Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

34
3
Medium Cost
grapelike-class151 icon

cursor-skills

by grapelike-class151

Sec8

A comprehensive repository and static website for CURSOR IDE best practices, rules, guidelines, templates, and examples across various programming environments, with a utility for link validation.

Setup Requirements

  • ⚠️Requires Node.js for building the static website and npm for dependency management.
  • ⚠️Requires Python 3.x for running the `checklinks.py` utility (standard libraries generally sufficient).
  • ⚠️The root `README.md` describes an unconventional installation method (downloading a .zip and running an 'installation wizard'), which conflicts with the standard Git/npm workflow implied by the source code for building and serving the static site.
Verified SafeView Analysis
The `checklinks.py` script, a web crawler utility, has its `base_url` hardcoded, limiting Server-Side Request Forgery (SSRF) risk in its current configuration. Node.js build/validation scripts use `execSync` but only with predefined commands for repository maintenance, not exposed to arbitrary user input, thus posing a low security risk. The overall project primarily generates a static website, which inherently reduces common server-side vulnerabilities. Security largely depends on the integrity of referenced third-party packages and the examples themselves if users run them.
Updated: 2026-01-19GitHub
34
4
Medium Cost
domdomegg icon
Sec3

This server allows LLMs to fetch web content, automatically cleaning HTML into markdown, extracting key metadata like title and author, and supporting chunked reading.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to be installed.
  • ⚠️Without strict network egress policies on the host, running this server exposes the local network and filesystem to arbitrary URL fetches via the LLM.
  • ⚠️Requires manual configuration in `claude_desktop_config.json` for desktop app integration.
Review RequiredView Analysis
CRITICAL RISK: The server fetches arbitrary URLs provided by the LLM (`fetch(args.url)`) without sufficient validation or network egress filtering. This makes it vulnerable to Server-Side Request Forgery (SSRF) attacks. An LLM could be prompted to access internal network resources (e.g., `http://192.168.1.100`), local files (e.g., `file:///etc/passwd`), or use the server as a proxy for malicious external requests. While `z.string().url()` validates the URL *format*, it does not prevent access to sensitive schemas or private IP ranges. Additionally, the `raw` parameter allows returning raw HTML, which could potentially expose the LLM or its downstream consumers to XSS if not properly sanitized on the client side, though the primary server-side risk is SSRF.
Updated: 2026-01-13GitHub
34
4
Low Cost
jdlemes icon

MsSqlMCP

by jdlemes

Sec9

Provides an MCP Server for SQL Server database schema inspection and safe, read-only query execution to AI clients.

Setup Requirements

  • ⚠️Requires .NET 10 (or .NET 9 with minor adjustments).
  • ⚠️Requires an accessible SQL Server instance.
  • ⚠️Manual configuration of SQL Server connection string in 'appsettings.json' is mandatory.
Verified SafeView Analysis
The project places a strong emphasis on security by implementing a ReadOnlySqlQueryValidator that blocks 27 common keywords associated with DML, DDL, DCL, and execution commands (e.g., INSERT, UPDATE, DELETE, DROP, EXEC). This validation is backed by 42 dedicated security tests. Connection strings are externalized in 'appsettings.json', preventing hardcoded secrets directly in the codebase. As long as the 'appsettings.json' is securely managed on the host, the application itself is designed to prevent malicious SQL operations.
Updated: 2025-11-28GitHub
34
4
Medium Cost
mackerelio-labs icon

mcp-server

by mackerelio-labs

Sec9

This server allows AI agents to interact with the Mackerel monitoring and APM platform by exposing its API functionalities as Model Context Protocol tools.

Setup Requirements

  • ⚠️Requires MACKEREL_APIKEY environment variable.
  • ⚠️Requires Node.js and npm (or Docker).
Verified SafeView Analysis
The server correctly handles the Mackerel API key via an environment variable (`MACKEREL_APIKEY`), avoiding hardcoded secrets. There is no usage of 'eval' or any clear obfuscation. Error handling includes a token limit check for responses, which helps prevent excessively large payloads. Standard external API integrations always carry some inherent risks, but best practices are followed.
Updated: 2026-01-14GitHub
34
2
Medium Cost
erikmaday icon

unusual-whales-mcp

by erikmaday

Sec9

Provides an AI assistant with comprehensive Unusual Whales market data, including options flow, dark pool activity, congressional trades, and more, for natural language market analysis.

