Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
2
Medium Cost
JamesANZ icon

us-legal-mcp

by JamesANZ

Sec3

The US Legal MCP server provides comprehensive US legal data, including Congress bills, Federal Register documents, and court opinions, for integration into AI workflows.

Setup Requirements

  • ⚠️Optional API keys (CONGRESS_API_KEY, COURT_LISTENER_API_KEY) are recommended for enhanced access and to avoid rate limiting.
  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Manual installation requires running `npm run build` to compile the TypeScript source code.
Review RequiredView Analysis
A hardcoded CourtListener API key (`258021eb4dd1901f1acfdb3f521fb8a7837a9097`) is present in `scripts/postinstall.js`. This key is automatically written to the `claude_desktop_config.json` during installation, potentially exposing a shared key to all users. This poses a significant risk for abuse, rate-limiting, or revocation of the key, impacting the reliability and ethical use of the tool. API keys should always be managed securely through environment variables and never hardcoded.
Updated: 2025-12-10GitHub
32
1
Medium Cost
urstory icon

uml-mcp-server

by urstory

Sec8

Image and UML diagram generation via Google Gemini API, exposed as a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Google Gemini API Key (paid service, stored locally in `~/.gemini_api_key`).
  • ⚠️Requires Java runtime and `plantuml.jar` installed for UML generation (as `generate-uml.js` calls Java).
  • ⚠️Requires local `create-uml` and `generate-uml` shell scripts to be present and executable in expected paths (`~/.local/bin/`).
Verified SafeView Analysis
The server uses `child_process.execSync` and `child_process.exec` to run local scripts (`create-uml`, `generate-uml`). While arguments are stringified or passed as JSON to these scripts, any vulnerabilities in the downstream scripts or their argument parsing could lead to command injection. API keys are read from a file in the user's home directory (`~/.gemini_api_key`), which is better than hardcoding, but requires secure management by the user. Network calls are made to Google APIs, which are external dependencies.
Updated: 2025-11-24GitHub
32
2
Medium Cost
devexpert-io icon
Sec1

Generates and edits images using Google Gemini AI, offering both an MCP server and a command-line interface.

Setup Requirements

  • ⚠️Requires `GOOGLE_API_KEY` environment variable.
  • ⚠️Node.js version >=18 required.
  • ⚠️The `sharp` dependency has native components that may require specific build tools or libraries (`libvips`) on the host system.
Review RequiredView Analysis
Critical path traversal vulnerabilities exist in `ImageService.saveImage` and `GeminiService.toInlinePart`. An attacker capable of sending tool call requests could exploit these by providing crafted `outputPath`, `images` (context images), or `watermarkPath` arguments to read or write arbitrary files on the server's filesystem. Additionally, `safetySettings` for Gemini are explicitly set to `BLOCK_NONE` for all harm categories, meaning the server will not filter potentially harmful content generated by Gemini.
Updated: 2025-11-27GitHub
32
2
Medium Cost
sin5ddd icon

mcp-sqlew

by sin5ddd

Sec6

Manages AI agent context, including decisions, tasks, constraints, and file changes, with advanced database operations for migration, export, and import.

Setup Requirements

  • ⚠️Requires SQLite database by default, or an external MySQL/PostgreSQL database to be configured. This implies a database setup and connection beyond simple execution.
  • ⚠️CLI database operations explicitly state 'npx is not supported' and require 'npm run' from the project directory, which can be a source of confusion.
  • ⚠️Extensive local filesystem read/write privileges are required for configuration files (.sqlew), AI agent definitions (.claude), and source control integration (.git, .gitignore).
  • ⚠️SaaS plugin integration requires network access to 'https://api.sqlew.io' for downloading and executing additional code, introducing an external dependency and trust requirement.
Review RequiredView Analysis
The server includes a dynamic plugin loading mechanism (install-saas.ts) that downloads and executes code from a remote endpoint (api.sqlew.io). This introduces a significant supply chain risk if the remote server is compromised or provides malicious code. Extensive file system interactions are present (e.g., .sqlew/, .claude/, .git), requiring broad local file permissions. While Knex.js mitigates basic SQL injection by default, complex database logic or raw queries could still introduce vulnerabilities. No direct 'eval' or obvious hardcoded secrets were found in the provided snippets, with sensitive database credentials being handled via environment variables.
Updated: 2026-01-16GitHub
32
20
High Cost
schemacrawler icon
Sec9

