Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
20
Medium Cost
koki7o icon

mcp-framework

by koki7o

Sec5

A Rust framework for building AI agents with built-in Model Context Protocol (MCP) support, multi-LLM integration, and a web-based inspector for debugging.

Setup Requirements

  • ⚠️Requires Rust 1.70+ to compile and run.
  • ⚠️Requires an `ANTHROPIC_API_KEY` environment variable for Claude LLM integration (paid service).
  • ⚠️Requires an `OPENAI_API_KEY` environment variable for OpenAI LLM integration (paid service).
  • ⚠️Browser automation examples require Playwright to be installed via `npm install -g @playwright/mcp` and browser binaries via `npx playwright install firefox`.
Review RequiredView Analysis
The server's design allows AI agents to dynamically call registered tools, which inherently introduces risks if tools are not carefully implemented and sandboxed. The `StdioConnector` enables spawning arbitrary external commands via a 'stdio://command args' URL scheme; if an attacker can control this URL or the tool arguments, it could lead to arbitrary code execution (e.g., command injection). The Web Inspector UI (`inspector.rs`) exposes internal server state and allows direct execution of tools without authentication, making it a critical vulnerability if exposed publicly. While API keys are loaded from environment variables, the powerful dynamic execution capabilities require rigorous input sanitization and strict access controls, especially in production environments.
Updated: 2025-12-28GitHub
32
2
Medium Cost
CaullenOmdahl icon

youtube-music-mcp-server

by CaullenOmdahl

Sec4

Full-featured MCP server for YouTube Music to search, manage playlists, and create smart recommendations through AI assistants.

Setup Requirements

  • ⚠️Requires `GOOGLE_OAUTH_CLIENT_ID` and `GOOGLE_OAUTH_CLIENT_SECRET` (Google OAuth credentials).
  • ⚠️Requires `ENCRYPTION_KEY` environment variable (a strong, 32-byte Base64 key) for secure token storage. Failing to provide this makes stored tokens easily compromised.
  • ⚠️Requires a PostgreSQL database (`DATABASE_URL` environment variable) for adaptive playlist functionality. Migration is needed on first run (`node dist/database/migrate.js`).
  • ⚠️Requires `SPOTIFY_CLIENT_ID` and `SPOTIFY_CLIENT_SECRET` for full adaptive playlist recommendation features.
Review RequiredView Analysis
The server uses AES-256-GCM for encrypting OAuth tokens for persistence, which is generally robust. However, if the `ENCRYPTION_KEY` environment variable is not explicitly provided, it falls back to a hardcoded, insecure default key. This makes stored tokens easily recoverable and poses a critical vulnerability. Input validation for tool parameters is handled using Zod, and database queries use parameterized statements to prevent SQL injection. OAuth is handled via the MCP SDK's proxy provider, abstracting many security complexities. The YTM_API_KEY is a publicly known key and not a secret.
Updated: 2026-01-09GitHub
32
1
Medium Cost
aborruso icon

ckan-mcp-server

by aborruso

Sec9

Enables AI agents to interact with CKAN-based open data portals for searching datasets, exploring organizations, and querying tabular data.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires `npm install` to get dependencies if running from source or locally.
  • ⚠️The CKAN MCP server currently only supports public CKAN API endpoints, without authentication for private instances.
  • ⚠️Deploying to Cloudflare Workers requires a Cloudflare account and setup using the Wrangler CLI.
Verified SafeView Analysis
The server is designed to be read-only and interact with public CKAN APIs. Input parameters are validated using Zod schemas. No 'eval' or hardcoded secrets were found in the provided source code. A previously identified ReDoS vulnerability in the `@modelcontextprotocol/sdk` dependency (version 1.25.1) has been resolved by updating to version 1.25.2. The server makes network requests to user-provided `server_url` which is inherent to its function. CORS is open (`Access-Control-Allow-Origin: *`) for public access.
Updated: 2026-01-19GitHub
32
2
Low Cost
mark-oori icon

mcpserve

by mark-oori

Sec1

A server for deploying AI/ML models, providing shell access and containerization features for development and remote access.

