Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
4
Medium Cost
Cadasto icon
Sec9

The openEHR Assistant MCP Server helps end-users, especially openEHR modelers and developers, with various openEHR-related tasks and APIs, including archetype exploration, semantic explanation, language translation, syntax correction, and design reviews, by connecting AI assistants to external data sources and tools.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for recommended setup.
  • ⚠️Relies on external Clinical Knowledge Manager (CKM) API accessibility and stability.
  • ⚠️Requires PHP 8.4+ and Composer for direct execution outside Docker.
Verified SafeView Analysis
The codebase demonstrates robust input validation, particularly for constructing file paths and API queries, using `preg_match` for whitelisting characters and `sprintf` to safely embed variables in XPath. External API calls (e.g., to CKM) are made using Guzzle, with sensitive configurations (base URL, SSL verification) managed via environment variables. XML parsing with `SimpleXMLElement` is used for internal terminology, which generally mitigates common XML External Entity (XXE) vulnerabilities by default in PHP, though explicit disabling of external entities is not observed. No direct use of `eval` or obvious hardcoded secrets were found. The project is noted as 'pre-release', which implies a higher inherent risk until version 1.0.
Updated: 2026-01-07GitHub
32
2
Medium Cost
lukemurraynz icon

mcp-server-acsemail

by lukemurraynz

Sec8

This server provides email sending capabilities using Azure Communication Services within a Model Context Protocol (MCP) framework.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires an Azure Communication Services resource with email capabilities configured (paid Azure service).
  • ⚠️Requires a verified sender email address in Azure Communication Services.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive Azure Communication Services credentials, avoiding hardcoding. It logs configuration issues. The `send_email_with_attachments` tool takes file paths as input; while this is standard for server-side operations, it introduces a potential risk if the MCP agent providing the file paths is untrusted or compromised, as it could lead to arbitrary file reads on the server's filesystem. However, within the trusted MCP environment, this is a controlled risk.
Updated: 2025-11-23GitHub
32
2
High Cost
Zevas1993 icon
Sec7

n8n workflow automation and intelligent assistance, leveraging AI (LLMs, GraphRAG) for design, generation, validation, and management of integration workflows.

Setup Requirements

  • ⚠️Requires a running n8n server instance with API access (N8N_API_URL, N8N_API_KEY).
  • ⚠️Requires an LLM backend (Ollama, vLLM, or Docker Model Runner) to be running and models pulled/loaded.
  • ⚠️Python environment with GraphRAG dependencies must be installed and configured for the GraphRAG bridge.
  • ⚠️SQLite databases for node information, event bus, and GraphRAG knowledge base need to be initialized or rebuilt.
  • ⚠️Hardcoded API schema path ('C:\Users\Chris Boyd\Downloads\api-1.json') is problematic for portability and may need manual adjustment or alternative schema loading.
  • ⚠️Node.js 20 or later is required.
Review RequiredView Analysis
The server uses `child_process.spawn` to run an external Python-based GraphRAG backend, which introduces a potential attack surface. Dynamic `require` calls in the node loader (`src/loaders/node-loader.ts`) rely on `package.json` paths, posing a risk if untrusted packages are loaded. Build scripts utilize `execSync` for database rebuilds, requiring a trusted build environment. A hardcoded, platform-specific path (`C:\Users\Chris Boyd\Downloads\api-1.json`) for API schema loading is a portability and potential security concern. Debug logging (`DEBUG_MCP`) can expose sensitive information if enabled in production.
Updated: 2025-12-15GitHub
32
2
Medium Cost
peteretelej icon

largefile

by peteretelej

Sec8

Navigate, search, and edit large codebases, logs, and data files that exceed AI context limits, using semantic code analysis and robust editing features.

Setup Requirements

  • ⚠️Requires `uvx` for installation and execution.
  • ⚠️Tree-sitter language bindings (e.g., `tree-sitter-python`) must be installed for full semantic analysis features. If not present, the server will gracefully degrade to text-based analysis.
  • ⚠️Operates only on absolute file paths; relative paths will fail.
Verified SafeView Analysis
The server primarily performs file I/O, string processing, and AST parsing. It uses `os.path.expanduser` and `os.path.abspath` for path normalization, but does not restrict file access to a specific directory. Therefore, if the AI provides arbitrary absolute file paths, it could potentially read or write to sensitive system files (e.g., `/etc/passwd`) if the server process has the necessary operating system permissions. Atomic file writes (temp file + rename) and automatic backups are implemented for data integrity. Tree-sitter, a native extension, is used for semantic parsing, which carries the inherent risk of vulnerabilities in native code when processing malformed input, though the server includes error handling and timeouts for parsing. No direct `eval()` or `os.system()` calls with unchecked user input were found. The 'is_binary_file' function helps prevent text operations on binary files, but does not mitigate risks associated with executing them.
Updated: 2026-01-19GitHub
32
2
Low Cost
OMCHOKSI108 icon

MCP-SERVER

by OMCHOKSI108

Sec7

Provides an MCP server for automated data analysis workflows including loading datasets, cleaning data, sentiment analysis, clustering, topic extraction, and generating comprehensive reports with visualizations for an AI client.