Provides an AI-powered agent to assist with database schema analysis, design issue identification, and SQL query generation.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed and running.
  • ⚠️Requires configuration of database connection details and credentials (user/password) via environment variables or .env files.
  • ⚠️Primary client usage instructions focus on Visual Studio Code, though other MCP clients are mentioned.
Verified SafeView Analysis
The provided source code consists of Docker Compose configuration files and documentation. It correctly externalizes sensitive database credentials (SCHCRWLR_DATABASE_USER, SCHCRWLR_DATABASE_PASSWORD) to be sourced from environment variables or .env files, preventing hardcoding. No 'eval' or obfuscation is present in the provided snippets. The security score reflects the setup's adherence to good practices for secret management and the absence of obvious vulnerabilities in the configuration itself. The security of the underlying 'schemacrawler-ai' Docker image's internal code is not auditable from these files.
Updated: 2026-01-04GitHub
32
2
Medium Cost
ncdcdev icon
Sec8

Provides SharePoint and OneDrive document search and download functionality through an MCP server.

Setup Requirements

  • ⚠️Requires Python 3.12 and the 'uv' package manager.
  • ⚠️Significant manual setup is required in Azure AD (application registration, certificate upload/client secret creation, API permissions, admin consent).
  • ⚠️OAuth authentication mode is only supported with HTTP transport (`--transport http`), not stdio.
Verified SafeView Analysis
The server relies on Azure AD for authentication, supporting both certificate-based (application permissions) and OAuth (user delegated permissions) methods. It uses environment variables for sensitive configurations, preventing hardcoded secrets. The `SharePointTokenVerifier` explicitly notes it accepts SharePoint tokens without full cryptographic validation, relying on the OIDC proxy flow's security (PKCE, direct Azure AD issuance). This is a documented design choice, not a direct vulnerability, but it's a point of awareness. Robust error handling and network timeouts are implemented.
Updated: 2025-11-27GitHub
32
2
High Cost
JeroenPieksma icon

claude-computer

by JeroenPieksma

Sec3

An open-source platform demonstrating Claude's autonomous computer interaction capabilities, featuring real-time monitoring, behavioral frameworks (including a Gen Z crypto enthusiast persona), and tools for automated pull request creation and digital exploration.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (Paid service) for Claude models.
  • ⚠️Requires Docker for containerized deployment.
  • ⚠️The local setup script ('setup.sh') requires Python 3.12 or lower.
  • ⚠️Computer use is a beta feature with significant security risks; it is strongly recommended to run this server in a dedicated virtual machine or container with minimal privileges and restricted network access.
Review RequiredView Analysis
The server's design inherently allows the AI agent to execute arbitrary shell commands via the 'bash' tool and modify files via the 'edit' tool. While this is intentional for autonomous operation, it constitutes a critical security risk if not run in a highly sandboxed and isolated environment (e.g., dedicated VM with minimal privileges, no sensitive data, limited internet access). The 'edit' tool's use of 'find' command with potentially unsanitized 'path' from AI input could be a shell injection vector. The project's README explicitly warns about these unique risks and recommends precautions.
Updated: 2026-01-19GitHub
32
2
Medium Cost
Brainwires icon

project-rag

by Brainwires

Sec8

A RAG-based codebase indexing and semantic search server for code understanding, supporting incremental indexing and git history search.

Setup Requirements

  • ⚠️Requires Git to be installed on the system for git history search functionality.
  • ⚠️Indexing large codebases can be memory and CPU intensive, especially during initial full indexing.
  • ⚠️Can be configured to use an external Qdrant vector database (via `qdrant-backend` feature), which would require a running Qdrant server, but LanceDB (embedded) is the default.
Verified SafeView Analysis
The server performs extensive filesystem operations for indexing and caching, but uses `std::fs::canonicalize` to mitigate path traversal risks in user-provided paths. It also employs filesystem-based locks (`flock()`) for cross-process coordination, which can be vulnerable to denial-of-service if not handled carefully, but appears designed for cooperative environments. Communication by default is over stdio, limiting direct network exposure. No hardcoded secrets or direct `eval`-like constructs were identified. The embedding model (`FastEmbed`) downloads its components over the network, which is a standard and expected behavior.
Updated: 2026-01-16GitHub
32
2
Medium Cost
Knuckles-Team icon

audio-transcriber

by Knuckles-Team

Sec5

Provides an MCP micro-service and an A2A agent for audio transcription and processing using OpenAI Whisper models, capable of transcribing from files or live microphone input.

