Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
7
Low Cost
cafferychen777 icon

ChatSpatial

by cafferychen777

Sec8

Natural language-driven spatial transcriptomics analysis via Model Context Protocol, integrating 60+ scientific methods.

Setup Requirements

  • ⚠️Requires Python 3.10+ (3.11-3.12 recommended).
  • ⚠️Many advanced methods require R and specific R packages (e.g., sctransform, spacexr), necessitating a separate R installation and `rpy2`.
  • ⚠️Certain features (STAGATE_pyG, STalign) require manual installation directly from GitHub due to PyPI unavailability.
  • ⚠️Specific methods (SingleR, PETSc acceleration for CellRank) are not available on Windows due to C++ compilation issues.
  • ⚠️A full installation (with all features) can consume 5-10 GB of disk space.
Verified SafeView Analysis
The server is designed to run locally by default (stdio, localhost for SSE/HTTP), minimizing network exposure. Input parameters are extensively validated using Pydantic models. The `SECURITY.md` outlines a clear vulnerability reporting policy. However, the use of `rpy2` for R package integration and `subprocess.run` for specific tasks (like database downloads) introduces potential, albeit controlled, external code execution. While the R scripts are from trusted sources or bundled, this class of operation inherently carries a slightly elevated risk compared to purely sandboxed environments. No hardcoded secrets were identified; API keys for `mllmcelltype` are passed as parameters.
Updated: 2026-01-18GitHub
36
8
Low Cost
jamesward icon
Sec9

This server provides a set of tools for AI agents to query employee skills and retrieve employees based on specific skills from an in-memory dataset.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) installed.
  • ⚠️Requires Gradle (though the 'gradlew' wrapper typically handles this automatically).
Verified SafeView Analysis
The provided source code is minimal and focuses on in-memory data operations. It does not use 'eval', access external resources (databases, APIs, files) beyond standard Spring Boot mechanisms, or handle sensitive user input in a way that suggests immediate vulnerabilities. Input parameters for tool functions are used safely in filtering operations. No hardcoded secrets are present. The inherent security of the application depends on proper deployment and network configuration, which is outside the scope of the provided code.
Updated: 2025-12-05GitHub
36
7
Medium Cost
VEEPAYONX icon

VEEPAY

by VEEPAYONX

Sec3

The system facilitates the creation, deployment, and management of self-evolving AI agents on the Solana blockchain for various Web3 automation and decision-making tasks, fostering a community-driven, decentralized ecosystem.

Setup Requirements

  • ⚠️Requires a complex multi-language development environment including Python, Rust (for Solana/Anchor), Go (for backend), and Node.js (for frontend/scripts), each with its own toolchains and package managers.
  • ⚠️Requires a Solana client (CLI) and a funded wallet to interact with the blockchain, incurring transaction fees (SOL) for deployment and agent operations.
  • ⚠️AI model training, especially for advanced models, may require access to high-performance computing resources like Google TPUs (as indicated by `ai/hardware_acceleration/tpu_training.py`) or powerful GPUs, adding significant infrastructure costs and setup complexity.
Review RequiredView Analysis
Multiple critical security risks were identified, primarily revolving around hardcoded secrets and overly permissive network configurations. Several Go backend files (`backend/api/middleware/auth.go`, `backend/api/handlers/user.go`, `backend/api/models/user.go`) contain hardcoded JWT secret keys (`your-secure-secret-key-here`, `your_secret_key`) that are used for authentication token generation and validation. The WebSocket server (`backend/websocket/server.go`) uses a hardcoded token (`valid-token`) for authentication and allows all origins (`CheckOrigin: func(r *http.Request) bool { return true }`), which is highly insecure for production. Similarly, the main Go API server (`backend/api/main.go`) has broad CORS enabled (`corsConfig.AllowAllOrigins = true`). The Python AI server (`ai/api/server.py`) also includes a hardcoded default JWT secret key if `SECRET_KEY` environment variable is not set. These issues make the system unsafe for deployment in a public or production environment without extensive remediation.
Updated: 2026-01-16GitHub
36
6
High Cost
ralfbecher icon
Sec6

Analyzes relational database schemas, generates semantic ontologies (RDF/OWL, R2RML), and provides tools for Text-to-SQL convenience, secure query execution, and data visualization.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires external database connection details (PostgreSQL, Snowflake, or Dremio credentials in .env file or passed as parameters).
  • ⚠️The Dremio connection through the `connect_database` MCP tool (as defined in `src/main.py`) is misconfigured, attempting to use PostgreSQL wire protocol instead of the Dremio REST API client, which may prevent successful connection for Dremio users. Ensure the correct `connect_dremio` tool from `src/tools/connection.py` is registered if Dremio REST API functionality is desired.
Review RequiredView Analysis
Positive: Implements robust SQL injection and identifier validation, explicitly blocking DML/DDL operations. Utilizes SecureCredentialManager with Fernet encryption and secure salt management. Critical Risk: The DatabaseManager stores database connection passwords in plaintext within `self._last_connection_params` for reconnection purposes. Although a SecureCredentialManager is initialized, its encryption capabilities are not used to protect these stored credentials. This exposes sensitive information in memory, posing a significant risk if the server process memory is accessed or dumped.
Updated: 2026-01-11GitHub
36
7
Medium Cost
datalayer icon

mcp-compose

by datalayer

Sec8

This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.