Setup Requirements

  • ⚠️Requires an Unusual Whales API Key (available from their website, may be associated with a paid subscription tier).
  • ⚠️Requires Node.js 20.0.0 or higher.
  • ⚠️Requires specific configuration within an MCP-compatible client (e.g., Claude Code/Desktop) to enable the server.
Verified SafeView Analysis
The server uses `process.env.UW_API_KEY` for API authentication, preventing hardcoded secrets. Path parameters are explicitly validated and encoded to prevent path traversal (`/`, `\`, `..`) attempts. It implements robust resilience features like client-side rate limiting and a circuit breaker pattern, enhancing stability and preventing API abuse. While reliance on an external API inherently carries some risk, the server's design focuses on data retrieval rather than arbitrary code execution from API responses, mitigating direct code injection risks.
Updated: 2026-01-19GitHub
34
2
Medium Cost
SeonghakHong-Sch icon

kStock-mcp-server

by SeonghakHong-Sch

Sec8

This server provides an MCP (Micro-Capability Protocol) interface to interact with the Korean Investment API, enabling functionalities like fetching stock prices, account information, financial data, and executing stock buy/sell orders.

Setup Requirements

  • ⚠️Requires a C++ compiler (e.g., g++ or clang++) and associated build tools.
  • ⚠️Requires external C++ libraries: nlohmann/json, cpp-httplib, and the mcp_server framework (not included in truncated source, assumed external).
  • ⚠️Requires environment variables K_appkey, K_appsecret, K_cano, and K_cano2 to be set for API authentication and account access.
Verified SafeView Analysis
Sensitive information (API keys, account numbers) is loaded from environment variables using `std::getenv`, which is a good practice. Access tokens are obtained via API calls and stored in memory. Request parameters are built from JSON, and `tool::build_query` handles string serialization, reducing direct injection risks. The `mcp::tool_builder` defines parameter schemas, implying input validation by the MCP framework, which is crucial. No direct use of 'eval' or shell command execution from user input is observed. The singleton pattern for `KInvestmentAPI` is noted; while simplifying access, it means credentials are globally shared within the server process, which requires careful management in highly concurrent or multi-tenant scenarios (though not explicitly problematic for the apparent use case).
Updated: 2025-11-26GitHub
34
3
Medium Cost
Ipiano icon

gdb-mcp

by Ipiano

Sec3

Provides an AI assistant with programmatic access to GDB debugging sessions, enabling debugging, analysis, and control of compiled programs and core dumps.

Setup Requirements

  • ⚠️Requires GDB (GNU Debugger) to be installed and accessible in the system PATH.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires manual configuration in the MCP client (e.g., Claude Desktop's config file).
  • ⚠️Requires understanding of GDB concepts for effective AI interaction.
Review RequiredView Analysis
This server is inherently high-risk because it exposes highly privileged GDB operations, including arbitrary command execution, function calls within the debugged process, and file system manipulation (via working directory, program/core loading, and GDB commands). The `gdb_execute_command` and `gdb_call_function` tools, while offering command sanitization, allow for direct execution of GDB commands, which can in turn execute shell commands, Python scripts, or access/modify memory and files on the host system. The security of this server relies entirely on the external MCP client implementing robust permissioning, user consent mechanisms, and the server being run in an isolated environment with minimal privileges.
Updated: 2025-12-10GitHub
34
2
High Cost
serkan-ozal icon
Sec6

AI-powered GitHub analytics platform and chatbot that provides insights into developer profiles, repository statistics, and answers questions using GitHub Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid service)
  • ⚠️Requires GitHub Personal Access Token for GitHub API access
  • ⚠️Python 3.11+ required for the backend
  • ⚠️Node.js >= 18.x and npm/yarn required for the frontend
Verified SafeView Analysis
The backend's FastAPI server is configured with CORS `allow_origins=['*']`, which is a significant security risk in a production environment as it allows requests from any origin. Although API keys (OPENAI_API_KEY, GITHUB_PAT) are properly loaded from environment variables and not hardcoded, the LangChain/LangGraph agent may be vulnerable to prompt injection attacks inherent to LLM-based applications if not specifically mitigated. No `eval` or obvious code obfuscation was detected.
Updated: 2026-01-19GitHub
34
4
High Cost
rodionlim icon
Sec9

Manages personal financial portfolios including equities, FX, commodities, cash, bonds, and cryptocurrencies, offering AI-driven insights and natural language querying via an MCP server.

