Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

31
1
Low Cost
mahawi1992 icon

mwilliams_mcpbridge

by mahawi1992

Sec4

Optimizes AI agent context usage by providing a single, intelligent interface for multiple Model Context Protocol (MCP) servers with lazy schema loading and result compaction.

Setup Requirements

  • ⚠️Requires manual creation and configuration of `mcpbridge.config.json` with potentially sensitive credentials for underlying MCP servers.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Relies on `npx` to dynamically download and execute underlying MCP server packages, which can be a point of friction or security concern in some environments.
Review RequiredView Analysis
The server's core function involves spawning child processes configured in `mcpbridge.config.json` using arbitrary `command` and `args`. This design, while necessary for its operation, introduces significant security risks: 1. **Arbitrary Command Execution**: If an attacker gains control over `mcpbridge.config.json`, they could configure the bridge to execute arbitrary commands on the host system where it runs. 2. **Supply Chain Risk**: The example configuration uses `npx -y @some/mcp-server@latest`, which automatically downloads and executes packages from npm. This can introduce vulnerabilities if a specified package is compromised or if an untrusted source influences which package is configured. 3. **No New Tool Input Validation**: The bridge acts as a proxy, passing arguments directly to the child MCP server tools. It does not add an additional layer of input validation beyond what the child tools or the MCP SDK provide. Therefore, vulnerabilities in underlying MCP servers (e.g., SQL injection, arbitrary file access) could still be exploited through the bridge. 4. **Sensitive Information in Config**: `mcpbridge.config.json` can contain sensitive API keys and secrets. Improper handling or exposure of this file is a major security concern. The project explicitly warns against committing real credentials. The server itself does not use `eval` or dynamic code execution based on AI input within its own code. The primary risks stem from the powerful capabilities granted by its configuration and the privileges required to run child processes.
Updated: 2025-12-11GitHub
31
1
High Cost
ridhadev icon
Sec7

Analyzes oil and gas drilling data from CSV files, providing tools for Rate of Penetration (ROP), Mechanical Specific Energy (MSE), Non-Productive Time (NPT) calculations, and data visualization via an MCP server.

Setup Requirements

  • ⚠️Requires drilling data CSV files (e.g., `well_name time.csv`, `well_name depth.csv`) to be placed in `data/drilling/` or a custom directory specified by the `DRILLING_DATA_DIR` environment variable.
  • ⚠️Requires an Anthropic API Key (`ANTHROPIC_API_KEY`) for `mcp_chatbot.py` to interact with Claude.
  • ⚠️The `mcp_chatbot.py` client expects the drilling server to run on `stdio` transport, but `drilling_mcp_server.py` currently runs on `sse` (port 10000) when executed directly. For them to communicate, either the server's `mcp.run()` call needs to be changed to `stdio` or the client's connection type needs to be updated.
  • ⚠️The `mcp_chatbot.py` script needs its `SERVER_CONFIG_PATH` variable updated to point to the local `server_config.json` (or a copy like `_server_config_local_.json`), and `command`/`args` paths within that config might need local adjustment to ensure correct script execution paths.
Verified SafeView Analysis
The server allows saving filtered data to a user-specified output file path (`filter_data` tool), which, without explicit path sanitization or restriction, could potentially be exploited for arbitrary file writes (e.g., path traversal) if exposed to untrusted inputs. However, it's described as a mockup MCP server typically run in a local or trusted environment, mitigating the immediate severity. Input custom files are checked for size limits, which is good.
Updated: 2025-11-22GitHub
31
1
High Cost
nabajitdey icon

mcp-autogen

by nabajitdey

Sec8

Orchestrates a multi-agent system using Autogen to connect to and utilize tools exposed by various MCP (Model Context Protocol) servers, including local stdio and HTTP/SSE transports.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires a valid OpenAI API Key (Paid service) and potentially other LLM client credentials.
  • ⚠️Requires the 'mcpdoc' repository to be cloned separately if using the mcpdoc assistant.
  • ⚠️Requires the 'uvx' executable to be installed and its path correctly configured in 'app.py' for the mcpdoc adapter.
  • ⚠️The HTTP MCP server ('http-mcp-server/app.py') must be run in a separate process concurrently with the main 'app.py' for full functionality.
Verified SafeView Analysis
No direct 'eval' or hardcoded secrets are present in the provided code snippets. The OpenAI API key is loaded from environment variables, which is good practice. However, the system relies on launching external executables ('uvx' for mcpdoc adapter) and potentially fetching content from external URLs. This introduces a dependency on the trustworthiness of the configured 'uvx_path' binary and the URLs provided to the 'mcpdoc' adapter. Ensuring these external dependencies are trusted is critical for security. Network access to specified HTTP MCP servers is also required.
Updated: 2025-11-22GitHub
31
1
Low Cost
dongitran icon
Sec9

Generate OAuth credentials for Jira MCP Server to enable AI tools like Claude and Cursor to interact with Jira by simplifying the complex OAuth 2.0 flow into a click-and-copy process.

