Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

83
913
High Cost
svnscha icon

mcp-windbg

by svnscha

Sec8

This server integrates AI models with WinDbg/CDB to analyze Windows crash dumps, connect to remote debugging sessions, and process multiple dumps through natural language queries.

Setup Requirements

  • ⚠️Requires Windows OS with Debugging Tools for Windows (WinDbg/CDB) installed.
  • ⚠️Python 3.10 or higher is required.
  • ⚠️Requires an MCP-compatible client (e.g., GitHub Copilot, Claude Desktop).
Verified SafeView Analysis
The server acts as a wrapper around the WinDbg/CDB debugger, executing commands provided by the user/LLM. While the `cdb_session.py` meticulously constructs `subprocess.Popen` arguments to prevent shell injection, any command sent to CDB's stdin (via `send_command`) is executed within the debugger's context. This is the intended functionality of a debugger tool. The project does not introduce new arbitrary code execution vulnerabilities outside of the debugger process through unsafe functions like `eval` or direct `shell=True` on unvalidated input. Configuration environment variables (`CDB_PATH`, `_NT_SYMBOL_PATH`) are for pathing, not sensitive secrets.
Updated: 2025-12-26GitHub
83
3
Medium Cost
Hywzy icon
Sec4

An AI-powered Spring Boot server for student management, demonstrating tool-use capabilities with an external large language model.

Setup Requirements

  • ⚠️Requires JDK 17+
  • ⚠️Requires an Alibaba Cloud Dashscope API Key (or a compatible OpenAI-like API) for AI interactions.
  • ⚠️The API key must be replaced in `application.yaml` for the AI functionality to work.
Review RequiredView Analysis
The `application.yaml` file contains a hardcoded API key for an AI service (`spring.ai.openai.api-key`), which is a critical security vulnerability. This key should be managed securely, preferably through environment variables or a secrets management system, and not committed to source control. The `README` also explicitly states that the deepseek api-key needs to be replaced, confirming this issue.
Updated: 2025-12-11GitHub
83
4
Medium Cost
TranChiHuu icon
Sec4

A Model Context Protocol (MCP) server that enables AI assistants to query PostgreSQL and MySQL databases for schema introspection and data retrieval.

Setup Requirements

  • ⚠️Requires Node.js 18+ runtime environment.
  • ⚠️Requires access to an existing PostgreSQL or MySQL database.
  • ⚠️SQL injection vulnerability exists when connecting to MySQL; ensure `tableName` inputs from AI assistants are fully trusted or manually sanitize the code.
Review RequiredView Analysis
CRITICAL SQL Injection Vulnerability: The MySQL `describe_table` tool directly interpolates the `tableName` argument into the SQL query (`DESCRIBE ${tableName}`) without proper escaping (e.g., `mysql.escapeId` or using `connection.execute` with `??` placeholders). This allows a malicious `tableName` (e.g., `users; DROP TABLE sensitive_data;`) to execute arbitrary SQL commands. A similar risk exists for `list_tables` if the database name itself (from `DB_DATABASE` or `connect_database` parameters) could be injected. PostgreSQL queries appear to use parameterized queries correctly where applicable. The server correctly uses environment variables for credentials, mitigating hardcoded secret risks. SSL is supported for connections. However, the direct SQL injection for MySQL is a critical flaw.
Updated: 2025-12-04GitHub
83
4
Low Cost
faalantir icon

mcp-agent-identity

by faalantir

Sec8

Provides cryptographic identity, signing, and verification capabilities for AI agents to ensure attribution and non-repudiation of their actions.

Setup Requirements

  • ⚠️Identity files (`identity.json`) may be stored in temporary directories if the default project path is not writable, leading to non-persistent identities unless `AGENT_IDENTITY_PATH` is explicitly configured.
  • ⚠️Requires a Node.js environment to run the MCP server.
Verified SafeView Analysis
The server uses standard Node.js `crypto` module functions for key generation, signing, and verification (RSA-2048, SHA256). Input to cryptographic operations (signatures, public keys) is sanitized for robustness. No `eval` or obfuscation found. The primary security consideration for local deployments is the storage of private keys in a local `identity.json` file, which the README explicitly warns should not be used in shared environments without proper file permissions. The roadmap indicates future plans for HSM/KMS integration to address this for enterprise use cases.
Updated: 2025-11-30GitHub
83
4
Medium Cost
jhlee0409 icon

elenchus-mcp

by jhlee0409

Sec5

An MCP server that performs adversarial code verification through a Verifier-Critic debate loop to systematically find issues in codebases.