Setup Requirements

  • ⚠️Requires Docker for containerized deployment (as per `docker-compose.yml`).
  • ⚠️The `Getting Started` instructions in the README are inaccurate and misleading, referencing `npm install` and `node` commands for what is a Python-based server.
  • ⚠️API key authentication is disabled by default, requiring manual uncommenting of the middleware in `main.py` and configuration of `MCP_API_KEY` for any level of security.
Review RequiredView Analysis
CRITICAL: The `shell_command` tool uses `subprocess.check_output(command, shell=True)`, which is an extreme security risk. This allows arbitrary command injection if the `command` variable can be influenced by external input. Furthermore, the API key authentication middleware is commented out in `main.py`, meaning the server is unauthenticated by default. This combination allows for remote code execution without any authentication, making it highly vulnerable.
Updated: 2026-01-19GitHub
32
2
Medium Cost
staminna icon
Sec3

This server acts as an MCP (Model Context Protocol) interface for Directus, enabling AI assistants to programmatically interact with Directus data, schema, and operations.

Setup Requirements

  • ⚠️Requires Node.js version 22.0.0 or higher.
  • ⚠️CRITICAL: Provided IDE configuration examples (`show-windsurf-config.sh`) contain a hardcoded Directus API token. Users MUST replace 'your-directus-token-here' or the example token with their actual API token and ensure it is not exposed in configuration files or source control.
  • ⚠️WebSocket real-time subscription support is explicitly disabled by default in the main server configuration (`src/index.ts`) to 'reduce logging noise'. Users expecting this feature must manually enable it.
Review RequiredView Analysis
The core server code follows good security practices like using environment variables for tokens and handling HTTPS. However, a critical security vulnerability exists in the provided helper script `show-windsurf-config.sh` which hardcodes a Directus API token (`1X6eST1lyCGCtjGOucQ-i65tLXfcKkE4`). If a user copies this configuration into their IDE settings (as instructed) without replacing the placeholder, their Directus API token will be exposed, leading to unauthorized access. While the server itself reads from environment variables, the ease with which a user could adopt this insecure configuration significantly lowers the overall security posture. There is also an option to disable TLS certificate validation (`DIRECTUS_HTTPS_REJECT_UNAUTHORIZED=false`), which, if enabled by users, could lead to insecure connections.
Updated: 2025-12-12GitHub
32
2
Medium Cost
DanielAvdar icon

dev-kit-gh-mcp-server

by DanielAvdar

Sec2

A GitHub Model Context Protocol (MCP) server designed for automation, bots, and AI agents to perform focused repository operations.

Setup Requirements

  • ⚠️Requires `GITHUB_TOKEN` environment variable for GitHub API authentication (GitHub account required).
  • ⚠️Requires `uv` for development setup (`pipx install uv`).
  • ⚠️Server requires a GitHub repository context, either as a URL or a local Git repository path.
Review RequiredView Analysis
The server uses `dev-kit-mcp-server` which, as indicated in `pyproject.toml`'s `[tool.dkmcp.factory.include]` section, registers tools for local filesystem operations (`create_dir`, `move_dir`, `remove_file`, `rename_file`) and command execution (`exec_make_target`, `predefined_commands`). This means that any client or AI agent interacting with this MCP server could potentially execute arbitrary commands or manipulate the host's filesystem. While GitHub API interactions are authenticated via `GITHUB_TOKEN` (which is sourced from environment variables, not hardcoded), the exposure of host-level command execution and file system manipulation via the MCP interface is a critical security risk if not run in a highly sandboxed and authenticated environment. There is no clear justification for `eval` or obfuscation, and network risks are inherent to any server exposing such capabilities.
Updated: 2026-01-16GitHub
32
2
Low Cost
AkitoSakurabaCreator icon

