Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
3
High Cost
supermodeltools icon

mcp

by supermodeltools

Sec9

Provides AI agents with deep codebase analysis by generating comprehensive code graphs from local repositories via the Supermodel API, enabling understanding of code structure, dependencies, and relationships.

Setup Requirements

  • ⚠️Requires a Supermodel API Key (`SUPERMODEL_API_KEY`), which implies registration and potential costs with the Supermodel API service.
  • ⚠️Relies on an external Supermodel API for actual code graph generation, necessitating an active internet connection.
  • ⚠️The `directory` argument for analysis must point to a locally accessible codebase.
Verified SafeView Analysis
The server demonstrates good security practices by explicitly externalizing API keys via environment variables and including robust file exclusion patterns (like .gitignore and a list of sensitive files/directories) during repository zipping, which prevents accidental leakage of credentials or processing of irrelevant/large files. Temporary ZIP files are also managed with cleanup. The use of `child_process.execSync` is present for retrieving git metadata, which is typically a security concern, but its application is limited to benign git commands within a validated directory, mitigating the immediate risk. The core code analysis is performed by an external API, shifting some security considerations to that service.
Updated: 2026-01-17GitHub
36
1
Low Cost
sujal-maheshwari2004 icon

ToolStore

by sujal-maheshwari2004

Sec2

A proof-of-concept pipeline for automatic tool discovery, toolchain assembly, and agentic reasoning powered by semantic search and LLMs.

Setup Requirements

  • ⚠️Requires a local Ollama server running with 'llama3.2' (or specified) model.
  • ⚠️Requires `git` and `pip` CLI tools to clone repositories and install their dependencies.
  • ⚠️Specific tools (if matched) might require external API keys not managed by this system.
Review RequiredView Analysis
The pipeline clones and executes Python code from arbitrary GitHub repositories identified via semantic search (`main_pipeline/tool_loader.py` and `main_pipeline/mcp_builder.py`). This poses a significant supply chain security risk, as malicious code in a cloned repository would be directly integrated and run within the auto-generated `mcp_unified_server.py`. The project explicitly states it's a 'proof of concept' and 'not meant for production' due to these and other limitations. While it uses `ast` for parsing, the direct execution of external code is a critical vulnerability.
Updated: 2025-11-26GitHub
36
5
Low Cost
1052666 icon
Sec4

Integrate WeChat message sending capabilities into AI assistants using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Windows 10/11 operating system.
  • ⚠️WeChat client must be installed, running, logged in, and its window visible (not minimized or obscured).
  • ⚠️Significant account, data, privacy, and legal risks associated with automating WeChat, as explicitly warned by the developer.
Review RequiredView Analysis
The server uses UI automation (pyautogui, win32 API calls) to control the WeChat desktop application. This inherently carries significant risks, as outlined in the project's '重要免责声明' (Important Disclaimer), including potential account bans, data loss/leakage, system instability, and legal/privacy issues. While there's no evidence of malicious code (e.g., 'eval', hardcoded secrets), the nature of the operation allows the configured AI assistant to control a sensitive user application. The clipboard is temporarily used for text input, with an attempt to restore its original content. The window activation logic is robust but also signifies the level of control this server can exert.
Updated: 2026-01-19GitHub
36
7
Low Cost
dx-tooling icon

maas-webapp

by dx-tooling

Sec9

Web platform for managing and orchestrating containerized MCP (Machine Control Protocol) instances, including Playwright and Linux command-line environments, providing access via subdomains and securing endpoints with Traefik ForwardAuth.

Setup Requirements

  • ⚠️Requires Docker for container orchestration of MCP instances and Traefik.
  • ⚠️Requires Traefik to be configured for routing, TLS termination, and ForwardAuth.
  • ⚠️Requires specific `sudoers` configuration for the `www-data` user to execute Docker commands via a wrapper script.
  • ⚠️Requires wildcard DNS records (`*.mcp-as-a-service.com`) pointing to the host IP for subdomain routing.
Verified SafeView Analysis
The system utilizes robust security patterns including Traefik as an edge router for TLS termination and ForwardAuth middleware for bearer token validation. Secrets (VNC password, MCP bearer token) are dynamically generated and stored in the database. Docker commands are executed via a controlled wrapper script with `sudo -n`, limiting privileges and preventing arbitrary shell command injection. `hash_equals` is used for constant-time token comparison. While highly secure, the complexity of the Traefik and `sudoers` configurations requires careful setup to avoid misconfigurations.
Updated: 2025-11-26GitHub
36
8
Medium Cost
crate icon

cratedb-mcp

by crate

Sec7

CrateDB MCP Server enables natural-language Text-to-SQL and documentation retrieval for CrateDB database clusters, bridging AI assistants with database interaction.

