Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
1
Medium Cost
aashnakunk icon
Sec9

A Model Context Protocol (MCP) server providing AI assistants with structured access to macOS development environment, productivity tools, and Chrome browser history.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Specific macOS operating system is required for full functionality.
  • ⚠️Google Chrome browser must be installed and used for browser tools.
  • ⚠️Requires manual configuration of `MCP_ALLOWED_ROOTS` environment variable or `src/config.ts` to define accessible directories.
  • ⚠️MCP client (e.g., Claude Desktop) requires specific configuration including an absolute path to the server's `dist/index.js`.
Verified SafeView Analysis
The server implements robust security measures for filesystem and command execution. It enforces `ALLOWED_ROOTS` for all file operations, preventing access to sensitive system directories. A `DANGEROUS_PATTERNS` list actively blocks common malicious commands like `rm -rf /`, fork bombs, and piping untrusted downloads to shell. Input to `sqlite3` queries for browser history and `osascript` calls for macOS integrations is carefully escaped to prevent injection. The core `execCommand` wrapper handles timeouts and output truncation, further enhancing safety. No direct `eval` calls or hardcoded sensitive credentials were found. It is highly secure for its intended purpose, provided the `ALLOWED_ROOTS` are configured responsibly by the user.
Updated: 2025-11-23GitHub
33
3
Medium Cost
Havoc24k icon
Sec4

A Model Context Protocol (MCP) server that provides tools to interact with AWS services and an optional vector store for document search, primarily designed for integration with Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires AWS credentials configured (typically in `~/.aws/credentials`) for AWS tools to function.
  • ⚠️The optional Vector Store uses ChromaDB, which stores its data locally in `chroma_db/` and can consume significant disk space as documents are ingested.
Review RequiredView Analysis
The server includes an `aws_sdk_wrapper` tool that can call *any* AWS SDK operation, including creating, updating, and deleting resources. This is explicitly warned as 'Unsafe Mode' in the server's instructions. If the MCP client or the server communication is compromised, this tool grants arbitrary control over the configured AWS account(s), posing a severe risk. In SSE mode, the server binds to `0.0.0.0` (all interfaces), which is common for containers but requires careful network segmentation in production.
Updated: 2025-11-25GitHub
33
3
Medium Cost
flashcatcloud icon

flashduty-mcp-server

by flashcatcloud

Sec8

The Flashduty MCP Server provides seamless integration with Flashduty APIs, enabling advanced incident management, automation of workflows, data extraction, and building AI-powered tools and applications.

Setup Requirements

  • ⚠️Requires a Flashduty APP Key for API authentication.
  • ⚠️Needs an MCP-compatible client (e.g., Cursor) to interact with the server.
  • ⚠️For local deployment, requires Docker or a Go development environment for building from source.
Verified SafeView Analysis
The server uses structured inputs for API calls, reducing injection risks. Authentication to the Flashduty API relies on an 'app_key' passed in URL query parameters, which is a known characteristic of the upstream Flashduty API. The server redacts this 'app_key' from log outputs for security. No hardcoded secrets were found in the provided source. While the 'mcpcurl' client-side utility includes a `gosec` nolint for arbitrary command execution (used for testing), this does not apply to the server's core functionality, which does not execute arbitrary shell commands based on user input for tool calls.
Updated: 2026-01-19GitHub
33
3
Low Cost
mcpc-tech icon

cmcp

by mcpc-tech

Sec6

A server for the Model Context Protocol (MCP) that acts as a proxy, enabling clients to dynamically register and execute tools in their local environment, not on the server.

Setup Requirements

  • ⚠️Requires a Deno runtime environment for the server examples.
  • ⚠️Client-side tools can run arbitrary code (e.g., eval, DOM manipulation, file access) in their environment, requiring careful security review of client-registered tools.
  • ⚠️Default CORS settings in the example server (origin: '*') are insecure for production and must be configured for specific allowed origins.
Verified SafeView Analysis
The example client tool `calculate` uses `eval()` on user-provided input, which is a critical security vulnerability allowing arbitrary code execution if deployed. While this is in an example client tool and not the core server logic, it is a dangerous pattern shown within the repository. The example server uses `cors({ origin: "*" })`, which is insecure for production environments and should be restricted. The 'puppet transport' feature delegates control, requiring careful trust management between connected clients.
Updated: 2025-12-06GitHub
33
3
Medium Cost
dlt-hub icon

dlt-mcp

by dlt-hub

Sec3

The dlt-mcp server allows LLMs to retrieve up-to-date information about dlt pipelines, datasets, and schemas, enhancing the development experience in AI-enabled IDEs.

