Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
2
Low Cost
ProfRandom92 icon

comptext-codex

by ProfRandom92

Sec2

Provides a Domain-Specific Language (DSL) for efficient and precise interaction with Large Language Models (LLMs), aiming to reduce token usage and eliminate ambiguity in complex instructions.

Setup Requirements

  • ⚠️Requires Python 3.9+.
  • ⚠️Critical security vulnerability due to `eval()` in Module C, allowing arbitrary code execution if not properly sandboxed or controlled.
  • ⚠️Full functionality depends on external YAML codex definitions, which are dynamically loaded and cached, potentially from a remote URL.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `src/comptext_codex/modules/module_c.py` file uses `eval(text)` in its `_format_json` method. This allows arbitrary Python code execution if an attacker can control the `text` input to the `@C:format json` command. Additionally, the `mcp_loader/loader.py` dynamically downloads codex bundles from a configurable URL (`CODEX_BUNDLE_URL`), which could be exploited if an attacker controls the source.
Updated: 2026-01-16GitHub
33
1
Medium Cost

mcp-server

by roadrunner-plugins

Sec6

This server-side application is designed for managing and orchestrating processes or plugins, handling events, and facilitating inter-service communication via RPC.

Setup Requirements

  • ⚠️Requires Go runtime (v1.18+ recommended)
  • ⚠️Lacks explicit setup and usage documentation (no README provided)
  • ⚠️Requires manual configuration, likely via environment variables or a config file (e.g., hinted by config.go and .rr.yaml.example).
Review RequiredView Analysis
As an RPC and plugin-enabled server, it presents inherent network and potential code execution risks via executor.go. Without code, robust authentication, authorization, input validation, and secure default configurations cannot be verified. The .rr.yaml.example suggests integration with a process manager, which could introduce additional security considerations.
Updated: 2025-11-23GitHub
33
1
High Cost
yun8711 icon

element-ui-mcp

by yun8711

Sec8

Provides comprehensive Element-UI v2.15.14 component information for AI assistants, enabling queries for documentation, properties, events, and usage examples to aid in Vue 2 project maintenance.

Setup Requirements

  • ⚠️Requires Node.js runtime to execute.
  • ⚠️Relies on pre-extracted documentation and TypeScript definition files (`src/metadata/components.ts`, `src/examples/*.md`, `src/examples/*.d.ts`). Incorrect or missing files would impact functionality.
  • ⚠️Requires an MCP-compatible client for interaction.
Verified SafeView Analysis
The server operates via Standard I/O (stdio), reducing direct network attack surface. It primarily reads pre-generated local metadata files (markdown and TypeScript definitions) rather than user-supplied arbitrary files, mitigating common path traversal and file inclusion vulnerabilities. Markdown parsing uses `marked`, and while this library can be susceptible to XSS if output is rendered unsafely on the client, the server itself only outputs the content, making the client responsible for secure rendering. No `eval` or dynamic code execution on user input is apparent. No hardcoded secrets were identified.
Updated: 2025-11-26GitHub
33
2
Medium Cost
ignfab icon

geocontext

by ignfab

Sec8

Provides spatial context and geospatial services from the IGN Géoplateforme to Large Language Models (LLMs) through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js >= 18.19.0
  • ⚠️Requires an MCP client/framework to integrate with LLMs (e.g., Cursor IDE's MCP settings or a custom client).
  • ⚠️External API calls to IGN Géoplateforme services are rate-limited, but the provided code does not explicitly show client-side rate limiting beyond the 'limiter' dependency in jwks-rsa, which might not apply to all calls.
Verified SafeView Analysis
The server makes external HTTP/HTTPS requests to the IGN Géoplateforme APIs. It uses HTTPS for communication and supports proxy configuration via environment variables, preventing hardcoded proxy settings. No 'eval' or obvious obfuscation is present. Input validation is handled via Zod schemas in MCP tools. The code uses standard libraries and practices, limiting direct security vulnerabilities within the provided snippets.
Updated: 2025-11-27GitHub
33
5
Medium Cost
edgedelta icon
Sec9

Provides a Model Context Protocol (MCP) server for seamless integration with Edge Delta APIs, enabling advanced automation and interaction with observability data.

