Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Medium Cost
FatherOfCurses icon

mcp_sql_demo

by FatherOfCurses

Sec9

Provides secure, multi-database access for LLMs to inspect MySQL schemas and execute SQL queries, supporting both read and configurable write operations with fine-grained schema-specific permissions.

Setup Requirements

  • ⚠️Requires Node.js v20 or higher.
  • ⚠️Requires MySQL 5.7 or higher (8.0+ recommended).
  • ⚠️MySQL user must have appropriate permissions for enabled operations (e.g., INSERT, UPDATE, DELETE, DDL).
  • ⚠️For remote mode, `REMOTE_SECRET_KEY` must be set and kept secure.
Verified SafeView Analysis
The server demonstrates strong security practices: it defaults to read-only mode, enforces schema-specific permissions for write/DDL operations, uses prepared statements to prevent SQL injection (implicitly via mysql2 library), and requires a `REMOTE_SECRET_KEY` for remote access. The primary security risks would stem from misconfiguration (e.g., granting excessive MySQL user privileges, setting `MULTI_DB_WRITE_MODE=true` without granular schema permissions, or using a weak `REMOTE_SECRET_KEY`). The `scripts/setup-test-db.ts` file uses hardcoded `mcp_test_password` but this is strictly for a test environment.
Updated: 2025-11-26GitHub
30
1
Medium Cost
leomrodrigues icon

ping-mcp

by leomrodrigues

Sec7

A Model Context Protocol (MCP) server for Solana blockchain interactions, enhancing DApp development with agentic capabilities.

Setup Requirements

  • ⚠️Requires Node.js (version 14 or higher) and npm.
  • ⚠️Requires SOLANA_PRIVATE_KEY and RPC_URL to be configured as environment variables.
  • ⚠️The `install.sh` script modifies `claude_desktop_config.json` for Claude Desktop integration, which might not be desired for generic deployments.
  • ⚠️The `install.sh` script attempts to install `jq` for JSON processing, which may require elevated privileges on some systems.
  • ⚠️An optional OPENAI_API_KEY can be provided, which, if used by the underlying `SolanaAgentKit`, could incur AI token costs.
Verified SafeView Analysis
The server uses environment variables for sensitive data like SOLANA_PRIVATE_KEY and RPC_URL, which is good practice. However, the default CORS configuration allows all origins (*), which might be overly permissive for production if not explicitly secured. The `install.sh` script writes the Solana private key directly into the `claude_desktop_config.json` file, which poses a significant client-side security risk if the file is not adequately protected by the operating system or if the desktop client config itself is compromised.
Updated: 2025-12-15GitHub
30
1
Medium Cost
Justkokosixnine icon

polymarket-mcp-server

by Justkokosixnine

Sec7

AI-powered server designed to help users trade prediction markets efficiently by integrating with Claude Desktop to provide 45 tools for market analysis, real-time monitoring, and enterprise-grade safety features.

Setup Requirements

  • ⚠️Requires a Polygon Wallet with private key and USDC funds for full trading functionality (Demo Mode bypasses this but limits features).
  • ⚠️Designed for integration with Claude Desktop, requiring manual configuration of Claude's `mcpServers` entry.
  • ⚠️Requires Python 3.10 or higher installed on the host system if not using Docker, or Docker Desktop if using containerized deployment.
Verified SafeView Analysis
The server handles sensitive information like Polygon private keys and Polymarket API credentials. The configuration loading and validation (`config.py`) follow good practices, and the documentation strongly emphasizes security best practices for handling private keys (e.g., never commit to Git, keep secure). WebSocket connections use WSS (encrypted). However, the web dashboard (`web/app.py`) includes functionality to directly update the `.env` file, which contains sensitive configuration. If this web dashboard were exposed publicly without robust authentication (which is not enabled by default in `web/app.py`), it could pose a significant vulnerability. While it's primarily intended for local use, this design choice warrants caution.
Updated: 2026-01-19GitHub
30
1
Low Cost
daxian-dbw icon
Sec7

Serves as a Model Context Protocol (MCP) server implemented as a PowerShell module, dynamically exposing C#, PowerShell script, or PowerShell module function tools.

