Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

31
1
Low Cost
mogami-tech icon

x402-mcp-server

by mogami-tech

Sec2

Enables native x402 payments for AI agents via a Spring Boot server, exposing payment operations as MCP tools.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) for Spring Boot execution.
  • ⚠️Requires configuration of x402 payment credentials (e.g., wallet keys) for transaction processing.
  • ⚠️Dependencies on Mogami Java x402 Client, which needs to be available.
Review RequiredView Analysis
Full source code for the Spring Boot server and its dependencies is not provided, making a comprehensive security audit impossible. The provided content is limited to a README. As a payment-processing server, it inherently deals with sensitive financial transactions and requires rigorous security practices (e.g., secure handling of payment keys, robust authentication, input validation, secure communication). Without access to the actual Java source code, critical vulnerabilities such as insecure API endpoints, improper credential storage, or business logic flaws cannot be assessed. The 'Mogami Java x402 Client' is a dependency, and its security also impacts the overall system.
Updated: 2025-11-23GitHub
31
1
Medium Cost
hyperpolymath icon

poly-db-mcp

by hyperpolymath

Sec9

Provides a unified Model Context Protocol (MCP) server for querying and managing over 20 diverse databases (SQL, NoSQL, Vector, Cache) through a single natural language interface.

Setup Requirements

  • ⚠️Requires Deno runtime to execute the server.
  • ⚠️Database connections are configured individually via environment variables (e.g., POSTGRES_HOST, MONGODB_URL) for each database you intend to use.
  • ⚠️Designed to be integrated with an MCP-compatible client (e.g., Claude Code) for natural language interaction.
Verified SafeView Analysis
The server leverages Deno's secure runtime with explicit permission grants (`--allow-net`, `--allow-read`, `--allow-write`, `--allow-env`), avoiding `--allow-run` to prevent shell execution vulnerabilities. It actively tests against hardcoded credentials in adapters and enforces environment variable-based configuration for sensitive data. A comprehensive `SECURITY.md` outlines robust vulnerability reporting and disclosure policies, including a 'Safe Harbour' for researchers. The `PROVEN-INTEGRATION.md` indicates a plan to integrate formally verified modules for SQL injection prevention and schema validation, demonstrating a proactive approach to security by design. Pre-commit hooks for GitHub Actions also enforce security best practices for workflows. The primary security boundary for data access relies on the user's configuration of database authentication, which is a common and necessary practice.
Updated: 2026-01-17GitHub
31
1
Low Cost
cbolden15 icon
Sec4

Personal tool for managing Claude Code and Auto-Claude project configurations across multiple projects and machines, acting as a single source of truth for agent personas, MCP servers, model profiles, and project settings.

Setup Requirements

  • ⚠️Requires Node.js 20.0.0+ and pnpm 9.0.0+ for local development/CLI.
  • ⚠️The server has no built-in authentication and relies entirely on network-level trust (e.g., local network, VPN like Tailscale). This is a critical security consideration.
  • ⚠️Requires Docker for production deployment.
  • ⚠️A `CCM_ENCRYPTION_KEY` environment variable (32+ characters) must be set for encryption features to work. Otherwise, sensitive data will be unencrypted or features will fail.
  • ⚠️Full Auto-Claude features require a separate Auto-Claude installation.
Review RequiredView Analysis
The server explicitly states 'No authentication - Relies on network-level trust (local network / Tailscale)'. This is a critical security vulnerability if the server is exposed outside a strictly controlled, trusted network. If deployed incorrectly (e.g., publicly accessible without a VPN/firewall), it could allow unauthorized access to sensitive configurations and API keys. Sensitive data like API keys are encrypted at rest in the database and masked in the UI, which is good practice, but the lack of transport-layer authentication remains a significant risk by design.
Updated: 2026-01-19GitHub
31
6
High Cost
hamid-vakilzadeh icon

AIRA-SemanticScholar

by hamid-vakilzadeh

Sec9

Provides AI models with comprehensive access to the Semantic Scholar Academic Graph API for intelligent literature search, paper analysis, and citation network exploration.

Setup Requirements

  • ⚠️Semantic Scholar API Key (for higher rate limits and full access)
  • ⚠️Wiley TDM Client Token and institutional access (for Wiley full-text PDF download functionality)
  • ⚠️Node.js runtime required
Verified SafeView Analysis
API keys are properly externalized via environment variables or client configuration. Robust error handling and rate-limiting are implemented for external API calls. PDF processing is in-memory using a widely used library (pdfjs-dist). CORS is set to '*' which is generally acceptable for an MCP server designed for integration, but could be restricted further in a highly specific production deployment.
Updated: 2025-11-19GitHub
31
1
Low Cost
Alexpoopy1 icon
Sec4

Enables AI agents to interact with and automate tasks within Roblox Studio by executing specific commands.

