Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

31
1
Low Cost
murigugitonga icon

mcp_server_client

by murigugitonga

Sec7

A Node.js server that exposes a "create-user" tool, designed to be integrated with LLMs via the Model Context Protocol SDK.

Setup Requirements

  • ⚠️Requires Node.js (version >=18 recommended as per package-lock.json and peer dependencies)
  • ⚠️Requires `npm install` to setup dependencies
  • ⚠️Requires TypeScript environment to build (`tsc`) or run directly with `ts-node` (as in `server:dev` script)
Verified SafeView Analysis
The `src/server.ts` file itself does not contain obvious security vulnerabilities, hardcoded secrets, or direct network exposure (it uses `StdioServerTransport` for local communication). It leverages Zod for input validation, which is a good practice. However, the `package.json` contains a `server:inspect` script that explicitly sets `DANGEROUSLY_OMIT_AUTH=true` when running with `@modelcontextprotocol/inspector`. While intended for local development and inspection, this flag bypasses authentication and represents a significant security risk if this server (or any server using the inspector) were ever exposed on a network in a non-development context. Additionally, the `create-user` tool's implementation is an empty `try...catch` block, meaning the actual data handling and its security cannot be assessed from the provided snippet.
Updated: 2025-12-13GitHub
31
1
Medium Cost
abneetwats24 icon

hr-policy-mcp

by abneetwats24

Sec6

Provides HR policy documents and basic math tools as authenticated Model Context Protocol (MCP) resources for consumption by AI agents.

Setup Requirements

  • ⚠️Requires an external Keycloak server running and accessible (e.g., at http://192.168.10.7:5555/realms/openspace) with a configured realm and client.
  • ⚠️Critical environment variables for OAuth2 client credentials (OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET) and the Keycloak issuer URL must be set via a .env file.
  • ⚠️Requires Python 3.13 or newer.
Review RequiredView Analysis
The server uses `httpx.AsyncClient(verify=False)` when performing OAuth2 token introspection, which disables SSL/TLS certificate validation. This is a critical security vulnerability for production environments, making it susceptible to Man-in-the-Middle (MITM) attacks. Additionally, the `CORSMiddleware` is configured with `allow_origins=["*"]`, which is overly permissive and insecure for production. While basic SSRF protection is implemented for the introspection endpoint, it relies on a hardcoded whitelist of local IP ranges, which may not be comprehensive. No hardcoded secrets were found, as client credentials are expected via environment variables.
Updated: 2025-12-12GitHub
31
1
Low Cost
midasol icon

sap-mcp-server

by midasol

Sec8

Enables AI agents and applications to interact with SAP Gateway systems through a modular architecture for OData operations.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires SAP Gateway access credentials configured in a '.env.server' file at the project root.
  • ⚠️Integration with external tools like Gemini CLI requires careful manual configuration of absolute paths and 'cwd' (current working directory) parameter in the client's settings file, which is noted as 'ABSOLUTELY CRITICAL' and a common troubleshooting point.
  • ⚠️For AI-powered examples, Google Gemini API Key is required.
Verified SafeView Analysis
The server emphasizes secure SAP integration with enterprise-grade authentication and SSL/TLS support. Credentials are managed via '.env.server' file, explicitly instructed not to be committed to version control, and proper file permissions are recommended. Input validation for OData queries is implemented to prevent injection attacks. However, the server's stdio transport directly exposes raw exception messages (str(e)) in case of tool call failures, which is an information leak and could be a moderate risk. The 'SAP_VERIFY_SSL=false' option, while intended for development, poses a risk if mistakenly used in production.
Updated: 2025-12-14GitHub
31
7
Medium Cost
Sec9

An MCP server that provides C# and XAML language intelligence by integrating with `csharp-ls` and built-in XAML analysis for AI assistants like Claude.

Setup Requirements

  • ⚠️Requires .NET 8.0 SDK or later to be installed.
  • ⚠️Requires `csharp-ls` (the C# Language Server) to be installed globally via `dotnet tool install --global csharp-ls`.
  • ⚠️Requires explicit configuration in Claude's `mcpServers` settings (e.g., `~/.claude.json` or `claude_desktop_config.json`).
  • ⚠️The `csharp_set_workspace` tool must be called first to initialize the workspace before using other C# tools.
Verified SafeView Analysis
The server primarily operates over standard I/O (stdio) for both MCP and LSP, limiting direct network exposure. It acts as an adapter between the AI assistant and the external `csharp-ls` language server. No 'eval', obfuscation, or hardcoded secrets are apparent in the provided source. Security relies heavily on the trustworthiness of the `csharp-ls` dependency.
Updated: 2026-01-02GitHub
31
1
Low Cost
monok8i icon

mcp-explorer

by monok8i

Sec1

A web application for testing and exploring Model Context Protocol (MCP) servers by acting as an API gateway for tool execution.