Setup Requirements

  • ⚠️Requires Node.js (>=18.0.0) runtime for execution.
  • ⚠️Needs an MCP-compatible client (e.g., Claude Desktop, VS Code Copilot) for interaction, not a standalone CLI.
  • ⚠️Full multi-language dependency analysis relies on `tree-sitter` which might require system-level compilation if pre-built binaries are not available.
Review RequiredView Analysis
The `getGitDiff` function in `src/diff/git.ts` uses `child_process.exec` with a user-controlled `baseRef` parameter (`git diff --name-status ${baseRef}`), which is a potential command injection vulnerability if `baseRef` is not properly sanitized. There's also a risk of arbitrary file reads via `src/state/context.ts`'s `readFileWithCache` where `filePath` might be influenced by user input, potentially leading to information disclosure. Direct `JSON.parse` operations on LLM responses (e.g., in `src/tools/dynamic-roles.ts` and `src/tools/llm-eval-tools.ts`) occur before full Zod validation on the parsed content, which could be exploited with a specially crafted malformed JSON for denial-of-service, though this risk is mitigated by LLM's typical outputs.
Updated: 2026-01-19GitHub
83
304
Medium Cost
wshobson icon

maverick-mcp

by wshobson

Sec8

Personalized stock analysis, technical indicators, and portfolio optimization via Claude Desktop.

Setup Requirements

  • ⚠️Python 3.12+ required.
  • ⚠️TA-Lib C library dependency, which can be complex to install, especially on Windows.
  • ⚠️Requires TIINGO_API_KEY for stock data (free tier available).
Verified SafeView Analysis
The server is designed for local-first, personal use and explicitly states 'No Network Authentication' in its documentation, which is a critical security note for public deployment. It uses environment variables for API keys, Pydantic for input validation, and SQLAlchemy for database interactions to mitigate common vulnerabilities like SQL injection. A 'SECURITY.md' outlines a clear policy for reporting and best practices. Overall, it is considered safe for its intended local, single-user context.
Updated: 2025-12-29GitHub
83
4
Medium Cost
LidoxLee icon

ai-skills-hub

by LidoxLee

Sec3

Provides AI assistants with access to a team's coding standards, best practices, and knowledge base by dynamically loading Markdown skill files via an MCP server.

Setup Requirements

  • ⚠️Requires Node.js and npm to be installed.
  • ⚠️Requires various AI tools (e.g., OpenAI Codex, Gemini, Claude Code) to be installed and configured with their respective API keys (e.g., OPENAI_API_KEY, GEMINI_API_KEY, ANTHROPIC_API_KEY).
  • ⚠️AI tools must be restarted after running `skillshub sync` to load the new MCP configuration.
  • ⚠️The `execute_skill_script` MCP tool allows AI agents to execute arbitrary shell scripts from skill directories, which carries significant security risks if skills are sourced from untrusted locations.
Review RequiredView Analysis
The `executeSkillScript` function, exposed as an MCP tool, uses `child_process.spawn` with `shell: true`. While it attempts to sanitize `script_path` to prevent directory traversal and ensures the script is within the designated skill directory, the `shell: true` option introduces a critical security risk. If a skill containing a malicious script (or arguments with shell metacharacters) is added from an untrusted URL (via `skillshub add`) and an AI agent is prompted to execute it, arbitrary shell commands could be injected and executed with the permissions of the user running the `ai-skills-hub` server. This could lead to remote code execution. Additionally, the `skillshub add <url>` command allows downloading skills from arbitrary URLs, making it a potential vector for supply chain attacks by introducing untrusted code into the local skills directory.
Updated: 2026-01-19GitHub
83
3
Low Cost
Jaycee1996 icon
Sec8

A Model Context Protocol (MCP) server that provides web scraping, crawling, search, and structured data extraction capabilities using the Firecrawl API.

Setup Requirements

  • ⚠️Requires a Firecrawl API Key for cloud usage, obtainable from firecrawl.dev.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️For self-hosted instances, interactive web actions (e.g., click, write, executeJavascript) are enabled by default, which could be exploited by untrusted prompts if not carefully managed.
Verified SafeView Analysis
The server implements a 'SAFE_MODE' for cloud deployments, disabling potentially dangerous interactive web actions (e.g., JavaScript execution, clicks) during scraping, which significantly enhances security. For self-hosted instances, these interactive actions are enabled by default and should be used with caution, as malicious prompts could exploit them. API keys are handled via environment variables or request headers, preventing hardcoded secrets. No direct 'eval' or unsanitized shell execution was found in the provided source code.
Updated: 2025-12-01GitHub
83
322
Medium Cost
f2c-ai icon

f2c-mcp

by f2c-ai

Sec8

A Model Context Protocol server for Figma Design to Code, enabling AI tools to convert Figma designs into production-ready frontend code.

