Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
7
Medium Cost
rogervinas icon

spring-boot-ai

by rogervinas

Sec7

A Spring Boot application implementing a Model Context Protocol (MCP) server that provides a remote 'Booking Tool' for an AI agent.

Setup Requirements

  • ⚠️Requires Java 21+ and Kotlin 2.x+ runtime.
  • ⚠️Requires the 'chat-server' (or any MCP client) to be configured to connect to this MCP server (defaults to http://localhost:8081).
  • ⚠️For full project functionality (Chat Server + MCP Server), Docker with Ollama (llama3.1:8b and nomic-embed-text models) and PostgreSQL with pgvector are required.
Review RequiredView Analysis
The MCP server itself is straightforward and doesn't expose obvious security vulnerabilities. However, the broader project (which uses this MCP server) has hardcoded PostgreSQL credentials (`postgres`, `password`) in `chat-server/src/main/resources/application.yml` for local development. While acceptable for a demo, this is a significant security risk if deployed to any non-local or production environment without externalizing these secrets. There's no dynamic code execution or explicit obfuscation. The use of Spring AI's `@Tool` annotation is a controlled mechanism for tool invocation.
Updated: 2026-01-12GitHub
36
4
Low Cost
Team-Off-course icon

MCP-Server-Vuln-Analysis

by Team-Off-course

Sec10

This project documents the analysis and discovery of severe vulnerabilities in Model Context Protocol (MCP) server implementations, including Server-Side Request Forgery (SSRF) and Path Traversal, and proposes responsible disclosure.

Verified SafeView Analysis
This repository is a security research project focused on documenting vulnerabilities found in other MCP server implementations. The provided 'source code' primarily consists of markdown files describing various CVEs. As such, it does not contain executable code that would exhibit direct security risks (like 'eval', obfuscation, network risks, or hardcoded secrets) within the repository itself. The severe vulnerabilities (SSRF, Path Traversal, Indirect Prompt Injection) described are present in the *target* MCP servers analyzed by this project, not in this analysis repository's own codebase.
Updated: 2026-01-11GitHub
36
7
Medium Cost
anirbanbasu icon

pymcp

by anirbanbasu

Sec8

A template repository for developing Model Context Protocol (MCP) servers in Python, demonstrating various tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Installation requires `uv` and `just` as additional tools.
  • ⚠️Full functionality for 'pirate_summary' (LLM sampling) and 'vonmises_random' (elicitation) depends on client-side handlers, which may not be present in all FastMCP client setups.
Verified SafeView Analysis
The server's code is well-structured and uses FastMCP, which generally promotes secure practices. No 'eval' or obvious malicious patterns are present. It correctly handles input validation for tools like password generation and permutations. Network risks include the `text_web_search` tool making external requests via `ddgs`, and while it supports proxy configuration, reliance on external services always carries some inherent risk. A critical note is the default `ASGI_CORS_ALLOWED_ORIGINS` allowing all origins (`*`) when using HTTP transports; the README correctly advises overriding this in production for security, but it's a default configuration to be aware of. File I/O for logo resources is limited to specific, known files.
Updated: 2026-01-12GitHub
36
5
Medium Cost
exjskdjsdfks icon

pentest-mcp-server

by exjskdjsdfks

Sec4

The Pentest MCP Server enables AI agents to perform autonomous penetration testing operations on remote Linux distributions by managing persistent tmux sessions via SSH.

Setup Requirements

  • ⚠️Requires a separate Linux pentesting distribution (e.g., Kali, Parrot OS) to act as the target system.
  • ⚠️The target Linux system must have SSH access configured (password or key-based) and 'tmux' installed.
  • ⚠️Requires Python 3.10+ on the client system where the MCP server runs.
Review RequiredView Analysis
The server's core functionality involves executing arbitrary commands on a remote system. It explicitly disables SSH host key checking (`known_hosts=None`), which is a critical security vulnerability for Man-in-the-Middle (MITM) attacks as it will connect to any server without verifying its authenticity. While it includes a blacklist for some dangerous commands (e.g., `rm -rf /`, fork bomb), this is not foolproof. Running this server requires careful deployment in isolated, controlled environments, and only on authorized target systems.
Updated: 2026-01-19GitHub
36
7
High Cost
AndreaGriffiths11 icon

teamxray

by AndreaGriffiths11

Sec9

The Team X-Ray VS Code extension helps engineering teams discover human expertise, communication styles, and collaboration patterns within their codebase using Git history and AI analysis.