Setup Requirements

  • ⚠️Requires a running CrateDB instance to connect to.
  • ⚠️Requires Python 3.10 or higher (validated up to 3.14).
  • ⚠️Recommended to configure CrateDB with a read-only user for the `CRATEDB_CLUSTER_URL` to prevent agents from modifying data.
Verified SafeView Analysis
The server implements SQL statement filtering (using `sqlparse`) to restrict database operations to SELECT queries by default, preventing DML/DDL. URL fetching for documentation and prompt fragments includes whitelisting for CrateDB/GitHub domains or robust HTTP error handling. Logging of HTTPX is configured to avoid revealing credentials. A critical risk exists with the `CRATEDB_MCP_PERMIT_ALL_STATEMENTS` environment variable; if set to true, it bypasses SQL filtering, allowing LLM agents to perform write/modify operations on the connected database. This override is explicitly warned about.
Updated: 2026-01-13GitHub
36
1
High Cost
unmarco icon

supatask

by unmarco

Sec8

Manages local tasks, time tracking, and activity logging with a web interface, rich CLI, and AI assistant integration via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to run the full application stack (backend and Redis).
  • ⚠️Python 3.11+ is required for the backend (if run outside Docker) and the CLI.
Verified SafeView Analysis
CORS policy is set to allow all origins ('*') in development, which is acceptable for a local/personal tool but poses a risk if deployed publicly without specific origin restrictions. Redis is exposed on a standard port (6379) within the Docker network and configured for persistence (AOF), but lacks built-in authentication in its default Docker Compose setup. For public deployment, Redis requires proper security measures (e.g., password, network isolation). The MCP tool execution (`tools/call`) internally calls service methods with Pydantic-validated models, which generally helps mitigate direct injection risks. No 'eval' or obvious malicious patterns were found in the provided code snippets.
Updated: 2025-11-26GitHub
36
28
Medium Cost
aliyun icon
Sec4

Provides AI-driven capabilities for managing Alibaba Cloud Data Management Service (DMS) resources, including database metadata querying, SQL execution, NL2SQL, and SQL assistance, with additional tools for Alibaba Cloud Data Transmission Service (DTS) migration tasks.

Setup Requirements

  • ⚠️Requires Alibaba Cloud Account with DMS/DTS access permissions (AliyunDMSFullAccess) and associated Access Key ID and Secret.
  • ⚠️Database instances must be added to Alibaba Cloud DMS and have 'Security Hosting' enabled for full functionality.
  • ⚠️Requires `uv` or `uvx` to be installed for local execution, and Python 3.10+.
Verified SafeView Analysis
The server exposes functions like `executeScript` and `createDataChangeOrder` which directly execute arbitrary SQL scripts against connected databases. The `askDatabase` tool also generates and executes SQL via an NL2SQL engine. While these features are core to its purpose, they introduce significant security risks (e.g., SQL injection, unintended data modification/deletion) if the input (from user or AI) is not rigorously validated and sanitized upstream. The application relies on environment variables for Alibaba Cloud credentials, which is good practice, but improper credential management on the host system could expose sensitive access keys. Listening on 0.0.0.0 is standard but requires external network security measures.
Updated: 2026-01-05GitHub
36
3
Low Cost
PawelKozy icon
Sec1

GitHub code review assistant demonstrating prompt injection vulnerability and its mitigation in an MCP server.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for containerized execution.
  • ⚠️Python 3.10+ is required for local execution.
  • ⚠️Requires `pip install -r requirements.txt` if running locally.
Review RequiredView Analysis
The 'vulnerable' server component is intentionally designed to be highly insecure for demonstration purposes. It suffers from a critical prompt injection vulnerability where malicious instructions embedded in public GitHub issues are executed verbatim by the AI agent. This allows unauthorized tool calls to 'get_repo_webhooks' (exfiltrating sensitive webhook URLs and GitHub API tokens) and 'create_issue_comment' (posting these secrets back to a public issue). The 'secure' server component mitigates these risks through multi-layered defenses: (1) Role-Based Access Control (RBAC) with default-deny, (2) automatic permission demotion when untrusted public content is viewed, (3) sanitization of issue content to remove directives, and (4) output validation to prevent comments containing sensitive patterns. Due to the intentional vulnerabilities in the 'vulnerable' component, it is not safe for deployment outside of isolated lab environments.
Updated: 2025-12-03GitHub
36
7
Low Cost
caretdev icon

mcp-server-iris

by caretdev

Sec7

Provides a Model Context Protocol (MCP) server for InterSystems IRIS database interaction, automation, and interoperability production management, allowing AI agents to query and control IRIS environments.

