Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
6
Medium Cost
anirbanbasu icon

frankfurtermcp

by anirbanbasu

Sec9

This server provides tools for language model agents to access the Frankfurter API for real-time and historical currency exchange rates and conversions.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️The recommended local setup involves installing 'just' and 'uv' for dependency management and task execution.
  • ⚠️Binding the server to '0.0.0.0' or setting CORS_MIDDLEWARE_ALLOW_ORIGINS to '*' for HTTP transports is a security risk and is not recommended for production environments.
Verified SafeView Analysis
The server explicitly warns against binding to all network interfaces (0.0.0.0) and using wildcard CORS origins ('*') for production deployments due to security risks, recommending the use of a reverse proxy with proper security controls. Tool registration is dynamic but from internal source code, mitigating external code injection. While SSL verification can be disabled via environment variables, this is strongly advised against, with guidance provided for self-signed certificates. Docker Compose setup includes robust security hardening (read-only filesystem, dropped capabilities, resource limits). No 'eval' or obvious hardcoded secrets were found.
Updated: 2026-01-19GitHub
35
5
Medium Cost
kulapard icon

aiohttp-mcp

by kulapard

Sec9

Builds Model Context Protocol (MCP) servers on top of the aiohttp web framework, enabling structured communication for AI agents and tools.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires an Anthropic API Key (e.g., ANTHROPIC_API_KEY) if using the provided client example to interact with Anthropic's Claude model.
Verified SafeView Analysis
The server framework itself handles JSON parsing and data validation via Pydantic, reducing risks associated with malformed input. Session IDs are validated against a visible ASCII character pattern. The framework provides mechanisms (Context object) for users to implement robust authentication and authorization within their tools, as demonstrated in the examples. No direct use of 'eval', 'exec', or direct shell calls was found. Hardcoded secrets are present only in examples, with clear notes to use proper authentication in production. The module discovery mechanism, while using `importlib`, is typically safe in controlled deployment environments where the system path and package names are not user-controlled.
Updated: 2026-01-19GitHub
34
3
Medium Cost
standardbeagle icon

devtool-mcp

by standardbeagle

Sec7

Provides an AI coding agent with browser superpowers for real-time debugging, visual feedback, process management, and frontend diagnostics. It acts as a bridge between an AI assistant and a web browser.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0 or Go 1.24+ for core operation.
  • ⚠️Requires an MCP-compatible AI assistant (e.g., Claude Code, Cursor) for full AI integration.
  • ⚠️Windows users require Windows 10 (version 1809) or newer for ConPTY support.
Verified SafeView Analysis
The server has inherent security risks due to its nature as a powerful development tool for AI agents: it can execute arbitrary shell commands via the 'run' tool, inject arbitrary JavaScript into proxied web pages via 'proxy exec', and manipulate network traffic (latency, drops, truncation, error injection) via the 'chaos' module. These are core, intended features. IPC (Unix sockets on Linux/macOS, named pipes on Windows) is designed for same-user trust, limiting access to the local user. If the AI agent or the local system running it is compromised, these capabilities could be exploited for malicious purposes (e.g., arbitrary command execution, Cross-Site Scripting (XSS) via injected JS, network tampering, denial of service to local processes). The dependency on GitHub releases for binary distribution also introduces a potential supply chain risk, as a compromised GitHub could lead to malicious binaries. Input parsing for terminal overlay also represents a complex surface.
Updated: 2026-01-10GitHub
34
9
Medium Cost
uyuni-project icon

mcp-server-uyuni

by uyuni-project

Sec8

The Uyuni MCP Server enables AI agents or MCP-compliant clients to securely interact with and manage Linux infrastructure using natural language via the Uyuni configuration and infrastructure management solution.

Setup Requirements

  • ⚠️Requires `UYUNI_SERVER`, `UYUNI_USER`, and `UYUNI_PASS` environment variables for Uyuni API access.
  • ⚠️The `add_system` tool requires the `UYUNI_SSH_PRIV_KEY` environment variable, which must be provided as a single-line string with escaped newlines (e.g., `\n`).
  • ⚠️OAuth 2.0 (`UYUNI_AUTH_SERVER`) is a new feature that expects Uyuni's `/manager/api/oicdLogin` endpoint to be implemented and configured, which might require additional setup on the Uyuni server itself.
  • ⚠️Tools performing write operations (state-changing actions) are disabled by default and must be explicitly enabled by setting the `UYUNI_MCP_WRITE_TOOLS_ENABLED` environment variable to `true`.
Verified SafeView Analysis
The server implements strong security practices including opt-in write capabilities via environment variables (`UYUNI_MCP_WRITE_TOOLS_ENABLED`) and a custom `@write_tool` decorator, detailed API error handling, and a confirmation flow for potentially destructive actions. It explicitly warns about the security risks of running with `http` transport without OAuth 2.0 authentication (`UYUNI_AUTH_SERVER`) and the trust-based nature of the `confirm` parameter (recommending elicitation as a more robust alternative). Sensitive credentials (Uyuni API user/pass, SSH private key) are loaded from environment variables. The SSH private key for the `add_system` tool is passed to the main Uyuni server for connection, not used directly by the MCP server itself, which helps mitigate direct exposure risk. Potential security risks primarily stem from misconfiguration (e.g., enabling write tools or HTTP transport without proper authentication in an untrusted network environment) rather than inherent flaws in the server's security design.
Updated: 2026-01-07GitHub
34
4
Low Cost
civicteam icon

