Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
2
Low Cost
osim-group icon

osim-mcp-server

by osim-group

Sec8

Provides Model Context Protocol (MCP) access to OSIM (Open Security Information Model) data standards, enabling clients to query and retrieve security-related schemas and their definitions.

Setup Requirements

  • ⚠️Requires the `git` command-line tool to be installed for schema synchronization and updates.
  • ⚠️The `osim-schema` directory is critical for operation and is fetched/updated dynamically; initial setup or `uvx` execution will perform a network call to retrieve it.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The server uses `subprocess.run` to execute `git clone` for updating schemas from a fixed GitHub repository. While the target URL is trusted, this introduces a supply chain risk if the upstream OSIM schema repository were to be compromised, potentially leading to malicious JSON schema files being downloaded. However, the server's loader only parses JSON, mitigating direct code execution risk from compromised schemas. No `eval` or other highly dangerous functions were found. Network requests for version checks and schema downloads are directed to specific, known GitHub URLs. No hardcoded secrets were identified.
Updated: 2026-01-19GitHub
33
3
High Cost
ucpdh23 icon

Servant

by ucpdh23

Sec3

Smart Home Assistant Platform to simplify and automate domestic tasks efficiently, integrating with sensors, actuators, and AI.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Telegram Bot API Token
  • ⚠️Requires Google Calendar API credentials (JSON secret file)
  • ⚠️Requires MongoDB instance
  • ⚠️Requires Neo4j instance
  • ⚠️Requires SSH access with configured credentials to network devices/servers for certain functionalities
  • ⚠️Requires GraphHopper API Key (Paid or self-hosted)
  • ⚠️Requires Wit.ai token for voice transcription
  • ⚠️Requires `ffmpeg` system dependency for audio conversion
  • ⚠️Linux-based system required
Review RequiredView Analysis
Critical security vulnerabilities identified: 1. Hardcoded API Key: The GraphHopper API key is directly embedded in `RoadUtils.java`, posing a significant risk if exposed. 2. Remote Command Execution: `SSHUtils.runLocalCommand` and `runRemoteCommand` are used across multiple verticles (`HomeVerticle`, `OutletVerticle`, `SensorVerticle`, `ScrumLeaderVerticle`, `GithubVerticle`, `AzureDevOpsVerticle`). While current usage seems restricted to controlled inputs or configuration, this pattern is highly susceptible to command injection if external inputs are not meticulously sanitized. The `process_device_security` method in `HomeVerticle` is triggered by user input via Telegram and influences device security status which could indirectly lead to command execution if not carefully managed. 3. File Download and Processing: `ParrotUtils` downloads files from Telegram. The `onFile` handler in `ParrotVerticle` constructs a `filepath` from user-provided content (`content.split("#")[2]`), which introduces a potential path traversal vulnerability if the `content` is malicious. 4. XML External Entity (XXE) Vulnerability: `RoadUtils.parseXML` processes XML from external sources without explicit configuration for XXE protection, making it vulnerable to such attacks. 5. Sensitive Data in Configuration: While `conf.json` uses placeholders, if actual secrets are stored directly in this file and committed to version control, they become hardcoded secrets (e.g., GitHub and Azure DevOps access tokens in `GithubVerticle` and `AzureDevOpsVerticle`).
Updated: 2025-11-29GitHub
33
4
Medium Cost
ruslanlap icon
Sec9

This server integrates Google PageSpeed Insights API with Claude Desktop to provide web page performance analysis, recommendations, and detailed audits.

Setup Requirements

  • ⚠️Requires a Google API Key with PageSpeed Insights API enabled (free tier with usage limits, then paid)
  • ⚠️Requires Node.js v18+ to be installed locally
  • ⚠️Manual configuration of Claude Desktop is required to integrate the MCP server, or use the provided 'install.sh' script to automate.
Verified SafeView Analysis
The server primarily makes outbound requests to Google's PageSpeed Insights API, which is a trusted endpoint. It correctly handles the Google API key via environment variables, preventing hardcoding. Input validation is performed using Zod schemas. There are no direct usages of 'eval' or other highly dangerous functions. Logging is directed to stderr to avoid interference with the MCP protocol on stdout. The project relies on standard, well-maintained Node.js libraries. The only potential risk would be if the Google API itself is compromised or misused, which is outside the scope of this server's code.
Updated: 2025-11-21GitHub
33
1
Medium Cost
lukasmki icon

chemspace-mcp

by lukasmki

Sec8

Provides an MCP server wrapper for the Chemspace API, enabling AI agents to search for chemical compounds.

Setup Requirements

  • ⚠️Requires Python 3.13+ for execution.
  • ⚠️Requires a Chemspace API Key (may necessitate registration or a paid account with Chemspace).
  • ⚠️The 'uv' package manager is a prerequisite for installation and running the server.
Verified SafeView Analysis
The server correctly retrieves the Chemspace API key from an environment variable. It caches short-lived access tokens in a temporary file, which is a minor potential risk but mitigated by the token's short lifespan and the secure handling of the primary API key. No 'eval', obfuscation, or other obvious malicious patterns were detected in the provided source code. Network communication is directed to the official Chemspace API endpoints.
Updated: 2025-11-24GitHub
33
3
High Cost
forcedotcom icon

mobile-mcp-tools

by forcedotcom

Sec8

Generates Salesforce native mobile applications from natural language prompts, providing AI with necessary platform-specific context and orchestrating the development workflow. It enables LLMs to produce production-ready solutions tailored to the Salesforce Mobile Platform.