Setup Requirements

  • ⚠️Requires manual setup of an Atlassian OAuth 2.0 app in the Atlassian Developer Console, including specific callback URLs and permissions.
  • ⚠️Requires environment variables (Client ID, Client Secret, Redirect URI) to be configured in a .env file.
  • ⚠️The generated credentials are for the 'Jira-MCP-Server' and require that separate project to be installed and available for use with AI clients.
Verified SafeView Analysis
The server implements several good security practices: using UUID for CSRF protection ('state' parameter), deleting session data after use, loading sensitive credentials from environment variables, and offering optional workspace validation for enterprise use. It is stateless and does not store sensitive data persistently. The generated tokens are displayed in the browser for manual copy-pasting, which is inherent to its function, but users are explicitly warned about handling them securely. No 'eval' or malicious patterns were found.
Updated: 2025-11-25GitHub
31
1
Medium Cost
jeffgreendesign icon

textrawl

by jeffgreendesign

Sec9

Serves as a personal knowledge base allowing AI models (e.g., Claude) to search, retrieve, and add documents, emails, notes, and web pages from a user's collection.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0
  • ⚠️Requires a Supabase project URL and service role key, or a local PostgreSQL instance with `pgvector` extension enabled.
  • ⚠️Requires an OpenAI API Key (paid service) OR a local Ollama instance running with a compatible embedding model (e.g., `nomic-embed-text`) pulled and configured.
  • ⚠️Database schema must be initialized by manually running SQL scripts (`setup-db.sql`, `setup-db-memory.sql`) in Supabase or local PostgreSQL based on chosen embedding provider (OpenAI vs. Ollama dimensions differ).
Verified SafeView Analysis
The server demonstrates strong security practices including `timingSafeEqual` for bearer token comparison to prevent timing attacks, robust rate limiting across API endpoints to prevent DoS, and careful sanitization of user-provided filenames and output paths to mitigate path traversal and injection risks. Configuration is loaded from environment variables, with a production check for `API_BEARER_TOKEN`. Error handling avoids leaking stack traces in production. Input validation (file types, tag limits) is implemented for uploads. The `validateOutputDir` function is a good example of defense-in-depth against directory traversal by ensuring paths are within allowed base directories. Database interactions rely on the Supabase client and RPCs, which are generally safe against SQL injection if the underlying functions are parameterized.
Updated: 2026-01-19GitHub
31
1
Medium Cost
datablogin icon

GrowthNav

by datablogin

Sec8

Unified analytics infrastructure for growth marketing, enabling multi-tenant CLV analysis, marketing attribution, and automated client onboarding with diverse data sources.

Setup Requirements

  • ⚠️Requires Google Cloud Project setup and Application Default Credentials (for BigQuery, Sheets, Slides, Secret Manager).
  • ⚠️Anthropic API Key is required for LLM-assisted schema mapping (Paid Service).
  • ⚠️WeasyPrint library must be installed for PDF report generation.
  • ⚠️Google Workspace Domain-Wide Delegation configuration is needed for Google Sheets/Slides integration with impersonation.
Verified SafeView Analysis
The system implements strong SQL injection prevention through a QueryValidator that blocks destructive operations by default. Credential storage utilizes Google Secret Manager. However, the `configure_data_source` MCP tool allows direct passing of raw credentials (though `credentials_secret_path` is preferred for production). LLM-assisted schema mapping involves sending sample customer data to an external LLM (Claude), which is a design-level data exposure risk, though mitigated by sampling and LLM provider's data policies. Error sanitization for sensitive information is implemented.
Updated: 2025-12-13GitHub
31
2
High Cost
alphinside icon

adk-mcp-multimodal

by alphinside

Sec9

This server implements a multimodal AI agent for product marketing, enabling users to edit product photos and generate marketing videos from images using Google's ADK and Veo 3.1 API.

Setup Requirements

  • ⚠️Requires Google Cloud CLI and authentication (`gcloud auth application-default login`)
  • ⚠️Requires `aiplatform.googleapis.com` (and implicitly Veo API) to be enabled in Google Cloud Project
  • ⚠️Requires `uv` package manager for Python dependency management
  • ⚠️Requires Python 3.12
  • ⚠️Requires `GOOGLE_CLOUD_PROJECT` and `GOOGLE_CLOUD_LOCATION` to be configured in `.env` files
Verified SafeView Analysis
The system utilizes Google's ADK and GenAI models, relying on their inherent security. Environment variables are used for cloud project and location, avoiding hardcoded secrets. File uploads are processed and passed to Google APIs, minimizing direct execution risks. There are no obvious `eval` calls or other patterns for arbitrary code execution. Local file operations (e.g., `shutil.rmtree`) are confined to a designated 'gradio_artifacts' directory. Assumes the underlying Google APIs and ADK framework are secure.
Updated: 2025-11-22GitHub
31
1
High Cost
willianpinho icon

large-file-mcp

by willianpinho

Sec8

The server provides intelligent handling of large files with smart chunking, navigation, and streaming capabilities for AI applications.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Requires absolute file paths and appropriate file system read permissions for target files.
Verified SafeView Analysis
The server relies on Node.js standard file system operations (`fs`, `readline`) which generally prevent command injection via file paths. It includes `verifyFile` to check file accessibility and type. However, the `search_in_large_file` tool uses `RegExp` directly from user-provided patterns, which could expose the server to Regular Expression Denial of Service (ReDoS) attacks if a malicious regex pattern is provided. There are no hardcoded secrets, obfuscation, or direct `child_process.exec` calls, and it communicates via stdio, not network ports.
Updated: 2025-12-06GitHub
31
1
Medium Cost
paracetamol951 icon

