Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
6
Low Cost
Naveen666555 icon

n8n-workflows

by Naveen666555

Sec8

A fast, modern documentation system for N8N workflows, providing search, categorization, visualization, and a RESTful API for workflow management and analysis.

Setup Requirements

  • ⚠️Requires Node.js 19+ installed.
  • ⚠️N8N workflow JSON files must be manually copied into the 'workflows/' directory after cloning.
  • ⚠️Database and directories need to be initialized via 'npm run init' and workflows indexed with 'npm run index' before starting the server for the first time.
Verified SafeView Analysis
The server uses Helmet.js for security headers and express-rate-limit for API rate limiting, which are good practices. SQL queries use parameterized statements to prevent injection. File system access is primarily to designated 'workflows' and 'database' directories, assuming trusted N8N workflow JSON files. No obvious 'eval' or obfuscation found. CORS is enabled, but specific origins are not defined in the truncated code, which might default to a broader setting. Overall, it implements standard security measures for a Node.js application.
Updated: 2026-01-19GitHub
35
2
High Cost
shark8848 icon
Sec8

An AI agent for e-commerce, integrating ontology-based reasoning, business logic, memory systems, and a Gradio UI to simulate a complete shopping experience, enhanced with Reinforcement Learning capabilities for continuous self-improvement in tool orchestration strategies.

Setup Requirements

  • ⚠️Requires LLM API Key (e.g., DeepSeek, OpenAI) which typically incurs costs.
  • ⚠️Docker 20.10+ and Docker Compose 2.0+ are recommended for deployment, requiring prior Docker setup.
  • ⚠️If using Ollama, `ollama serve` must be running locally and the specified model (e.g., `qwen3:8b`) must be pulled.
  • ⚠️Requires Python 3.10+ and significant system resources (8GB+ RAM, 32GB+ for RL training; >40GB disk space for local development).
Verified SafeView Analysis
The project uses `eval` in `src/ontology_mcp_server/ecommerce_ontology.py` to evaluate rule conditions loaded from local `.ttl` files. While attempts are made to validate the Abstract Syntax Tree (`_validate_condition_ast`), modification of these trusted local `.ttl` files by an attacker could lead to arbitrary code execution. Another instance of `eval` in `src/agent/mcp_adapter.py` for mathematical expressions is tightly constrained to basic arithmetic operations and poses minimal risk. Overall, the project is relatively safe assuming local configuration and ontology files are trusted and cannot be tampered with by external actors.
Updated: 2025-12-01GitHub
35
4
Low Cost
crypto-ninja icon

mcp-server-for-Github

by crypto-ninja

Sec9

Provides comprehensive GitHub workflow automation for AI-powered development teams, including Actions monitoring, advanced PR management, intelligent code search, and complete file management.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Deno runtime must be installed separately as a dependency for code execution features.
  • ⚠️A GitHub Personal Access Token (PAT) or GitHub App credentials (GITHUB_APP_ID, GITHUB_APP_PRIVATE_KEY_PATH, GITHUB_APP_WEBHOOK_SECRET) are required for most operations. Specific operations (e.g., notifications, releases) may require a PAT even if GitHub App is configured.
  • ⚠️For local workspace operations, the `MCP_WORKSPACE_ROOT` environment variable should be configured.
Verified SafeView Analysis
The server employs robust security measures, particularly for its Deno-based code execution. It uses a comprehensive `code-validator.ts` to block dangerous patterns (e.g., `eval`, dynamic `Function`, direct `Deno.run`, filesystem writes, prototype pollution) and enforce execution limits (code length, nesting depth). Workspace file operations are restricted to `MCP_WORKSPACE_ROOT` with path traversal checks and .gitignore awareness. Authentication relies on GitHub tokens (PAT or App credentials) via environment variables, with sensitive operations potentially requiring a PAT fallback.
Updated: 2026-01-09GitHub
35
6
Medium Cost
GeiserX icon

genieacs-mcp

by GeiserX

Sec4

Acts as a bridge to expose GenieACS instances as an MCP v1 (JSON-RPC for LLMs) server, enabling read-only data consumption and actions on connected CPEs.

Setup Requirements

  • ⚠️Requires a running GenieACS instance accessible via its NBI endpoint.
  • ⚠️Default GenieACS credentials (`admin:admin`) are used if not explicitly configured, posing a security risk.
  • ⚠️Requires Go (version 1.24 or later) or Docker for local build and execution.
Review RequiredView Analysis
The server has a potential JSON query injection vulnerability in the `client/acs.go` methods (`GetDevice`, `GetFileByName`, `GetTasksForDevice`). User-provided input (e.g., `id`, `fname`) is directly inserted into JSON query strings using `fmt.Sprintf` without proper escaping. If a malicious input contains JSON special characters (e.g., `"`), it could manipulate the underlying GenieACS API query, potentially leading to unintended data access or actions. Additionally, the server uses default `admin:admin` credentials for GenieACS if environment variables are not set, posing a significant security risk if deployed without configuration changes.
Updated: 2026-01-17GitHub
35
6
Low Cost
stape-io icon

