Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

37
5
Medium Cost
bkalafat icon

DiffPilot

by bkalafat

Sec10

Automate local AI-powered code review, commit message generation, secret scanning, and test suggestions before pushing code.

Setup Requirements

  • ⚠️Requires VS Code 1.101+ for full extension integration.
  • ⚠️Requires Node.js 18+ installed on the system.
  • ⚠️Requires Git installed and configured.
Verified SafeView Analysis
The server implements robust security measures including extensive input validation (branch names, remotes, paths), command and path injection prevention (rejects '-' prefixes, shell metacharacters, '..'), null byte stripping, rate limiting (120 req/min per tool), output sanitization (auto-redacts sensitive patterns like API keys, passwords, JWTs, private keys, various vendor-specific tokens, and absolute paths), secure error handling (no internal details or stack traces), and comprehensive security logging to stderr. All git operations use arguments and are subject to timeouts and explicit validations. The focus on local operations and explicit mitigation of common injection vulnerabilities makes it highly secure for its intended use.
Updated: 2026-01-18GitHub
37
9
Medium Cost
gmacev icon
Sec7

A persistent key-value memory store for AI agents, designed to extend context windows and enable semantic search over stored memories.

Setup Requirements

  • ⚠️Requires Python 3.8+ installed on the system to run the semantic search embedding service.
  • ⚠️A large E5 embedding model (intfloat/multilingual-e5-large-instruct, several GBs) will be downloaded and cached on the first run, which may take some time and consume significant disk space.
Verified SafeView Analysis
The server's HTTP endpoint explicitly sets 'Access-Control-Allow-Origin: *', making it accessible from any origin. While common for local development tools as intended here, this configuration poses a significant security risk if the server is exposed publicly without additional network layers or authentication. The system relies on `JSON.parse` for agent-provided values, which could be a vector for memory exhaustion attacks if the agent's output is not properly constrained and large/complex JSON is provided. SQL queries are parameterized, mitigating SQL injection risks. The Python embedding service is spawned as a child process, communicating via stdin/stdout with JSON, which is a generally secure pattern as long as the data passed through it is controlled and validated by the Node.js application. The embedding process itself truncates inputs to 512 tokens, which helps prevent memory exhaustion from excessively large text inputs.
Updated: 2025-11-27GitHub
37
5
High Cost
Meritocra icon

coroot-mcp

by Meritocra

Sec9

Turns Coroot observability stack into LLM-callable tools for root-cause analysis, enabling AI assistants to triage incidents and generate summaries.

Setup Requirements

  • ⚠️Requires Java 21+ and Maven 3.9+ to build/run from source.
  • ⚠️Requires an external Coroot instance (for real data) and its API key.
  • ⚠️Requires an OpenAI-compatible API Key (e.g., OpenAI, for summarization tools), which typically involves usage-based costs.
  • ⚠️An MCP-aware client (e.g., Codex CLI, Claude, Toolhive) is needed to interact with the server's tools.
Verified SafeView Analysis
The application handles JSON-RPC requests for tool calls, using predefined tool classes and structured JSON arguments, which is a safe pattern. It relies on environment variables for API keys (Coroot, OpenAI) and API URLs, preventing hardcoded secrets. An optional `MCP_AUTH_TOKEN` provides bearer token authentication for the `/mcp` endpoint; if not configured, the endpoint is unprotected, which could be a risk if exposed publicly. HTTP client includes timeouts. No direct 'eval' or malicious patterns were found in the Java source code.
Updated: 2025-11-19GitHub
37
5
High Cost
nhatvu148 icon
Sec8

High-performance video transcription and audio extraction from over 1000 online platforms or local video files, generating transcripts in plain text, JSON, and Markdown formats.