Setup Requirements

  • ⚠️Requires 'uv' package manager for installation and execution.
  • ⚠️Requires existing dlt pipelines configured and accessible for tools to operate effectively.
  • ⚠️The 'search' functionality (for docs and code) requires the 'dlt-mcp[search]' optional dependency, which installs substantial packages like chonkie and lancedb, and performs local data ingestion into a LanceDB instance on first use.
Review RequiredView Analysis
The `execute_sql_query` tool directly executes arbitrary SELECT SQL statements provided by the LLM (or potentially a malicious user). While `list_tables` and `get_table_schema` are suggested to guide the LLM, there are no explicit sanitization or validation steps for the `sql_select_query` parameter, making it highly vulnerable to SQL injection. Additionally, `dlt.attach(pipeline_name)` could potentially allow path traversal or access to unintended pipelines if `pipeline_name` is not sanitized.
Updated: 2025-12-05GitHub
33
18
Medium Cost
lensesio icon

lenses-mcp

by lensesio

Sec8

This MCP server provides a programmatic interface for LLMs to interact with Lenses, a DataOps tool for Apache Kafka, allowing management of Kafka topics, consumer groups, connectors, and execution of Lenses SQL queries.

Setup Requirements

  • ⚠️Requires Lenses v6+ installed and accessible.
  • ⚠️Requires Python 3.12 and `uv` for dependency management.
  • ⚠️Requires a Lenses API Key (`LENSES_API_KEY` environment variable).
  • ⚠️Requires Lenses instance URL details (`LENSES_URL` environment variable).
Verified SafeView Analysis
The server uses environment variables for sensitive information like `LENSES_API_KEY`, which is a good practice. It utilizes standard Python libraries (`httpx`, `websockets`) for network communication. There are no apparent uses of `eval`, `exec`, or direct shell command execution without proper sanitization within the provided source code. Error handling in API clients catches common HTTP and network issues. The security largely relies on the Lenses platform's API security and the secure management of the `LENSES_API_KEY` and `LENSES_URL` environment variables. Broad `Exception` catching in the WebSocket client could mask specific issues.
Updated: 2026-01-02GitHub
33
3
Medium Cost
mekoman icon

planka

by mekoman

Sec3

A self-hosted Kanban board application designed for project management and team collaboration, deployable on Kubernetes using Helm.

Setup Requirements

  • ⚠️The default `session.secret` in `server/config/models.js` is hardcoded and publicly available; it must be manually changed to a strong, unique value for any production deployment.
  • ⚠️Changing the PostgreSQL password after initial deployment requires deleting the Persistent Volume (PV) to avoid the previous password being ignored.
  • ⚠️Requires Docker or a Kubernetes cluster with Helm for deployment, along with configuring database and application secrets.
Review RequiredView Analysis
The application has several hardcoded default credentials ('notsecretkey' for SECRET_KEY, 'demo' for admin_password) in its Docker Compose and Helm values for development/testing, which are explicitly highlighted in the README as critical to change for production. However, a crucial `session.secret` used for JWT signing is hardcoded to a static value in `server/config/models.js` without explicit warning in the README or a default randomization mechanism. This vulnerability could allow an attacker to forge JWT tokens if they are aware of this default secret, compromising all default installations. SQL query methods generally use parameterized queries, mitigating direct SQL injection risks. External process calls are used for notification scripts with controlled inputs.
Updated: 2026-01-19GitHub
33
3
Low Cost
chirag127 icon
Sec9

Provides an AI assistant with advanced stochastic algorithms for probabilistic decision-making, helping to break out of 'local thinking' patterns.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server's core logic involves validating structured input, formatting output, and generating one-line summaries based on a controlled `switch` statement. There is no direct use of `eval` or dynamic code execution on user input. Communication via StdioServerTransport inherently reduces network-based attack surface. Input parameters are used in string formatting, not executed code. The dependency tree is standard for a Node.js project, with no immediately apparent high-risk libraries for this specific application.
Updated: 2025-11-25GitHub
33
3
Medium Cost
skindyk icon
Sec4

Seamless integration between MCP clients and TestRail API, enabling natural language interactions for test management operations.