Setup Requirements

  • ⚠️Requires manual installation of a Roblox Studio plugin (`loader.server.lua`).
  • ⚠️Requires 'Allow HTTP Requests' to be enabled in Roblox Studio's Game Settings > Security.
  • ⚠️The Roblox Studio game must be running (e.g., in Play mode) for the plugin to be active and respond to commands.
Verified SafeView Analysis
The server includes a 'RunConsoleCommand' tool that allows the connected AI agent to execute arbitrary Luau code within Roblox Studio. While this is an intended feature for powerful automation, it represents a critical security risk if the AI agent is compromised or misaligned, as it could lead to unintended or malicious modifications within the Roblox Studio environment. The server runs on localhost, limiting direct external network attacks.
Updated: 2025-12-09GitHub
31
1
Medium Cost
miziodel icon

navigravity

by miziodel

Sec9

Empowers an AI agent to act as a sophisticated music curator for a self-hosted Navidrome library, focusing on quality, discovery, and non-destructive management.

Setup Requirements

  • ⚠️Requires a running Navidrome server with a user account and its URL, username, and password configured in a .env file.
  • ⚠️Requires Python 3.10+ to run.
  • ⚠️Designed to be run by an MCP-compatible AI client (e.g., Claude Desktop, Zed, Cursor) or the MCP Inspector for direct interaction.
Verified SafeView Analysis
The server utilizes standard practices for configuration (.env for secrets), structured logging (JSON), and external API interaction (libsonic). It runs as a local MCP server process, not exposing a public network port by default, which minimizes direct attack surface. Input sanitization is present (e.g., regex for song IDs). There are no direct `eval` or `exec` calls on user-supplied input. File system operations are limited to logging within a configurable path, and directory creation is handled safely. The primary risks would stem from vulnerabilities within the external Navidrome instance or the `libsonic` library, which are outside the scope of this server's direct code.
Updated: 2026-01-18GitHub
31
2
Low Cost
DAFoam icon
Sec3

Facilitate conversational pre-processing, CFD simulations, optimization, and post-processing of airfoil and wing designs using DAFoam.

Setup Requirements

  • ⚠️Requires Docker or a Linux environment with DAFoam compiled from source and configured.
  • ⚠️Requires DAFoam, OpenFOAM, ParaView (`pvpython`), MPI, pyGeo, pyHyp, prefoil, python-stl, Pillow, Trame, and VTK to be installed and configured in the environment.
  • ⚠️Starts HTTP servers on ports 8001 and 8002; these ports must be available and may need to be exposed if running in a container.
Review RequiredView Analysis
The server uses `subprocess.run` and `subprocess.Popen` to execute shell commands with user-provided arguments (e.g., `airfoil_profile`, `cpu_cores`, `mach_number`, `reynolds_number`, `x_location`, `y_location`, `zoom_in_scale`, `flow_field`, `time_step`, `mesh_cells`, `y_plus`, `n_ffd_points`, `mesh_tool`, `max_cell_size`, `mesh_refinement_level`, `n_boundary_layers`, `mean_chord`, `wing_span`, `leading_edge_root`, `leading_edge_tip`, `angle_of_attack`, `lift_constraint`, `max_opt_iters`, `reference_area`, `primal_func_std_tol`, `spanwise_chords`, `spanwise_x`, `spanwise_z`, `spanwise_twists`). These arguments are directly interpolated into bash commands using f-strings without robust input sanitization. This creates a severe **command injection vulnerability** if a malicious user can control any of these input values. For example, injecting `"; rm -rf /"` into a string argument could lead to arbitrary code execution. Additionally, an HTTP server and a Trame viewer are started on ports 8001 and 8002 respectively, accessible on `0.0.0.0`, which exposes generated plots and interactive viewers over the network. The `download_airfoil_from_uiuc` function downloads files based on user input, which could be a vector for malicious file downloads if the `airfoil_name` input could be manipulated. `os.system` is also used for file operations.
Updated: 2026-01-09GitHub
31
1
Low Cost
umitkacar icon
Sec9

Orchestrates multi-agent AI systems, managing tasks, communication, and collective intelligence processes like voting and brainstorming, exposed via a robust API and client SDKs.

Setup Requirements

  • ⚠️Requires PostgreSQL database setup and migration execution.
  • ⚠️Requires Redis for caching, sessions, and distributed locking.
  • ⚠️Requires RabbitMQ message broker for inter-agent communication.
  • ⚠️Node.js runtime version 18.0.0 or higher is required for TypeScript SDK/Node.js components.
  • ⚠️Python runtime version 3.8 or higher is required for Python SDK/agents.
  • ⚠️An API Key is required for client authentication.
  • ⚠️Database migrations must be run post-setup.
Verified SafeView Analysis
The system demonstrates a strong focus on security, featuring dedicated modules for JWT-based authentication/authorization (using bcrypt for hashing), comprehensive Joi-based input validation with explicit sanitization against XSS, SQL injection, command injection, and path traversal. It also implements extensive security event logging (authentication, authorization, data access, configuration changes, policy violations, rate limits, encryption events, compliance audits) with reporting and alerting capabilities. Secrets are managed via environment variables (dotenv), and Kubernetes secret examples are provided. No obvious hardcoded secrets or 'eval' without clear justification were found. Score is high, but a perfect 10 would require explicit details on secure secret injection mechanisms in production deployment and regular external security audits.
Updated: 2025-12-11GitHub
31
1
Medium Cost
aike1202 icon
Sec9

Enables AI assistants to securely interact with various relational databases for querying data, analyzing schema, and performing controlled data modifications.

