Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

34
3
High Cost
viney-123 icon

tradingview-mcp

by viney-123

Sec8

The server fetches TradingView chart snapshots as images, enabling users to programmatically capture and visualize market data.

Setup Requirements

  • ⚠️Requires 'TRADINGVIEW_SESSION_ID' and 'TRADINGVIEW_SESSION_ID_SIGN' environment variables for authentication, which must be manually obtained from a logged-in TradingView session.
  • ⚠️Relies on Playwright, which will download a Chromium browser (~150MB memory usage, adds initial setup time) on first run if not already present.
  • ⚠️The README contains an incorrect command to run the server, instructing users to run a .zip file with python.
Verified SafeView Analysis
The server loads sensitive TradingView session credentials (TRADINGVIEW_SESSION_ID, TRADINGVIEW_SESSION_ID_SIGN) from environment variables using `dotenv`, which is good practice and avoids hardcoding. It uses Playwright for browser automation, launching a headless Chromium instance. While Playwright is a robust library, any browser automation inherently involves a degree of risk as it interacts with external web content. There is no `eval` or obvious obfuscation detected. Network risks are managed by only navigating to tradingview.com for its core function. No direct malicious patterns are identified in the provided source code.
Updated: 2026-01-19GitHub
34
3
Medium Cost
EricRollei icon

Download_Tools

by EricRollei

Sec6

Provides web scraping and media downloading capabilities from over 1000 websites, including social media platforms, exposed via a Model Context Protocol (MCP) server for integration with AI clients like Claude Desktop and LM Studio.

Setup Requirements

  • ⚠️Requires manual installation of dependencies like `mcp`, `scrapling`, `playwright`, `imagehash`, `pillow`, `requests`, and `ffmpeg` (for audio/video conversion). `playwright install` is also needed for browser setup.
  • ⚠️Authentication (e.g., for Instagram stories or private content) requires manual configuration in `auth_config.json` with user-specific credentials, with explicit warnings not to commit this file to version control. Separate `auth_config.json` files exist for web scraper vs. gallery-dl/yt-dlp.
  • ⚠️Using browser cookie extraction for Chrome/Edge requires closing the browser completely and may need administrative privileges to function correctly, posing a potential user friction point and security consideration.
Verified SafeView Analysis
The project performs inherently risky operations like fetching arbitrary external content, browser automation, and running external binaries (yt-dlp, gallery-dl). It uses `subprocess.Popen` to execute `yt-dlp` and `gallery-dl` commands, which are built using user-provided `extra_options`. While `shlex.split` is used to mitigate shell injection, complex exploits could still exist. The `eval` function is used in `base_handler.py` for regex matching and in `gallery_dl_downloader.py` for filter expressions (inherent to gallery-dl's design), which could be a vulnerability if input strings are not sufficiently sanitized from untrusted sources. Browser cookie extraction (`browser_cookie3`) accesses local sensitive data, and for Chrome/Edge, may require elevated privileges (admin rights), increasing exposure risk if the system is compromised. The project explicitly warns users not to commit `auth_config.json` containing credentials, which is good practice. Output directories are sanitized to prevent path traversal outside the ComfyUI output folder.
Updated: 2026-01-18GitHub
34
2
High Cost
SemClone icon

mcp-semclone

by SemClone

Sec7

Provides LLMs with comprehensive Open Source Software (OSS) compliance, license management, and software supply chain security capabilities, including vulnerability analysis, SBOM generation, and policy validation.

Setup Requirements

  • ⚠️Requires Ollama to be installed and running locally, with the recommended 'granite3-dense:8b' or 'llama3' model pulled.
  • ⚠️Requires Python 3.10+.
  • ⚠️Requires all SEMCL.ONE tools (purl2notices, osslili, binarysniffer, ospac, vulnq, upmex, purl2src, ossnotices) to be installed and available in PATH (e.g., via `pip install mcp-semclone` or `pipx inject mcp-semclone ... --include-apps`).
Verified SafeView Analysis
The server orchestrates external SEMCL.ONE CLI tools via `subprocess.run`. While arguments are passed as lists to mitigate shell injection within the Python wrapper, the security relies heavily on the robustness of these external tools and their handling of user-provided arguments. The `download_and_scan_package` tool downloads package artifacts from public registries, which introduces risk, although it notes checksum verification 'when available'. There are no direct `eval` or hardcoded credentials within the server's Python code. File operations on user-provided paths also warrant careful monitoring and sandboxing.
Updated: 2025-11-25GitHub
34
4
High Cost
GregBaugues icon