Setup Requirements

  • ⚠️Requires manual creation and configuration of a GitHub OAuth application to obtain Client ID and Client Secret.
  • ⚠️The `config.json` file needs to be manually created/edited with GitHub OAuth credentials.
  • ⚠️Python 3.10 or higher is required.
  • ⚠️For the AI agent (which is a key part of the example), an Anthropic API Key is required, or equivalent credentials for other LLMs.
Verified SafeView Analysis
The project demonstrates good security practices such as PKCE, state parameter for CSRF protection, resource indicators for token binding, and token validation for every request. Bearer tokens are correctly used in headers. However, for development, a JWT signing key is hardcoded ('dev_sign_key_change_in_production') and CORS allows all origins ('*'), which should be updated for production environments. SSL verification is also optionally bypassed for localhost development. These are explicitly noted in the code and documentation as development-specific or TODOs for production.
Updated: 2026-01-16GitHub
36
7
Medium Cost
andreamoro icon
Sec6

A proxy service that bridges Ollama with FastMCP, enabling local LLM tool-augmented reasoning by exposing MCP servers' functionality to Ollama models.

Setup Requirements

  • ⚠️Requires Ollama client up and running (local or remote).
  • ⚠️Requires Python 3.13+.
  • ⚠️FastMCP servers must be running or configured for STDIO transport. The IPInfo example server requires an API key in `mcp_servers/mcp_tokens.toml`.
Review RequiredView Analysis
The primary security concern stems from the LLM's ability to invoke FastMCP tools based on user input. If a malicious user can craft prompts that trick the LLM into calling dangerous tools (if any are configured beyond the benign examples) or passing exploitable arguments to legitimate tools, it could lead to vulnerabilities like arbitrary code execution or information disclosure. The default binding of the API server to `0.0.0.0` (accessible from any network interface) without built-in authentication further increases risk, allowing unauthorized network access. Additionally, the `StdioTransport` mechanism for spawning local MCP servers could be a vector for arbitrary command execution if the `mcp_servers_config.toml` file is improperly configured with malicious commands by an administrator. While the `__coerce_parameters` function attempts basic type coercion, it is not a comprehensive input sanitizer against all forms of malicious tool arguments. The server relies on careful configuration and secure LLM prompting practices.
Updated: 2026-01-17GitHub
36
14
High Cost
Evan7198 icon
Sec7

Provides an MCP (Model Context Protocol) interface for PCILeech, enabling AI clients to perform DMA-based memory operations, system introspection, and debugging workflows.

Setup Requirements

  • ⚠️Requires Windows 10/11 (x64).
  • ⚠️Requires Python 3.10+.
  • ⚠️Mandates compatible PCILeech hardware to perform actual memory operations.
  • ⚠️Needs manual configuration within the MCP client (e.g., Claude Code).
Review RequiredView Analysis
The server wraps the powerful PCILeech command-line tool via subprocess execution, which inherently carries high-risk capabilities (DMA memory access). While significant effort has been made in `pcileech_wrapper.py` to sanitize and validate input parameters (e.g., `_sanitize_path_component` for script/signature names) before passing them to the subprocess, thus mitigating common command injection vectors, the underlying tool provides deep system access. Certain parameters like `input_file` and `output_file` in `kmd_execute` are noted as 'user-controlled, verify with caution', implying a potential for misuse if the MCP client or user is malicious. The tool is explicitly stated for 'authorized debugging/security research/education purposes', not for unauthorized access.
Updated: 2025-12-31GitHub
36
9
Low Cost
Iankulani icon
Sec6

Accurate-Cyber-Box is an advanced cybersecurity tool designed for penetration testing, cyber drills, real-time network monitoring, and incident response, integrated with MCP servers and Telegram for enhanced communication and control.

Setup Requirements

  • ⚠️Requires the GeoLite2-City.mmdb database for geolocation features, which must be manually downloaded and placed appropriately.
  • ⚠️Executing the 'kill <ip>' command (for IP blocking) requires root or sudo privileges, specifically on Linux systems using `iptables`.
  • ⚠️Telegram bot token and chat ID must be configured in the 'ctm_config.ini' file for Telegram integration to function.
Verified SafeView Analysis
The tool leverages powerful network capabilities (Scapy for packet sniffing and generation) and system commands (iptables for IP blocking) that require elevated privileges (e.g., root on Linux) and can potentially disrupt network traffic or expose sensitive information if misused or misconfigured. Telegram bot token and chat ID are stored in a local configuration file ('ctm_config.ini'), making them vulnerable if the host system's file permissions are not properly secured or the system is compromised. The code does not use 'eval' and avoids direct command injection for the 'kill' command by passing arguments as a list to `subprocess.run`. No obvious malicious outbound connections or obfuscation were detected.
Updated: 2025-11-21GitHub
36
72
Low Cost
rust-mcp-stack icon

rust-mcp-schema

by rust-mcp-stack

Sec9

Provides a type-safe Rust implementation of the Model Context Protocol (MCP) schema, enabling developers to build robust MCP servers and clients.

