Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
1
Medium Cost
SirKanaad26 icon
Sec3

Integrates Google Gmail and Calendar APIs to enable an AI agent to read emails and manage calendar events with stateful authorization for event deletions.

Setup Requirements

  • ⚠️Requires Python 3.12+ (as per pyproject.toml)
  • ⚠️Requires a Google Cloud project with Gmail API and Google Calendar API enabled.
  • ⚠️Requires Google OAuth 2.0 Desktop Client credentials (`credentials.json`) from Google Cloud Console.
  • ⚠️Requires `uv` for dependency installation or `pip install -r requirements.txt`.
Review RequiredView Analysis
The server has a critical prompt injection vulnerability as explicitly stated in the README. Email content, fetched by the `read_emails` tool, is passed directly to the AI model without sanitization. This allows malicious instructions embedded in emails to manipulate the AI into performing unintended calendar actions (e.g., creating, updating, or deleting events). While a stateful authorization layer was added to prevent deletion of *external* calendar events, it does not mitigate the risk of: 1) creating new malicious events, 2) updating existing events (even external ones), or 3) deleting MCP-created events based on injected prompts. The AI model retains full `calendar` scope, allowing broad manipulation. The README advises against production use.
Updated: 2025-12-01GitHub
32
1
Medium Cost
CyrilBaah icon

hn-mcp-server

by CyrilBaah

Sec9

Provides programmatic access to HackerNews content via the Model Context Protocol (MCP) for AI assistants and other clients to search, retrieve, and analyze stories, comments, and user profiles.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️HTTP/SSE transport mode requires additional dependencies (`starlette`, `uvicorn`, `sse-starlette`) installed via `pip install hn-mcp-server[http]`
Verified SafeView Analysis
The server uses Pydantic models extensively for input and output validation, significantly reducing common injection and data integrity risks. It leverages `httpx` for secure (HTTPS) external API communication. Environment variables are used for configuration, avoiding hardcoded secrets. A client-side rate limiter is implemented to prevent abuse of the upstream HackerNews Algolia API. No `eval` or `exec` calls are present. The HTTP transport relies on `uvicorn` and `starlette`, which are well-vetted libraries. One point is deducted as it exposes an HTTP/SSE endpoint, which inherently has a broader attack surface than stdio, although secured by standard practices.
Updated: 2026-01-16GitHub
32
2
High Cost
SDSU-CompE-561-Fall-2025 icon

ai-tutor

by SDSU-CompE-561-Fall-2025

Sec4

AI Tutor is a comprehensive learning platform that helps students study smarter by interacting with an AI model, generating educational videos, and providing learning insights, integrating with Google Drive for document management.

Setup Requirements

  • ⚠️Requires OpenAI, ElevenLabs, and Google Gemini API keys (potentially paid services).
  • ⚠️Requires a Google Cloud Project setup for Google OAuth2 (CLIENT_ID, CLIENT_SECRET, REDIRECT_URI).
  • ⚠️Requires `uv` for Python package management and `Node.js` for the frontend if not using Docker.
  • ⚠️Docker is highly recommended for simplified setup, otherwise, multiple services need to be started manually.
Verified SafeView Analysis
CRITICAL: The `docker-compose.yml` and `settings.py` files contain default placeholder secrets (`SESSION_SECRET`, `fernet_key`, `secret_key`) that must be changed in production to prevent severe security vulnerabilities. CRITICAL: The CORS middleware in `app.main.py` is set to `allow_origins=["*"]` which is explicitly noted for testing only and must be restricted in production to prevent cross-site request forgery (CSRF) and other related attacks. Minor: Broad exception handling (`except Exception as e`) in `google_drive.py` and `mcp/server/main.py` could potentially mask errors or leak sensitive information if error messages are not sanitized. However, the system uses strong password hashing (argon2), JWT for authentication, and Fernet encryption for sensitive data like OAuth tokens and chat messages, which are good practices. Input validation is also extensively used via Pydantic schemas.
Updated: 2025-12-13GitHub
32
1
Medium Cost
morrain icon

akMcpServer

by morrain

Sec3

This server provides real-time and historical stock market data to LLMs via the Model Context Protocol, including a Puppeteer-based fallback.