Setup Requirements

  • ⚠️Python 3.12+ is required (as per pyproject.toml).
  • ⚠️Requires specific Python libraries: pandas, scikit-learn, matplotlib, vaderSentiment, openpyxl, and fastmcp.
  • ⚠️Parquet file support is optional and requires additional installation of 'pyarrow' or 'fastparquet' (`pip install pyarrow`).
  • ⚠️The example `mcp.json` configuration uses a Windows-specific Python executable path (e.g., `D:\WORKSPACE\MCP\MCP_4\mcp\Scripts\python.exe`), which needs to be adjusted for non-Windows operating systems or replaced with a generic `python` command if Python is in the system PATH.
Verified SafeView Analysis
The server uses `stdio` transport, which primarily facilitates local inter-process communication (e.g., with Claude Desktop), thus inherently limiting direct external network exposure. No `eval` or direct command injection via user input was identified. However, tools like `load_dataset` and `run_full_analysis` accept a `path` argument, which, if unsanitized and combined with a directory traversal attempt (e.g., `../../../../etc/passwd`), could potentially allow unauthorized reading of local files via Pandas. This is a moderate risk, primarily due to the local execution context for tool invocation.
Updated: 2025-11-28GitHub
32
4
Medium Cost
Warashi icon
Sec7

Provides an MCP (Model Context Protocol) server to integrate PipeCD's application and deployment management capabilities with MCP clients.

Setup Requirements

  • ⚠️Requires access to a running PipeCD control plane.
  • ⚠️A PipeCD API Key is mandatory, provided via `PIPECD_API_KEY` environment variable or specified file path via `PIPECD_API_KEY_FILE`.
  • ⚠️The `PIPECD_INSECURE=true` setting should be avoided in production environments due to the security risks of unencrypted communication.
Verified SafeView Analysis
The server uses API keys for authentication with the PipeCD control plane. It supports reading the API key from an environment variable or a file. A critical risk is the `PIPECD_INSECURE` environment variable, which, if set to `true`, disables TLS/SSL for the connection to the PipeCD control plane, potentially exposing the API key and other sensitive data over an unencrypted channel. Users must ensure this is `false` in production environments unless operating in a fully trusted, isolated network.
Updated: 2025-11-22GitHub
32
2
Low Cost
Harshitshukla2003 icon

SSE-Server

by Harshitshukla2003

Sec8

Provides real-time monitoring of HTTP requests received by a local server using Server-Sent Events (SSE).

Setup Requirements

  • ⚠️Requires Node.js version 22.0.0 or newer.
  • ⚠️Requires `tsx` to run directly via the 'start' script.
Verified SafeView Analysis
The server-side code in `src/index.ts` is straightforward and lacks critical vulnerabilities like direct `eval` usage or hardcoded secrets. It serves an `index.html` file and then broadcasts incoming HTTP request details as JSON via SSE. A potential client-side risk (not auditable from provided code) would be if the dashboard (`index.html`) fails to sanitize this incoming data, potentially leading to Self-XSS for the monitoring user, but this is not present in the server logic.
Updated: 2026-01-19GitHub
32
2
Medium Cost
broadinstitute icon

fiss-mcp

by broadinstitute

Sec9

Enables Claude and Claude Code to interact with Terra.Bio for WDL pipeline development, monitoring, and debugging of genomics workflows.

Setup Requirements

  • ⚠️Python 3.10 or higher is required.
  • ⚠️Google credentials must be configured for Terra.Bio access (via FISS).
  • ⚠️Special installation for 'firecloud' is needed: `pip install "setuptools<80"` followed by `pip install --no-build-isolation -r requirements.txt`.
Verified SafeView Analysis
The server implements a 'read-only by default' policy, requiring an explicit `--allow-writes` flag to enable write operations, significantly enhancing safety. No 'eval' or obvious obfuscation detected. External API interactions are with well-known Google Cloud (Storage, Batch) and FISS APIs. No hardcoded secrets were found, and it supports authentication via standard Google Application Default Credentials or the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. The README provides extensive, critical guidance on data privacy and security when handling sensitive data (e.g., PHI, restricted genomic data).
Updated: 2026-01-15GitHub
32
2
Medium Cost
newerton icon
Sec8

Fetch stock market data including prices, indicators, and payment dates from the Status Invest API for Model Context Protocol (MCP) tools.

