Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

34
4
Medium Cost
cubedevinc icon

cube-mcp-server

by cubedevinc

Sec8

Provides a Model Context Protocol (MCP) server to enable chat functionality with Cube's AI agent for analytics and data exploration.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Requires a Cube Cloud account and a configured Cube AI agent.
  • ⚠️Mandatory environment variables: `CUBE_CHAT_API_URL` (Chat API URL from Cube Admin) and `CUBE_API_KEY` (API key from Cube Admin).
  • ⚠️Requires one user identity environment variable: either `EXTERNAL_USER_ID` (for external/third-party users) or `INTERNAL_USER_ID` (for existing Cube users), but not both.
Verified SafeView Analysis
The server uses `dotenv` for environment variables, which is good practice. It relies on the `CUBE_CHAT_API_URL` and `CUBE_API_KEY` to be configured from trusted Cube administration panels. User input is passed to the Cube AI agent without local execution, reducing direct code injection risk. Error messages could potentially leak configuration details (e.g., required environment variable names) if exposed publicly, but this is a minor information leak and not a critical vulnerability for an internal tool.
Updated: 2026-01-13GitHub
34
2
Medium Cost
thusharanavod123 icon

mcp-agent-starter-kit

by thusharanavod123

Sec8

A starter kit for building custom AI agents using the Model Context Protocol (MCP) to connect real-world tools with Large Language Models (LLMs).

Setup Requirements

  • ⚠️Requires API keys for LLMs (OpenAI, Claude, Gemini) which implies potential paid usage for each service.
  • ⚠️Node.js version 18 or greater is required.
  • ⚠️The `package.json` is missing dependencies for `@anthropic-ai/sdk` and `@google/generative-ai`, which would be required if switching from OpenAI to Claude or Gemini via `ai/agentRunner.js`.
Verified SafeView Analysis
API keys are loaded from environment variables, not hardcoded. Dynamic tool loading is based on a fixed local directory, preventing path traversal via user input. The `mcp/server.js` directly uses `JSON.parse` on the request body without explicit error handling, which is a minor risk for malformed JSON, but generally acceptable for a starter kit. No `eval` or obvious malicious patterns found.
Updated: 2025-12-01GitHub
34
4
Medium Cost
amanzoni1 icon

pa_agent

by amanzoni1

Sec3

A conversational AI agent providing retrieval-augmented generation, long/short-term memory, and tool integrations including a CoinMarketCap (MCP) server for financial queries.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires Docker and Docker Compose for containerized deployment
  • ⚠️Requires local/containerized Redis and PostgreSQL databases
  • ⚠️Requires API keys for OpenAI, Pinecone, Tavily, and CoinMarketCap (paid services)
  • ⚠️Java Runtime Environment (JRE) is required for PDF table extraction (tabula-py)
  • ⚠️Tesseract OCR engine needs to be installed for image OCR capabilities
Review RequiredView Analysis
The system includes a `save_uploaded_file` tool that allows writing arbitrary base64-encoded content to any specified filename, making it highly vulnerable to arbitrary file write attacks, which can lead to remote code execution or system compromise if not sandboxed. It also executes external `npx` commands for the CoinMarketCap MCP server, which, while for a specific tool, introduces a potential command injection vector if not meticulously sanitized. Several tools (`web_fetch`, `index_docs`, `summarise_file`, `extract_tables`, `ocr_image`) download and process content from user-provided URLs, posing risks like SSRF, DoS via large files, and exploitation of vulnerabilities in parsing libraries. There is no clear indication of sandboxing or resource limiting for these operations.
Updated: 2026-01-19GitHub
34
5
High Cost
MelloB1989 icon

karma

by MelloB1989

Sec4

A modern, dark-themed chat interface demonstrating the Karma Memory system for AI agents, enabling context-aware conversations and dynamic switching of memory retrieval and caching strategies.

Setup Requirements

  • ⚠️Multiple API Keys Required (Paid Services): Requires OPENAI_KEY (essential for LLM interaction and embeddings), and at least one vector database (Pinecone or Upstash). These are all commercial, usage-based services.
  • ⚠️Polyglot Development Environment: Requires both Go (1.23+) and Node.js (18+) with npm, complicating local setup.
  • ⚠️External Cloudflare Infrastructure for Example MCP Tool: The `knowledge_graph` MCP tool explicitly uses Cloudflare Workers and Durable Objects (`@cloudflare/containers`), which means running this specific example tool requires a Cloudflare account and deployment, not just local Go execution.
Review RequiredView Analysis
The example `knowledge_graph` MCP tool explicitly disables CORS with `origin: "*"`, which is a critical security vulnerability if exposed publicly, allowing any domain to make cross-origin requests. This could lead to CSRF or data leakage. While the primary Go backend uses environment variables for sensitive API keys, the `main.go` in the example `knowledge_graph` directory configures its server to use this insecure CORS policy by default. The system relies on LLM outputting valid JSON, which is sanitized by `cleanJSON`, but unexpected formats could still lead to application-level issues.
Updated: 2026-01-11GitHub
34
34
Low Cost
Daniel09Fernandes icon

DMCPServer

by Daniel09Fernandes

Sec7

Transforms Delphi code into a Master Control Protocol (MCP) server, allowing Large Language Models (LLMs) to interact with custom-defined actions and access external resources.