tokenbowl-mcp

by GregBaugues

Sec8

A Model Context Protocol (MCP) server for a fantasy football league, providing tools to interact with the Sleeper API, Fantasy Nerds API, and Token Bowl Chat for LLM-powered fantasy management.

Setup Requirements

  • ⚠️Python 3.11+ is required
  • ⚠️Requires `uv` for dependency management and running
  • ⚠️Requires API keys for Sleeper, Fantasy Nerds, and Anthropic set in `.env` file
  • ⚠️Token Bowl Chat API key must be provided as a query parameter in the SSE connection URL to use chat features
  • ⚠️Requires Redis server for caching (optional but recommended)
Verified SafeView Analysis
API keys for external services (Sleeper, Fantasy Nerds, Anthropic) and Redis are loaded from a .env file, preventing hardcoding. The Token Bowl Chat API key is passed as a query parameter in the SSE connection URL, which is less secure than a header but common for SSE. The server uses `httpx` for external API calls with timeouts and error handling. No `eval` or similar dangerous patterns were found. The server relies on the client environment (e.g., Claude Desktop) for access control to its core MCP tools.
Updated: 2025-12-15GitHub
34
4
Medium Cost
lancejames221b icon

agent-hivemind

by lancejames221b

Sec9

Provides distributed memory storage and synchronization for Claude and AI agents, offering tools for storing, searching, and retrieving memories, managing workflows, and securing credentials across multiple machines.

Setup Requirements

  • ⚠️Requires Node.js for `npx @modelcontextprotocol/server-http` client (for remote machines)
  • ⚠️Requires Python 3.x and various Python packages (FastAPI, Uvicorn, Redis, ChromaDB, Pandas, Numpy, Aiohttp, BeautifulSoup4, cryptography, asyncpg, sklearn, etc.)
  • ⚠️Requires Redis for caching and synchronization
  • ⚠️Requires ChromaDB for semantic memory search
  • ⚠️Requires PostgreSQL for the Vault component (src/vault/database_manager.py)
  • ⚠️Critical environment variables `HAIVEMIND_JWT_SECRET` (or `MCP_HTTP_JWT_SECRET`) must be set for JWT authentication
  • ⚠️Tailscale is recommended for network connectivity
Verified SafeView Analysis
The HTTP MCP server (src/http_mcp_server.py) implements robust security measures including JWT authentication, restricted allowed MCP methods, a blocklist for dangerous tool names (e.g., 'file', 'exec', 'shell', 'command'), request size limits, and hardened CORS. While an `eval()` call exists in a basic Python template (src/marketplace_templates.py) for a `calculate` tool, the main HTTP server explicitly blocks tools related to arbitrary code execution or file operations, significantly mitigating this risk at the network boundary. Encryption in the vault is handled by `cryptography.hazmat.primitives` (AES-256-GCM, Scrypt) and passwords by `bcrypt`. Overall, there is a strong and explicit focus on security.
Updated: 2026-01-19GitHub
34
4
Medium Cost
jorgedlcruz icon
Sec3

Enables AI assistants to monitor, manage, and interact with Veeam Backup & Replication environments using natural language through the Model Context Protocol.

