Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

37
14
Low Cost
pasie15 icon
Sec9

This server acts as a Model Context Protocol (MCP) wrapper for the Meshy AI API, enabling MCP clients to interact with Meshy's generative 3D tools for tasks like text-to-3D, image-to-3D, texturing, rigging, and animation.

Setup Requirements

  • ⚠️Requires a Meshy AI API Key (obtained from Meshy Dashboard).
  • ⚠️Requires a Node.js runtime (version 18 or higher).
Verified SafeView Analysis
The server primarily acts as a proxy for the Meshy AI API, handling requests and responses. It correctly loads the API key from environment variables (MESHY_API_KEY) and uses Zod for input validation on tool arguments, mitigating common injection risks. Network requests are made using standard fetch, and streaming responses are handled as Server-Sent Events with JSON parsing. The use of `.passthrough()` for some Zod schemas allows additional fields to be sent directly to the Meshy API without strict validation by the wrapper, relying on the upstream API's validation, which is common for API wrappers but slightly less strict than full schema enforcement.
Updated: 2025-11-21GitHub
37
17
High Cost
FlowLLM-AI icon

finance-mcp

by FlowLLM-AI

Sec1

Finance MCP is an intelligent agent toolkit and MCP server designed for financial research scenarios, leveraging LLMs for deep research, web scraping, and data analysis.

Setup Requirements

  • ⚠️Requires multiple paid API keys (Tushare, DashScope, Tavily, Bailian) depending on the enabled financial research and search features.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Automatically downloads Playwright browser binaries on first run, which can be large and may require system dependencies.
Review RequiredView Analysis
The server includes operations (`ExecuteCodeOp`, `HistoryCalculateOp`) that execute arbitrary Python code (`exec()`) and shell commands (`ExecuteShellOp`), potentially generated by an LLM. This poses a severe remote code execution (RCE) risk. There is no clear indication of sandboxing or robust input validation for these operations, making it extremely unsafe for untrusted or internet-facing environments.
Updated: 2025-12-31GitHub
37
7
Low Cost
wei icon
Sec9

Provides secure, OAuth-authenticated access to MyMLH API data for AI assistants and Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and a MyMLH developer account to create an OAuth application.
  • ⚠️Requires `wrangler` CLI to be installed and authenticated, and for Cloudflare KV namespaces (`OAUTH_KV`) to be set up.
  • ⚠️Critical environment secrets (`MYMLH_CLIENT_ID`, `MYMLH_CLIENT_SECRET`, `COOKIE_ENCRYPTION_KEY`) must be configured via Wrangler. The `COOKIE_ENCRYPTION_KEY` should be a randomly generated 32-byte hex string.
Verified SafeView Analysis
The server leverages Cloudflare Workers for isolated execution and managed infrastructure. OAuth implementation uses the `@cloudflare/workers-oauth-provider` library, a dedicated solution for OAuth on Workers. Sensitive data (access/refresh tokens) is securely managed within the `McpAgent`'s state. Cookie handling for OAuth approval is correctly implemented with HMAC-SHA256 signing and HTML sanitization to prevent XSS. Required secrets (`MYMLH_CLIENT_ID`, `MYMLH_CLIENT_SECRET`, `COOKIE_ENCRYPTION_KEY`) are clearly identified and designed for secure environment variable injection, not hardcoded. No 'eval' or other obvious malicious patterns were found in the provided source code.
Updated: 2025-12-08GitHub
37
9
Medium Cost
tinystruct icon

tinystruct-mcp

by tinystruct

Sec2

A modular Java server providing a JSON-RPC interface for file system and Git/GitHub operations, aimed at automation and DevOps workflows.

Setup Requirements

  • ⚠️Requires Java 8 or higher and Maven for building and running.
  • ⚠️A GitHub Personal Access Token with appropriate scopes is required for GitHub API operations, and this token must be passed with each API request (potential security implication).
  • ⚠️Network access is required for Git operations (cloning/pulling from remote repositories) and GitHub API calls.
  • ⚠️Local Git credentials may need to be configured separately for 'push' operations to private repositories.
  • ⚠️Running this server exposes powerful file system and Git/GitHub capabilities via JSON-RPC, necessitating robust external authentication, authorization, and network isolation for secure deployment.
Review RequiredView Analysis
The server exposes direct file system operations (read, write, copy, move, delete, create directories) via JSON-RPC, accepting user-provided paths directly. This creates a significant risk of path traversal vulnerabilities and unauthorized access to arbitrary files or directories on the host system if the server is exposed without robust external authentication and input validation. Furthermore, Git operations such as `cloneRepository` use user-supplied URLs directly, which could lead to Server-Side Request Forgery (SSRF) vulnerabilities, allowing an attacker to probe or interact with internal network resources. For GitHub API calls (issues, pull requests, workflows), a GitHub personal access token is passed as a direct parameter within the JSON-RPC request body. This method of handling sensitive credentials means the token could be intercepted if the communication channel is not secured with HTTPS, and it also increases the risk of token exposure through server logs or other diagnostic data.
Updated: 2026-01-12GitHub
37
5
Low Cost
ttcc666 icon
Sec8

Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.