Setup Requirements

  • ⚠️Requires Docker for easy setup of both frontend and backend services.
  • ⚠️Python 3.13 or newer is required for the backend components.
  • ⚠️The core functionality relies on connecting to external MCP servers, meaning you will need an existing MCP server (like the provided 'test-server' example) to interact with.
Review RequiredView Analysis
CRITICAL SECURITY RISK: The `POST /mcp/stdio/connect` endpoint allows users to specify arbitrary `command`, `args`, and `env` parameters, which are directly used to spawn subprocesses on the backend server. This design choice enables Remote Code Execution (RCE) by anyone who can access the API. There is no authentication or authorization layer to restrict who can initiate these connections. Furthermore, the `CORSMiddleware` is configured with `allow_origins=['*']`, which is a significant security vulnerability in a production environment as it allows cross-origin requests from any source, potentially facilitating CSRF and other attacks. The entire application is unsafe to run if the backend API is exposed to untrusted networks or users. It should only be used in a highly controlled and isolated development environment.
Updated: 2026-01-13GitHub
31
2
Medium Cost
OpsOrch icon

opsorch-mcp

by OpsOrch

Sec9

The opsorch-mcp server acts as a Model Context Protocol (MCP) adapter, exposing read-only OpsOrch Core HTTP APIs as safe tools for Large Language Models (LLMs) and agent runtimes to query operational data.

Setup Requirements

  • ⚠️Requires a separate, running OpsOrch Core instance to fetch data from.
  • ⚠️The `OPSORCH_CORE_TOKEN` environment variable is critical for authentication with OpsOrch Core and should be set to a strong, non-default value in production environments.
  • ⚠️Requires a Node.js runtime environment (version 18 or higher recommended) for local execution, or Docker for containerized deployment.
Verified SafeView Analysis
The server's core functionality is explicitly read-only, which significantly reduces the attack surface for data manipulation. It uses environment variables for sensitive configurations like `OPSORCH_CORE_URL` and `OPSORCH_CORE_TOKEN`, which is a good practice. The HTTP transport includes configurable CORS (`MCP_HTTP_ALLOW_ORIGINS`) and Host header allow-lists (`MCP_HTTP_ALLOW_HOSTS`), enhancing network security for remote clients. Input validation is performed using `zod` schemas before making calls to the OpsOrch Core. There are no direct uses of `eval` or similar dangerous functions. The default `OPSORCH_CORE_TOKEN='demo'` for local development is a minor concern if not changed for production but is clearly documented. Overall, the code appears robust against common web vulnerabilities, relying on the security of the underlying 'OpsOrch Core' for data integrity.
Updated: 2026-01-08GitHub
31
92
High Cost
Azure-Samples icon

snippy

by Azure-Samples

Sec9

An AI-powered code snippet manager that integrates with GitHub Copilot via MCP, provides vector search for code, and uses AI agents for documentation and style guide generation.

Setup Requirements

  • ⚠️Requires an Azure Subscription (paid resources will be deployed).
  • ⚠️Requires a GitHub Account with Copilot subscription for full feature utilization.
  • ⚠️Docker Desktop is required for local development to run the Durable Task Scheduler emulator and Azurite.
Verified SafeView Analysis
The project uses robust security practices including Azure User-Assigned Managed Identity for service-to-service authentication (eliminating hardcoded API keys in production), Azure Function App keys for HTTP endpoints, and Azure AD App Registration for Model Context Protocol (MCP) access. While HTTP endpoints are exposed, the project explicitly recommends further hardening with Private Endpoints and a thorough security review before production deployment. No 'eval' or obvious obfuscation was found in the provided code snippets.
Updated: 2025-12-18GitHub
31
1
Medium Cost
pankaj28843 icon

docs-mcp-server

by pankaj28843

Sec8

A Model Context Protocol (MCP) server that provides AI assistants with access to documentation sources through a unified search API.

Setup Requirements

  • ⚠️Requires `uv` (Rust-based Python package manager) for dependency management and execution.
  • ⚠️Requires Python 3.10+.
  • ⚠️Web crawling features leverage Playwright, which requires browser binaries (Chromium, Firefox, or WebKit) to be available in the execution environment, potentially increasing image size or setup complexity.
  • ⚠️Optimal search performance benefits from `ripgrep` (rg) being installed, though it has a fallback to `Path.rglob`.
Verified SafeView Analysis
The server uses `subprocess.run` for external tools like `ripgrep` and `docker`, and for internal scripts like `index_audit`. While these are part of the intended functionality and generally handled carefully (e.g., arguments constructed from `Path` objects to prevent shell injection), they expand the attack surface if dependencies are compromised or user-supplied paths are not adequately sanitized. Network operations for crawling, Git syncing, and optional external article extraction introduce risks related to untrusted content sources and external service dependencies. Secrets (e.g., Git authentication tokens, fallback extractor API keys) are configured to be loaded from environment variables, which is a good practice. SQL queries in `sqlite_storage.py` and `segment_search_index.py` appear to be parameterized, mitigating SQL injection risks. Overall, the project demonstrates an awareness of security best practices, but reliance on external configurable services requires diligent user configuration and trust.
Updated: 2026-01-18GitHub
31
6
Low Cost
pinax-network icon

pinax-mcp

by pinax-network

Sec9

Connects MCP-compatible clients (e.g., Claude Desktop) to remote MCP servers, specifically The Graph Token API, by acting as a bridge between stdio and HTTP/SSE transports.