stape-mcp-server

by stape-io

Sec8

Implements an MCP server for the Stape platform, providing comprehensive tools for managing Stape resources such as containers, domains, analytics, schedules, billing, and various platform-specific configurations.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️A Stape API key is mandatory for interaction, obtained from a Stape account.
  • ⚠️Client applications (e.g., Claude Desktop, Cursor AI) need to be configured specifically to connect to the MCP server using 'npx mcp-remote'.
  • ⚠️Supports an optional 'X-Stape-Region: EU' header for accessing EU-specific Stape endpoints.
  • ⚠️MCP client name length limits might impact tool visibility if long server names are used.
Verified SafeView Analysis
The server uses a standard API key authentication via 'Authorization' headers. Input validation is performed using Zod schemas, and URL path components are safely encoded with 'encodeURIComponent'. It utilizes an HttpClient wrapper to manage API calls, centralizing header and base URL management. Error responses are handled gracefully without exposing internal stack traces directly. No obvious direct command execution (e.g., 'eval') or critical network risks were identified in the provided code, making it reasonably secure for an API proxy.
Updated: 2026-01-13GitHub
35
6
Medium Cost
giantswarm icon

mcp-opsgenie

by giantswarm

Sec9

A Model Context Protocol (MCP) server that enables AI assistants to interact with OpsGenie for automated alert, team, and heartbeat management.

Setup Requirements

  • ⚠️Requires an OpsGenie API token with appropriate permissions.
  • ⚠️Requires Go 1.24.4 or later for building from source or using `go install`.
  • ⚠️For HTTP transports (SSE or Streamable HTTP), ensure the specified HTTP address is reachable and properly secured if exposed publicly.
Verified SafeView Analysis
The server securely uses environment variables for the OpsGenie API token. No 'eval' or malicious patterns were found in the source code. However, when using SSE or Streamable HTTP transports, exposing the HTTP server publicly requires standard network security practices (e.g., firewalls, proper access control) to mitigate risks.
Updated: 2026-01-15GitHub
35
5
Low Cost
Kanak03-star icon

mcp-safe-run

by Kanak03-star

Sec8

Securely launches Model Context Protocol (MCP) servers by dynamically resolving and injecting sensitive credentials (secrets) from various sources (environment, files, OS keychain) into the server's environment.

Setup Requirements

  • ⚠️Node.js >=18.0.0 required.
  • ⚠️Native build tools (Python, C++ compiler) may be required for the `keytar` dependency if a prebuilt binary is unavailable for the system's architecture/Node.js version.
  • ⚠️The project's README describes a CLI interface (`mcp-secure-launcher start`, `add-secret`, `run <server_name>`) and configuration file structure (`mcp-config.json` with `servers`) that differ significantly from the provided source code (`src/index.ts` and `src/config-loader.ts`). The actual CLI is `mcp-safe-run [options] <targetCommand> [targetArgs...]`, and configuration is loaded from `.mcp-saferun.yaml/.yml` files with `profiles`.
Verified SafeView Analysis
The server's primary function is to resolve and inject secrets into a child process's environment. It uses `keytar` for secure OS keychain integration, which is a robust practice. `env:` placeholders read from process environment variables, and `file:` placeholders read from specified file paths. The main security consideration lies in the trustworthiness of the configuration inputs (YAML files or `--target-env` CLI argument). If these inputs are compromised, `file:` placeholders could be used to exfiltrate local files, or a malicious `targetCommand` could be executed by the child process. The tool itself does not contain `eval()` or other direct arbitrary code execution vulnerabilities in its parsing or resolution logic, making it safe when its configuration inputs are trusted.
Updated: 2026-01-19GitHub
35
1
Medium Cost
clumsynonono icon

aave-liquidation-mcp

by clumsynonono

Sec9

Analyzes Aave V3 liquidation opportunities on Ethereum mainnet, providing data and insights to AI assistants.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires an Ethereum RPC endpoint (e.g., Alchemy, Infura) with sufficient rate limits, configured via ETHEREUM_RPC_URL environment variable.
  • ⚠️A build step (`npm run build`) is necessary after installing dependencies before running the server.
  • ⚠️MCP configuration requires the absolute path to the compiled `index.js` file.
Verified SafeView Analysis
The server operates in a read-only mode, interacting with public Aave V3 smart contracts on Ethereum mainnet. It explicitly focuses on analysis rather than transaction execution, significantly reducing financial risk. Input validation for Ethereum addresses is performed. Required RPC URL is supplied via environment variables, preventing hardcoded secrets. The code appears well-structured and free from obvious malicious patterns or obfuscation. Reliance on external RPC endpoints introduces inherent external risks (e.g., uptime, rate limits) but these are generally understood for blockchain applications and mitigated by user warnings in the README.
Updated: 2025-11-25GitHub
35
2
Medium Cost
TheElo icon
Sec8

Connects an LLM to the Hydrus Network media manager for sophisticated tag and file management through a Dockerized MCP server.