Setup Requirements

  • ⚠️Insecure SSL Configuration: Explicitly disables HTTPS certificate validation (`rejectUnauthorized: false`), making it unsuitable for secure production environments without modification.
  • ⚠️Hardcoded Credentials: Requires editing `auth-tool.js` to embed Veeam server credentials, which is a significant security risk. No mechanism for `.env` file loading for these defaults is present in the provided code.
  • ⚠️Veeam Backup & Replication REST API Access: Requires an existing and accessible Veeam B&R server with its REST API enabled (default port 9419) and valid Veeam user credentials.
Review RequiredView Analysis
CRITICAL: The code explicitly sets `rejectUnauthorized: false` for HTTPS requests, which disables SSL certificate validation. This makes the communication vulnerable to Man-in-the-Middle (MITM) attacks and is highly insecure for any production or sensitive environment. CRITICAL: The `auth-tool.js` file contains hardcoded default credentials (host, username, password) and the README encourages users to modify this file directly with their credentials. This is a severe security anti-pattern; credentials should be stored securely, ideally using environment variables or a dedicated secret management system, not directly in source code.
Updated: 2025-12-14GitHub
34
3
Medium Cost
KevinRabun icon

FedRAMP20xMCP

by KevinRabun

Sec9

An MCP server for FedRAMP 20x compliance analysis, providing automated code and infrastructure scanning, evidence automation, and documentation tools.

Setup Requirements

  • ⚠️Requires 'tree-sitter' language bindings (e.g., tree-sitter-python, tree-sitter-c-sharp) for advanced AST analysis across supported languages.
  • ⚠️Excel export functionality requires the 'openpyxl' Python package.
  • ⚠️Word document generation requires the 'python-docx' Python package.
  • ⚠️GitHub Personal Access Token (GITHUB_TOKEN) is recommended for higher API rate limits when fetching CVE data.
  • ⚠️Relies on the 'FastMCP' framework, implying a specific Python environment setup.
Verified SafeView Analysis
The server performs static analysis (SAST-like) and Infrastructure as Code (IaC) scanning for FedRAMP 20x compliance. It leverages Abstract Syntax Tree (AST) parsing (using Tree-sitter) and regex for multi-language (Python, C#, Java, TypeScript) and IaC (Bicep, Terraform) analysis. External CVE data is fetched from GitHub Advisory Database and NVD. No hardcoded secrets were found in the provided code snippets of the server itself; its analyzers are designed to detect them in the *analyzed* code. No use of 'eval' or obvious obfuscation. The primary risk involves the reliability and integrity of external CVE data sources.
Updated: 2026-01-13GitHub
34
1
High Cost
PierrunoYT icon
Sec9

Provides access to Reve Create - an image generation model from Reve via Replicate, generating high-quality images with accurate text rendering and optional image editing capabilities through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a Replicate API token (a paid service).
  • ⚠️Requires setting the `REPLICATE_API_TOKEN` environment variable.
Verified SafeView Analysis
The server handles API keys via environment variables, specifically `REPLICATE_API_TOKEN`. It downloads images from URLs provided by the Replicate API, saving them to a local 'images' directory relative to the process's current working directory. While the source of the image URL (Replicate) is assumed trusted, a compromise of the external API could theoretically lead to downloading malicious content. The server code itself does not use 'eval' or contain other obvious malicious patterns or hardcoded secrets. File operations for image saving include basic error handling.
Updated: 2025-11-24GitHub
34
4
High Cost
LumeAiChat icon

n8n-skills

by LumeAiChat

Sec10

Provides expert guidance for an AI assistant to build and manage n8n workflows, covering JavaScript and Python code, expressions, validation, node configuration, and architectural patterns, with a focus on AI agents within n8n.

Setup Requirements

  • ⚠️Requires an external n8n-mcp MCP server to be installed and configured for the full functionality described by these skills, as this codebase primarily provides guidance for interacting with it.
  • ⚠️Requires access to Claude Code, Claude.ai, or Claude API to utilize these skills as an AI assistant, as indicated in CLAUDE.md.
  • ⚠️The main README.md contains generic installation instructions for executable files (.exe, .app), which are misleading for this project as it is designed as a collection of AI skills/documentation.
Verified SafeView Analysis
The provided source code consists entirely of markdown documentation files designed to train an AI assistant on n8n workflow development. It does not contain executable server-side code, dependencies, or direct runtime vulnerabilities. The content within the documentation actively promotes good security practices for building n8n workflows (e.g., using parameterized SQL queries, avoiding hardcoded credentials, and recommending read-only database access for AI tools). Therefore, there are no inherent security risks in the provided source code itself.
Updated: 2026-01-19GitHub
34
3
Medium Cost
masaki39 icon

marp-mcp

by masaki39

Sec7

An MCP server that enables LLMs to create and edit Marp presentations with AI assistance using structured layouts.

