it could potentially lead to XSS vulnerabilities in the recipient's email client. However, this is a common risk with HTML templating and requires careful input handling by the calling agent.
Updated: 2025-12-05GitHub
PreviousPage 3 of 8Next