Setup Requirements

  • ⚠️Requires a separate AkShare API wrapper service to be running and accessible at `AKSHARE_API_BASE_URL`.
  • ⚠️Puppeteer's `--no-sandbox` argument significantly reduces security, which is a concern if the server is exposed to untrusted web content or running in a non-isolated environment.
  • ⚠️Node.js and pnpm must be installed to run directly (though `npx` abstracts `pnpm install`).
Review RequiredView Analysis
The Puppeteer setup disables sandboxing (`--no-sandbox`, `--disable-setuid-sandbox`), which is a critical security vulnerability if the scraped `eastmoney.com` content is malicious or compromised, potentially allowing code execution outside the browser environment. Additionally, the default `AKSHARE_API_BASE_URL` uses `http` instead of `https`, meaning communication with the AkShare API wrapper is unencrypted and vulnerable to eavesdropping and tampering if not hosted securely within a trusted network.
Updated: 2025-12-01GitHub
32
2
Medium Cost
MiloCreditPlatform icon

loanpro-mcp-server

by MiloCreditPlatform

Sec9

Exposes read-only LoanPro financial data via Model Context Protocol (MCP) using HTTP, SSE, and stdio transports for integration with AI agents or other clients.

Setup Requirements

  • ⚠️Requires LoanPro API credentials (LOANPRO_API_URL, LOANPRO_API_KEY, LOANPRO_TENANT_ID) which are likely paid/private.
  • ⚠️Requires a Go 1.21+ development environment to run from source.
  • ⚠️Primarily designed for interaction with a Model Context Protocol (MCP) client, not a standalone user interface.
Verified SafeView Analysis
The server correctly uses environment variables for API credentials, avoiding hardcoded secrets. It employs structured logging (`slog`). The code is well-structured Go with no obvious malicious patterns, 'eval' usage, or obfuscation. CORS is broadly enabled ('Access-Control-Allow-Origin: *'), which is common for APIs but could be restricted further for specific deployment scenarios if stricter access control is desired.
Updated: 2025-12-12GitHub
32
2
Medium Cost
sbl-sdsc icon

mcp-proto-okn

by sbl-sdsc

Sec7

Provides an AI assistant interface to query scientific knowledge graphs via SPARQL endpoints, with specialized support for Proto-OKN and FRINK platforms.

Setup Requirements

  • ⚠️Requires a compatible client application like Claude Desktop (Pro/Max subscription) or VS Code Insiders (GitHub Copilot subscription).
  • ⚠️Requires Python 3.10+ to be installed.
  • ⚠️Requires 'uvx' (or 'pip') to be installed and accessible in your PATH for execution.
  • ⚠️Requires network access to the specified SPARQL endpoint and raw.githubusercontent.com for metadata and documentation.
Verified SafeView Analysis
The server acts as a proxy, directly forwarding user-provided SPARQL queries to target endpoints. While the server itself does not execute arbitrary code, it exposes the underlying SPARQL endpoint to potential SPARQL injection attacks if the AI or user crafts malicious queries. No direct 'eval' or obvious hardcoded secrets found. Relies on fixed GitHub URLs for metadata retrieval, mitigating Server-Side Request Forgery (SSRF) risk for those specific fetches. The 'clean_mermaid_diagram' tool uses regex for string manipulation, which is generally safe but could pose a theoretical ReDoS (Regular Expression Denial of Service) risk with extremely complex or malicious patterns on untrusted input.
Updated: 2026-01-18GitHub
32
2
Low Cost
sandraschi icon
Sec4