Setup Requirements

  • ⚠️Requires access to Salesforce's 1Password for fetching LLM provider API keys and tenant IDs, implying an internal Salesforce setup for full functionality.
  • ⚠️Requires a fully configured Salesforce Mobile Platform development environment, including Salesforce CLI with `sfdx-mobilesdk-plugin` and `@salesforce/lwc-dev-mobile` plugins, as well as platform-specific tools like Xcode for iOS development or Android Studio/Gradle/Java for Android. Xcode project manipulation further relies on the `xcodeproj` Ruby gem.
  • ⚠️Requires a pre-configured Salesforce Connected App, with its Consumer Key (`CONNECTED_APP_CONSUMER_KEY`) and Callback URI (`CONNECTED_APP_CALLBACK_URL`) explicitly set as environment variables.
Verified SafeView Analysis
The system executes external command-line interface (CLI) tools (e.g., `sf`, `xcodebuild`, `gradlew`) and Ruby scripts (e.g., `xcodeproj gem`) via `child_process` functions. While these operations are fundamental to its functionality (mobile project generation and build), they represent a potential vector for command injection if input is not meticulously sanitized. However, the design emphasizes 'instruction-first' tools where LLMs are guided to use CLIs with specific arguments, rather than arbitrary execution. Sensitive API keys are managed via environment variables and 1Password, not hardcoded. No evident use of `eval` or code obfuscation. The `SECURITY.md` suggests standard reporting channels.
Updated: 2026-01-17GitHub
33
3
Medium Cost
mia-platform icon

console-mcp-server

by mia-platform

Sec6

The Mia-Platform Console MCP Server integrates with Mia-Platform Console APIs to enable advanced automation and interaction capabilities for developers and tools.

Setup Requirements

  • ⚠️Requires a valid account on a Mia-Platform Console instance.
  • ⚠️Requires the `CONSOLE_HOST` environment variable to be set.
  • ⚠️Service Account authentication requires `MIA_PLATFORM_CLIENT_ID` and `MIA_PLATFORM_CLIENT_SECRET` environment variables.
Review RequiredView Analysis
The server includes an `/mcp-internal` endpoint that explicitly bypasses authentication and proxies headers, intended for 'trusted networks'. While documented as such, this design introduces a critical security risk if misconfigured or exposed to untrusted environments. Authentication for the primary `/mcp` endpoint supports OAuth2.1 and Service Accounts, with dynamic client registration and token management handled internally, which is generally robust. No obvious hardcoded secrets or malicious patterns (like `eval`) were found directly in the provided source.
Updated: 2026-01-15GitHub
33
3
Medium Cost
greddy7574 icon

taigaMcpServer

by greddy7574

Sec5

The Taiga MCP Server enables natural language interaction with Taiga project management systems, allowing users to manage projects, sprints, user stories, tasks, issues, epics, wiki pages, comments, and attachments through conversational AI.

Setup Requirements

  • ⚠️Requires Taiga account credentials (TAIGA_USERNAME, TAIGA_PASSWORD) for all functional operations beyond basic server checks.
  • ⚠️TAIGA_API_URL must be correctly configured for self-hosted Taiga instances.
  • ⚠️MCP protocol tests (npm run test:basic) may experience connectivity issues due to complex child process spawning in some environments.
Review RequiredView Analysis
The server uses `dotenv` to load credentials from `.env` files, preventing hardcoding of secrets. Input validation for tool parameters is implemented using `zod`, which is a good practice for mitigating injection attacks. However, the `uploadAttachmentFromPath` tool (used internally by `uploadAttachment` when `filePath` is provided) directly takes a `filePath` parameter from user input and reads the content using `fs.readFileSync`. Although it attempts to resolve paths to common locations (`process.cwd()`, `os.homedir()`, `Desktop`, `Downloads`) or absolute paths, this pattern can be vulnerable to Local File Inclusion (LFI) if an attacker can craft a malicious `filePath` to read arbitrary files from the server's file system (e.g., by using directory traversal `../`). Running this server in an environment where user input to `filePath` is not strictly controlled or sandboxed could pose a significant security risk.
Updated: 2026-01-19GitHub
33
1
Low Cost
polboo icon
Sec9

Provides a sample Model Context Protocol (MCP) server with a calculator tool and a dynamic greeting resource, designed for integration with a VS Code Cline agent.