Setup Requirements

  • ⚠️Requires external system dependencies: `yt-dlp` (for video downloading) and `ffmpeg` (for audio extraction/conversion) must be installed and accessible in the system's PATH.
  • ⚠️Whisper models must be downloaded to `~/.cache/video-transcriber-mcp/models/` (e.g., using `bash scripts/download-models.sh base` or `task download:base`) before transcription can occur.
  • ⚠️If installing via `cargo install` (not Homebrew), `cmake` is also required as a build dependency for `whisper.cpp` Rust bindings.
  • ⚠️When using the HTTP transport (`--transport http`), the server listens on a specified host and port. Exposing it beyond `localhost` requires users to implement appropriate firewall rules and access control measures.
Verified SafeView Analysis
The server leverages external binaries (`yt-dlp`, `ffmpeg`) for video downloading and audio processing. While arguments are constructed to minimize common shell injection vulnerabilities, the overall security critically depends on the trustworthiness and up-to-dateness of these third-party tools. When configured with `--transport http`, the server can be exposed over the network, necessitating careful consideration of network security and access controls. No 'eval' equivalents, obfuscation, or hardcoded sensitive credentials were found in the provided Rust source code.
Updated: 2026-01-10GitHub
37
10
Medium Cost
pythonanywhere icon

pythonanywhere-mcp-server

by pythonanywhere

Sec7

This server acts as a Model Context Protocol (MCP) bridge, enabling AI-powered tools to programmatically manage files, web apps, websites, and scheduled tasks on a PythonAnywhere account.

Setup Requirements

  • ⚠️Requires `uv` to be installed and available in your PATH.
  • ⚠️Requires Python 3.13 or newer (Python 3.13 is currently in pre-release/beta stages, which may limit compatibility with PythonAnywhere's available Python versions or general stability).
  • ⚠️Requires a PythonAnywhere API token and username (`API_TOKEN`, `LOGNAME`) to be set as environment variables.
Verified SafeView Analysis
The server itself is well-structured and uses `pythonanywhere-core` for API interactions, avoiding direct `eval` or `os.system` calls. Hardcoded secrets are not present, with `API_TOKEN` and `LOGNAME` sourced from environment variables. However, the server exposes powerful operations to an AI, including `delete_path`, `upload_text_file` (allowing arbitrary file content), and `create_scheduled_task` (which can execute arbitrary commands). The README explicitly warns about these risks, particularly for LLMs potentially scheduling and executing malicious commands or modifying/deleting sensitive files without human oversight. While the server's code itself appears robust, the inherent capabilities it exposes present a significant security risk if an AI is given unrestricted access.
Updated: 2026-01-19GitHub
37
5
Medium Cost
sjkim1127 icon

NexusCore_MCP

by sjkim1127

Sec3

AI-driven dynamic malware analysis and evasion in a Windows VM.

Setup Requirements

  • ⚠️Requires Windows 10/11 (x64), preferably in an isolated Virtual Machine.
  • ⚠️Relies on numerous external executables (e.g., Detect It Easy, CAPA, FLOSS, Sysinternals Suite tools, Scylla, Tshark, cdb.exe) being present in the system's PATH. Automated setup script is provided but manual intervention may be needed.
  • ⚠️Many operations (Frida injection, process manipulation, input simulation) require the MCP server (and thus the AI client launching it) to run with Administrator privileges.
Review RequiredView Analysis
This server is designed for malware analysis and inherently implements powerful, low-level, and risky capabilities. 1. **Code Injection**: Tools like `install_hook` and several Frida-based tools (`frida_session_inject`, `inject_frida_script`) allow direct injection of arbitrary JavaScript code into target processes. While this is a core feature for dynamic instrumentation, it poses a critical risk if the AI agent is compromised or fed malicious, unsanitized input, potentially leading to arbitrary code execution within the monitored process or the Frida agent itself. 2. **Network Interception (MITM)**: Tools like `https_proxy` (using Hudsucker) and `ssl_keylog`/`ssl_dumper` perform Man-in-the-Middle (MITM) attacks on network traffic. This is a deliberate feature for decrypting HTTPS malware traffic but could be a significant security/privacy risk if misconfigured or misused. 3. **Input Simulation**: The `simulate_input` tool uses Windows API calls (`winapi`) to simulate mouse and keyboard inputs. This can bypass sandbox detection but, if misused by a compromised AI agent, could lead to direct malicious actions on the host VM or even VM escape if vulnerabilities exist. 4. **External Command Execution**: Several tools wrap external executables (`tshark`, `handle.exe`, `procdump`, `pe-sieve64.exe`, `cdb.exe`, `powershell`, `ScyllaTest.exe`). The server relies on these being in the system's PATH. If an attacker could manipulate the PATH or replace these executables, it would be a critical arbitrary command execution vulnerability. Some tools, like `eventlog.rs`, construct PowerShell commands using string formatting, which could be a vector for injection if arguments are not strictly validated. 5. **Orphaned Processes**: The `network_capture` tool spawns `tshark` but warns about child process lifecycle management. Orphaned `tshark` processes could run indefinitely, consuming resources or exfiltrating data. 6. **Low-level Access**: The `stealth_unpacker.js` script actively bypasses anti-debugging and anti-VM checks, demonstrating its deep, system-level access. Given these points, the server enables highly privileged and potentially dangerous operations. It is **CRITICAL** to run NexusCore MCP only in an isolated virtual machine (VM) with untrusted inputs, as explicitly warned in the README.
Updated: 2026-01-13GitHub
37
9
High Cost
Pipelex icon