Setup Requirements

  • ⚠️Requires 'PSResourceGet' module for installation from GitHub feed.
  • ⚠️Requires a 'SecretVault' named 'default' for installation from GitHub feed.
  • ⚠️Requires a GitHub Personal Access Token (PAT) with 'package:read' permission for installation from GitHub feed.
  • ⚠️Requires deployment to a PowerShell module path after building.
Verified SafeView Analysis
The server's core functionality involves executing PowerShell scripts or module functions specified by the deployer. While the module itself does not contain obvious vulnerabilities like 'eval' on untrusted input or hardcoded secrets for runtime, its security heavily relies on ensuring that the 'ScriptRoot' or 'Module' parameters point to trusted and well-audited scripts/modules. If configured with untrusted sources, it can lead to arbitrary code execution. Communication is via stdio, limiting direct network exposure as a server itself.
Updated: 2026-01-17GitHub
30
1
Low Cost
josephfawzy icon

api20

by josephfawzy

Sec1

A cross-platform toolkit for rapid application development without requiring programming knowledge.

Setup Requirements

  • ⚠️Requires downloading and running an opaque pre-compiled executable (api20.zip) without access to its source code for verification.
  • ⚠️Requires Windows 10+, macOS Sierra+, or Linux (Ubuntu 18.04+).
  • ⚠️Requires at least 4 GB RAM and 100 MB free storage.
Review RequiredView Analysis
The provided 'SOURCE CODE' is solely the README.md file. There is no actual source code for the 'api20' application itself to audit for security risks such as 'eval', obfuscation, network vulnerabilities, or hardcoded secrets. The README.md instructs users to download and run a pre-compiled executable (api20.zip containing .exe, .dmg, or a tarball) directly from GitHub raw content. Downloading and executing arbitrary binaries without source code review is inherently extremely dangerous and poses a severe security risk, as the content of the executable is opaque and could contain malicious code. The project is described as an 'app development toolkit' rather than an 'MCP Server', so server-side vulnerabilities are not directly applicable in the provided context.
Updated: 2026-01-19GitHub
30
1
Medium Cost
nitzpo icon

nadlan-mcp

by nitzpo

Sec9

Provides Israeli real estate data, market trends, and valuation comparables to AI agents (LLMs) via an MCP server.

Setup Requirements

  • ⚠️Requires Python 3.7+ (Pydantic v2 compatible).
  • ⚠️Makes real API calls to the Israeli government's Govmap API, incurring actual network usage and potential rate limiting.
  • ⚠️Utilizes the `fastmcp` library for MCP server functionality, which may require specific client configurations (e.g., for Claude Desktop).
Verified SafeView Analysis
The server demonstrates robust security practices for an API client: comprehensive input validation (e.g., `validators.py`), automatic retry logic with exponential backoff, and rate limiting to prevent abuse of the external Govmap API. Configuration is managed via environment variables (`config.py`), preventing hardcoded secrets. The HTTP server utilizes `uvicorn`, a production-ready ASGI server. No use of `eval` or obfuscation was found. The main potential risk lies in the behavior of the external public Govmap API, which is beyond the control of this server, though the implementation aims to mitigate client-side issues.
Updated: 2025-12-08GitHub
30
1
Low Cost
freemangh icon

mcp-demo-server

by freemangh

Sec8

Provides demo servers in Go and Python to demonstrate and test the Model Context Protocol (MCP) using various tools like echotest, timeserver, and fetch.

