Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
3
Medium Cost
sultannaufal icon

puppeteer-mcp-server

by sultannaufal

Sec7

Automating browser interactions and web scraping via an MCP server.

Setup Requirements

  • ⚠️Requires `API_KEY` environment variable for authentication.
  • ⚠️Requires Docker for containerized deployment, or manual installation of Node.js (v18+) and Chromium with its system dependencies for traditional server deployment.
  • ⚠️The `puppeteer_evaluate` tool allows executing arbitrary JavaScript, which carries inherent security risks even with implemented validation, and should be used with caution.
Verified SafeView Analysis
The `puppeteer_evaluate` tool allows executing arbitrary JavaScript code in the browser, which is an inherent security risk, even with input validation. The `allowDangerous` flag in `puppeteer_navigate` can also expose the browser to less secure configurations if explicitly enabled. However, the project implements robust security measures including API key authentication, URL, script, and selector safety validations, Helmet.js, CORS, rate limiting, and runs Puppeteer in a sandboxed, non-root Docker environment. Binary image serving is not authenticated but relies on temporary, UUID-based URLs and automatic cleanup.
Updated: 2025-11-23GitHub
33
3
Medium Cost
vespo92 icon

QBO-MCP-TS

by vespo92

Sec9

Integrate with QuickBooks Online to provide modular accounting automation, financial reporting, and real-time updates via an MCP server.

Setup Requirements

  • ⚠️Requires a QuickBooks Online Developer Account with configured OAuth credentials (CLIENT_ID, CLIENT_SECRET, COMPANY_ID, REFRESH_TOKEN).
  • ⚠️Requires Node.js 18+ to run.
  • ⚠️SSE transport is temporarily disabled for migration and will not function as expected (as stated in `src/index.ts`).
  • ⚠️Requires WEBHOOK_VERIFIER_TOKEN if QuickBooks webhooks are to be utilized for real-time updates.
Verified SafeView Analysis
Relies on environment variables for sensitive data (QuickBooks OAuth credentials, webhook verifier token). Implements HMAC-SHA256 signature verification for inbound webhooks and includes a basic replay attack protection mechanism. Logging is sanitized to prevent sensitive data exposure. No 'eval' or obvious obfuscation detected.
Updated: 2025-11-24GitHub
33
1
Low Cost
ahnafyy icon
Sec8

Provides a Model Context Protocol (MCP) server template with Express.js for building AI-powered tools and resources.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️MCP Inspector is an optional, external debugging tool (`mcp-inspector`) that needs to be installed or run via `npx` separately.
Verified SafeView Analysis
The core server template itself does not use 'eval' or direct 'exec' functions. Configuration is loaded from environment variables, which is a good practice. The `requestLogger` middleware logs `req.body` and `req.query` at debug level, which could potentially expose sensitive data if debug logging is enabled in a production environment without careful consideration. The MCP request handling includes a `try-catch` block that prevents server crashes for individual malformed requests, returning a 500 Internal Server Error. The scaffolding tool `create-mcp-express` uses `child_process.execSync` for package installation and fetching git user config, which is generally acceptable for a local CLI tool but not part of the runtime server.
Updated: 2025-11-23GitHub
33
1
Medium Cost
withmarbleai icon

marble-mcp

by withmarbleai

Sec9

This MCP server integrates with AI coding tools to generate relevant learning project links and interactive slides for the Marble platform based on codebase analysis.

Setup Requirements

  • ⚠️The 'generate_slides_link' tool, as implemented in the provided source code ('src/index.ts'), does not utilize 'SUPABASE_URL' or 'SUPABASE_KEY' for database storage of prompts, contrary to what the README states. Instead, it embeds compressed prompts directly into URL fragments, enforcing a Zero Data Retention policy. Users configuring Supabase for this tool will find it is not used by the current code.
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Primarily designed to be integrated as an MCP server with AI coding environments (e.g., Claude Code, Cursor, Augment Code), not as a standalone general-purpose server.
Verified SafeView Analysis
The server is generally safe to run. It uses the Model Context Protocol SDK and primarily focuses on generating URLs and crafting instructions for an external AI. It does not execute arbitrary user code or perform direct network calls to untrusted sources. Crucially, the 'generate_slides_link' tool, as implemented in the provided 'src/index.ts' file, uses a Zero Data Retention policy by compressing the prompt into a URL fragment, thus avoiding server-side storage of prompts. This enhances privacy and reduces the attack surface. No hardcoded secrets were found; any sensitive configurations (like the Supabase keys mentioned in the README) are expected to be environment variables.
Updated: 2025-12-09GitHub
33
9
Medium Cost
xlisp icon
Sec8

Querying Datomic databases and integrating with AI-powered workflows for data persistence and extension.

