Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
5
High Cost
mmeents icon

DaemonsMCP

by mmeents

Sec8

Facilitate LLM interaction with local codebases by providing secure access to explore, read, and write project files.

Setup Requirements

  • ⚠️Requires .NET 9.0 SDK installed.
  • ⚠️Requires a local SQL Server instance (configured with Integrated Security=True).
  • ⚠️The Angular client expects the backend API (DaemonsMCP.Api) to run on https://localhost:44356, which typically requires running it via Visual Studio using the IIS Express profile. Running directly with 'dotnet run' usually serves on different ports (e.g., 7267 or 5039) unless specifically configured.
  • ⚠️CORS must be explicitly configured in the backend API to allow requests from http://localhost:4200 (Angular dev server).
Verified SafeView Analysis
The server grants powerful read/write access to local codebases, which is inherently high-risk. However, the documentation and client-side code indicate strong security awareness with features like: required file extensions, write-protected paths, max file size limits, automatic backups for file modifications/deletions, input validation, and an authentication/authorization system (users, access tokens, invitations, user credentials). The database connection string is configured for local SQL Server with 'Integrated Security=True' and 'TrustServerCertificate=True', which is acceptable for local development but 'TrustServerCertificate=True' can be a risk in production. A 'TODO' for 'createdByUserId: 1' in user creation on the client side is a minor temporary vulnerability.
Updated: 2026-01-19GitHub
35
3
Medium Cost
neverinfamous icon

mysql-mcp

by neverinfamous

Sec2

Provides an MCP (Model Context Protocol) server for MySQL, enabling AI agents to programmatically interact with and manage MySQL databases.

Setup Requirements

  • ⚠️Requires Node.js 24+.
  • ⚠️Requires MySQL Server 5.7+ or 8.0+.
  • ⚠️Requires MySQL Shell CLI utility for specific tools (e.g., `mysqlsh_dump_instance`).
  • ⚠️Requires MySQL X Plugin enabled (port 33060) for `mysqlsh_import_json`.
  • ⚠️Requires `local_infile = ON` on MySQL server for import/load operations if `updateServerSettings` is not set or privileged.
  • ⚠️Hardcoded default `admin:admin` credentials for ProxySQL if `PROXYSQL_USER` and `PROXYSQL_PASSWORD` environment variables are not configured.
Review RequiredView Analysis
1. Arbitrary Code Execution (CRITICAL): The `mysqlsh_run_script` tool allows direct execution of user-provided JavaScript, Python, or SQL code via the `mysqlsh` subprocess. This is a severe vulnerability, enabling any client (AI or malicious actor if unauthenticated/unauthorized) to execute arbitrary commands on the host system. 2. Insecure TLS Connection Option: MySQL Router tools (`mysql_router_status` etc.) support `MYSQL_ROUTER_INSECURE=true`, disabling TLS certificate verification. This creates a significant risk for Man-in-the-Middle attacks if used in production, despite documentation for development purposes. 3. Hardcoded Default Credentials: ProxySQL tools use hardcoded default credentials ('admin', 'admin') if environment variables (`PROXYSQL_USER`, `PROXYSQL_PASSWORD`) are not explicitly set, posing a common misconfiguration risk. 4. `local_infile` Vulnerability: `mysqlsh_import_table` and `mysqlsh_load_dump` tools can set `SET GLOBAL local_infile = ON`. While requiring high privileges, this command could be exploited for data exfiltration or arbitrary file reads if a malicious file path is provided and the MySQL server is compromised. 5. SQL Injection Protection: The project generally uses good practices like parameterized queries and includes `validateQuery` for detecting dangerous SQL patterns and enforcing read-only modes. Identifier escaping is also implemented. However, direct `rawQuery` calls for `SHOW` commands, while validated, present a slightly higher attack surface.
Updated: 2026-01-19GitHub
35
1
Medium Cost
jasich icon
Sec9

Enables AI coding agents to capture screenshots of macOS windows and displays on demand, streamlining the process of providing visual context to LLMs.

Setup Requirements

  • ⚠️Requires macOS 12.0+ (Monterey or later).
  • ⚠️Requires Node.js 16.0.0 or higher.
  • ⚠️Requires manual granting of macOS Screen Recording permission on first run; the server provides clear instructions if permission is denied.
Verified SafeView Analysis
The server primarily operates locally via stdio, reducing network exposure risks. It relies on well-maintained native Node.js modules (`node-screenshots`, `get-windows`, `mac-screen-capture-permissions`) to interact with macOS system APIs for screen capture and window metadata. Input validation is performed for file paths to prevent directory traversal or invalid file types. Screen Recording permission is explicitly requested from the user, which is a necessary and standard security measure for this functionality. There are no indications of hardcoded secrets or arbitrary code execution (`eval`) within the current implementation. A research document mentions future potential use of `osascript` via `execSync` for browser tab capture, which would require careful sanitization if implemented.
Updated: 2025-11-25GitHub
35
4
Medium Cost
jacksenechal icon

scan-mcp

by jacksenechal

Sec8

Minimal MCP server for scanner capture (ADF/duplex/page-size), batching, and multipage assembly, designed for integration with autonomous agents.