Setup Requirements

  • ⚠️Requires a Figma personal access token for API authentication.
  • ⚠️Requires Node.js (>=16.0.0) environment to run.
  • ⚠️Network access to Figma and F2C APIs is necessary.
Verified SafeView Analysis
The server allows the Figma personal access token (`personalToken`) to be passed and updated via HTTP request headers. While this offers flexibility for IDE integration, in a multi-client or shared server deployment scenario, one client could potentially overwrite another's token. However, this server is primarily designed for local or personal IDE integration, where this behavior is likely intended and less of a direct threat. No 'eval' or other obvious malicious patterns were found. Relies on external Figma and F2C APIs, so security is also dependent on those third-party services.
Updated: 2025-11-27GitHub
83
3
Low Cost
vibepush-dev icon

vibepush

by vibepush-dev

Sec5

VibePush is an AI-managed deployment platform that enables AI agents to deploy, monitor, and fix applications on self-hosted VPS servers using natural language, leveraging the MCP protocol.

Setup Requirements

  • ⚠️Project is in early validation stage; MVP implementation is not yet complete, so it's not ready to be deployed or run.
  • ⚠️Requires a VPS for installation.
  • ⚠️Relies on K3s (lightweight Kubernetes) for underlying container orchestration.
  • ⚠️Requires an MCP-compatible AI agent (e.g., Claude, with planned support for ChatGPT, Gemini, etc.) to issue commands.
Review RequiredView Analysis
The provided 'source code' consists solely of the project's README.md file, which explicitly states the project is in 'early validation stage' and the 'MVP implementation' is not yet complete. There is no executable code available for a security audit to check for 'eval', obfuscation, hardcoded secrets, network risks, or malicious patterns. Security cannot be assessed at this time.
Updated: 2025-12-05GitHub
83
771
Medium Cost
Davidyz icon

VectorCode

by Davidyz

Sec8

Indexes code repositories to generate relevant contextual information for Large Language Models (LLMs), enhancing their performance on specific or private codebases.

Setup Requirements

  • ⚠️Requires Python 3.11-3.13 only.
  • ⚠️A recent C++/Rust compiler might be needed for ChromaDB's core components during installation.
  • ⚠️A standalone local ChromaDB server (preferably v0.6.3) is recommended for better performance, requiring additional setup.
Verified SafeView Analysis
The project uses file I/O operations and subprocess execution to manage a ChromaDB instance and process files. Paths are generally derived internally or expanded, reducing direct path traversal risks. It can configure Git hooks for automated vectorization, which, while useful, introduces executable scripts into a Git repository. However, the hook content is controlled by the tool or predefined global/local configurations, limiting arbitrary script injection through the tool itself. `db_settings` for ChromaDB are filtered to valid fields, preventing arbitrary configuration exposure. No hardcoded secrets or obvious malicious patterns were found. The primary external network interaction is with ChromaDB, whose security relies on user-side configuration if a remote server is used.
Updated: 2025-12-26GitHub
83
444
High Cost
yuniko-software icon

minecraft-mcp-server

by yuniko-software

Sec8

Enables large language models (LLMs) like Claude to control a Minecraft character as a bot through the Model Context Protocol (MCP), performing various in-game actions.

Setup Requirements

  • ⚠️Requires Node.js (>= 20.10.0).
  • ⚠️Requires a running Minecraft Java Edition (tested with 1.21.8) with the world opened to LAN for bot connection.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) to issue commands to the bot.
Verified SafeView Analysis
The server uses `mineflayer` for Minecraft interaction, which is a well-established library. Tool arguments are validated using `zod` schemas, preventing common injection vulnerabilities through the tool interface. `stdio-filter.ts` actively filters `stdout` to pass only structured JSON or log messages, reducing potential information leaks. No hardcoded secrets were found; configuration parameters (host, port, username) are passed via command-line arguments. The use of `cross-spawn` within dependencies is for internal process management, not arbitrary user command execution.
Updated: 2026-01-19GitHub
PreviousPage 20 of 713Next