Setup Requirements

  • ⚠️Requires Go version 1.24.3 or higher.
  • ⚠️GEMINI_API_KEY is required for AI analytics and MCP functionality (Google Gemini API is a paid service).
  • ⚠️New developers must run `hooks/setup.sh` to install Git pre-commit hooks.
  • ⚠️Google Drive backup requires a one-time OAuth2 Desktop App setup, potentially involving a local loopback server or SSH tunneling for remote deployments.
Verified SafeView Analysis
The project demonstrates a strong security posture regarding secret management, utilizing environment variables for API keys and a `pre-commit` Git hook to prevent accidental commitment of sensitive data. Default server bindings (`0.0.0.0`) for both the main and MCP servers mean they listen on all network interfaces, which requires proper firewall configuration to avoid unintended public exposure. No `eval` or similar code injection vectors are apparent in the Go source code.
Updated: 2026-01-17GitHub
34
1
Medium Cost
ForceInjection icon

mcp-reference

by ForceInjection

Sec5

A reference processing tool for Markdown documents, providing automated reference extraction, citation renumbering, bibliography generation, and related literature recommendation functions, integrated via Model Context Protocol (MCP) into Trae IDE.

Setup Requirements

  • ⚠️Requires Python 3.12
  • ⚠️Requires `uv` package manager to be installed
Review RequiredView Analysis
The server exposes endpoints (`/api/v1/extract/references`, `/api/v1/extract/citations`, etc.) that accept a `file_path` parameter. This path is directly used by `app/services/markdown_parser.py`'s `read_markdown` function via `open()`, which makes the server vulnerable to arbitrary file read (path traversal) if not properly isolated or if input paths are not sanitized. The `/api/v1/system/stop` endpoint allows unauthenticated shutdown, which can disrupt service, though this is less critical than the file read vulnerability. It also uses `os._exit(0)` for an ungraceful shutdown.
Updated: 2025-11-24GitHub
34
1
Medium Cost
ruslanmv icon

webclone

by ruslanmv

Sec8

Clones and archives entire websites, including those requiring authentication, accessible via command line, a desktop GUI, or as an AI agent tool through Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Chrome/Chromium browser to be installed for Selenium functionality.
  • ⚠️Requires Python 3.11+ environment.
  • ⚠️Requires `mcp` library for AI agent (MCP) functionality (`make install-mcp`).
Verified SafeView Analysis
The server's core function involves interacting with external websites using a real browser (Selenium) and making HTTP requests. This carries inherent risks if malicious URLs are provided by the user/AI agent, as the browser can execute arbitrary JavaScript. However, the implementation includes input validation (Pydantic models) and explicit warnings about cookie file security. Sensitive session cookies are stored locally and are explicitly git-ignored. The `save_authentication` tool intentionally offloads manual browser interaction to the GUI/CLI to prevent blocking AI agents. Subprocess calls are limited to opening local file explorers. The code itself does not contain 'eval', obfuscation, or hardcoded secrets.
Updated: 2025-11-24GitHub
34
3
Medium Cost
schlpbch icon

aareguru-mcp

by schlpbch

Sec9

Provides real-time and historical Swiss Aare river data, including water temperature, flow rates, and safety assessments, to AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️The Aareguru API is for non-commercial use only and requires attribution.
  • ⚠️Usage of 'uv' for dependency management is recommended, but Docker is also supported for setup.
Verified SafeView Analysis
The server implements rate limiting for HTTP endpoints and includes configurable API key authentication (though not enabled by default). It does not appear to use dangerous patterns like 'eval' or allow arbitrary code execution. Standard HTTP server security practices should be applied in deployment, such as using HTTPS and securing the host environment.
Updated: 2026-01-18GitHub
PreviousPage 146 of 713Next