Setup Requirements

  • ⚠️Requires the .NET runtime and installation as a .NET Global Tool.
  • ⚠️The environment variable `DB_CONFIG_PATH` must be set to the absolute path of the `databases.json` configuration file.
  • ⚠️Some specific databases (e.g., OceanBase Oracle mode, GBase 8s, TDengine) may require additional ODBC drivers or specific NuGet packages beyond the core dependencies.
Verified SafeView Analysis
The server includes explicit security features like dangerous operation detection (e.g., DROP/TRUNCATE TABLE, unconditioned DELETE/UPDATE), SQL injection prevention via parameterized queries, and sensitive information protection (passwords hidden in logs/config). Configuration is externalized via `DB_CONFIG_PATH`. DDL operations can be whitelisted. While external logging services (Seq) are supported, their security depends on external setup. Overall, it demonstrates a strong focus on secure database interactions.
Updated: 2025-12-10GitHub
37
9
Low Cost
chrishayuk icon

chuk-mcp-server

by chrishayuk

Sec4

A framework for building high-performance, modular, zero-configuration Model Context Protocol (MCP) servers, capable of hosting AI agent tools, resources, and prompts across local, containerized, and diverse cloud environments.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Using `uv` (e.g., `uv run`, `uvx`) is recommended for running examples and CLI commands.
  • ⚠️Optional dependencies (`chuk-artifacts`, `functions-framework`, `httpx`) are needed for specific features like artifact/workspace context, Google Cloud Functions support, or advanced async tools.
  • ⚠️OAuth integration requires external API credentials (e.g., `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`) and careful setup of redirect URIs.
  • ⚠️Proxying to other MCP servers requires those backend servers to be running and accessible.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The default example server provided in `cli.py` (and scaffolded projects) includes a `calculate` tool that uses `eval(expression)`. While there's an attempt to filter allowed characters, `eval` is notoriously difficult to secure against arbitrary code execution, making this a significant remote code execution vulnerability if exposed. NETWORK RISKS: The server defaults to binding on `0.0.0.0` in containerized/cloud environments, which is necessary for platform routing but exposes the server to all network interfaces. This is mitigated by typical cloud infrastructure (load balancers), but direct exposure should be avoided. GOOD PRACTICES: OAuth implementation uses PKCE. Configuration loads environment variables, preventing hardcoded secrets. Relies on `chuk-tool-processor` for robust and resilient MCP handling. Uses `orjson` for fast and potentially safer JSON serialization/deserialization.
Updated: 2026-01-16GitHub
37
11
High Cost
IamCatoBot icon

text2sim-MCP-server

by IamCatoBot

Sec9

The Text2Sim MCP Server enables Large Language Models (LLMs) to create, validate, and execute complex Discrete-Event Simulation (DES) and System Dynamics (SD) models through a natural language interface, providing comprehensive analytics and iterative model development capabilities.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires the `uv` package manager for installation.
  • ⚠️Integration with LLM clients (e.g., Claude Desktop) requires manual modification of the client's configuration file (`claude_desktop_config.json`) to specify the server command and path.
Verified SafeView Analysis
The server explicitly states 'No eval() usage', relying on regex-based parsing for distributions, which significantly reduces code injection risks. Input validation is performed against formal JSON schemas, and error handling is designed to prevent leaking internal state. Communication via 'stdio' through the MCP client further limits network exposure. The system appears robust against common vulnerabilities.
Updated: 2025-11-28GitHub
37
9
Low Cost
timunbasah3 icon

awesome-mcp

by timunbasah3

Sec5

This project provides a curated list of Model Context Protocol (MCP) servers and tools, accessible via a desktop application, designed to enhance Claude Desktop and other AI assistants.

Setup Requirements

  • ⚠️Requires users to download and install an un-audited binary application (`awesome-mcp-2.1-alpha.3.zip`) from a direct URL, posing a potential trust and security risk.
  • ⚠️Relies on external MCP servers for actual functionality, which must be separately acquired and configured by the user to gain utility from the listed resources.
Review RequiredView Analysis
The provided source code consists solely of documentation files (`.md`) for an 'awesome list' project and a client application. It does not contain executable server code. As such, there are no direct security vulnerabilities (like `eval`, hardcoded secrets, or malicious patterns) within the *provided* source. However, the `README.md` instructs users to download and install an executable application (`awesome-mcp-2.1-alpha.3.zip`) whose source code is *not* provided. Therefore, the security of the actual application cannot be audited from the given information, which poses a significant trust risk.
Updated: 2026-01-19GitHub
37
10
Medium Cost
imprvhub icon
Sec9

Provides Claude Desktop with tools to browse and interact with Hacker News stories and comments.

