Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
3
Low Cost
arvindand icon

maven-tools-mcp

by arvindand

Sec9

Dependency intelligence for AI assistants and agents working with JVM projects, providing analysis, version lookup, security, and license insights.

Setup Requirements

  • ⚠️Requires Docker installed and running (or a local Java Runtime/native binary).
  • ⚠️Requires outbound internet access to Maven Central, OSV.dev, and optionally mcp.context7.com.
  • ⚠️Corporate networks with SSL inspection may require building a custom Docker image with corporate CA certificates or using the 'latest-noc7' variant.
Verified SafeView Analysis
The server uses HTTPS for all external API calls to Maven Central, OSV.dev, and Context7. Resilience4j (Circuit Breaker, Rate Limiter, Retry) is implemented for robust handling of external service failures. Input validation is present for Maven coordinates. Concurrency is managed with virtual threads and semaphores to prevent resource exhaustion and overloading external services. No hardcoded secrets or obvious malicious patterns were found. The use of regex for parsing POM XML for license information is specific to well-defined structures and not a general XML parsing, mitigating common regex for XML risks.
Updated: 2026-01-17GitHub
33
3
High Cost
AndreasKarz icon
Sec7

Automating requirements engineering and testing processes using AI agents within Azure DevOps.

Setup Requirements

  • ⚠️Requires a Windows environment and PowerShell for setup scripts.
  • ⚠️Requires an Azure DevOps account with broad permissions (read/write WorkItems, access wikis, repositories) and Azure CLI configured.
  • ⚠️Requires a GitHub Copilot Chat subscription and access to the 'AI Engineer Perplexity Space' (likely paid services).
  • ⚠️Requires Visual Studio Code Insiders (not standard VS Code).
Verified SafeView Analysis
The system integrates with sensitive corporate systems (Azure DevOps, potentially SharePoint-like wikis, internal codebases) and relies on external AI models (GitHub Copilot Chat, Perplexity AI). This requires a high degree of trust in the developer and meticulous permission management for the AI agents. Two custom MCP servers (`PDF2Img`, `AsciiDoc`) are mentioned as self-developed, but their source code is not provided, making them potential blind spots for vulnerabilities. However, no direct signs of 'eval', obfuscation, hardcoded secrets, or malicious patterns were found in the provided code snippets. The setup relies on `az login` and 'SL Account' for authentication, indicating reliance on established enterprise security mechanisms. The system, by design, will perform read/write operations on development artifacts, necessitating broad permissions.
Updated: 2026-01-16GitHub
33
3
Medium Cost
puran-water icon

water-chemistry-mcp

by puran-water

Sec3

Advanced water chemistry modeling and optimization for industrial wastewater treatment, powered by PHREEQC for chemical equilibrium and kinetic simulations.

Setup Requirements

  • ⚠️Requires local installation of USGS PHREEQC executable (version 3.8.6-17100-x64 or compatible) to utilize subprocess mode for full database compatibility.
  • ⚠️Requires PHREEQC thermodynamic database files (e.g., `minteq.v4.dat`, `phreeqc.dat`) to be accessible on the file system, with specific path handling for Windows Subsystem for Linux (WSL) environments.
  • ⚠️Python 3.9+ and PhreeqPython 1.5.2+ are required, which can have complex installation dependencies for PHREEQC integration.
Review RequiredView Analysis
The server allows injection of arbitrary BASIC rate law code via the `KineticRateDefinition.rate_law` field in the `simulate_kinetic_reaction` tool. This unsanitized input is directly included in the PHREEQC script, enabling execution of untrusted code within the PHREEQC interpreter, which could lead to resource exhaustion, file system access (read/write depending on PHREEQC configuration), or other unexpected behavior.
Updated: 2026-01-18GitHub
33
2
Low Cost
circlesac icon

mcp-docs-server

by circlesac

Sec7

Serves Markdown documentation, reusable prompt templates, and various file types as an MCP server for AI agents.