Setup Requirements

  • ⚠️Requires Node.js (version 16+)
  • ⚠️Requires manual VS Code Cline agent configuration with an absolute path in `settings.json`.
  • ⚠️The project needs to be built (`npm run build`) before running.
Verified SafeView Analysis
The server uses standard input/output (stdio) for communication, limiting direct network exposure. Input validation for the 'add' tool ensures numerical arguments, and URI parsing for 'greeting' uses decodeURIComponent, reducing obvious injection vectors. No 'eval' or hardcoded secrets were found.
Updated: 2025-11-23GitHub
33
1
Medium Cost
Genaker icon

Agento_MCP

by Genaker

Sec2

AI-powered development tools for Magento 2, enabling seamless AI integration with Cursor IDE for executing SQL queries, managing cache, and accessing magerun commands via natural language.

Setup Requirements

  • ⚠️Requires Magento 2.4.x and PHP 8.1+.
  • ⚠️Requires n98-magerun2 PHAR to be installed (auto-installer available, but insecure).
  • ⚠️The `n98-magerun2` installer uses insecure SSL verification (`CURLOPT_SSL_VERIFYPEER, false`).
  • ⚠️Primarily designed for Cursor IDE integration, though it uses a generic MCP server.
Review RequiredView Analysis
CRITICAL RISKS: 1. `agento:query` and `execute_sql` tool allow direct execution of arbitrary SQL queries without sanitization, leading to potential data exfiltration, modification, or deletion. 2. `magerun` tool executes arbitrary `n98-magerun2` commands with user-controlled arguments, posing severe command injection risks and enabling highly destructive operations (e.g., `db:drop`, `module:uninstall`, `admin:user:create`). 3. `clear_redis` tool executes `FLUSHALL` on Redis, wiping all Redis data (sessions, cache, etc.). 4. `MagerunInstallCommand` downloads `n98-magerun2.phar` using `CURLOPT_SSL_VERIFYPEER, false`, making the installation vulnerable to Man-in-the-Middle attacks. 5. Resources like `database_schema` and `magento_config` expose sensitive information (database schemas, config files) although read-only and with path traversal protection. Running this module grants powerful, potentially destructive access to the Magento instance via AI interaction.
Updated: 2025-11-24GitHub
33
3
Low Cost
fub05 icon
Sec3

Serves local documents via a REST API for manual retrieval or as a tool for Multi-Agent Collaboration Protocol (MCP) agents.

Setup Requirements

  • ⚠️Vulnerable to path traversal, posing a significant security risk.
  • ⚠️Optional MCP integration requires installing `fastmcp` package separately.
  • ⚠️Python 3.7 or later is required (as per the overall Starter Kit README).
Review RequiredView Analysis
The server is vulnerable to path traversal. The `name` parameter in `/tool/get/{name}` and the `read_doc` MCP tool directly use user-supplied input to construct file paths (`BASE / name` and `self.base_docs / name`) without sanitization. An attacker could use `../` to access files outside the intended `docs` directory, leading to arbitrary file disclosure (e.g., `/etc/passwd`).
Updated: 2026-01-19GitHub
33
3
Medium Cost
akrutsinger icon

binja-codemode-mcp

by akrutsinger

Sec7

Enables LLM-assisted reverse engineering in Binary Ninja by executing Python code directly against its API.

Setup Requirements

  • ⚠️Requires Binary Ninja to be installed and running.
  • ⚠️Requires manual start of the MCP server from within the Binary Ninja GUI (`Plugins > MCP Code Mode > Start Server`).
  • ⚠️Requires configuration of an MCP client (e.g., Zed, Claude Desktop) with the correct bridge path, server URL, and API key.
Verified SafeView Analysis
The server executes arbitrary Python code provided by the LLM. However, it implements strong security measures: - Code is validated using an AST parser (`CodeValidator`) to block forbidden modules (e.g., `os`, `subprocess`, `socket`, `importlib`, `sys`, `shutil`) and dangerous built-ins/attributes (e.g., `eval`, `exec`, `open`, `__import__`, `__subclasses__`). - Execution occurs in a restricted global environment, exposing only safe built-ins and the `binja` API object. - There is a 30-second execution timeout to prevent resource exhaustion. - The HTTP server binds only to localhost (`127.0.0.1`). - API key authentication is required for all requests. While `exec` is used, the comprehensive sandboxing significantly mitigates risk. The README explicitly warns users to 'only use with trusted MCP clients and LLMs,' which is appropriate for a tool that inherently deals with arbitrary code execution for analysis.
Updated: 2026-01-09GitHub
33
2
Medium Cost
jr2804 icon
Sec9

Converts Model Context Protocol (MCP) server configurations between different formats (JSON, YAML, TOML) and LLM provider specifications.

Setup Requirements

  • ⚠️Requires Python 3.13 only.
  • ⚠️Requires LLM API keys (often paid services) for cloud providers or a local Ollama setup with models installed.
  • ⚠️Strongly recommends `uv` for dependency management, which may be unfamiliar to some Python developers.
Verified SafeView Analysis
The tool sends user-provided configuration data to external LLM providers (e.g., OpenAI, Anthropic) for conversion, which is an inherent part of its function. Users should be aware of the data privacy policies of the LLM providers they use. File modification operations (overwrite, replace, update) are explicit and should be used with caution on important files. No 'eval' or obvious hardcoded secrets detected in the provided source code. API keys are handled via environment variables.
Updated: 2026-01-18GitHub
PreviousPage 158 of 713Next