Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
2
Medium Cost
Avri-Yom-Tov icon

teamToolboxHub

by Avri-Yom-Tov

Sec2

Centralized configuration and management hub for various team utilities and external Model Context Protocol (MCP) servers, facilitating access to services like SonarQube, AWS documentation, Jenkins, and CloudWatch.

Setup Requirements

  • ⚠️Requires various external API keys and credentials for Jenkins, SonarQube, Context7, AWS, and an internal tenant API. Many are currently marked as placeholders ('xxx', 'here') and must be properly configured.
  • ⚠️Requires Node.js/npm (for `npx`) and `uv` (for `uvx`) to run the specified MCP servers.
  • ⚠️The `awsManager.py` script requires Python 3 and specific GUI libraries (`PyQt5`, `qfluentwidgets`, `qframelesswindow`) for its desktop application.
  • ⚠️Global MCP server configuration for VS Code involves manually creating or editing `C:\Users\{YourUsername}\AppData\Roaming\Code\User\mcp.json`.
Review RequiredView Analysis
The source code exhibits critical security vulnerabilities: 1. **Hardcoded Secrets**: Multiple scripts (`getBuildNumbersNew.js`, `getBuildNumbersOld.js`, `searchByTenantId.js`, `repoIssues.js`) and the `mcps/mcp.json` configuration file explicitly contain placeholders (`xxx`, `here`) for sensitive credentials such as Jenkins API tokens, usernames, passwords, SonarQube tokens, and internal API tokens. If these placeholders are replaced with actual credentials and committed to the repository, it leads to severe exposure. 2. **Shell Injection Risk**: The `scripts/managerAws/python/awsManager.py` script uses `subprocess.run(command, shell=True)`. While current commands appear internally constructed, the `shell=True` flag inherently creates a risk of shell injection if any part of the `command` string were to originate from or be influenced by untrusted input. 3. **MFA Secret Key Handling**: `awsManager.py` retrieves `mfaSecretKey` from environment variables, but if not set, it defaults to an empty string. If this is intended to be hardcoded, it would be another secret vulnerability. 4. **Credential Management**: The `awsManager.py` script writes AWS credentials and tokens to local `.aws/credentials` and `.aws/config` files, and updates Maven `settings.xml` and NPM config. While a credential manager's purpose, insecure handling or storage of the initial MFA secret key undermines this.
Updated: 2026-01-14GitHub
32
2
Medium Cost
miyamo2 icon
Sec9

This server acts as an unofficial proxy for the HotPepper Gourmet WEB Service, providing structured tools and resources for searching gourmet information and retrieving master data through the MCP protocol.

Setup Requirements

  • ⚠️Requires a HotPepper Gourmet API Key from Recruit WEB Service.
  • ⚠️Requires an MCP Host (e.g., an LLM agent) to interact with this server, with specific configuration.
  • ⚠️The `HOTPEPPER_GOURMET_API_KEY` environment variable must be set.
Verified SafeView Analysis
The server follows good security practices by reading the API key from environment variables (HOTPEPPER_GOURMET_API_KEY) and not hardcoding it. HTTP requests use `go-resty` which properly encodes query parameters, mitigating URL injection risks. Input validation via JSON Schema is implemented for tool calls. Logging to a file is enabled, which should be considered for sensitive data if the log directory is publicly accessible, though the default is the current working directory.
Updated: 2026-01-13GitHub
32
2
High Cost
AmberLee2427 icon

nancy-brain

by AmberLee2427

Sec6

Builds a searchable knowledge base from GitHub repositories and PDF articles for AI agents and assistants.