Setup Requirements

  • ⚠️Requires Node.js 18+ and Bun 1.1+ for local development and build scripts.
  • ⚠️Cloudflare Worker deployment requires a Cloudflare account and authentication via the `wrangler` CLI.
  • ⚠️npm package publishing requires npm authentication and appropriate permissions to the configured package scope.
Verified SafeView Analysis
The server implements strong path traversal prevention for documentation access. It uses `@mdx-js/mdx` to compile and run MDX content for prompts, which involves dynamic code execution. While variable values are sanitized via JSON.stringify, the MDX content itself is trusted. This is generally acceptable for author-controlled content but elevates privilege. Commands like `npm publish` and `wrangler deploy` are executed via `child_process.spawn`, which are privileged operations, but expected for CLI functionality in build/publish contexts.
Updated: 2025-12-03GitHub
33
1
Medium Cost
iamanishroy icon

firemcp

by iamanishroy

Sec9

Enables AI agents and LLMs to securely interact with Firestore databases through a Model Context Protocol (MCP) server, offering complete CRUD and query operations.

Setup Requirements

  • ⚠️Requires a Firebase project with Firestore enabled.
  • ⚠️Requires Firebase Authentication configured with at least one user.
  • ⚠️Requires Bun runtime v1.0 or higher.
Verified SafeView Analysis
The server explicitly uses the Firebase Client SDK instead of the Admin SDK, which is a critical security advantage as it respects Firestore Security Rules. This prevents AI agents from having unrestricted database access even if they behave unexpectedly. All tool inputs are validated using Zod schemas, mitigating potential injection vectors for structured data. Environment variables are correctly used for Firebase credentials, preventing hardcoded secrets. The implementation of individual Firestore operations is standard, and there are no apparent uses of 'eval', obfuscation, or other broadly malicious patterns in the provided code snippets. Network risks are minimal for a well-tested SDK, although public-facing HTTP/SSE endpoints always carry some inherent attack surface.
Updated: 2025-11-24GitHub
33
3
Medium Cost
rh-ai-quickstart icon

llama-stack-mcp-server

by rh-ai-quickstart

Sec6

Integrates HR operations (employee, vacation, job, performance management) into a Llama Stack AI agent as a custom Model Context Protocol (MCP) tool.

Setup Requirements

  • ⚠️Requires OpenShift AI (or a compatible Kubernetes environment) for full stack deployment, including GPU/HPU or substantial CPU/RAM for the Llama 3.2-3B model.
  • ⚠️The HR Enterprise API and custom MCP server use default, insecure configurations (e.g., open CORS, default API key) that MUST be customized and secured for any non-development/demo environment.
  • ⚠️The HR Enterprise API uses in-memory data, meaning all HR data is lost on server restart; it is designed as a mock/sample, not a persistent data store.
Verified SafeView Analysis
The HR Enterprise API (`hr-api`) implements security headers (`helmet`), rate limiting, and input validation (`express-validator`). However, its default `ALLOWED_ORIGINS` for CORS is `*`, which is highly insecure for production use with sensitive HR data. The Custom MCP Server uses a hardcoded default `HR_API_KEY='hr-api-default-key'` if not provided via environment variables, which is also a security concern for non-demo deployments. All data within the HR API is in-memory and non-persistent, making it unsuitable for real production use of sensitive data, though acceptable for a quickstart demo. There are no signs of 'eval', obfuscation, or overtly malicious patterns.
Updated: 2026-01-12GitHub
33
3
Low Cost
viraj-sh icon

pw-client

by viraj-sh

Sec6

A dashboard application for students to access, view, and download course resources (notes, DPPs) from their Physics Wallah (PW) batches.

Setup Requirements

  • ⚠️Requires manual retrieval of a PW web session token from browser developer tools (or using OTP, which logs out other sessions).
  • ⚠️Relies on a specific external API (`api.penpencil.co`), which could change and break functionality.
Verified SafeView Analysis
The application hardcodes API client credentials (CLIENT_ID, CLIENT_SECRET, ORGANIZATION_ID) within the source code (`core/utils.py`, `core/generate_token.py`), which is generally not recommended for secrets and could pose a risk if these are meant to be unique or confidential per deployment. User session tokens are stored in plain text locally in `data/token.txt`, making them vulnerable to local file system access. There are no immediate signs of 'eval', obfuscation, or other actively malicious patterns in the provided code. Network requests use timeouts, which is good practice.
Updated: 2025-12-07GitHub
33
3
High Cost
andrea9293 icon
Sec6