Rule-MCP-Server

by AkitoSakurabaCreator

Sec8

A Model Context Protocol (MCP) server that enables AI agents (Cursor, Claude Code, Cline) to retrieve and apply common coding rules across projects.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for easy deployment and development environment setup.
  • ⚠️Requires Go 1.21+ and Node.js 18+ (with pnpm) for local development without Docker.
  • ⚠️Requires a PostgreSQL database for persistent storage.
  • ⚠️Production setup requires careful configuration of environment variables such as a strong `JWT_SECRET` and `ALLOWED_ORIGINS`.
Verified SafeView Analysis
The project demonstrates a strong commitment to security with features like RBAC (Public, User, Admin roles), API key authentication with bcrypt hashing and expiration, password policies (min length, complex characters), rate limiting, and audit logging. It enforces HTTPS for API key usage in production. It also implements CORS configuration. While `docker-compose.dev.yml` contains default database credentials for development, the documentation clearly states that strong, random `JWT_SECRET` and `ALLOWED_ORIGINS` are required for production, and database credentials should be configured via environment variables. Frontend stores authentication tokens in localStorage, which is a common practice but has XSS attack implications. No explicit 'eval' or obvious malicious patterns were found in the provided code.
Updated: 2026-01-14GitHub
32
2
High Cost
Jupiterian icon

ATP-Rankings-API

by Jupiterian

Sec6

Provides an MCP server to allow AI assistants to query historical ATP tennis rankings data.

Setup Requirements

  • ⚠️Requires `rankings.db` to be present; if not, you must run `python scripts/generate.py` (takes ~1 hour to build the entire database) or `python scripts/filler.py` (updates to latest data, faster) before running the server.
  • ⚠️Requires Python 3.12 or newer, as specified in `runtime.txt` and `Dockerfile`.
  • ⚠️Initial database population (via `generate.py` or `filler.py`) requires active internet connection to scrape data from `atptour.com`.
Verified SafeView Analysis
The server uses f-strings for SQLite table names in several database queries (e.g., `src/services.py`, `scripts/generate.py`, `scripts/filler.py`). While values are generally derived internally or validated against `sqlite_master`, this pattern is less robust against potential SQL injection than strictly parameterized queries for all components. Additionally, `src/main.py` uses `CORSMiddleware` with `allow_origins=["*"]`, which is a significant security risk for production deployments as it enables any domain to make cross-origin requests, requiring careful configuration for public access.
Updated: 2025-11-23GitHub
32
1
High Cost
isakskogstad icon

SCB-MCP

by isakskogstad

Sec9

Provides LLMs and AI chatbots access to official statistical data from Statistics Sweden (SCB) via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 18+ to run locally.
  • ⚠️Relies on the external Statistics Sweden (SCB) PxWebAPI 2.0.
  • ⚠️Optimal search results for tables and variables are achieved by using Swedish search terms, which may require specific prompting or translation from the LLM.
Verified SafeView Analysis
The server demonstrates good security practices with robust input validation using Zod, explicit rate limiting for the upstream API, and local lookups to minimize external calls. It uses a wildcard CORS origin, which is acceptable for a public API tool. There are no clear indications of 'eval' or command injection vulnerabilities from user input. Error handling from the upstream SCB API is generally abstracted, reducing exposure of raw internal messages. The build script uses `execSync` but is not part of the runtime server, making it safe.
Updated: 2025-12-02GitHub
32
7
High Cost
wukan1986 icon

akshare_mcp

by wukan1986

Sec8

Provides an MCP server exposing selected AKShare financial data interfaces for client applications like LLMs.