Setup Requirements

  • ⚠️Requires Java (OpenJDK recommended) for Apache Tika PDF processing, requiring JAVA_HOME and PATH configuration.
  • ⚠️Requires `KMP_DUPLICATE_LIB_OK=TRUE` environment variable, especially critical for macOS users, to avoid OpenMP library conflicts.
  • ⚠️Optional Anthropic or Gemini API Key is required for document-level summaries, which incur token costs (paid service).
Review RequiredView Analysis
The server processes external content from arbitrary GitHub URLs (git clone) and PDF URLs (requests), which inherently carries risks if sources are malicious. The `subprocess.run` calls for git operations are justified but a potential vector. JWT signing uses a 'dev key' by default for `NB_SECRET_KEY`, which is a critical vulnerability for production deployments. Authentication is implemented for HTTP/UI but the MCP server primarily uses stdio/socket transport, which is generally for local/trusted clients, but its potential exposure (e.g. via `0.0.0.0` host) could be a risk if not properly isolated. No direct use of `eval` or intentional obfuscation was found.
Updated: 2026-01-19GitHub
32
2
High Cost
hithereiamaliff icon

mcp-datagovmy

by hithereiamaliff

Sec4

Provides AI models access to Malaysia's open government datasets and dashboards, including real-time weather and public transport information, with enhanced search and direct Parquet file parsing capabilities.

Setup Requirements

  • ⚠️Requires Google Maps API Key for enhanced geocoding (optional, falls back to Nominatim).
  • ⚠️Requires GrabMaps API Key and AWS credentials (AWS Access Key ID, Secret Access Key, Region) for GrabMaps geocoding (optimized for Malaysia, optional, falls back to Nominatim). All four are mandatory for GrabMaps.
  • ⚠️Firebase service account JSON file is required for Firebase analytics persistence; otherwise, analytics are only stored locally.
  • ⚠️Analytics reset key is hardcoded to 'malaysia-opendata-2024' if not set via environment variable, allowing unauthorized analytics resets.
Verified SafeView Analysis
A critical security flaw exists: the `/analytics/reset` endpoint is protected by an `ANALYTICS_RESET_KEY` which has a hardcoded default value ('malaysia-opendata-2024') if not set via environment variables. This allows any attacker to reset the server's analytics data. API keys (Google Maps, GrabMaps, AWS) can be passed via URL query parameters or HTTP headers and are then stored in `process.env`. While explicitly supported, this design choice could lead to unexpected behavior or accidental exposure in certain proxy/logging configurations, especially in multi-tenant or multi-session environments. All external API calls use `axios`, and input parameters for tools are validated with `zod`, which helps prevent common injection vulnerabilities within API requests. `execSync` is used in build/deployment scripts, which is acceptable in that context.
Updated: 2026-01-15GitHub
32
1
Medium Cost
7loud icon

personal-mcp

by 7loud

Sec8

Provides an interface for AI agents to manage iCloud calendar events.

Setup Requirements

  • ⚠️Requires `ICLOUD_USERNAME` environment variable.
  • ⚠️Requires `ICLOUD_APP_PASSWORD` environment variable, which must be an Apple-generated app-specific password (not the main iCloud password).
  • ⚠️Requires `npm install` (or `yarn install`) to set up dependencies before running.
Verified SafeView Analysis
Credentials (iCloud username and app-specific password) are correctly handled via environment variables. Input validation for tool parameters is performed using `zod`. iCal content generation includes escaping to prevent injection. The main external risks would stem from vulnerabilities in the `@modelcontextprotocol/sdk` or `tsdav` libraries, or improper network exposure without additional authentication beyond what MCP might offer. The `src/test.ts` file performs real calendar actions; this is a test script, not part of the production server, but highlights the real-world impact.
Updated: 2025-11-26GitHub
32
2
Low Cost
mk965 icon
Sec9

Retrieves real-time price information for various assets (precious metals, cryptocurrencies) to be used by large language models.

Setup Requirements

  • ⚠️Potential requirement for API keys for services (e.g., Gold API) not explicitly configured via environment variables in the provided code/documentation.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The code appears to be generally safe. It uses Zod for input validation and standard network fetching with timeouts. No 'eval' or obvious obfuscation was found. It relies on external APIs (Gold API, CoinGecko, GoldPriceOrg, exchange rates). A potential concern is the lack of explicit environment variable configuration for API keys, especially for services like 'Gold API' which typically require one. This might lead to runtime failures if a free tier is not sufficient or if a key is implicitly expected but not provided.
Updated: 2025-11-30GitHub
32
2
Medium Cost
euiyounghwang icon
Sec3

This repository provides a comprehensive monitoring and alerting solution for microservices, including Elasticsearch, Kafka, Redis, and general system health, leveraging Prometheus, Grafana, Loki, and custom Python/Go exporters, with a specific component for exposing Python tools and resources as an MCP server for AI/LLM consumption.