Setup Requirements

  • ⚠️Requires an MCP-compatible client (e.g., the built-in test clients or mcp-cli) to interact with the server's tools, as it implements a custom protocol.
  • ⚠️Docker is required for building and running containerized versions of the servers and clients.
  • ⚠️Familiarity with Kubernetes and Helm is necessary for deploying the servers into a production-like environment using the provided manifests and charts.
Verified SafeView Analysis
The 'fetch' tool, a core demo feature, allows the server to make HTTP/HTTPS requests to arbitrary URLs. This functionality, while intended for the demo, can pose a Server-Side Request Forgery (SSRF) risk if deployed without proper network isolation, as it could potentially access internal network resources. However, the code includes basic URL scheme validation and response size limits (up to 64KB) for safety. Container deployments leverage strong security contexts (runAsNonRoot, dropped capabilities, readOnlyRootFilesystem for Go) which significantly enhance security posture. No hardcoded secrets, obfuscation, or obvious malicious patterns were identified. For a demonstration project, the explicit 'fetch' functionality is acceptable given the context.
Updated: 2025-12-05GitHub
30
1
Medium Cost
jessaminesimple608 icon

scraper-mcp

by jessaminesimple608

Sec6

A web scraping MCP server that efficiently extracts content (HTML, Markdown, text, links) from web pages for downstream processing, particularly to reduce LLM token usage.

Setup Requirements

  • ⚠️Python 3.12 or higher required.
  • ⚠️Docker and Docker Compose are recommended for deployment.
  • ⚠️No built-in authentication for Admin API: Public exposure of admin endpoints (e.g., /api/config, /api/cache/clear) is a security risk; external authentication/access control must be implemented.
Review RequiredView Analysis
The server's administrative API endpoints (e.g., /api/config, /api/cache/clear, /api/stats) lack built-in authentication or authorization. This is a critical vulnerability as it allows any unauthenticated user to modify runtime configuration (e.g., enable proxies, disable SSL verification, change concurrency limits), clear the cache, or retrieve server statistics. While the code itself does not use 'eval' or contain hardcoded secrets, the exposed admin interface poses a significant risk if deployed publicly without external security measures.
Updated: 2026-01-19GitHub
30
2
Medium Cost
domdomegg icon

google-drive-mcp

by domdomegg

Sec9

Facilitates AI systems to perform comprehensive file and folder management in Google Drive, including listing, searching, uploading, downloading, and managing comments and permissions, enabling workflows like content analysis, project scaffolding, and feedback synthesis.

Setup Requirements

  • ⚠️Requires setting up Google OAuth credentials (Client ID, Client Secret) in Google Cloud Console, including enabling the Google Drive API and configuring an authorized redirect URI.
  • ⚠️Requires providing Google OAuth credentials as environment variables: `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET` for HTTP transport, OR `GOOGLE_ACCESS_TOKEN` for Stdio transport. The specific required variables depend on the `MCP_TRANSPORT` setting.
  • ⚠️The HTTP server runs on `http://localhost:3000` by default, requiring local access or configuration of `MCP_BASE_URL` if accessed remotely.
Verified SafeView Analysis
The server implements a robust OAuth proxy architecture to Google Drive API. It explicitly avoids holding tokens or state, relying on environment variables for Google OAuth credentials (`GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`, `GOOGLE_ACCESS_TOKEN`). The `/authorize` and `/callback` endpoints securely handle redirects by encoding the client's `redirect_uri` within a base64url encoded `state` parameter, mitigating open redirect vulnerabilities. Token validation is performed using Google's `tokeninfo` endpoint and a cache, improving efficiency and preventing processing requests with expired tokens. No `eval`, code obfuscation, or obvious malicious patterns were found in the provided source. The broad `drive` scope is a user configuration choice rather than an inherent server vulnerability.
Updated: 2026-01-07GitHub
30
1
Low Cost
kdoooh000h icon
Sec7

Provides a token-optimized API server for integrating Google Gemini CLI with applications like Claude, focusing on reducing tool schema overhead for cost efficiency.