mcp-hooks

by civicteam

Sec4

A lightweight tRPC server that logs all tool call requests from an AI assistant through a flexible audit logging system, acting as middleware for the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >=20.0.0.
  • ⚠️pnpm is the recommended package manager.
  • ⚠️For PostgreSQL logging, the database must be set up by running `pnpm setup-db` first. Default PostgreSQL credentials (`postgres/postgres`) are used by the setup script and must be changed for production.
Review RequiredView Analysis
The primary security concern lies in the `passthrough-mcp-server` (which this hook would integrate with). It constructs `StreamableHTTPClientTransport` client connections using `TARGET_SERVER_URL` and `HOOKS` environment variables directly, without validation or allow-listing. This creates a significant Server-Side Request Forgery (SSRF) vulnerability, potentially allowing an attacker to force the server to make requests to internal network resources. Additionally, the `api-key-hook` uses a default test API key ('test-api-key-12345') which is hardcoded and must be overridden in production to prevent unauthorized access. The `setup-db.ts` script for PostgreSQL logging uses default `postgres/postgres` credentials, which is highly insecure for production environments. Sensitive audit logs (if file-based) must be properly secured to prevent data leakage.
Updated: 2026-01-19GitHub
34
4
Low Cost
ericvoltolin icon

xc-mcp

by ericvoltolin

Sec6

LLM-optimized wrapper for Xcode CLI tools, summarizing verbose outputs to reduce token usage in AI-assisted development workflows.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️Requires Xcode Command Line Tools to be installed (typically via `xcode-select --install`).
  • ⚠️Requires Node.js version 18+.
Verified SafeView Analysis
The server executes external `xcodebuild` and `simctl` commands via `child_process.exec`. While arguments like `projectPath`, `scheme`, and `destination` are enclosed in double quotes during command construction, `child_process.exec` does not automatically sanitize all shell metacharacters (e.g., command substitution like `$(command)`). The internal `escapeShellArg` utility is defined but not used by `buildXcodebuildCommand` and `buildSimctlCommand`. This leaves a potential command injection vulnerability if user-provided input for parameters (e.g., `destination`, `deviceId`, `scheme`) is not robustly sanitized by the calling client or if malicious strings bypass existing validation checks. Communication via `StdioServerTransport` reduces network exposure but does not eliminate input-based injection risks. No obvious hardcoded secrets or obfuscation found.
Updated: 2026-01-19GitHub
34
4
Low Cost
gunbun33 icon

mcp-servers

by gunbun33

Sec9

Provides a production-ready Model Context Protocol (MCP) server for seamless integration with VS Code and other MCP clients to enable AI-driven development features.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires VS Code 1.60.0 or higher for full client integration.
Verified SafeView Analysis
The Python server uses FastAPI and Pydantic for robust request handling and validation, structured logging with Loguru, and Prometheus metrics. No direct use of `eval`, external command execution with unsanitized input, or hardcoded sensitive credentials within the server's source code (`mcp_server.py`). The default CORS `ALLOWED_ORIGINS` is set to `*` which allows requests from any origin, making it broadly accessible; this should be restricted in a production environment, although it is configurable via environment variables. The current database interaction methods (list_tables, discover_data, prepare_query, query) are mocked within the provided Python source, thus not exposing real database risks. If actual database interaction were implemented, further security review for potential SQL injection and proper data access control would be necessary. The server itself does not directly consume LLM tokens, acting as an agent.
Updated: 2026-01-19GitHub
34
3
Low Cost
liatrio-labs icon

slash-command-manager

by liatrio-labs

Sec7

A CLI tool and MCP server for generating and managing slash commands for various AI coding assistants, integrating with a Spec-Driven Development (SDD) workflow.

Setup Requirements

  • ⚠️Python 3.12+ only
  • ⚠️Requires 'uv' package manager for recommended installation/development
  • ⚠️Docker required for running integration tests locally
  • ⚠️Requires local AI agent configuration for detection (e.g., ~/.claude/commands)
Verified SafeView Analysis
The MCP server is designed to register and serve prompts and tools. While the current toolset is basic, the architecture allows for execution of arbitrary logic via 'tools'. The 'slash-man generate' command can download and process markdown files from arbitrary public GitHub repositories via `--github-repo` flags. If an untrusted or compromised GitHub source is used, this content could be fed to AI assistants, posing a supply chain risk through content injection. Integration tests explicitly warn against local execution due to potential filesystem modifications. Overall, no direct code execution vulnerabilities are apparent in the `slash-command-manager` itself, but the nature of processing external prompts and running tools implies a trust boundary for the content it processes and serves.
Updated: 2026-01-09GitHub
34
3
Low Cost
wille icon
Sec9

This server provides an OAuth 2.1 Authorization Server implementation, compliant with the MCP Authorization Spec, to handle authentication and authorization for MCP clients and resource servers.