Setup Requirements

  • ⚠️Requires manual configuration (editing `config.py` or providing a custom one via `--config`) to whitelist/blacklist AKShare interfaces; otherwise, it exposes over 1000 functions which may overwhelm clients or consume too many LLM tokens.
  • ⚠️Requires Python >=3.10.
  • ⚠️Potential permission issues when attempting to modify the default `config.py` located in `site-packages`.
Verified SafeView Analysis
The server allows loading a configuration file from a user-specified local path using `importlib.util.spec_from_file_location`, which effectively executes Python code from that file. This is intended for local configuration and not a remote vulnerability, but users should ensure the specified configuration file is trusted.
Updated: 2025-11-20GitHub
32
2
Medium Cost
ck3mp3r icon

nu-mcp

by ck3mp3r

Sec8

Serves as a Model Context Protocol (MCP) server, exposing Nushell capabilities and custom CLI tools (e.g., Kubernetes, Git, Tmux) to AI agents with a focus on security and path validation.

Setup Requirements

  • ⚠️Requires Nushell (nu) to be installed and available in PATH.
  • ⚠️Many extension tools require specific CLI binaries (e.g., `argocd`, `kubectl`, `gh`, `tmux`) to be installed and configured in PATH for their functionality.
  • ⚠️Kubernetes-related tools (k8s, argocd) necessitate access to a Kubernetes cluster with a valid `kubeconfig`.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary Nushell commands, either directly via `run_nushell` or through extension tools. This is a powerful capability that inherently requires strong security controls. The project implements a robust security sandbox, primarily through path validation (`src/security/mod.rs`), which aims to prevent path traversal attacks and restrict filesystem access to explicitly allowed directories (current working directory plus any `--add-path` arguments). It uses canonicalization to resolve symlinks and `..` components. A critical component is the `safe_command_patterns.txt` allowlist. Commands matching these regex patterns (e.g., `gh api`, `kubectl get /apis/`) bypass full path validation, as they are presumed to use non-filesystem path arguments. The documentation (`src/security/README.md`) explicitly warns against adding commands that access the filesystem to this list. Misconfigurations or outdated patterns in this allowlist could introduce vulnerabilities. Non-existent path-like strings outside the sandbox (e.g., API endpoints) are cached (`PathCache`) for performance, but the system explicitly ensures that *existing* files outside the sandbox are never cached and are always blocked. Network communication is handled by the executed Nushell commands/tools (e.g., `curl`), not the Rust server itself, which operates over standard I/O (stdio). Destructive operations in extension tools (e.g., `delete_application` in ArgoCD, `kill_pane` in Tmux) are designed to require explicit `force: true` parameters and/or operate within safety modes (`MCP_K8S_MODE`, `MCP_GITHUB_MODE`). No hardcoded secrets were identified in the Rust codebase; environment variables are used for configuration. Overall, the project demonstrates a strong commitment to security, but the inherent power of executing arbitrary commands necessitates careful management of the allowlist and understanding of the sandbox's boundaries.
Updated: 2026-01-19GitHub
32
2
High Cost
evergreen-ci icon

evergreen-mcp-server

by evergreen-ci

Sec8

Enables AI assistants to interact with the Evergreen CI/CD platform for build analysis, project management, and debugging.

Setup Requirements

  • ⚠️Requires authentication with Evergreen via `evergreen login` CLI tool to set up OIDC credentials.
  • ⚠️Docker is the recommended and most straightforward deployment method, requiring Docker to be installed and running.
  • ⚠️Evergreen CLI must be installed locally to perform the initial authentication.
Verified SafeView Analysis
The server loads authentication credentials (OIDC tokens or API keys) from local files (`~/.evergreen.yml`, `~/.kanopy/token-oidclogin.json`) or environment variables, which relies on the host system's security. It uses `pyjwt.decode` with `verify_signature=False` for extracting user ID from access tokens; however, this is explicitly commented as being for display/query purposes only, with actual authentication verification handled by the OIDC provider during token exchange. This is a justified, but notable, design decision.
Updated: 2026-01-15GitHub
PreviousPage 175 of 713Next