Setup Requirements

  • ⚠️Requires 'boss' package manager for installation.
  • ⚠️Requires a Delphi development environment to compile and build the server application that utilizes the DMCPServer library.
  • ⚠️Requires specific configuration within the target LLM (e.g., Claude AI) to register and utilize the MCP server as a tool.
Verified SafeView Analysis
The provided code snippets do not reveal obvious critical security vulnerabilities like direct code injection (e.g., 'eval'). The server processes JSON parameters for actions, which, like any input, requires careful handling within the action implementations to prevent issues such as data injection. The 'Resources' feature allows specifying local file paths via 'file:///C:/...' URIs. While the example shows a hardcoded path, if this functionality were to dynamically accept untrusted input for resource URIs, it could lead to arbitrary file access or information disclosure.
Updated: 2025-12-31GitHub
34
4
Medium Cost
UnitVectorY-Labs icon

mcp-graphql-forge

by UnitVectorY-Labs

Sec3

A modular MCP server that converts GraphQL API endpoints into discoverable and configurable tools for agents.

Setup Requirements

  • ⚠️Requires `forge.yaml` and separate tool definition YAML files in a specified directory for configuration.
  • ⚠️Relies on external CLI tools (e.g., GitHub CLI's `gh auth token`) to be installed and configured for token retrieval if `token_command` is used.
  • ⚠️Requires the Go runtime for source installation, or a pre-compiled executable for the target operating system.
Review RequiredView Analysis
The server's `token_command` configuration allows execution of arbitrary shell commands to obtain an authentication token. This introduces a severe Remote Code Execution (RCE) vulnerability if the `forge.yaml` configuration file is compromised or configured with an untrusted command. Additionally, `env_passthrough: true` could expose sensitive environment variables to the token command process. No hardcoded secrets or obfuscation were found.
Updated: 2026-01-17GitHub
34
2
Low Cost
natcoder icon

qtmcp

by natcoder

Sec1

Provides a Model Context Protocol (MCP) server framework for AI applications, offering tool, resource, and prompt services via HTTP.

Setup Requirements

  • ⚠️Requires a C++ development environment with Qt 6 to compile.
  • ⚠️Custom handlers must be derived from QObject and exposed in the QApplication object tree with specific object names or properties to be automatically discovered.
  • ⚠️Configuration is file-based and follows a strict directory structure (e.g., `MCPServerConfig/Tools/`).
Review RequiredView Analysis
CRITICAL: The server is highly insecure for production use. It is vulnerable to path traversal: the `resources/read` method allows clients to specify a `uri` (e.g., `file:///../../../../etc/passwd`) to read arbitrary files from the server's filesystem. There is a high risk of arbitrary code execution if an attacker can manipulate or inject tool configuration files (e.g., `calculator.json`). Tools define `execHandler` and `execMethod` fields, dynamically invoking methods on `QObject`s found in the application, which could lead to calling malicious functions. The server completely lacks authentication and authorization mechanisms, meaning any client can connect and invoke any method, further exacerbating the other vulnerabilities. Manual input validation is applied in some places (e.g., `MCPClientInitializeMessage` for protocol version, `MCPTool` for input/output schema), but this does not mitigate the fundamental architectural flaws related to dynamic resource/tool loading and the absence of access control. The `llhttp` C library could also introduce lower-level memory safety issues if not handled with extreme care.
Updated: 2025-11-24GitHub
34
4
Medium Cost
EdenYavin icon

Garak-MCP

by EdenYavin

Sec7

Provides an MCP interface for Garak to perform LLM vulnerability scanning and report generation.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires 'uv' package manager for installation and running.
  • ⚠️Ollama server must be running locally (`ollama serve`) to scan Ollama models.
  • ⚠️Requires environment variables for non-Ollama model types (e.g., OPENAI_API_KEY).
Verified SafeView Analysis
The server uses `subprocess.Popen` to execute `garak` commands with user-provided arguments (`model_name`, `probe_name`). While passing arguments as a list of strings (`command: list[str]`) mitigates direct shell injection by avoiding shell interpretation, an attacker with access to the MCP client could still attempt to craft malicious strings to exploit potential vulnerabilities in `garak`'s CLI parsing or to trigger unintended resource consumption. The server runs over `stdio` and is not directly exposed as a network service. API keys are correctly loaded from environment variables. Output from `garak` processes is captured and printed, which could potentially expose sensitive information if probes generate it.
Updated: 2025-11-25GitHub
34
1
Medium Cost
mvilanova icon