Setup Requirements

  • ⚠️Requires a running Datomic transactor (Pro, Dev-local, or Cloud) to connect to.
  • ⚠️Datomic Pro transactor specifically requires Java 8 to run, while the client (MCP server) can run on newer JDKs (e.g., 17).
  • ⚠️Requires Clojure CLI tools installed.
Verified SafeView Analysis
The server uses JSON-RPC over STDIO, limiting direct network exposure which is good. No obvious hardcoded secrets or direct 'eval' patterns are visible in the truncated source. The client configuration involves executing a shell command to start the server; while the command itself is fixed in the example, the overall security depends on the client environment's trustworthiness and how it constructs commands for other interactions. For its stated purpose, it appears reasonably secure.
Updated: 2025-11-19GitHub
33
2
Medium Cost
danielrosehill icon

Homebox-MCP-Server

by danielrosehill

Sec8

The Homebox MCP Server enables AI assistants to interact with a self-hosted Homebox inventory management system using natural language commands, facilitating tasks like listing, creating, updating, and deleting items, locations, and labels.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed on the host machine.
  • ⚠️Requires a running Homebox instance accessible from the server's host.
  • ⚠️Requires configuration of Homebox API credentials (API Key or Username/Password) as environment variables.
  • ⚠️Requires a local LLM with function calling capabilities (e.g., Qwen 3 8B, Llama 3.1 8B) and an MCP-compatible AI client (e.g., LM Studio, Continue.dev, Ollama) set up.
Verified SafeView Analysis
The server handles authentication by either an API key or username/password, including token login and refresh. All credentials are sourced from environment variables, preventing hardcoding. Communication with the Homebox API is via HTTPS (if configured), and the MCP server itself communicates via standard I/O (stdio), limiting direct network attack surface. There are no obvious malicious patterns like 'eval' or obfuscation. Minor risks include potential verbose error messages leaking internal information if API calls fail, and the direct handling of username/password credentials in code (though token refresh logic is included).
Updated: 2025-12-14GitHub
33
3
Medium Cost
bmoussaud icon

mcp-azure-apim

by bmoussaud

Sec4

Demonstrates exposing an existing REST API (Setlist.fm) as a Model-Context-Protocol (MCP) server using Azure API Management, consumable by various clients including AI agents and GitHub Copilot tools.

Setup Requirements

  • ⚠️Requires an Azure Subscription for resource deployment.
  • ⚠️Relies heavily on Azure Developer CLI (azd) for infrastructure provisioning and environment management.
  • ⚠️Requires Python 3.11+ and the 'uv' package manager for environment setup.
  • ⚠️Extensive setup of Microsoft Entra ID (Azure AD) application registrations, permissions, and service principals is mandatory for authentication and authorization.
  • ⚠️Requires Azure AI Foundry for custom AI agent examples and deploying models like GPT-4.1 mini.
Review RequiredView Analysis
The project contains hardcoded API keys in `src/python/mcp_server_auth_entra_id.py` for the backend Setlist.fm API, and in `infra/main.parameters.json`. Additionally, secrets are embedded into generated configuration files (`.vscode/mcp.json`, `src/apim/setlistfm/mcp-policy-setlistfm-entra-id.xml`) via shell hooks. This practice significantly increases the risk of accidental exposure of sensitive credentials.
Updated: 2026-01-14GitHub
33
3
Medium Cost
Chris31372 icon

better-chat

by Chris31372

Sec8

An AI chat application focused on interacting with technical documentation, featuring multi-model support and per-user data isolation via Cloudflare Durable Objects.

Setup Requirements

  • ⚠️Requires a Cloudflare account with configured Workers, D1 (database), KV (key-value store), and Durable Objects (stateful serverless instances).
  • ⚠️Deployment and local development rely on the Alchemy framework, requiring its CLI and understanding of its specific commands and environment configurations (e.g., `.env.dev`, `.env.prod`).
  • ⚠️Full functionality, particularly access to premium AI models, depends on providing various API keys for AI providers (e.g., OpenAI, Google, Anthropic), email services (Resend in production), social authentication, and web search (Exa).
Verified SafeView Analysis
The provided server-side source code demonstrates strong security practices. Sensitive user API keys are encrypted at rest using AES-GCM with a user-specific PBKDF2-derived key, and secrets are properly managed via environment variables. User sessions are secured with Cloudflare KV, and rate limiting is implemented. The authentication system, Better Auth, uses email OTP and OAuth securely. However, the accompanying README's instructions to download and execute a `.zip` file for the client application from GitHub (`better-chat.zip`) represent a critical security risk for end-users, as the contents of this client binary are not provided for audit. Users should exercise extreme caution and ideally build the client from source if provided, or verify its integrity through trusted channels.
Updated: 2026-01-19GitHub
33
3
Medium Cost
treasure-data icon