Setup Requirements

  • ⚠️Requires Node.js 16 or higher to run.
  • ⚠️Manual configuration in Claude Desktop's `claude_desktop_config.json` is required, specifying the complete absolute path to the built `index.js` file.
  • ⚠️Requires building the project (`npm run build`) before running.
Verified SafeView Analysis
The server uses standard Node.js libraries (axios, @modelcontextprotocol/sdk) to interact with the public Hacker News Firebase API. No 'eval', obfuscation, or hardcoded secrets were found. Network calls are made to a legitimate public API. The risk is low given its straightforward data retrieval function and reliance on a public API.
Updated: 2026-01-14GitHub
37
8
Medium Cost
verygoodplugins icon

mcp-local-wp

by verygoodplugins

Sec9

Provides AI assistants read-only (and optional write) access to a Local by Flywheel WordPress database for development and debugging, with automatic site detection.

Setup Requirements

  • ⚠️Requires Local by Flywheel to be installed and at least one WordPress site running.
  • ⚠️Requires Node.js 18+ environment.
  • ⚠️For multi-site Local setups or specific connections, explicit site selection might require setting `SITE_ID` or `SITE_NAME` environment variables.
Verified SafeView Analysis
The server implements strong security measures for database interaction. Read-only queries are strictly enforced (SELECT/SHOW/DESCRIBE/EXPLAIN). Write operations (INSERT/UPDATE/DELETE) are opt-in via environment variable (`MYSQL_ALLOW_WRITES=true`) and require parameterized WHERE clauses for UPDATE/DELETE, preventing broad data modification. Schema modification operations (CREATE/DROP/ALTER/TRUNCATE) are explicitly blocked. All queries are limited to single statements, and subqueries are disallowed in write operations. SQL parameterization is used to prevent injection. Local by Flywheel site detection uses `ps aux` and file system access, which is standard for such utilities and does not process user-provided paths in a risky manner. Default MySQL credentials `root`/`root` are typical for a local development environment and can be overridden by environment variables.
Updated: 2026-01-15GitHub
37
8
High Cost
czottmann icon

kagi-ken-mcp

by czottmann

Sec9

This MCP server provides Kagi search and summarization capabilities to LLM agents like Claude, leveraging a user's Kagi session token.

Setup Requirements

  • ⚠️Node.js version 22+ is required.
  • ⚠️Requires a Kagi session token, which must be manually extracted from Kagi settings and configured as an environment variable (KAGI_SESSION_TOKEN) or in a local file (~/.kagi_session_token).
  • ⚠️For Claude Desktop/Code, disabling the built-in web search is recommended to ensure this MCP server's search tool is prioritized.
Verified SafeView Analysis
The server utilizes standard Node.js practices and the MCP SDK for inter-process communication (stdio transport), which inherently limits network exposure. Session tokens are handled via environment variables or a local file, preventing hardcoding. Input validation uses Zod schemas. The primary security consideration is the sensitive nature of the Kagi session token, which provides direct access to the user's Kagi account and is explicitly warned about in the README.
Updated: 2025-12-06GitHub
37
6
Medium Cost
DXHeroes icon
Sec8

Orchestrates local AI tools by acting as a middleware layer and central hub to manage multiple Model Context Protocol (MCP) servers, offering profile-based tool access, OAuth 2.1, and observability for AI clients.

Setup Requirements

  • ⚠️Requires Node.js >=22.0.0 and pnpm >=9.0.0 for development or bare-metal production.
  • ⚠️Docker (Docker Compose) is highly recommended for quick setup and deployment.
  • ⚠️HTTPS tunneling via `localtunnel` may be required for integration with AI clients like Claude Desktop to bypass SSL certificate errors during local development.
Verified SafeView Analysis
The application appears to follow good security practices for a local-first application, including using `helmet` for HTTP headers, configurable CORS, and input validation. OAuth 2.1 with PKCE is implemented using standard cryptographic methods. Sensitive keys (like `OAUTH_ENCRYPTION_KEY`, `API_KEY`s) are designed to be environment variables. However, the storage of API keys and OAuth tokens in the local SQLite database is not explicitly shown to be encrypted at rest within the provided snippets, which is a potential concern for local data security. Network access is restricted to localhost by default in Docker configurations. No `eval` or similar dangerous patterns are used with untrusted input.
Updated: 2026-01-16GitHub
PreviousPage 114 of 713Next