Setup Requirements

  • ⚠️Docker Desktop (or compatible Docker environment) is required for setup and execution.
  • ⚠️Hydrus API credentials must be manually configured in `hydrus_clients.json` or as a `HYDRUS_CLIENTS` environment variable/Docker secret.
  • ⚠️Manual setup of Docker MCP catalog and registry files (`hydrus_mcp.yaml`, `registry.yaml`) is required by copying them to specific Docker configuration directories.
  • ⚠️Integration with LM Studio requires manual modification of its `mcp.json` configuration file.
Verified SafeView Analysis
The Python source code for HydrusMCPServer follows good practices for loading API keys from environment variables/Docker secrets and includes input validation for numerical and string parameters. No direct use of `eval`, `exec`, or other obvious malicious patterns were found within the application logic itself. The overall system relies on `mcp-toolkit-gateway` which, as configured in `mcp_lm.json`, mounts the Docker socket; this is a high-privilege operation and a general Docker security concern, though it's external to the HydrusMCPServer's own code.
Updated: 2025-11-23GitHub
35
6
Medium Cost
aj-geddes icon

fastfs-mcp

by aj-geddes

Sec3

Enables AI assistants (like Claude) to interact with local filesystems, manage Git repositories, and engage users through interactive prompts via a standardized JSON-based protocol.

Setup Requirements

  • ⚠️Requires Docker for deployment and easy setup.
  • ⚠️Requires GitHub Personal Access Token or GitHub App credentials (ID, private key, installation ID) for full Git integration with private repositories.
  • ⚠️Requires a local filesystem volume to be mounted into the Docker container at `/mnt/workspace` for file operations.
Review RequiredView Analysis
The server uses `subprocess.run(..., shell=True)` extensively for both shell and Git commands, which is a critical security vulnerability. Although some inputs are escaped, constructing commands from potentially AI-generated or user-controlled input can lead to arbitrary command execution. GitHub Personal Access Tokens are embedded directly into URLs for authentication, potentially exposing them in logs, though the server attempts redaction. Private keys for GitHub Apps can be exposed if passed as environment variables. Requires careful management of permissions for the mounted workspace.
Updated: 2025-12-04GitHub
35
5
Low Cost
shimizu icon
Sec5

This server fetches OpenStreetMap data via the Overpass API, converts it to GeoJSON format, and provides it through a Model Context Protocol (MCP) interface, with an option to save large datasets to local files.

Setup Requirements

  • ⚠️Requires Claude Code for full MCP integration and usage.
  • ⚠️Disables SSL certificate validation for Overpass API connections (`rejectUnauthorized: false`), which is a security risk for network transparency. This may conflict with environments requiring strict SSL validation or firewalls.
  • ⚠️Some tools (`download_osm_data`, `download_area_all`, `convert_to_geojson`) are documented but are commented out in the `src/tools/index.js` file, meaning they are not exposed via the MCP interface.
Review RequiredView Analysis
The server explicitly disables SSL certificate verification (`rejectUnauthorized: false`) in its HTTPS requests to Overpass API servers. While justified in comments for direct IP connections, this creates a critical vulnerability to Man-in-the-Middle (MITM) attacks, allowing an attacker to impersonate the Overpass API servers without a valid certificate. No hardcoded secrets were found. Input validation for geographical coordinates and query limits is implemented, reducing the risk of malformed queries. Rate limiting and caching mechanisms are in place to mitigate resource exhaustion.
Updated: 2025-11-28GitHub
35
5
Low Cost
dolthub icon

dolt-mcp

by dolthub

Sec3

Provides AI assistants with direct access to Dolt databases, enabling database operations, version control, and data management tasks.

Setup Requirements

  • ⚠️Requires a running Dolt SQL server instance (Go 1.24.4+ for building from source)
  • ⚠️Dolt connection details (host, user, password, database) must be provided via environment variables or CLI flags.
  • ⚠️Potential SQL injection vulnerabilities if deployed in an untrusted environment or with compromised AI assistants.
Review RequiredView Analysis
The server has critical SQL injection vulnerabilities. Several tool implementations construct SQL queries using `fmt.Sprintf` with user-provided arguments (e.g., `working_database`, `working_branch`, `table`, `start_date`, `end_date`) without proper SQL escaping or parameterization. This allows an authenticated attacker to inject arbitrary SQL commands by crafting malicious input for these arguments. For example, in `db_helpers.go`, `DoltUseWorkingDatabaseSQLQueryFormatString` and `DoltCheckoutWorkingBranchSQLQueryFormatString` use unescaped user input for `database` and `branch` names. Similarly, `list_dolt_diff_changes_in_date_range.go` and `list_dolt_diff_changes_by_table_name.go` also inject unescaped user input directly into SQL queries. While `singleQuoteEscape` exists, it is not consistently applied to all user-controlled inputs used in SQL queries. HTTP mode with JWT authentication adds a layer of access control, but does not mitigate these internal injection flaws once an attacker is authenticated.
Updated: 2025-12-11GitHub
PreviousPage 128 of 713Next