Setup Requirements

  • ⚠️Requires Docker for easy deployment via docker-compose.
  • ⚠️Requires FFmpeg installed on the host or within the container for full audio format support.
  • ⚠️The A2A agent typically expects a local OpenAI-compatible LLM server (e.g., Ollama or LM Studio) running at `http://localhost:1234/v1` for its language model interactions.
  • ⚠️Ubuntu dependencies for PyAudio (`libasound-dev portaudio19-dev libportaudio2 libportaudiocpp0 ffmpeg gcc`) are required if installing directly on Linux.
Review RequiredView Analysis
The `audio_transcriber/utils.py` module uses `pickle.load` which is a known deserialization vulnerability if `load_model` is called with a file from an untrusted source, potentially leading to arbitrary code execution. The `transcribe_audio` MCP tool accepts `audio_file` and `directory` as parameters, which could expose the server to path traversal or arbitrary file processing if not properly sanitized and validated by the client, though `whisper.load_model` and `Path.exists()` offer some protection. The `compose.yml` file hardcodes `OPENAI_API_KEY=llama` for both the MCP and Agent services, which, while likely intended for local Ollama-compatible setups, is a hardcoded secret in the configuration.
Updated: 2026-01-19GitHub
32
2
Medium Cost
bahfahh icon

noteit-mcp

by bahfahh

Sec5

Provides an HTTP Model Context Protocol (MCP) server for AI coding tools to access structured agent profiles and personalized notes, enhancing AI development workflows.

Setup Requirements

  • ⚠️Requires a Next.js environment for self-hosting, as it's implemented as a Next.js API route.
  • ⚠️Setting up OAuth 2.1 or managing API tokens for authentication can be a friction point for self-hosting, as the README primarily directs users to a hosted service to obtain tokens.
Review RequiredView Analysis
A comprehensive security audit cannot be performed as the provided 'SOURCE CODE' only contains the README.md file, not the actual server implementation. Therefore, critical checks for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns within the operational code are impossible. The stated use of OAuth 2.1 and API tokens in the README indicates an intent for secure authentication, but the implementation details are unknown.
Updated: 2025-12-13GitHub
32
2
Low Cost
lespaceman icon

athena-browser-mcp

by lespaceman

Sec9

An MCP server for browser automation that exposes semantic, token-efficient page representations optimized for LLM agents.

Setup Requirements

  • ⚠️Requires Node.js and npm to build and run.
  • ⚠️Playwright browser binaries (Chromium, Firefox, WebKit) need to be installed, usually handled by `npm install`.
  • ⚠️Connecting to an external browser via `connect_browser` might require setting `CEF_BRIDGE_HOST` and `CEF_BRIDGE_PORT` environment variables, or specifying the `endpoint_url` argument.
Verified SafeView Analysis
The server uses Playwright's `page.evaluate()` and CDP's `Runtime.evaluate` to execute JavaScript within the browser context, which is standard for browser automation. Inputs to these browser-side executions are sanitized (e.g., via `JSON.stringify`) where user-controlled. Sensitive data (passwords, tokens) are masked in outputs, and URLs are sanitized to strip sensitive query parameters, which are strong security features. The `connect_browser` tool allows connection to an arbitrary CDP endpoint, which is an inherent feature of CDP-based tools; users should ensure the endpoint is trusted.
Updated: 2026-01-17GitHub
32
2
Medium Cost
saicrazysai icon

n8n-workflows

by saicrazysai

Sec1

Provides a collection of ready-to-use n8n workflows for various automation tasks involving API integrations and AI services.

Setup Requirements

  • ⚠️Requires an existing n8n application installation to import and run the workflows.
  • ⚠️Workflows need to be individually configured with appropriate API keys and credentials within the n8n environment after import.
  • ⚠️The primary method of obtaining the workflows is by downloading a ZIP file from a raw GitHub URL, which requires manual extraction and carries inherent security risks due to lack of direct code review.
Review RequiredView Analysis
The provided 'source code' is a README.md file which describes n8n workflows but does not contain the actual workflow definitions. The repository instructs users to download a ZIP file (n8n-workflows.zip) directly from a raw GitHub URL (https://raw.githubusercontent.com/saicrazysai/n8n-workflows/main/retrovaccination/n8n-workflows.zip). Without inspecting the contents of this ZIP file, it is impossible to verify the safety or maliciousness of the actual workflows. Downloading and running unverified code from an unknown source is a critical security risk. No code patterns like 'eval', obfuscation, hardcoded secrets, or network risks can be identified from the README alone as it does not contain executable code.
Updated: 2026-01-19GitHub
PreviousPage 182 of 713Next