Setup Requirements

  • ⚠️Requires Node.js 22 or newer to run.
  • ⚠️Linux with SANE utilities (e.g., `scanimage`, `scanadf`) is mandatory; macOS/Windows are not supported for scanner interaction.
  • ⚠️Requires TIFF tools (`tiffcp` or ImageMagick `convert`) for multipage assembly.
Verified SafeView Analysis
The HTTP transport explicitly lacks authentication and is intended for internal LAN use. Direct public exposure without additional security measures is a significant risk. Command execution via `execa` uses `shell: false` and paths are sanitized (`resolveJobPath` includes regex validation), mitigating common shell injection and directory traversal vulnerabilities.
Updated: 2025-12-15GitHub
35
5
Medium Cost
mcpdotdirect icon

starknet-mcp-server

by mcpdotdirect

Sec5

Provides AI agents with a comprehensive interface to interact with the Starknet blockchain, enabling querying data, managing wallets, and interacting with smart contracts.

Setup Requirements

  • ⚠️Requires Bun 1.0.0+ or Node.js 18.0.0+
  • ⚠️Write operations require a private key to be provided as a parameter; secure handling and transmission of this private key by the calling system (AI agent/user) is critical.
  • ⚠️Server configuration (port, host, default network RPCs) is hardcoded and requires manual modification in source files for changes.
Verified SafeView Analysis
The server tools (e.g., `transfer_starknet_eth`, `execute_starknet_contract`) directly accept private keys as parameters for signing transactions. While the server itself states it does not store these keys, this design pattern places a heavy burden of security on the caller (AI agent/user) and the communication channel to prevent exposure or misuse of private keys. The HTTP server uses permissive CORS (`origin: '*'`), which may be acceptable for AI agent integrations but should be considered for broader deployment.
Updated: 2025-11-26GitHub
35
5
Medium Cost
bjeans icon

homelab-mcp

by bjeans

Sec8

Provides Model Context Protocol (MCP) servers for managing and monitoring homelab infrastructure through Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.10+ (or Docker for containerized deployment).
  • ⚠️Depends on external homelab services (Docker/Podman, Ollama, Pi-hole, Unifi Controller, Network UPS Tools) running and accessible on the network.
  • ⚠️Requires API keys/passwords for various services (Pi-hole, Unifi, NUT, etc.), which must be securely configured via `.env` or Ansible inventory.
  • ⚠️Network connectivity to all managed homelab services is critical, often requiring 'host' network mode for Docker deployments or specific firewall rules.
Verified SafeView Analysis
The project demonstrates a strong focus on security, with automated pre-push checks (e.g., `pre_publish_check.py`), `.env` file protection, and explicit warnings about inherent risks of managed services (e.g., unencrypted Docker APIs, needing firewall rules). Logging includes sensitive data sanitization. A `write_mcp_file` tool exists (deprecated) with path validation to prevent directory traversal. The main security risks stem from improper configuration of underlying homelab services (e.g., exposing Docker APIs to the internet) rather than direct vulnerabilities in the MCP server code itself. The project transparently documents these risks and provides comprehensive mitigation guidance.
Updated: 2026-01-17GitHub
35
5
Medium Cost
Alosies icon
Sec9

A fully typed TypeScript Model Context Protocol (MCP) server for comprehensive GitLab integration, enabling AI agents to manage projects, issues, merge requests, pipelines, and jobs.

Setup Requirements

  • ⚠️Requires a GitLab Personal Access Token with 'api', 'read_user', and 'read_repository' scopes.
  • ⚠️Requires Node.js 18+.
  • ⚠️Some tools (e.g., 'get_merge_request') require either a numeric ID or a full path (e.g., 'group/project') for project/item identification.
Verified SafeView Analysis
The server uses `axios` for API calls, with `Bearer` token authentication. Tokens are explicitly retrieved from environment variables (e.g., `NPM_CONFIG_TOKEN`, `GITLAB_TOKEN`) or configuration files, and an error is thrown if no token is found, enforcing secure practices. API endpoints are constructed using `encodeURIComponent` to prevent path traversal and injection. There is no `eval` or obvious obfuscation. The `baseUrl` is configurable, which could be a risk if set maliciously, but this is typically controlled by the user's trusted configuration.
Updated: 2025-11-27GitHub
35
1
Low Cost

chrono-mcp

by bingdongni

Sec9

Chronos-MCP acts as a local-first MCP server that indexes terminal and browser history for AI assistants, enabling instant recall and context awareness.

Setup Requirements

  • ⚠️Requires Node.js v18+ installed.
  • ⚠️The shell hooks (Zsh and PowerShell) require manual setup or rely on the installer script correctly modifying shell profiles. The Zsh hook in the provided code needs the user to manually update the path to `record.js`.
  • ⚠️Browser history syncing is currently limited to Google Chrome. Other browsers might not be supported.
Verified SafeView Analysis
The code is generally safe, using standard Node.js libraries and SQLite. It does not use 'eval' or other high-risk functions. Network risks are minimal as it's designed for local use. The main potential risk is in how it interacts with system shells, but the provided hooks seem to handle this cautiously. Browser history access is limited to local Chrome profiles.
Updated: 2025-11-19GitHub
35
5
Medium Cost
Anselmoo icon
Sec6

A comprehensive AI agent development framework focused on structured design, prompt engineering, code analysis, and agent-to-agent orchestration for developers.