Setup Requirements

  • ⚠️Requires Google Gemini CLI to be pre-installed and configured (via `gemini auth login` and `GOOGLE_API_KEY` env var).
  • ⚠️Enables the `--yolo` flag for Gemini CLI, which grants auto-approval for Gemini's own tool execution (e.g., `write_file`). Users should be aware of the security implications of this trust delegation to the LLM.
  • ⚠️The test files (`src/__tests__/*.test.ts`) contain inconsistencies, still referencing 'codex' and 'gpt-5-codex' despite the main application logic (`src/tools/definitions.ts`, `src/tools/handlers.ts`, `package.json`) being adapted for 'gemini'. This indicates potentially outdated tests or an incomplete transition from a 'codex-mcp-server' base, which could affect confidence in full test coverage for the Gemini implementation.
Verified SafeView Analysis
The server correctly uses `child_process.execFile` with `shell: false` in `src/utils/command.ts`, which mitigates direct shell injection vulnerabilities. User-provided prompts are passed as arguments to the `gemini` CLI. A critical consideration is the `--yolo` flag explicitly pushed to `cmdArgs` in `src/tools/handlers.ts`. This flag 'enables auto-approval for tool execution (write_file, etc.)' within the Gemini CLI. While this is a feature of the underlying CLI to allow tool use, it delegates significant trust to the Gemini LLM's ability to safely interpret and execute commands via its tools, potentially including file system operations or arbitrary command execution, if the LLM were to be jailbroken or misused. This is an inherent risk of enabling powerful AI tool-use capabilities, rather than a direct vulnerability in the server's parsing or command construction. No hardcoded secrets or obfuscation were found.
Updated: 2026-01-13GitHub
30
1
Medium Cost
mattaspira icon
Sec8

The Google Docs MCP server enables large language models to interact with Google Docs for document creation, reading, updating, formatting, and structural manipulation.

Setup Requirements

  • ⚠️Requires manual setup of a Google Cloud Project to obtain OAuth 2.0 client credentials (client_id, client_secret, redirect_uris), which must be saved as a `credentials.json` file in the project root.
  • ⚠️Initial authentication requires user interaction to open a URL in a web browser and grant permissions to their Google Account.
  • ⚠️Integration tests may require specific credentials and could hit Google API quotas or rate limits, as noted in the project's README.
Verified SafeView Analysis
The server uses Google's OAuth2 for authentication, storing tokens and reading client credentials from a local `credentials.json` file. Input validation is applied to document IDs, indices, text content, and numerical ranges, with search queries explicitly sanitized to prevent injection vulnerabilities. The implementation of `find_and_replace` leverages the Google Docs API's `replaceAllText` for secure mass operations. No direct `eval` or blatant dynamic code execution points were identified. The OAuth callback server runs locally, minimizing network exposure. The primary security consideration is ensuring `credentials.json` is protected and not committed to source control.
Updated: 2026-01-19GitHub
30
1
Medium Cost
jcr82 icon
Sec9

Integrates Bruno CLI with Model Context Protocol to execute API tests, validate collections, and generate reports via AI tools for automated API testing workflows.

Setup Requirements

  • ⚠️Requires Node.js 20 or higher.
  • ⚠️Bruno CLI must be installed and accessible (typically via `npm install` within the project, or globally).
  • ⚠️Requires local Bruno collections (.bru files) for API testing.
  • ⚠️An MCP client (e.g., Claude Desktop) needs to be configured with the absolute path to the server's `dist/index.js` file.
  • ⚠️If security.allowedPaths is configured in `bruno-mcp.config.json`, only collections within those specified directories can be accessed.
Verified SafeView Analysis
The server includes a dedicated security module that provides path validation (preventing directory traversal), input sanitization (against command injection), and secret masking in logs and error messages. All tool parameters are validated before execution. While the underlying Bruno CLI performs network calls, this server actively mitigates risks by sanitizing arguments. Proper configuration of 'allowedPaths' in `bruno-mcp.config.json` is crucial for restricting access to Bruno collections. No 'eval' or obfuscation found.
Updated: 2025-11-30GitHub
PreviousPage 199 of 713Next