Manages database connections, executes queries and data operations, inspects schema, and performs advanced browser bookmark management across multiple browsers and database types, including AI-powered features for tagging and analysis.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Requires `uv` (Python package manager) to run the server via the provided command.
  • ⚠️Windows-specific operations require a Windows operating system and may need administrator privileges for registry access.
  • ⚠️Firefox browser must be completely closed for write operations on its database to avoid locking issues, or `force_access=True` must be used (labeled 'dangerous!' in docs).
  • ⚠️Database servers (e.g., PostgreSQL, MongoDB, ChromaDB) must be running and accessible for respective operations.
  • ⚠️External API keys (e.g., OpenAI) are implicitly required for AI-powered features if they are to perform actual API calls.
Review RequiredView Analysis
The server involves extensive direct file system access to sensitive user data (browser profiles, Plex DBs) and direct database operations. This poses risks of path traversal or data corruption if input paths and queries are not rigorously sanitized by the caller. The `ENABLE_PASSWORD_STORAGE` environment variable, when enabled, allows storing database credentials on disk, which is explicitly labeled a 'DEV MODE' feature and is a significant security risk if used in production or without proper local encryption. Operations like 'bruteforce' database access for Firefox (explicitly labeled 'dangerous!') further highlight potential stability or integrity risks. While parameterized queries are recommended in some tool docstrings, the responsibility lies with the caller to prevent SQL injection. External API calls for AI features require secure management of API keys and careful consideration of data privacy.
Updated: 2026-01-16GitHub
32
2
High Cost
cozycrafters icon

cozyreq

by cozycrafters

Sec6

An AI agent to interact with and explore API endpoints by consuming OpenAPI specifications and user prompts.

Setup Requirements

  • ⚠️Requires Python 3.14+
  • ⚠️Requires 'mise' for dependency management and environment setup.
  • ⚠️Relies on a Pydantic AI agent (pydantic-ai) which will incur token costs with the underlying AI model (e.g., Mistral).
Verified SafeView Analysis
The application fetches OpenAPI specifications from user-provided URLs. While `httpx` and `openapi-pydantic` are used for fetching and parsing, a malicious URL or a malformed specification could potentially lead to SSRF or resource exhaustion. The core functionality relies on a `pydantic-ai` agent to interact with APIs based on the prompt and spec, the security of which depends on the `pydantic-ai` library's internal safeguards against arbitrary code execution or unintended actions by the AI model. No explicit 'eval' or hardcoded secrets were found.
Updated: 2026-01-17GitHub
32
2
Medium Cost
JupiterOne icon
Sec9

Provides a Model Context Protocol (MCP) server that enables AI assistants and other MCP clients to interact with JupiterOne's security data, rules, dashboards, and integrations.

Setup Requirements

  • ⚠️Requires an active JupiterOne Account, API Key, and Account ID.
  • ⚠️Requires Node.js version 18 or greater to run.
  • ⚠️For new rules and dashboard widgets, J1QL queries must be syntactically correct and adhere to JupiterOne's specific query language rules; the server includes validation and suggestions for common errors.
Verified SafeView Analysis
The server uses `dotenv` to load environment variables for sensitive credentials (API key, account ID, OAuth token), preventing hardcoding. Input validation is performed using `zod` schemas for tool parameters, reducing risks of malformed input. Interactions with the JupiterOne API are via `graphql-request` and `fetch` for deferred queries, which are standard and generally secure, assuming the JupiterOne API itself is trusted. Query validation is implemented for J1QL, which adds a layer of defense against invalid or potentially harmful queries, although it focuses on syntax rather than direct injection into the underlying database (J1QL is not SQL). There are no obvious uses of `eval`, direct command injection points, or unnecessary network access. The `package.json` does not contain unusual or unsafe scripts. The primary security considerations revolve around proper configuration of JupiterOne API credentials.
Updated: 2025-12-05GitHub
32
2
Medium-High Cost
carmentacollective icon

carmenta

by carmentacollective

Sec6

A heart-centered AI platform that unifies external services and internal AI agents into a single conversational interface, facilitating intelligent routing, personal knowledge management, and automated task execution.