Setup Requirements

  • ⚠️The `DATABASE_URL` environment variable is mandatory for server operation.
  • ⚠️Connecting to SQL Server or Oracle might require specific network configuration, such as enabling TCP/IP protocols or adjusting firewall settings.
  • ⚠️The `get_table_ddl` tool is not fully implemented for PostgreSQL and SQL Server, returning null for these database types.
Verified SafeView Analysis
The server employs robust security measures against SQL injection by using parameterized queries in most database adapters (MySQL, PostgreSQL, SQLite, Oracle). Table names passed to `describe_table` and `inspect_table` tools are rigorously validated using a regex to prevent injection. The `MCP_DB_READ_ONLY` environment variable provides a critical safeguard to disable all write operations. Audit logs capture detailed information about tool calls, queries, and parameters. While the SQL Server adapter's parameter conversion logic could theoretically misinterpret '?' within string literals in AI-generated SQL, the underlying driver's parameter binding still mitigates direct SQL injection from user-supplied values.
Updated: 2025-11-22GitHub
31
1
Medium Cost
chrisgermon icon

crowdit-mcp-server

by chrisgermon

Sec8

Unified Model Context Protocol (MCP) server for integrating various business services and applications, designed to be interacted with by AI agents.

Setup Requirements

  • ⚠️Requires Google Cloud SDK (gcloud CLI) to be installed and authenticated for deployment and secret management.
  • ⚠️Critical credentials for all integrations (e.g., HaloPSA, Xero, Azure) must be manually updated in Google Secret Manager after initial deployment (placeholder values are used initially).
  • ⚠️OAuth authorization flows for integrations like Xero and SharePoint require manual browser interaction to obtain refresh tokens, which then need to be saved to Secret Manager.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Many integrations require specific service principal/API key configurations in their respective platforms (e.g., Azure AD App Registrations, HaloPSA API Clients).
Verified SafeView Analysis
The server leverages Google Secret Manager for sensitive credentials, which is a strong security practice. API key authentication is enforced by middleware for most endpoints. However, if 'MCP_API_KEY' is not configured, the server allows unprotected access (though it logs a warning). SSH host verification can be optionally disabled for Ubuntu/VisionRad servers, which is a potential MITM risk if not carefully managed. Destructive operations (e.g., Azure resource group deletion) include 'force' flags that bypass confirmation, requiring careful agent prompting. A Xero client ID is hardcoded in `deploy.sh`, which might be a public ID, but generally hardcoding IDs can be risky. Initial secret setup involves placeholder values that *must* be manually updated.
Updated: 2026-01-19GitHub
31
1
Low Cost
hyperpolymath icon

hyperpolymath

by hyperpolymath

Sec10

This repository provides foundational security policies and development workflow validation hooks crucial for maintaining a secure and compliant Model Context Protocol (MCP) ecosystem.

Verified SafeView Analysis
The provided source code consists of security policies (Markdown files) and Git pre-commit hooks (shell scripts). This code does not implement a 'server' or any application logic that would typically expose network interfaces, handle user input, or process sensitive data directly. Instead, it enforces robust security best practices for development workflows within a larger ecosystem. The scripts analyze local files for compliance with security standards such as SHA-pinning for GitHub Actions, explicit workflow permissions, SPDX license headers, and correct CodeQL configuration. No 'eval' or other dangerous patterns are present, no hardcoded secrets were found, and there are no direct network risks or obfuscation. The `SECURITY.md` outlines clear vulnerability reporting and use of automated security tools.
Updated: 2026-01-18GitHub
31
1
Low Cost
loadept icon

pg-mcp

by loadept

Sec4

A read-only PostgreSQL server providing database information and query execution via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a PostgreSQL database connection URI.
  • ⚠️Go 1.25+ is required to build or run from source.
  • ⚠️Communicates via the Model Context Protocol (MCP) over standard I/O, requiring a compatible MCP client or wrapper for practical use.
Review RequiredView Analysis
The 'execute_query' tool directly executes user-provided SQL queries without robust input sanitization or explicit enforcement of 'SELECT only' statements in the code. Although the transaction is marked 'ReadOnly: true', malicious users could craft queries for time-based blind SQL injection, information leakage (accessing unintended tables), or resource exhaustion (complex/long-running queries), despite the README's implied 50-row limit (which is not enforced in the provided source). The PostgreSQL connection URI is passed via a command-line flag, which can expose credentials in process listings; using environment variables or a secrets manager is generally more secure.
Updated: 2025-12-12GitHub
PreviousPage 189 of 713Next