Setup Requirements

  • ⚠️Requires an active TestRail account with API access and credentials (URL, Username, Password/API Key).
  • ⚠️Requires Node.js version 18.0.0 or higher and TypeScript 5.0.0 or higher.
  • ⚠️Care must be taken when providing file paths for attachment uploads, as the server can be tricked into uploading local server files to TestRail.
Review RequiredView Analysis
The server's `processAttachment` function (used by `add_attachment_to_case`, `add_attachment_to_plan`, etc.) allows reading arbitrary files from the server's local filesystem if an absolute file path is provided as input to the `attachment` parameter. This content is then uploaded as an attachment to TestRail. This constitutes a Local File Exfiltration vulnerability, where an attacker who can control the `attachment` tool parameter (e.g., via a compromised or malicious MCP client/LLM) could exfiltrate sensitive files from the server's host to the connected TestRail instance. No instances of `eval` or direct arbitrary code execution were found.
Updated: 2025-12-06GitHub
33
18
Low Cost
jamesmontemagno icon

mcp-badge-creator

by jamesmontemagno

Sec9

Create one-click install badges for Model Context Protocol (MCP) servers, VS Code extensions, various package managers, GitHub repositories, and personal profiles.

Setup Requirements

  • ⚠️Node.js 18+ and npm/yarn are required for local development.
  • ⚠️External API calls (VS Code Marketplace, some Package Registries, MCP Registry) may be subject to CORS restrictions or require proxy services, potentially impacting search functionality.
Verified SafeView Analysis
The project is a client-side React application that runs entirely in the browser. It does not contain server-side code susceptible to typical server vulnerabilities. User preferences are stored in localStorage. Sensitive data (like API keys) is handled through placeholders (`${input:id}`) in generated configurations, promoting secure input practices rather than hardcoding. It makes client-side API requests to various external services (Shields.io, VS Code Marketplace, MCP Registry, package registries), some of which utilize a CORS proxy (`api.allorigins.win`). While this reliance on external services and proxies introduces minimal external dependency risks, no direct malicious patterns, `eval` usage, or hardcoded secrets are evident in the provided source code.
Updated: 2026-01-02GitHub
33
2
Low Cost
tomer1983 icon

swagger2mcp

by tomer1983

Sec7

Transforms OpenAPI/Swagger specifications into Model Context Protocol (MCP) servers, enabling secure and accurate LLM interaction with APIs.

Setup Requirements

  • ⚠️Requires Docker & Docker Compose for the easiest setup.
  • ⚠️Default `JWT_SECRET` and `ADMIN_PASSWORD` must be changed in production for security.
  • ⚠️Microsoft OAuth requires Azure Portal app registration and specific environment variables.
  • ⚠️CORS `ALLOWED_ORIGINS` needs to be restricted to trusted domains in production.
Verified SafeView Analysis
The project extensively documents security considerations in `SECURITY.md` and `PRODUCTION_DEPLOYMENT_CHECKLIST.md`, including warnings about changing default credentials (`JWT_SECRET`, `ADMIN_PASSWORD`) and disabling anonymous access in production. However, default development secrets and credentials are hardcoded within `docker-compose.yml` and `backend/src/config/passport.ts` (with fallbacks if env vars are unset), posing a risk if development configurations are accidentally used in production without proper modification. The use of `execSync` for migrations in the main server startup (`backend/src/server.ts`) is also a potential, though low, risk if the executed command were not fixed and safe. Rate limiting and CORS configuration are present but require production hardening.
Updated: 2026-01-14GitHub
33
3
Medium Cost
CSU-game-developers icon

Sinawali-MCP-Server

by CSU-game-developers

Sec3

Provides an API for an LLM-powered agent to manage a knowledge graph, primarily for text-based RPG scenarios, leveraging the Model-Context-Protocol.

Setup Requirements

  • ⚠️Requires Groq API Key (Paid)
  • ⚠️Requires Python 3.11 or higher
  • ⚠️Requires `airbnb_mcp.json` to be present and correctly configured, which dictates an external `node` process/server (memorymesh) that must be available and runnable via a specific path (`d:\github\Sinawali-MCP-Server\memorymesh\dist\index.js`).
Review RequiredView Analysis
CRITICAL VULNERABILITY: The server uses `subprocess.Popen` with `shell=True` to execute a command specified in the `airbnb_mcp.json` configuration file (`mcpServers.memorymesh.command` and `args`). If an attacker can modify this configuration file, they can execute arbitrary commands on the system where the server is running. This represents a severe command injection vulnerability. Additionally, running the FastAPI server on `0.0.0.0` makes it publicly accessible by default.
Updated: 2025-11-24GitHub
PreviousPage 156 of 713Next