Setup Requirements

  • ⚠️Requires an MCP client (e.g., an LLM agent) to interact with it.
  • ⚠️Requires Node.js (v18.0.0 or higher) and npm/npx to run.
  • ⚠️File path inputs for tools assume absolute paths and trust in the calling client to not specify malicious paths.
Verified SafeView Analysis
The server uses file system operations (read/write) on paths provided directly by the client (filePath parameter in tools). While the schema descriptions specify 'Absolute path to the Marp markdown file', there is no explicit path sanitization to prevent potential path traversal if a malicious or compromised MCP client were to provide an adversarial path (e.g., '../../../../etc/passwd'). This relies on the integrity of the client (LLM agent) to provide safe inputs. No 'eval' or other direct code execution patterns were found. Child process execution is limited to internal test suites.
Updated: 2025-12-14GitHub
34
3
High Cost
Tommertom icon

sonos-ts-mcp

by Tommertom

Sec8

Control Sonos multi-room audio systems via Model Context Protocol (MCP) for AI-driven home automation and smart audio experiences.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or Google Generative AI API Key (Paid/Free Tier) for AI-powered features.
  • ⚠️Sonos devices must be on the same local network, and SSDP multicast discovery may be blocked by firewalls or network configurations (manual IP addition is a fallback).
  • ⚠️Many music services require account linking through the Sonos mobile app, not programmatically; attempts to browse/play from these without prior app setup will yield empty results or errors.
Verified SafeView Analysis
The server opens an HTTP listener for UPnP NOTIFY callbacks, which is a network exposure point, though it filters requests by method and path. Arguments from the MCP client are passed to internal service methods; input validation and XML escaping are present for many parameters, reducing direct injection risks. No obvious hardcoded secrets or malicious patterns were found. The use of external AI SDKs introduces third-party dependency risks.
Updated: 2025-11-27GitHub
34
4
High Cost
alaa-nadi icon

UI-TARS-desktop

by alaa-nadi

Sec2

A GUI Agent application allowing users to control their computer and perform tasks using natural language, leveraging Vision-Language Models (VLMs) and Multi-Channel Processing (MCP) for interaction.

Setup Requirements

  • ⚠️Requires Node.js >= 20 and pnpm >= 9.
  • ⚠️Requires various API keys for VLM providers (e.g., OPENAI_API_KEY, AZURE_OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, MISTRAL_API_KEY, TAVILY_API_KEY, BING_SEARCH_API_KEY) depending on the chosen model/service.
  • ⚠️On macOS, requires explicit system permissions for screen capture and accessibility to function fully (especially for 'nutjs' operator).
  • ⚠️Requires Chrome browser to be installed for 'browser' operator functionality.
Review RequiredView Analysis
The `ui-tars-desktop` application has critical Electron security vulnerabilities including: 1) `preload/index.ts` directly exposes `ipcRenderer` methods to the renderer process (`contextIsolation` bypassed for `window.electron`), allowing potential full Node.js API access if a script is injected. 2) `apps/ui-tars/src/main/window/ScreenMarker.ts` creates new `BrowserWindow` instances with `nodeIntegration: true` and `contextIsolation: false`, making these windows highly vulnerable to arbitrary code execution. 3) `apps/ui-tars/src/main/window/createWindow.ts` uses `sandbox: false`. The `agent-tars-app` part, while using `contextIsolation: true` and Content Security Policy, sets `webSecurity: false` for its main window, allowing unrestricted cross-origin requests which is a significant risk. The integration with `mcp-servers/commands` package allows execution of arbitrary shell commands, posing a severe risk if LLM output is not perfectly sanitized. File system access (`ipcRoutes/filesystem.ts`) can be configured via `setAllowedDirectories`, but improper configuration or bypass could lead to unauthorized file operations. `shell.openExternal` and `shell.openPath` calls can open arbitrary URLs or local files from agent actions.
Updated: 2025-12-15GitHub
PreviousPage 140 of 713Next