td-mcp-server

by treasure-data

Sec9

Provides a secure, controlled interface for AI assistants to query and interact with Treasure Data (Trino SQL, CDP, and Workflow APIs) via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires a Treasure Data API Key (TD_API_KEY) configured in the environment.
  • ⚠️Write operations (using the 'execute' tool) are disabled by default and must be explicitly enabled by setting 'TD_ENABLE_UPDATES=true'.
Verified SafeView Analysis
The server is designed with security in mind, defaulting to read-only operations unless 'TD_ENABLE_UPDATES=true' is explicitly set. It includes a `QueryValidator` to enforce read/write restrictions and prevent SQL injection through identifier/string escaping. All SQL queries are subjected to validation, including checking for write operations within 'WITH' clauses in read-only mode. API keys are masked in all error messages. An `AuditLogger` tracks all query executions (success/failure, query type, duration, affected rows) for monitoring. Input schemas for CDP tools are validated using Zod. Network communication with Treasure Data APIs uses HTTPS. Overall, strong security practices are evident.
Updated: 2026-01-19GitHub
33
2
Medium Cost
hyperpolymath icon

poly-container-mcp

by hyperpolymath

Sec9

Provides a unified MCP server interface for managing multiple container runtimes including nerdctl, podman, and docker, prioritizing FOSS alternatives.

Setup Requirements

  • ⚠️Requires Deno runtime installed locally.
  • ⚠️Requires at least one container runtime (nerdctl, podman, or docker) to be installed and accessible in the system's PATH (or configured via environment variables).
  • ⚠️For HTTP mode deployment (e.g., Deno Deploy), ensure the server's port is exposed and network policies allow incoming connections.
Verified SafeView Analysis
The server employs strong security practices for executing external commands. It uses Deno.Command for subprocess execution, which is safer than shell execution. Crucially, all subcommands are whitelisted via `ALLOWED_COMMANDS` arrays, and arguments are rigorously sanitized using `sanitizeArg` to prevent shell metacharacters and command injection. No hardcoded secrets were identified in the provided code. Network communications are managed with resilience patterns like circuit breakers and rate limiters, enhancing robustness. While the `bundle.js` summary mentions internal code generation (likely for schema validation with Ajv/Zod), it is not used for executing arbitrary user-provided code in the critical command execution path.
Updated: 2026-01-17GitHub
33
2
Medium Cost
ekkostech icon

ekkos-mcp-server

by ekkostech

Sec8

Provides persistent memory and tool access for AI coding assistants across sessions by acting as a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires an ekkOS API Key obtained from platform.ekkos.dev (likely a paid platform account).
  • ⚠️Requires an ekkOS User ID for authentication and tracking.
  • ⚠️Specific JSON configuration is needed within your IDE (Cursor, Windsurf, Claude Code) to integrate the server.
Verified SafeView Analysis
The primary server file (`index.ts`), which is compiled and distributed, is designed as a secure proxy. It retrieves `EKKOS_API_KEY` and `EKKOS_USER_ID` from environment variables and makes authenticated HTTPS requests to the remote ekkOS API (`mcp.ekkos.dev`). It explicitly states 'NO direct database access.' This is a robust and secure pattern for a local proxy. However, the repository contains an excluded `index-legacy.ts` file. This file, if compiled and run, would directly connect to a Supabase database using a `SUPABASE_SECRET_KEY` (or `MEMORY_API_TOKEN`) sourced from environment variables. Exposing a Supabase secret key in a client-side binary is a critical security vulnerability, as it typically grants full read/write access to the entire database. While `tsconfig.json` explicitly excludes `index-legacy.ts`, its mere presence in the source code indicates a past or alternative mode of operation that was highly insecure. This is a latent risk if the build configuration were ever compromised or misunderstood.
Updated: 2026-01-11GitHub
33
3
Medium Cost
philogicae icon

rqbit-mcp

by philogicae

Sec3

Provides a Python API wrapper and an MCP (Model Context Protocol) server to interact with the rqbit torrent client.

Setup Requirements

  • ⚠️Requires a separate, running instance of `rqbit` (torrent client).
  • ⚠️Requires Python 3.10+.
  • ⚠️The `download_torrent` functionality has a critical local file read vulnerability and should not be used in production without a fix.
Review RequiredView Analysis
The `download_torrent` MCP tool (and underlying `RqbitClient.add_torrent` method) allows a remote client to specify a local file path. The server then reads the content of this local file and attempts to send it to the `rqbit` instance. This creates a critical local file disclosure/arbitrary file read vulnerability, allowing an attacker to read any file accessible by the server process (e.g., `/etc/passwd`). Additionally, the use of `network_mode: host` in the Docker Compose setup reduces network isolation, which requires careful host firewall configuration, and `RQBIT_HTTP_BASIC_AUTH_USERPASS` for rqbit authentication, while better than hardcoding, relies on proper handling of sensitive environment variables.
Updated: 2026-01-15GitHub
PreviousPage 162 of 713Next