pipelex-mcp

by Pipelex

Sec8

Enables AI agents to build and execute Pipelex pipelines from natural language descriptions via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python >=3.11,<3.12 (specific versioning).
  • ⚠️The `uv` package manager is a hard dependency, required for installation and execution.
  • ⚠️A Pipelex Inference API key is required, obtainable via Discord or by setting up a custom backend.
Verified SafeView Analysis
The server's direct code doesn't contain obvious `eval` or `exec` vulnerabilities. File operations for saving generated PLX content and pipeline outputs are confined to a specific `results/mcp` directory, limiting arbitrary file write risks. The primary security consideration lies with the inherent nature of allowing AI agents to generate and execute pipeline code (PLX), as a compromised agent could potentially construct and run unintended or malicious workflows if the underlying `pipelex` core library lacks sufficient sandboxing or validation for generated code. API keys are handled via environment variables, which is standard practice.
Updated: 2025-12-01GitHub
37
10
Medium Cost
GarethCott icon
Sec3

This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.

Setup Requirements

  • ⚠️Requires an accessible PostgreSQL database instance.
  • ⚠️A PostgreSQL connection URL (e.g., 'postgresql://user:password@host:port/db-name') is mandatory, either as a command-line argument or 'DATABASE_URL' environment variable.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Review RequiredView Analysis
The server has critical SQL injection vulnerabilities in several tools. While 'query' uses prepared statements for values, 'insert', 'update', and 'delete' directly concatenate table names and WHERE clauses, making them vulnerable. More critically, all schema management tools ('createTable', 'createFunction', 'createTrigger', 'createIndex', 'alterTable') construct SQL queries by directly concatenating LLM-provided string inputs (like table names, column definitions, function bodies, trigger conditions, and alter operations). This allows an LLM to generate arbitrary malicious SQL, leading to severe data corruption, unauthorized data access, or complete database destruction. The server relies on an external database URL which may contain credentials.
Updated: 2026-01-19GitHub
37
6
High Cost
sreeshanth-soma icon

Alephra

by sreeshanth-soma

Sec2

AI-powered healthcare companion that transforms medical reports into actionable health insights, offers multilingual voice assistance, medication tracking, and 24/7 medical guidance.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm/yarn.
  • ⚠️Requires API keys for Google Gemini, Pinecone, Sarvam AI, and Google OAuth credentials; most of these services are paid after free tiers.
  • ⚠️The code explicitly hardcodes Sarvam AI API keys, posing a severe security risk. These must be replaced with environment variables.
Review RequiredView Analysis
Critical vulnerability: The `app/api/voice/text-to-speech/route.ts` file contains hardcoded Sarvam AI API keys as fallbacks. Hardcoding API keys is a severe security risk, as they can be easily compromised, leading to unauthorized access, abuse, and potential financial implications. Additionally, the password hashing for share links uses SHA-256 directly, which is less secure than dedicated password hashing algorithms like bcrypt or Argon2 for sensitive data, though it's used for sharing and not primary user authentication. Extensive use of `JSON.parse` for client-side data (`localStorage`) could pose risks if not properly validated and sanitized, though `try-catch` blocks are present.
Updated: 2025-12-03GitHub
37
20
Medium Cost
surajrimal07 icon