Setup Requirements

  • ⚠️Requires Python 3.9+ and associated libraries (e.g., prometheus-client, requests, gradio, paramiko, jaydebeapi).
  • ⚠️Requires Java Development Kit (JDK) for JDBC database connections (e.g., Oracle, H2).
  • ⚠️Requires external services like Prometheus, Grafana, Loki, Elasticsearch, Kafka, Zookeeper, and Redis to be running.
  • ⚠️Many scripts require `sudo` privileges for service management.
  • ⚠️Requires `openssl` for certificate generation.
Review RequiredView Analysis
The project exhibits several critical security risks: extensive use of `subprocess.check_output` and `subprocess.Popen` in shell scripts and Python code for executing system commands, which is vulnerable to command injection if input is not meticulously sanitized. The `ssh_client_web.py` allows remote execution of commands via an API endpoint over SSH, posing a severe remote code execution risk. Hardcoded or weak credentials are found (e.g., empty MySQL passwords in `APM_Agent/docker-compose.yml`, 'test' basic auth in `standalone-uptime-config.json`, '1' for Gradio password in `alert-update-start.sh`). Numerous `requests.get(..., verify=False)` and `requests.post(..., verify=False)` calls disable SSL/TLS certificate verification, making communications susceptible to Man-in-the-Middle attacks. The `standalone-redis-server-script.py` reads/writes critical configuration files based on data from Redis, which could be exploited to alter system behavior if Redis is compromised. Docker configurations (`jaeger-msa-docker-compose.yaml`) explicitly disable security features (`xpack.security.enabled=false`). Services are often exposed on `0.0.0.0` without robust authentication mechanisms.
Updated: 2026-01-16GitHub
32
2
Medium Cost
estebamod icon

osmmcp

by estebamod

Sec9

Provides a suite of geospatial tools (geocoding, routing, nearby places, neighborhood analysis, EV charging) for large language models (LLMs) via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Go development environment (Go 1.18+ recommended) to build and run.
  • ⚠️Requires internet access to reach external OpenStreetMap services (Nominatim, Overpass, OSRM).
  • ⚠️For full LLM integration, the `CLAUDE_API_KEY` environment variable is expected by the client configuration generation utility.
Verified SafeView Analysis
The server implements robust security practices, including explicit path traversal checks for file operations, secure file permissions (0600), and proper configuration of HTTP clients with timeouts and User-Agent headers. Rate limiting is enforced for external OpenStreetMap API calls (Nominatim, Overpass, OSRM) to prevent abuse and adhere to API usage policies. Error responses are structured to avoid leaking sensitive backend information. No direct 'eval' or similar dynamic code execution vulnerabilities are apparent, and no hardcoded secrets are found in the provided source code (relying on environment variables for API keys).
Updated: 2026-01-19GitHub
32
2
Medium Cost
lukemurraynz icon

acs-email-mcp-server

by lukemurraynz

Sec9

Provides an MCP server to enable AI agents to send advanced emails via Azure Communication Services.