Setup Requirements

  • ⚠️Requires Node.js and npm for installation and execution.
  • ⚠️Requires internet access to 'statusinvest.com.br' for data fetching. Blocking this access will render the server inoperable.
Verified SafeView Analysis
The server primarily acts as a scraper for a public financial website (Status Invest) using direct HTTP fetch and HTML parsing (Cheerio). No 'eval' or direct code injection vulnerabilities were found. Sensitive data handling (API keys, user credentials) is not applicable as it accesses public data. Network calls are directed to a single external API domain. The primary risk is the fragility of web scraping against website changes, not a security vulnerability of the server itself.
Updated: 2026-01-15GitHub
32
2
High Cost
EBISPOT icon

GrEBI

by EBISPOT

Sec8

Integrative querying across multiple biomedical knowledge graphs, utilizing ontologies and LLM embeddings, accessible via a web API and UI.

Setup Requirements

  • ⚠️Requires significant local disk space (e.g., 2TB) and RAM (tens of GBs) for Neo4j and Solr data volumes.
  • ⚠️Extensive data preparation is required: Neo4j database exports, Solr indices, SQLite resolver databases, and metadata JSON files must be generated (typically via a Nextflow pipeline) and made available in specific local paths.
  • ⚠️Relies heavily on Docker and Docker Compose for local environment setup, and Kubernetes for production deployments.
Verified SafeView Analysis
The application generally employs good security practices, such as parameterized queries for Neo4j and Solr, and input validation against query templates, which mitigates common injection risks. Solr queries use `ClientUtils.escapeQueryChars` for user-provided strings. However, Neo4j is configured with `NEO4J_AUTH=none` in deployments, making the database inherently unsecured and relying entirely on external network isolation for protection. The `GrebiNeoRepo.rawQuery` method directly executes Cypher queries, which could be a risk if used with unsanitized user input, though its current visible uses appear to be with trusted internal queries.
Updated: 2026-01-11GitHub
32
2
Medium Cost
zenithpd icon

agent-sessions

by zenithpd

Sec9

A desktop application that monitors and provides quick access to active Claude Code AI agent sessions in terminals.

Setup Requirements

  • ⚠️Requires the 'Claude Code' agent (command-line tool) to be installed and actively running sessions for the application to monitor.
  • ⚠️The terminal focusing functionality heavily relies on AppleScript, making it primarily functional and fully effective on macOS. Its behavior on Windows/Linux for this feature might be limited or different.
Verified SafeView Analysis
The application is a local desktop utility built with Rust and Tauri. It interacts with local file systems (reading ~/.claude/projects/*.jsonl for session data) and system processes (using sysinfo to find Claude processes, ps to get TTYs, and kill to terminate processes). Terminal focusing is implemented using AppleScript, which executes system commands to interact with other local applications (iTerm2, Terminal.app, tmux). Opening external URLs (GitHub, custom development URLs) is initiated by user clicks in the UI. No 'eval' or code obfuscation is present. Hardcoded secrets are not evident for runtime operation. The security risk is low given its confined scope to local system interaction and user-initiated actions for sensitive operations like opening URLs or killing processes. The core functionality inherently involves controlling other local applications and processes.
Updated: 2026-01-19GitHub
32
2
Medium Cost
doublej icon
Sec3

Enables AI agents (like Claude) to interact with users through native macOS dialogs (confirmation, choice, text input) or a PWA for push notifications and responses.

Setup Requirements

  • ⚠️Requires macOS for the native dialog server component.
  • ⚠️The PWA component relies on an in-memory data store, meaning all session data and questions are lost on server restarts or scaling (e.g., Vercel function cold starts). Not suitable for production without replacing with a persistent database (like Vercel KV or Upstash Redis, as suggested in its README).
  • ⚠️Requires Node.js 18+ for the MCP server.
  • ⚠️Web Push notifications for the PWA require generating VAPID keys and configuring them as environment variables.
Review RequiredView Analysis
The PWA component (`ios-pwa`) uses an in-memory store for questions and subscriptions (`api/lib/store.ts`). This is explicitly noted as for 'demo' purposes and is not production-ready. It leads to data loss on restarts/scaling and lacks proper session authentication, making it vulnerable to session hijacking and unreliable for any persistent or multi-user scenario. The macOS component uses `child_process.execFile` to invoke a Swift CLI for native dialogs, which is generally safer than arbitrary shell execution but still relies on the integrity of the CLI binary. No obfuscation or obvious malicious patterns were found. The VAPID keys for push notifications are expected to be environment variables, which is good practice, but the in-memory store remains a critical flaw.
Updated: 2026-01-14GitHub
PreviousPage 184 of 713Next