Setup Requirements

  • ⚠️Requires Docker Engine >= 20.10 and Docker Buildx plug-in for containerized deployment.
  • ⚠️Requires an Edge Delta API token with appropriate scope for API access.
  • ⚠️Requires your Edge Delta organization ID.
Verified SafeView Analysis
The MCP server component itself appears robust, primarily acting as an API wrapper for Edge Delta. It securely handles API tokens and organization IDs via environment variables, headers, or context. It uses the `mcp-go` library for JSON-RPC, which implies structured input, reducing injection risks. The HTTP client uses TLS 1.2+. There are no obvious hardcoded secrets or arbitrary code execution vulnerabilities in the server's core logic. NOTE: The `mcpcurl` client, distributed within the same repository, is designed to execute arbitrary shell commands (specified by `--stdio-server-cmd`) to start the MCP server. While this is an intentional feature for its specific use case (interacting with locally or externally run MCP servers), it represents a significant security risk if `mcpcurl` is used in an untrusted environment or with an untrusted `stdio-server-cmd` argument. The server itself does not inherit this specific vulnerability.
Updated: 2026-01-08GitHub
33
1
Medium Cost
dp-veritas icon

mcp-obsidian-tools

by dp-veritas

Sec9

Provides a Model Context Protocol (MCP) server for LLM clients to read, search, and query an Obsidian markdown note vault.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher and npm.
  • ⚠️Requires an existing Obsidian vault or directory containing Markdown files.
  • ⚠️Configuration in MCP clients typically requires absolute paths for both the server script and the vault directory.
  • ⚠️Requires manual configuration within the specific MCP client (e.g., Cursor, VSCode, Claude Desktop).
Verified SafeView Analysis
The server employs robust path validation (`validatePath` function) to strictly confine all file system operations to the specified vault directory, including proper handling of symlinks and their real paths. It explicitly denies access to hidden files/directories and operates solely via standard I/O (stdio), thus avoiding network exposure. All exposed tools are read-only, preventing any modification or deletion of user data. Input arguments are validated using Zod schemas, mitigating potential injection risks. No 'eval' or similar dangerous functions are used, and no hardcoded secrets were found.
Updated: 2025-12-15GitHub
33
2
Low Cost
eyjolfurgudnivatne icon

mcp.gateway

by eyjolfurgudnivatne

Sec8

Build Model Context Protocol (MCP) servers in .NET, enabling AI assistants to discover and invoke C# code as tools, prompts, and resources.

Setup Requirements

  • ⚠️Requires .NET 10 SDK or later.
  • ⚠️For compatibility with certain MCP clients (e.g., GitHub Copilot as of Dec 2025), setting the `MCP_PROTOCOL_VERSION=2025-06-18` environment variable may be necessary.
  • ⚠️AI integration examples (e.g., Ollama) require a separate LLM server (like Ollama) to be installed and running.
Verified SafeView Analysis
The framework provides robust features like session management, protocol version validation, lifecycle hooks for authorization/logging, and structured error handling, which are conducive to building secure systems. The documentation explicitly recommends HTTPS for production and provides detailed guidance on implementing JWT authentication to replace simple, hardcoded demo tokens found in examples. No malicious patterns or obfuscation were detected. However, developers must diligently implement proper authentication/authorization and input validation as advised, as the provided demo tokens are insecure for production use.
Updated: 2026-01-11GitHub
33
2
Medium Cost
sarthaksavvy icon

advocu-docker-mcp

by sarthaksavvy

Sec7

This MCP server enables AI agents to submit various community activities (feedback sessions, resources, public speaking, events, amplifications) to the Advocu platform and to scrape web content for metadata.

Setup Requirements

  • ⚠️Requires `ADVOCU_API_KEY` for activity submission.
  • ⚠️Requires Node.js runtime (or Docker).
  • ⚠️The `scrape_content` tool relies on `curl` being available in the execution environment (e.g., in the Docker image or host system).
Verified SafeView Analysis
The server uses `execFileAsync` to run `curl` for the `scrape_content` tool, which takes a user-provided URL. While there is basic HTTPS URL validation, this pattern can be a potential vector for Server-Side Request Forgery (SSRF) if run in an environment with access to internal networks, allowing a malicious actor to probe internal services. The `maxBuffer` for `curl` is set to a relatively large 10MB, which could be a minor resource exhaustion vector if exploited. The `ADVOCU_API_KEY` is correctly handled via environment variables. The `DOCKER.md` states `ADVOCU_API_URL` is hardcoded for Docker usage, which might limit flexibility, but it's not a direct security vulnerability as the endpoint itself is known.
Updated: 2025-11-26GitHub
33
1
Medium Cost
ConnorBritain icon

mssql-mcp-server

by ConnorBritain

Sec9

Provides an enterprise-grade Model Context Protocol server for Microsoft SQL Server, enabling schema discovery, data operations, profiling, and administration with strong governance controls.