Setup Requirements

  • ⚠️Requires an InterSystems IRIS database instance to connect to.
  • ⚠️Requires specific environment variables for IRIS connection: IRIS_HOSTNAME, IRIS_NAMESPACE, IRIS_USERNAME, IRIS_PASSWORD.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server exposes powerful administrative tools, including direct SQL query execution and full control over InterSystems IRIS interoperability productions. While environment variables are used for database credentials (good practice), and parameterized queries are employed for SQL parameters, the ability to execute arbitrary SQL or administrative commands means this server should only be run in highly trusted and isolated environments with strict access controls. Exposing it to untrusted users could lead to data loss, unauthorized access, or system compromise.
Updated: 2025-11-23GitHub
36
8
Low Cost
Gh4stware icon

whatsapp-mcp

by Gh4stware

Sec8

Enhance WhatsApp interactions by providing a programmatic bridge for AI systems to send messages, query chat history, and manage contacts.

Setup Requirements

  • ⚠️Requires the Go 'whatsapp-bridge' service to be running on `localhost:8080` as a prerequisite for the MCP server. This typically involves building and running the Go source code.
  • ⚠️Requires an active WhatsApp account for initial QR code pairing with the 'whatsapp-bridge' service.
  • ⚠️Requires Python 3.11+ and installation of dependencies specified in 'whatsapp-mcp-server/pyproject.toml' (e.g., `mcp[cli]`, `httpx`, `requests`).
Verified SafeView Analysis
The system consists of a Go-based WhatsApp bridge and a Python-based MCP server. The Go bridge, which handles direct WhatsApp communication, binds its REST API to `localhost:8080`. This local binding limits direct external network exposure. Session data and message history are stored in local SQLite databases (`store/whatsapp.db`, `store/messages.db`). While convenient, these local databases are not explicitly encrypted in the provided code, meaning if the host system itself is compromised, chat history could be accessed. Input validation for messages sent via the API is basic, relying on the underlying `whatsmeow` library and WhatsApp API to handle message content safely. No 'eval' or other obvious malicious patterns or hardcoded secrets were found.
Updated: 2025-12-15GitHub
36
7
Medium Cost
chainstack icon

dev-portal

by chainstack

Sec10

Provides AI models with access to search and navigate Chainstack documentation through a hosted Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Mintlify CLI (installed via npm)
  • ⚠️Requires Node.js and npm for development setup
  • ⚠️OpenAPI specifications must adhere to v3.0 `nullable` standard for interactive API explorer functionality (as mentioned in troubleshooting)
Verified SafeView Analysis
The provided source code primarily consists of Mintlify documentation configuration (`docs.json`) and OpenAPI specifications for various blockchain APIs. It does not contain any executable server-side code, scripts, or application logic that could pose direct security risks such as `eval` statements, obfuscation, or malicious patterns. The OpenAPI specifications include example API keys in server URLs, which are placeholders and not actual secrets meant to be used directly from this repository. The MCP server itself is described as hosted and external to this repository's codebase. Therefore, the inherent security risk from *this source code* is minimal.
Updated: 2026-01-19GitHub
36
9
Medium Cost
Knuckles-Team icon

gitlab-api

by Knuckles-Team

Sec3

This project provides a Python wrapper for GitLab, serving as an MCP (Model Context Protocol) server to expose GitLab APIs as tools for LLMs, and an A2A (Agent-to-Agent) multi-agent system for delegated GitLab task management with a knowledge graph.

Setup Requirements

  • ⚠️Requires `GITLAB_INSTANCE` and `GITLAB_ACCESS_TOKEN` environment variables for the MCP server. The hardcoded default token in `compose.yml` MUST be overridden for security.
  • ⚠️The A2A agent requires an LLM provider (e.g., OpenAI, Ollama) and its associated `OPENAI_BASE_URL` and `OPENAI_API_KEY` (defaults to Ollama-compatible settings `http://localhost:1234/v1` and `llama`). Ensure a local LLM or API endpoint is accessible.
  • ⚠️Docker is highly recommended (via `docker-compose` or `docker run`) for easy setup, as Python dependency management (`.[all]` extra requirements) can be complex for the multi-agent system and its components (Graphiti, FastMCPToolset, pydantic-ai).
Review RequiredView Analysis
The `compose.yml` file contains a hardcoded default `GITLAB_ACCESS_TOKEN` (`glpat-asdfa;sldkfj`) which is a critical security vulnerability if not explicitly overridden by the user. Running with `GITLAB_VERIFY=False` (disabled SSL verification) is optional but poses a man-in-the-middle risk if used in production environments. While authentication mechanisms (JWT, OIDC) are supported, the default token significantly lowers the overall security posture for quick starts.
Updated: 2026-01-19GitHub
PreviousPage 123 of 713Next