Setup Requirements

  • ⚠️Requires GitHub token with 'repo', 'read:user', and 'read:org' permissions for AI-powered insights (free during preview up to a credit limit, will incur costs later).
  • ⚠️VS Code 1.100.0+ is required.
  • ⚠️Git must be installed and the workspace must be a GitHub repository with commit history.
  • ⚠️Docker may be required for full GitHub Model Context Protocol (MCP) server integration, though the extension falls back to local Git analysis if unavailable.
Verified SafeView Analysis
The project demonstrates strong security awareness. It uses `vscode.SecretStorage` for token management, `child_process.execFile` for Git commands to prevent injection, and includes comprehensive input validation (`Validator` class). Webviews are protected with Content Security Policy (CSP). The `SECURITY.md` outlines a responsible disclosure policy and security best practices for users. The use of `evalite` for evaluations is confined to testing files, not runtime code. Potential minor risks could be from complex external AI model interactions (GitHub Models API) if not carefully constrained, but the prompt structure and token limits indicate an effort to mitigate this.
Updated: 2025-12-02GitHub
36
7
Medium Cost
opensolon icon
Sec8

Provides examples of integrating AI functionalities (LLM interaction, RAG, Agent, and Model Context Protocol server/client) within various Java web frameworks.

Setup Requirements

  • ⚠️Requires a local LLM server (e.g., Ollama) running on `http://127.0.0.1:11434` for chat and embedding functionalities, as configured in `webapp.llm._Constants.java`.
  • ⚠️The provided `McpServerAuth` example needs to be replaced with a robust authentication/authorization solution for production deployments.
  • ⚠️The specific framework (e.g., Spring Boot, Solon, Quarkus, JFinal, Vert.x) for the desired example must be chosen, and its respective build/run commands followed.
Verified SafeView Analysis
The `McpServerAuth` filter provided in examples is a basic demonstration of authentication logic (`ctx.param("user") == "no"` check), not a production-ready solution. It also explicitly allows `/mcp/*/message` endpoints to bypass authentication. For production use, a robust authentication and authorization mechanism must be fully implemented. LLM API URLs are hardcoded to a local `ollama` instance (`http://127.0.0.1:11434`) by default; while not a direct security risk, this implies a reliance on local infrastructure for testing/development.
Updated: 2026-01-19GitHub
36
37
Low Cost
fazer-ai icon

mcp-obsidian

by fazer-ai

Sec9

Enables LLMs (like Claude) to programmatically interact with an Obsidian vault through the Local REST API plugin.

Setup Requirements

  • ⚠️Requires Obsidian desktop application to be installed and running.
  • ⚠️Requires the 'Obsidian Local REST API' community plugin to be installed, enabled, and configured within Obsidian.
  • ⚠️An `OBSIDIAN_API_KEY` must be generated in Obsidian and provided to the server via environment variables.
Verified SafeView Analysis
The server acts as an intermediary, proxying requests to the Obsidian Local REST API plugin. Security primarily depends on the robustness of the Obsidian plugin and proper handling of the `OBSIDIAN_API_KEY` by the user (passed via environment variables, not hardcoded). Path sanitization is implemented for file-related operations (`sanitizeAndEncodePath`), mitigating some path traversal risks. Input validation is performed using Zod schemas for tool arguments. No direct code injection (e.g., `eval`) or malicious patterns were observed within the provided source code. Communication relies on standard HTTP/S requests.
Updated: 2026-01-03GitHub
36
2
Medium Cost
jim-coyne icon

ACI_MCP

by jim-coyne

Sec6

A Node.js-based Model Context Protocol (MCP) server for managing and configuring Cisco ACI fabrics through its APIC REST API.

Setup Requirements

  • ⚠️Requires access to a Cisco APIC controller (a specialized network hardware/software component).
  • ⚠️Requires valid APIC credentials (username/password or certificate) to be configured.
  • ⚠️Default `ACI_VALIDATE_CERTS=false` disables SSL certificate validation, posing a significant security risk if not explicitly enabled for production deployments.
Verified SafeView Analysis
The server supports secure credential handling via environment variables or configuration files. However, by default, it disables SSL/TLS certificate validation (`ACI_VALIDATE_CERTS=false`), which is a critical security vulnerability for Man-in-the-Middle attacks in production environments. Users must explicitly enable certificate validation and provide trusted certificates for secure deployments.
Updated: 2025-11-21GitHub
36
7
Low Cost
intbjw icon
Sec9

Provides a Model Control Protocol (MCP) server for querying FOFA API data, designed for integration with AI models.