A Model Context Protocol (MCP) server that provides a prompt optimization service for Large Language Models (LLMs) using Google Gemini, with advanced prompt engineering support and automatic PDF asset management.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key, which typically involves a paid service or usage-based costs.
  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Requires internet access on the first run to automatically download the reference PDF.
  • ⚠️For remote server usage, passing the API key in the URL query string is less secure and should be handled with caution.
Verified SafeView Analysis
The remote server (`startRemoteServer`) allows the `GEMINI_API_KEY` to be passed as a query parameter in the URL. This is a security risk as API keys in URLs can be logged, cached, or exposed more easily than those passed in headers or environment variables. The server also automatically downloads a PDF from a hardcoded URL on startup if not present; while the source seems benign, this introduces a minor supply chain risk if the URL were to be compromised in the future.
Updated: 2025-12-02GitHub
33
3
Low Cost

weibo-mcp-server

by bossdong955

Sec9

Fetches the top N Weibo hot searches (trending topics) via a Micro-Composable Program (MCP) server.

Setup Requirements

  • ⚠️Requires Python 3.11.
  • ⚠️Ensure 'mcp' package is uninstalled before installing 'fastmcp' to avoid dependency conflicts.
  • ⚠️Requires internet access to 'https://weibo.com'.
Verified SafeView Analysis
The server makes outgoing HTTP requests to a public Weibo API. It handles common HTTP errors and timeouts. The SSE and Streamable HTTP modes bind to 0.0.0.0 by default, making them accessible externally if deployed on a public IP without proper firewall rules, which is a common deployment configuration rather than a code vulnerability.
Updated: 2025-11-25GitHub
33
3
Medium Cost
AgentSmithers icon

mcp-csharp-sdk-client

by AgentSmithers

Sec8

This repository provides a C# SDK and client example for the Model Context Protocol (MCP), enabling integration of Large Language Models with applications like debuggers (x64Dbg) to create AI agents.

Setup Requirements

  • ⚠️Requires .NET SDK 9.0.100
  • ⚠️Requires either GeminiAIKey or ANTHROPIC_API_KEY environment variable for LLM integration
  • ⚠️Requires MCPServerIP environment variable (for the client to connect to an MCP server)
  • ⚠️The SDK is in preview, expect potential breaking changes
Verified SafeView Analysis
The SDK promotes secure practices by using environment variables for sensitive API keys and an attribute-based system for exposing tools, reducing arbitrary code execution risks. The example server binds to localhost, limiting network exposure. However, the inherent risk of connecting an LLM agent to a powerful tool like x64Dbg means malicious actions are possible if the LLM is not properly constrained. The project is in 'preview' which implies potential for breaking changes or undiscovered issues.
Updated: 2025-12-06GitHub
33
3
High Cost
carlisia icon

mcp-factcheck

by carlisia

Sec9

The MCP Fact-Check MCP Server validates content against the Model Context Protocol (MCP) specification using AI-powered semantic search to ensure technical accuracy and prevent misinformation.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Go 1.22+ required for building from source
Verified SafeView Analysis
The server demonstrates strong security awareness, implementing explicit prompt injection protection and utilizing environment variables for API keys. It offers optional network features (HTTP with SSE) with clear guidelines for secure implementation, but defaults to a safer stdio transport. No hardcoded secrets or obvious malicious patterns were found. Adherence to best practices for data handling and user consent is emphasized for implementors of the protocol, making the server itself robust against common vulnerabilities.
Updated: 2025-11-26GitHub
33
3
Medium Cost
newerton icon
Sec8

Provides an MCP server tool to scrape product information, such as prices and availability, directly from Mercado Livre, with strong data validation.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️The web scraper is susceptible to rate limiting, IP blocking, or CAPTCHAs from Mercado Livre.
  • ⚠️Relies on the current HTML structure of Mercado Livre, which can change and potentially break the scraping logic.
Verified SafeView Analysis
The server performs web scraping using `fetch` and `cheerio` to a specific domain (Mercado Livre). User input for product names is sanitized using `voca.slugify` before being incorporated into the URL, mitigating direct injection risks. There are no indications of 'eval' usage, obfuscation, or hardcoded sensitive credentials. The primary security considerations are external: the inherent fragility of web scraping (e.g., potential IP blocking or changes in Mercado Livre's HTML structure) and adherence to Mercado Livre's terms of service, rather than internal code vulnerabilities.
Updated: 2026-01-15GitHub
PreviousPage 155 of 713Next