tempo-ai-mcp

by mvilanova

Sec8

This server connects AI models (like Claude and ChatGPT) to the Tempo AI API, enabling them to retrieve athlete workout, event, and wellness data via defined tools.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires a Tempo AI API Key, which must be obtained from jointempo.ai.
  • ⚠️Requires the Model Context Protocol (MCP) Python SDK, including its 'cli' extra, for local configuration (e.g., `pip install 'mcp[cli]`).
  • ⚠️For ChatGPT integration, local servers may require a public tunnel service like ngrok to expose the SSE endpoint.
Verified SafeView Analysis
The project uses `subprocess.run` within its CLI for installation (`mcp install`), which is a controlled operation with fixed arguments and not susceptible to arbitrary command injection from user input. API keys are managed through environment variables or user prompts and stored securely in a `.env` file with restrictive permissions. Network requests are handled by `httpx` with error handling. The base API URL is configurable. The `curl | bash` installation method, while common, inherently relies on trusting the source.
Updated: 2025-12-03GitHub
34
1
Medium Cost
aiagenta2z icon

gemini_mcp_onekey

by aiagenta2z

Sec9

Provides an MCP server wrapper for Google Gemini API, enabling image generation with various Gemini models.

Setup Requirements

  • ⚠️Requires a Google API Key (paid API usage may apply).
  • ⚠️Requires Python 3.x with 'mcp' and 'google-genai' packages installed.
  • ⚠️Network access to Google Gemini API endpoints is necessary.
Verified SafeView Analysis
Uses environment variables for API keys. File output paths for generated images are constructed using `os.path.normpath` and `os.path.join`. While `output_folder` is intended for a user's personal directory and assumed to be controlled securely by the client, untrusted input to this parameter could potentially lead to path traversal if the client does not sanitize input. No 'eval' or other direct code execution vulnerabilities found. Direct API calls are made to Google's official Gemini API endpoints.
Updated: 2025-11-28GitHub
34
4
Medium Cost
kaioobrabo icon

mcp-client-server

by kaioobrabo

Sec3

A specialized Model Context Protocol (MCP) server designed to act as a testing harness for developing and iterating on other MCP servers within a Claude AI environment.

Setup Requirements

  • ⚠️Requires Node.js and npm to run the server itself.
  • ⚠️Requires Docker (dockerode dependency present, though current deployServer uses child_process.spawn).
  • ⚠️The 'source_path' argument for 'mcp_test_deploy_server' must be an absolute path.
  • ⚠️Assumes the 'claude' CLI tool is installed and configured for registration via provided scripts.
Review RequiredView Analysis
The server's primary function (`mcp_test_deploy_server`) involves executing arbitrary code by spawning a shell process (`sh -c`) that runs a user-specified `startCommand` from a `source_path`. This means any malicious code in the `source_path` or a manipulated `startCommand` would be executed on the host system with the privileges of the user running this MCP Test Client. File system access for reading `package.json` and writing logs is also present. This core capability, while intended for a controlled development sandbox (e.g., by Claude to test its own generated code), poses a critical risk if the `source_path` or arguments can be controlled by an untrusted entity or if Claude itself is prompted to deploy malicious code. Therefore, it is only safe if the source code paths provided are fully trusted.
Updated: 2025-12-15GitHub
34
3
Low Cost
giantswarm icon

mcp-oauth

by giantswarm

Sec9

Provider-agnostic OAuth 2.1 Authorization Server library for Model Context Protocol (MCP) servers, enabling URL-based client identifiers with dynamic metadata discovery (CIMD).

Setup Requirements

  • ⚠️Requires Google OAuth Credentials (Client ID and Client Secret) for the example.
  • ⚠️Client ID Metadata Documents (CIMD) feature requires hosting a client metadata document at an HTTPS URL, often necessitating a tunneling service like ngrok for local testing.
  • ⚠️Production deployments MUST use a secret manager for sensitive credentials instead of environment variables, as explicitly warned in the documentation.
Verified SafeView Analysis
The library demonstrates a high degree of security consciousness, implementing PKCE enforcement (S256 only), refresh token rotation, token encryption at rest (AES-256-GCM), comprehensive redirect URI validation with SSRF protection, per-domain rate limiting for CIMD fetches, and audit logging. It applies secure-by-default configurations and explicitly warns about insecure practices (e.g., using environment variables for secrets in production, enabling insecure HTTP, allowing plain PKCE). Strict validation is performed on URLs, scopes, and various inputs to prevent common attack vectors like XSS, SSRF, and injection. JWKS endpoints are also protected against SSRF. Overall, the architecture and code show a strong focus on security best practices.
Updated: 2026-01-18GitHub
PreviousPage 149 of 713Next