Setup Requirements

  • ⚠️Requires an Azure subscription with Azure Communication Services Email configured (a paid service).
  • ⚠️Environment variables `ACS_ENDPOINT` and `DEFAULT_SENDER_ADDRESS` must be set.
  • ⚠️Requires .NET 8 SDK, Azure Functions Core Tools, and Azure Developer CLI (azd) for local development and deployment.
Verified SafeView Analysis
The project demonstrates a strong focus on security in its architectural design, explicitly mentioning OAuth2/OpenID Connect, PKCE, Managed Identity, RBAC, API Management security policies, and Zero Trust principles in its documentation. It uses Azure Functions with a 'function' authentication level by default, and recommends managed identity for production. No 'eval', obfuscation, or hardcoded secrets were found in the provided code snippets. The `enableForwardingHttpRequest` and `enableHttpProxyingRequest` settings are standard for Azure Functions custom handlers but imply reliance on upstream security controls (like API Management, as documented in diagrams) for comprehensive protection.
Updated: 2026-01-19GitHub
32
1
Low Cost
ettysekhon icon
Sec9

Empower AI agents with real-time Google Maps location intelligence (directions, places, geocoding, traffic, roads, elevation, safety) through a standardized Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires a Google Maps Platform API Key.
  • ⚠️Specific Google Maps Platform APIs (Places, Directions, Geocoding, Distance Matrix, Roads, Elevation) must be enabled in Google Cloud Console.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The project uses Pydantic for configuration validation and loads API keys from environment variables or .env files. Kubernetes deployments utilize secrets for API keys, which is a good practice. Structured logging is implemented. There are no obvious signs of 'eval', obfuscation, or malicious patterns. Error messages can expose underlying API error details, which is a minor concern, but generally safe.
Updated: 2025-12-06GitHub
32
1
Medium Cost
vbrazo icon
Sec7

An AI-powered compliance assistant that automatically analyzes GitHub Pull Requests for security vulnerabilities, license compliance, code quality issues, and custom company rules.

Setup Requirements

  • ⚠️Requires GitHub App credentials and extensive setup (create app, set webhook, configure permissions, generate private key, install app).
  • ⚠️Requires E2B API Key (Paid service for sandboxed code execution).
  • ⚠️Requires Groq API Key (Paid service for AI inference).
  • ⚠️Requires PostgreSQL database and Redis instance.
Verified SafeView Analysis
The backend server employs good security practices for its own operation, including `helmet` for HTTP headers, `cors`, `zod` for environment variable validation, `pg` with SSL and connection pooling, and robust webhook signature verification using `crypto.timingSafeEqual`. However, the core functionality involves executing arbitrary code from GitHub PRs within an E2B Code Interpreter sandbox. While E2B aims for isolation, string interpolation is used to build Python scripts for execution within the sandbox (e.g., in `setupMCPServers`, `runAnalysis`, `fetchFileFromGitHub`, `runSecurityScan`), which, if not perfectly sanitized or if an input escapes the JSON/string context, could lead to code injection within the sandbox environment. The repository also explicitly includes `demo-repos` with 'intentional security vulnerabilities' (hardcoded secrets, SQL injection, weak crypto, `eval` usage), which while serving a testing purpose, highlight patterns that could be dangerous if run outside the intended sandbox context.
Updated: 2025-11-22GitHub
32
2
Medium Cost
akiojin icon
Sec9

Middleware server enabling large language models to interact directly with PlayFab game services for catalog, player, inventory, and title management.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a valid PlayFab account (Title ID and Developer Secret Key) configured via environment variables.
  • ⚠️Requires a supported LLM client (e.g., Claude Desktop) configured to interact with MCP servers.
Verified SafeView Analysis
The server demonstrates strong security practices for an LLM-controlled API gateway. It leverages environment variables for sensitive PlayFab credentials (PLAYFAB_TITLE_ID, PLAYFAB_DEV_SECRET_KEY), which are validated and not hardcoded. Logging redacts sensitive information like API keys and passwords. Crucially, all 'destructive' operations (e.g., delete_item, ban_users, delete_inventory_items) require an explicit 'ConfirmDeletion' or 'ConfirmBan' boolean flag to be set to 'true' in the input, acting as a critical safeguard against accidental or misinterpreted LLM commands. Input validation is also present in handlers to prevent malformed requests. The architecture uses a router for predefined handlers, limiting the attack surface to known API calls. While any system accepting LLM input requires continuous vigilance, the implemented safeguards are robust.
Updated: 2026-01-13GitHub
PreviousPage 168 of 713Next