Setup Requirements

  • ⚠️Requires a JWT Access Token, which must be obtained by creating an account and generating a key on thegraph.market.
  • ⚠️Requires a `REMOTE_URL` specifying the target MCP server endpoint.
  • ⚠️Intended for use with an existing MCP client (e.g., Claude Desktop, Cline) that supports stdio transport for communication.
Verified SafeView Analysis
The client functions as a transparent bridge, forwarding JSON-RPC requests from stdio to a remote server. There is no indication of local code execution vulnerabilities (e.g., `eval`, `child_process`) from incoming messages. The primary security considerations are the integrity of the remote MCP server and the secure handling of the `ACCESS_TOKEN`, which authenticates requests to the external service. The client uses `z.any()` for request payloads, meaning it relies on the remote server for request parameter validation.
Updated: 2025-11-20GitHub
31
1
Low Cost
samestrin icon

llm-tools

by samestrin

Sec9

Provides high-performance filesystem operations (file management, editing, search, archiving) as an MCP server for AI agents like Claude Code, acting as the agent's 'hands' for codebase interaction.

Setup Requirements

  • ⚠️Requires Go 1.21+ if installing from source.
  • ⚠️Requires explicit configuration of `--allowed-dirs` for security and functionality.
  • ⚠️Requires proper `claude_desktop_config.json` setup, ensuring the correct binary path is configured.
Verified SafeView Analysis
The server explicitly validates all paths against configured allowed directories to prevent path traversal attacks. It also resolves and validates symlinks, and detects/handles binary files appropriately. Built in Go, it leverages type safety and avoids dangerous patterns like 'eval'. Relies on secure argument passing to underlying CLI binaries. API keys for LLM integration (in other tools of the suite) are expected via environment variables, not hardcoded.
Updated: 2026-01-18GitHub
31
1
Low Cost
serenorg icon

x402-mcp-server

by serenorg

Sec7

Enables AI agents to pay for x402-protected database queries and API calls using USDC on the Base blockchain.

Setup Requirements

  • ⚠️Requires Node.js and npm (or pnpm) to run.
  • ⚠️The default setup relies on the `WALLET_PRIVATE_KEY` environment variable for `PrivateKeyWalletProvider`, which is suitable for development and testing but not recommended for production due to inherent security risks.
  • ⚠️The `WalletConnectProvider` is mentioned but requires additional setup and `WALLETCONNECT_PROJECT_ID`.
Verified SafeView Analysis
The server uses environment variables (`WALLET_PRIVATE_KEY`, `WALLETCONNECT_PROJECT_ID`) for sensitive configurations, which is good practice to avoid hardcoding. However, the default and recommended setup in the `src/index.ts` uses `PrivateKeyWalletProvider`, which explicitly states it's 'NOT recommended for production' due to its reliance on a private key directly in environment variables. While it's suitable for development, this introduces a significant security risk if used carelessly in a production environment. Input validation for `sql` queries is basic (`startsWith('SELECT')`), delegating full SQL injection protection to the upstream x402 gateway. The server's core function involves EIP-712 signing, which relies on the security of the `viem` library and the provided private key/WalletConnect setup.
Updated: 2025-12-11GitHub
31
13
Medium Cost
Sec6

Enables an LLM to manage a Java application by providing a bridge to JMX API via Jolokia.

Setup Requirements

  • ⚠️Requires a running Java application with a Jolokia agent attached (for Standalone mode) or configured as a JVM agent itself.
  • ⚠️Requires careful configuration of JMX security (authentication, authorization) on the target Java application/Jolokia agent, as this MCP server does not implement its own security layer for JMX access.
  • ⚠️The JVM Agent distribution opens an HTTP port directly in the target Java application, potentially exposing JMX capabilities if network access is not restricted.
Review RequiredView Analysis
The server's core function is to expose powerful JMX operations (read/write attributes, execute operations) to an LLM. While the server's code itself does not contain 'eval' or malicious patterns, these JMX operations can lead to significant runtime modification or arbitrary code execution in the target Java application if the underlying Jolokia agent and JMX are not rigorously secured with authentication, authorization, and network access controls. The server acts as a direct proxy for these capabilities, and its safety is entirely dependent on the security configuration of the managed Java application, which is external to this server.
Updated: 2026-01-05GitHub
PreviousPage 192 of 713Next