Setup Requirements

  • ⚠️Requires Node.js 18+ (20 LTS recommended) runtime.
  • ⚠️Requires direct network access to an MSSQL Server instance, which might involve VPN, firewall rules, or running on a jump host for production environments.
  • ⚠️Authentication modes ('sql', 'windows', 'aad') require specific environment variables or a 'environments.json' file. Azure AD interactive mode typically opens a browser window for authentication.
  • ⚠️Credentials (passwords, usernames) must be provided via environment variables, or a custom secret store integrated, rather than hardcoded in configuration files.
Verified SafeView Analysis
The server implements extensive security measures including strict input validation, parameterized queries for all data modification and script execution, and comprehensive SQL injection prevention in 'read_data' (blocking dangerous keywords/patterns, multi-statement queries, obfuscation attempts). Mandatory preview/confirmation steps are required for data mutations ('update_data', 'delete_data') with configurable row limits. Secrets are managed via environment variables and placeholders, with explicit instructions against hardcoding. Centralized policy enforcement (allowed/denied tools, read-only modes, approval requirements, schema/database access control) and robust audit logging with sensitive data redaction further enhance security. No use of 'eval' or similar dangerous functions was found. Error handling avoids exposing internal system details unnecessarily.
Updated: 2025-12-08GitHub
33
1
Low Cost
axite-ai icon

mcp-gpt-proxy

by axite-ai

Sec7

Enhances existing Model Context Protocol (MCP) servers with OpenAI GPT Apps SDK UI widgets for ChatGPT without modifying the original server.

Setup Requirements

  • ⚠️Requires Node.js 20+ (specified in pnpm-lock.yaml)
  • ⚠️Requires an existing upstream MCP server to proxy (default: http://localhost:3001/mcp)
  • ⚠️Requires ChatGPT MCP access to fully utilize widgets
Verified SafeView Analysis
The proxy constructs base URLs for internal widget fetching and OAuth URL rewriting using 'x-forwarded-proto' and 'host' headers from the incoming request. If the deployment environment (e.g., a reverse proxy or load balancer) does not properly sanitize or override these headers, a malicious actor could manipulate the Host header to induce the proxy to perform Server-Side Request Forgery (SSRF) or rewrite OAuth URLs to point to a controlled domain. This is a common vulnerability with services relying on Host headers. The application explicitly filters headers for upstream forwarding, which is a good practice. No direct 'eval' or obvious malicious code patterns were found. Content Security Policy (CSP) can be configured for widgets, allowing for further hardening.
Updated: 2025-12-07GitHub
33
3
Low Cost
static-frame icon

static-frame-www

by static-frame

Sec7

A web application and API server providing search, documentation, and code examples for the StaticFrame Python library API, compatible with OpenAPI and Model Context Protocol (MCP).

Setup Requirements

  • ⚠️The `package.json` specifies Next.js v16.1.1, React v19.2.3, and React-DOM v19.2.3. As of current stable releases (Next.js v14, React v18), these versions are unreleased and may cause installation or runtime errors. This might be a typo or targeting future versions.
  • ⚠️The StaticFrame API data (signatures, documentation, examples) are loaded from static JSON files (`sf-api/`). While these are included, updating this data would implicitly require running a Python script (`doc/build_json.py` as mentioned in comments) from the main `static-frame` repository, which is not part of this project's explicit build or run commands.
Verified SafeView Analysis
The search functionality, specifically when `reSearch` is enabled, uses `new RegExp()` with user-provided input. While wrapped in a `try-catch` to prevent crashes from invalid regex, a malicious or complex regular expression could lead to a Regular Expression Denial of Service (ReDoS) attack, consuming excessive CPU resources and potentially making the server unresponsive. No other obvious critical vulnerabilities like arbitrary code execution or hardcoded secrets were found. The server does not appear to handle sensitive user data.
Updated: 2026-01-17GitHub
33
2
Medium Cost
truls27a icon

favro-mcp

by truls27a

Sec9

MCP server for interacting with Favro project management, enabling programmatic access to organizations, boards, cards, and columns.

Setup Requirements

  • ⚠️Requires FAVRO_EMAIL and FAVRO_API_TOKEN environment variables to be set.
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires a Favro account with an API token generated from 'My Profile → API Tokens'.
  • ⚠️Listing operations (e.g., list_cards, resolvers' _fetch_all) might incur multiple API calls for pagination, potentially increasing token usage for large Favro instances.
Verified SafeView Analysis
The server securely handles credentials by requiring them as environment variables (FAVRO_EMAIL, FAVRO_API_TOKEN) rather than hardcoding them. It uses the httpx library for HTTP communication and includes robust error handling for API responses (e.g., 401, 403, 404, 429). There are no detected uses of 'eval' or other easily exploitable patterns. User input for card names, descriptions, etc., is passed directly to the Favro API, assuming the upstream API handles content sanitization for potential XSS in rendered fields.
Updated: 2026-01-17GitHub
PreviousPage 153 of 713Next