Setup Requirements

  • ⚠️Requires PostgreSQL database with Drizzle ORM configured via DATABASE_URL.
  • ⚠️Full functionality, especially scheduled agents, requires a running Temporal server accessible via TEMPORAL_ADDRESS.
  • ⚠️Requires API keys for at least one LLM provider (OpenRouter or Vercel AI Gateway) and Clerk for user authentication.
  • ⚠️Code Mode (`/api/code`) executes real bash commands and requires specific project path configurations or workspace mode setup.
Review RequiredView Analysis
The system employs robust AES-256-GCM encryption for API keys and OAuth tokens stored in the database, and uses SVIX for webhook signature verification. However, it exposes high-privilege features: 1. **Code Mode**: Allows execution of arbitrary bash commands (`lib/code/bash-executor.ts`) within user-selected project paths. While `DANGEROUS_DIRS` are defined and environment variables are sanitized, this feature inherently carries a high risk if not rigorously sandboxed and permissioned for specific, trusted users/environments. 2. **MCP Servers**: AI agents can configure and interact with custom Microservice Control Plane (MCP) servers, allowing dynamic integration of external APIs via `createMcpServer` and `raw_api` calls. This significantly expands the attack surface, as a malicious or compromised MCP server could execute arbitrary operations. 3. **Raw API Access**: Many service adapters (e.g., LinkedIn, CoinMarketCap, Gmail, Spotify) expose a `raw_api` operation, enabling AI agents to make direct, arbitrary calls to external service APIs. This bypasses higher-level abstractions and requires careful control of the agent's intent and context. Rigorous access control, environment isolation (e.g., running Code Mode in ephemeral, isolated containers), and comprehensive monitoring are critical.
Updated: 2026-01-19GitHub
32
2
Medium Cost
elifarley icon

hug-scm

by elifarley

Sec9

Provides AI assistants with access to Hug SCM commands for investigating and understanding Git and Mercurial repositories.

Setup Requirements

  • ⚠️Python 3.10+ required
  • ⚠️Hug SCM CLI must be installed and in system PATH
  • ⚠️Requires manual configuration of Claude Desktop's `claude_desktop_config.json`
Verified SafeView Analysis
The server explicitly states that it only exposes read-only operations to AI assistants, preventing any destructive actions on the repository. It uses `subprocess.run` with list arguments, which mitigates shell injection risks. Path validation is implemented to prevent directory traversal attacks and ensure commands operate on valid, existing directories. No hardcoded secrets or direct network listening are evident in the provided source code.
Updated: 2026-01-19GitHub
32
2
High Cost
tonyredondo icon

debugger-mcp-server

by tonyredondo

Sec8

A cross-platform server and CLI for remote crash dump analysis, interactive debugging, and AI-assisted diagnostics using WinDbg or LLDB.

Setup Requirements

  • ⚠️Requires .NET 10 SDK.
  • ⚠️Requires a platform debugger: WinDbg (Windows) or LLDB (Linux/macOS).
  • ⚠️AI analysis features require an API key for a supported LLM provider (OpenRouter, OpenAI, Anthropic), which are typically paid services.
Verified SafeView Analysis
The server provides optional API key authentication, CORS configuration, and rate limiting. File uploads are rigorously validated (magic bytes, size limits, ZIP extraction rules, path sanitization). Session isolation ensures users only access their own data. The 'exec' command allows raw debugger command execution, which is powerful and requires high privilege on the host, but is an intended function of a debugging server. Sensitive debugging outputs and LLM prompts/responses can be traced to disk if enabled, which requires careful handling.
Updated: 2026-01-13GitHub
PreviousPage 179 of 713Next