Setup Requirements

  • ⚠️Requires Python >= 3.11
  • ⚠️Requires a valid FOFA API Key (FOFA is a paid service, usage consumes credits)
  • ⚠️The recommended setup involves 'cline' VSCode extension for configuration and integration with a large language model.
Verified SafeView Analysis
The code loads the FOFA API key from environment variables, preventing hardcoding. FOFA query parameters are base64 encoded before being sent to the external API. No direct use of 'eval' or other highly dangerous functions was observed. The main risk comes from reliance on the external FOFA API and potential misuse of the provided tool functions by an integrated AI model.
Updated: 2025-11-24GitHub
36
8
Medium Cost
zheroz00 icon
Sec8

An MCP server for efficient codebase exploration, providing file tree visualization, symbol extraction, and dependency analysis in a single tool call.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires `npm run build` to compile TypeScript to JavaScript before running (handled automatically by `npm start` or `start-server.sh`, but manual execution needs it).
  • ⚠️The 'show_git_status' feature requires Git to be installed and the target directory to be a Git repository.
  • ⚠️For MCP integration, an absolute path to `dist/index.js` is required in the Claude Desktop configuration.
Verified SafeView Analysis
The tool uses `child_process.exec` for Git commands, which is a common and generally safe pattern for CLI tools, with parsed output. Robust path validation (`validatePath`) prevents path traversal attacks and symlink escapes. An HTTP server mode is available, which by default binds to localhost, and the documentation explicitly warns that it's 'designed for local development only' and lacks authentication for production use, mitigating potential network risks if users adhere to the recommendations. No `eval`, obvious obfuscation, or hardcoded secrets were found.
Updated: 2026-01-17GitHub
36
9
Medium Cost
typedb icon

typedb-mcp

by typedb

Sec6

Enables AI assistants to interact with TypeDB databases using natural language to execute TypeQL queries and manage database resources.

Setup Requirements

  • ⚠️Requires a running TypeDB server instance.
  • ⚠️Requires Docker or Podman for easy deployment, or Python 3.13+ to build and run from source.
  • ⚠️Default TypeDB credentials ('admin'/'password') are used if not explicitly overridden, posing a security risk if not changed.
Verified SafeView Analysis
The server uses default hardcoded TypeDB credentials ('admin'/'password') in `config.py` and `docker-compose.yml`, which are security risks if not overridden or changed for production. The MCP server binds to all network interfaces (`0.0.0.0`) without explicit authentication on the MCP endpoint itself, meaning anyone with network access to the server can interact with TypeDB if valid credentials are provided to the MCP server. It also allows execution of arbitrary TypeQL queries (read, write, schema) through its API, which could be exploited by a malicious or compromised AI assistant or user to perform destructive actions or extract sensitive data. While the application's intent is to serve a trusted AI assistant, these aspects require careful operational security planning (e.g., network isolation, robust TypeDB credentials, and possibly an additional authentication layer for the MCP server).
Updated: 2026-01-06GitHub
36
6
Low Cost
SUSE icon

suse-ai-up

by SUSE

Sec8

A comprehensive, modular Model Context Protocol (MCP) proxy system that enables secure, scalable, and extensible AI model integrations.

Setup Requirements

  • ⚠️Requires Kubernetes 1.19+ and Helm 3.0+ for deployment, as it relies on Kubernetes for sidecar management and scalability.
  • ⚠️Requires the `suse-ai-up-mcp` Kubernetes namespace to exist before installation if RBAC for sidecar deployments is enabled.
  • ⚠️Authentication (`AUTH_MODE`) needs to be configured (local, GitHub OAuth, or Rancher OIDC); 'development mode' bypasses authentication and is strictly for development/testing, not production.
Verified SafeView Analysis
The core proxy system is designed with strong security practices, including RBAC for Kubernetes sidecars, running containers as non-root with dropped capabilities, and managing OAuth credentials via Kubernetes Secrets. TLS encryption is enabled by default. A 'development mode' (`DEV_MODE=true`) explicitly bypasses authentication and allows the use of `X-User-ID` headers, with clear documentation stating it should not be used in production. The proxy's design inherently involves deploying and running external MCP server implementations (e.g., via Docker or Python scripts in sidecars). While this extensibility is a core feature, it introduces a risk if untrusted or malicious MCP server implementations are registered and deployed. The system does log expected security warnings related to CSRF protection being disabled in development for FastMCP (a Python library used by some plugins), which is justified by the explicit development mode. Overall, security is well-considered for the proxy itself, but users must exercise caution when integrating or uploading third-party MCP server definitions.
Updated: 2026-01-19GitHub
PreviousPage 122 of 713Next