Setup Requirements

  • ⚠️Requires Rust toolchain (rustc, cargo) to build or use as a dependency.
  • ⚠️This is a library that defines the protocol schema; it is not a standalone executable or an MCP server itself. For building servers/clients, the associated `rust-mcp-sdk` is recommended.
Verified SafeView Analysis
The project is a schema definition library, not a standalone server or application. It defines data structures and serialization logic using `serde_json`. No direct network communication, explicit use of `eval`, obfuscation, or hardcoded sensitive data (like API keys) was found in the provided code snippets. Potential risks would arise from how consuming applications (e.g., an MCP server or client built using this schema) handle and process external input and protocol messages, rather than from this library itself. Standard JSON parsing libraries are used, which are generally robust, but malformed inputs can always present edge cases.
Updated: 2026-01-01GitHub
36
17
Medium Cost
thierryc icon

Glyphs-mcp

by thierryc

Sec2

Exposes Glyphs font design and editing tools to AI/LLM agents via a Model Context Protocol (MCP) server for automation and intelligent assistance within the Glyphs application.

Setup Requirements

  • ⚠️Requires Glyphs (macOS application) to be installed and running.
  • ⚠️The server is started via the Glyphs application's 'Edit' menu after plugin installation, not a direct command-line execution.
  • ⚠️The `execute_code` and `execute_code_with_context` tools allow arbitrary Python code execution; use with extreme caution and only with trusted AI/LLM agents and strict network isolation.
Review RequiredView Analysis
The `execute_code` and `execute_code_with_context` tools explicitly allow arbitrary Python code execution within the Glyphs application context. While the server defaults to running on `127.0.0.1` and includes optional `OriginValidationMiddleware` and `StaticTokenAuthMiddleware`, this core functionality represents a significant Remote Code Execution (RCE) vector. Users must ensure strict network isolation and only connect trusted clients, as improper exposure or an untrusted agent gaining access could lead to severe system compromise.
Updated: 2026-01-06GitHub
36
7
Medium Cost
openSUSE icon

systemd-mcp

by openSUSE

Sec3

Manages systemd services, units, and logs via the Model Context Protocol (MCP) by directly connecting to systemd's C API.

Setup Requirements

  • ⚠️Requires elevated privileges (root is recommended for HTTP mode) to interact with systemd and journal logs.
  • ⚠️For Stdio (D-Bus/Polkit) mode, specific D-Bus and Polkit configuration files must be manually installed to system paths.
  • ⚠️For HTTP (OAuth2) mode, an external OAuth2 Authorization Server (controller) is required and its address must be configured.
Review RequiredView Analysis
The server implements robust authorization mechanisms (Polkit/D-Bus and OAuth2) for managing systemd units and reading logs. However, two critical tools, 'get_file' and 'get_man_page', do not perform any authorization checks within their respective MCP handlers (or underlying functions). This means that if these tools are enabled, any authenticated (via Polkit or OAuth2) or unauthenticated (if '--noauth' is used) client can read arbitrary files and retrieve any man page on the system, subject only to the permissions of the user running the 'systemd-mcp' server. If the server is run with elevated privileges (e.g., as root for HTTP mode, as recommended by the README), this constitutes a severe arbitrary file read vulnerability. Command execution through 'man', 'rpm', and 'getfacl' is present, but arguments are passed via exec.Command, reducing direct shell injection risk, though potential vulnerabilities in these external tools could still be a concern. No obvious hardcoded secrets or obfuscation were found.
Updated: 2026-01-16GitHub
36
4
Low Cost
hasmcp icon

hasmcp-docs

by hasmcp

Sec8

Provides official documentation and API definitions for the HasMCP platform, focusing on managing AI tools, providers, servers, resources, and prompts.

Setup Requirements

  • ⚠️Requires Mintlify platform/tooling for local documentation development and potential deployment.
Verified SafeView Analysis
The provided source code consists of documentation and OpenAPI specification files. These files themselves do not contain executable code to evaluate for runtime security risks like 'eval' or obfuscation. The OpenAPI specification details a 'bearerAuth' security scheme, which is a standard and generally secure method for API authentication, implying token-based access. It also highlights secret management for variables (masking secret values on retrieval). A comprehensive security audit of the actual MCP server implementation would require its executable source code, which is not provided in this documentation repository.
Updated: 2026-01-18GitHub
PreviousPage 118 of 713Next