P-Link-MCP

by paracetamol951

Sec5

The P-Link MCP Server connects AI clients (like ChatGPT, Claude) to a Solana-based payment system, enabling conversational management of cryptocurrency payments, wallet information, and creation of payment links.

Setup Requirements

  • ⚠️Requires a P-Link.io API Key for most operations, which can be obtained via MCP tools or on P-Link.io.
  • ⚠️Requires a running Redis instance for persistent state (e.g., OAuth codes, client info); otherwise, it defaults to an unsuitable in-memory store for production.
  • ⚠️For production use of the OAuth server, secure `MCP_JWT_SECRET` and RSA key pairs (`MCP_OAUTH_PRIVATE_KEY_PEM`, `MCP_OAUTH_PUBLIC_KEY_PEM`) must be configured.
Verified SafeView Analysis
The server uses 'change-me' as the default for `MCP_JWT_SECRET`, which is a critical vulnerability if not changed in a production environment. OAuth tokens embed the user's `APIKEY` directly, meaning if an access token is compromised, the API key is exposed. This design choice, while simplifying AI client interaction, carries a higher risk than opaque tokens. The system relies on secure configuration of OAuth keys (`MCP_OAUTH_PRIVATE_KEY_PEM`, `MCP_OAUTH_PUBLIC_KEY_PEM`) or it generates ephemeral keys suitable only for development. The `get_private_key_of_wallet` tool wisely redirects users to the P-Link.io website to obtain their private key, preventing direct programmatic exposure via the MCP server.
Updated: 2025-11-24GitHub
31
1
High Cost
Elhan1505 icon
Sec8

A Python-based server for a Model Context Protocol (MCP) enabling interactive career orientation (proforientation) dialogues via a REST API, designed to integrate with a Telegram bot.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid Service)
  • ⚠️Requires PostgreSQL database setup
  • ⚠️Requires Python 3.10 or higher
Verified SafeView Analysis
The server uses `os.getenv` for sensitive keys like `ANTHROPIC_API_KEY` and `DATABASE_URL`, preventing hardcoding. The framework loading mechanism (`_load_framework_sections`) correctly restricts file access to `.md` files within the designated `frameworks` directory, mitigating path traversal vulnerabilities. Database interactions use `psycopg2` which is standard. There are no obvious signs of `eval` or similar dangerous functions. The `bothelp_payment_webhook` endpoint simply logs incoming JSON without complex processing, reducing risk. Robust system prompts are used to guide the AI model, aiming to prevent prompt injection and information leakage, although this is more about AI behavior than code security.
Updated: 2025-12-13GitHub
31
1
Medium Cost
NicolasWs icon
Sec8

An MCP server for integrating Mistral AI's Codestral and general language models, providing AI-powered code assistance and general reasoning capabilities.

Setup Requirements

  • ⚠️Requires Mistral AI API Key (Paid Service)
  • ⚠️Requires Node.js and npm installed
Verified SafeView Analysis
The server uses Zod for robust input validation. It loads the Mistral API key from environment variables, which is good practice. No 'eval' or obvious obfuscation is present. File write operations (outputPath) exist; if an untrusted client could control the path, it might pose a local file system risk. However, for its intended use with trusted MCP clients like IDEs, this is generally acceptable.
Updated: 2025-12-07GitHub
31
1
Medium Cost
avisangle icon

method-crm-mcp

by avisangle

Sec9

Enables LLMs to interact with Method CRM data for comprehensive management of tables, files, user information, event-driven automations, and API keys.

Setup Requirements

  • ⚠️Requires a Method CRM account and an API key (obtained from the CRM dashboard). Certain API key management operations (create, update, delete) necessitate an Administrator role.
  • ⚠️OAuth2 authentication methods are currently placeholders, with only API Key authentication fully implemented and recommended.
  • ⚠️Testing with `npx @modelcontextprotocol/inspector` requires Node.js and npm to be installed, in addition to Python dependencies.
Verified SafeView Analysis
Authentication credentials (API keys) are securely read from environment variables, not hardcoded. File uploads have a strict 50MB size limit. The tool explicitly warns users about securely storing newly created API keys, which are only shown once. Robust error handling and retry logic are implemented for network requests. OAuth2 support is currently a placeholder, which would require a thorough security review upon implementation.
Updated: 2025-11-22GitHub
PreviousPage 193 of 713Next