Setup Requirements

  • ⚠️Requires LLM API keys (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY) depending on selected models.
  • ⚠️Requires Node.js (v18+ is common in examples and project setup).
  • ⚠️Git must be installed if using Spec-Kit features that synchronize with Git repositories.
  • ⚠️Mermaid diagram generation might require additional runtime dependencies or local setup for optimal performance.
Review RequiredView Analysis
The `hashInput` function in `src/tools/shared/a2a-context.ts` is explicitly noted as a 'demonstration implementation' with 'potential collisions' and recommends replacement with a secure hashing library for production, which is a critical vulnerability if deployed as-is. Agent-to-agent invocation (via `ToolRegistry`) necessitates careful management of `canInvoke` permissions to prevent privilege escalation. Hardcoded secrets are present in test files but not in core application logic.
Updated: 2026-01-19GitHub
35
5
High Cost
connectaman icon

PitchLense

by connectaman

Sec2

An AI-powered platform for comprehensive startup analysis, including risk assessment, growth potential evaluation, founder DNA analysis, email pitch analysis, and meeting recording summaries.

Setup Requirements

  • ⚠️Requires Google Cloud Platform account (paid services for Gemini AI, Cloud Storage, Natural Language API).
  • ⚠️Requires Financial Modeling Prep (FMP) API key (paid subscription likely needed for full functionality).
  • ⚠️Requires MySQL 8.0+ database, either locally or a Google Cloud SQL instance.
  • ⚠️Requires an email account (e.g., Gmail) configured with an app-specific password for email fetching and sending functionality.
Review RequiredView Analysis
Critical authentication flaws, including a hardcoded `FIXED_SALT` for password hashing and a direct hash comparison `password === user.password_hash`. This design makes user passwords vulnerable to offline brute-force attacks if the salt is compromised (which it is, being in the source code). Hardcoded default secrets for `JWT_SECRET`, `DB_PASSWORD`, and `GEMINI_API_KEY` are present, posing a severe risk if not explicitly overridden in production environments. The Content Security Policy (CSP) includes `'unsafe-eval'` in its `script-src`, which can weaken XSS protections. Positively, the application implements standard security headers, API rate limiting, uses Google Cloud Natural Language API for content moderation, and employs parameterized SQL queries to mitigate injection attacks. However, these positive controls are significantly overshadowed by the critical authentication vulnerabilities.
Updated: 2026-01-13GitHub
35
13
Medium Cost
Vizioz icon

Teamwork-MCP

by Vizioz

Sec8

The MCP server simplifies interaction with the Teamwork.com API, enabling AI agents to manage projects, tasks, people, and companies within Teamwork.

Setup Requirements

  • ⚠️Requires a Teamwork.com account with API access.
  • ⚠️Requires `TEAMWORK_DOMAIN`, `TEAMWORK_USERNAME`, and `TEAMWORK_PASSWORD` credentials (must be set via environment variables, a `.env` file, or command-line arguments).
Verified SafeView Analysis
The server follows good practices for handling credentials (environment variables, .env file, or command-line arguments) and implements tool filtering for restricted access. It uses HTTPS for API communication. However, the API client's request interceptor logs the full request body to file (`combined.log`), which, depending on the tool invoked (e.g., `createCompany`), could expose sensitive data in local log files. While the Authorization header is redacted, specific data passed in the body for creation or update operations is logged. There is no `eval` or obvious obfuscation. The server acts as a proxy, relying on the Teamwork API's internal sanitization for input parameters.
Updated: 2026-01-07GitHub
35
6
Low Cost
EOSC-Data-Commons icon

eoscdcpoc

by EOSC-Data-Commons

Sec8

A web application for searching scientific datasets using natural language queries, discovering relevant data, and enabling direct deployment of analyses to Virtual Research Environments.

Setup Requirements

  • ⚠️Requires a running EOSC Data Commons MCP backend server (https://github.com/EOSC-Data-Commons/data-commons-mcp) on port 8000.
  • ⚠️Node.js (version 20 or newer) is required for local development.
  • ⚠️Authentication with GitHub Container Registry (docker login ghcr.io) may be required to pull Docker images.
Verified SafeView Analysis
The provided code is a React frontend. It does not appear to contain hardcoded sensitive secrets or use dangerous patterns like 'eval'. Network requests are made to specified backend and dispatcher APIs. Standard web application security practices (e.g., input sanitization, secure API endpoints, CORS configuration) are critical for the overall system security, but no immediate critical vulnerabilities are apparent within the truncated frontend source code itself. The `sanitize` function in `src/lib/citation.ts` is basic and specific to citation formatting, not a general XSS defense mechanism, but the context of its use limits direct user injection risks.
Updated: 2026-01-19GitHub
PreviousPage 130 of 713Next