Setup Requirements

  • ⚠️Requires a custom, persistent OAuthServerModel implementation (e.g., using a database) for production use, as the default is in-memory storage.
  • ⚠️Node.js (>=18) is required for execution.
  • ⚠️The `mcpAuthRouter` currently must be mounted at the root (`/`) path, not a sub-path, as noted in the project's limitations.
Verified SafeView Analysis
The server demonstrates good security practices including adherence to OAuth 2.1 specifications like PKCE (Proof Key for Code Exchange) for authorization code flow. It implements rate limiting on critical endpoints (authorization, token, revocation, client registration) to prevent abuse and brute-force attacks. Client secrets are dynamically generated using cryptographically secure methods. It enforces HTTPS for issuer URLs in production (with a development override warning). CORS is enabled for public endpoints which is standard for an OAuth Authorization Server. No direct use of `eval` or obvious hardcoded sensitive secrets were found. However, for production, it explicitly requires a custom, persistent storage backend, as the default is in-memory.
Updated: 2026-01-19GitHub
34
4
Medium Cost
guacsec icon

trustify-mcp

by guacsec

Sec8

Acts as an MCP (Model Context Protocol) server, exposing Trustify instance's security vulnerability and SBOM data as structured tools for AI agents.

Setup Requirements

  • ⚠️Requires a running Trustify instance with an accessible API URL.
  • ⚠️Requires an OpenID provider to be configured with a client ID, client secret, and issuer URL for authentication.
  • ⚠️The `AUTH_DISABLED=true` environment variable must be disabled in production environments to maintain security.
Verified SafeView Analysis
The server securely handles sensitive information (API URLs, OpenID credentials) by requiring them to be provided via environment variables, preventing hardcoding. Authentication is robustly implemented using the `trustify-auth` library and OpenID Connect for token validation. A `AUTH_DISABLED=true` environment variable exists for development purposes; enabling this in a production environment would bypass critical authentication and pose a severe security risk. URL construction for interacting with the Trustify API directly utilizes user-provided strings for path components (e.g., SBOM URIs). While `reqwest` handles some aspects of URL safety, the server relies on the Trustify backend to fully validate these URIs against potential path traversal or injection, rather than performing its own explicit exhaustive sanitization on these segments.
Updated: 2026-01-16GitHub
34
5
Medium Cost
BjoernRave icon

i18n-magic

by BjoernRave

Sec4

Automates internationalization (i18n) workflows with AI-powered translations for JavaScript/TypeScript projects, functioning as a Model Context Protocol (MCP) server for LLMs.

Setup Requirements

  • ⚠️Requires OpenAI API Key or Google Gemini API Key (Paid Service)
  • ⚠️The 'i18n-magic.js' configuration file must exist in the project root where the server is launched.
  • ⚠️Careful configuration of the 'cwd' or '--project-root' argument is critical for the MCP server to correctly locate the 'i18n-magic.js' config and locale files.
Review RequiredView Analysis
The server dynamically imports the 'i18n-magic.js' configuration file. If an attacker can control the server's effective current working directory (cwd) or the '--project-root' argument, they could potentially inject and execute arbitrary code via a malicious config file. Additionally, file I/O operations (loadLocalesFile, writeLocalesFile) construct paths using locale and namespace parameters directly. While these are typically derived from trusted configuration, the lack of explicit path sanitization could lead to path traversal vulnerabilities if malicious input were to bypass validation or if the configuration itself is compromised, allowing arbitrary file reads/writes outside the intended locales directory. The server relies heavily on trusting the content of the 'i18n-magic.js' file.
Updated: 2025-11-23GitHub
34
4
Medium Cost
signnow icon

sn-mcp-server

by signnow

Sec9

Provides AI agents with secure, structured access to SignNow eSignature workflows for tasks like browsing templates, creating documents from templates, sending invites, managing embedded signing experiences, tracking invite status, and downloading signed documents.

Setup Requirements

  • ⚠️Requires Python 3.11+ (as stated in README, though pyproject.toml says >=3.10).
  • ⚠️Requires a SignNow account and credentials, either: 1) SIGNNOW_USER_EMAIL, SIGNNOW_PASSWORD, and SIGNNOW_API_BASIC_TOKEN (Base64 encoded client_id:client_secret), OR 2) SIGNNOW_CLIENT_ID and SIGNNOW_CLIENT_SECRET.
  • ⚠️For production, a persistent OAUTH_RSA_PRIVATE_PEM must be provided; otherwise, a new RSA key is generated on each restart, invalidating all existing tokens.
Verified SafeView Analysis
The server uses Pydantic for robust configuration validation and relies on standard libraries like `httpx` and `pyjwt[crypto]` for secure communication and JWT handling. It supports OAuth2, RSA key generation, and token management, with explicit warnings in the README for production key persistence. Sensitive environment variables are masked in logs. The codebase appears to follow good security practices for a modern Python web application.
Updated: 2026-01-19GitHub
PreviousPage 139 of 713Next