NepseAPI-Unofficial

by surajrimal07

Sec3

Provides an unofficial API service for Nepal Stock Exchange (NEPSE) real-time market data through REST, WebSocket, and Model Context Protocol (MCP) endpoints for educational and research purposes.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Relies on an unofficial and potentially unstable/inaccurate NEPSE API client library, as per project disclaimers.
  • ⚠️For Claude Desktop integration, requires `uv` to be installed globally.
Verified SafeView Analysis
The application explicitly disables TLS/SSL certificate verification (`nepseAsync.setTLSVerification(False)`). This is a critical security vulnerability that makes all communications with external NEPSE data sources susceptible to Man-in-the-Middle (MitM) attacks, allowing attackers to intercept, read, or alter financial data without detection. This severely compromises data integrity and confidentiality. While rate limiting and input validation are implemented, the fundamental flaw of disabled TLS verification outweighs these positives for any serious use case. The project also relies on unofficial data sources, which inherently carry risks of inaccuracy, unreliability, and potential legal issues, as clearly stated in its extensive disclaimers. It is strictly for educational and non-commercial use.
Updated: 2026-01-09GitHub
37
11
High Cost
Minhao-Zhang icon

obsidian-mcp-server

by Minhao-Zhang

Sec5

Provides an OpenAI-compatible local Model Context Protocol (MCP) server within Obsidian, enabling external AI assistants and tools to semantically search the vault and perform file system operations.

Setup Requirements

  • ⚠️Requires an OpenAI-compatible API Key (e.g., OpenAI, local Ollama) which can incur significant costs, especially during vault indexing and semantic search operations.
  • ⚠️Vault indexing can be very resource-intensive (time, computation, API calls) for large knowledge bases and may fail if the OramaDB index file exceeds 512MB.
  • ⚠️Functions as an Obsidian plugin, requiring an active Obsidian application instance to operate the server and access the vault.
Verified SafeView Analysis
The plugin exposes powerful file system operations (read, write, edit, delete files/folders) via a local SSE-based MCP server. While path traversal is explicitly prevented for `list_files` and operations are generally confined to the Obsidian vault via `normalizePath` and `app.vault` API, a compromised external client or accidental network exposure of the local server could lead to unauthorized data modification or loss. The presence of `@ts-nocheck` in core files indicates potential for unchecked type-related vulnerabilities, exacerbated by the developer's self-admitted limited TypeScript proficiency in the `README`. Users must ensure only trusted clients interact with the server and be aware of the implications of enabling powerful tools.
Updated: 2026-01-19GitHub
37
5
Medium Cost
sjkim1127 icon

Nexuscore_MCP

by sjkim1127

Sec6

An AI-driven server designed for dynamic malware analysis, enabling AI agents to interactively debug, inspect, and analyze evasive malware in real-time.

Setup Requirements

  • ⚠️Requires a dedicated Windows 10/11 (x64) Virtual Machine for safe operation.
  • ⚠️MCP Client (e.g., Claude Desktop, Cursor) must be run with Administrator privileges for full functionality (process spawning, attaching, system scanning).
  • ⚠️Initial setup involves a PowerShell script (`setup_tools.ps1`) to install dependencies (Chocolatey, Rust, Python, Git, MSVC Build Tools) and download analysis tools, requiring administrator access.
Verified SafeView Analysis
The core functionality involves injecting arbitrary JavaScript (Frida scripts) into target processes and executing external binaries (`cdb.exe`, `tshark`, `handle.exe`, `pe-sieve64.exe`, `procdump`, `ScyllaTest.exe`). The `install_hook` tool explicitly accepts arbitrary `js_code` from the AI agent. While essential for its purpose, this grants significant power to the AI, allowing it to execute arbitrary code within the sandboxed VM. The README strongly emphasizes running this server within an isolated Virtual Machine (Windows 10/11 x64) and running the AI client as Administrator for necessary permissions, which is critical to contain potential risks from analyzing malicious code or a compromised AI agent. No hardcoded secrets were found, and external tools are called safely via `tokio::process::Command::arg()` to prevent shell injection.
Updated: 2026-01-13GitHub
PreviousPage 112 of 713Next