Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Medium Cost
recallium-ai icon

recallium

by recallium-ai

Sec9

Recallium acts as a persistent memory layer for AI agents in IDEs, providing cross-project intelligence, document knowledge base integration, and structured memory recall to enhance AI coding assistants.

Setup Requirements

  • ⚠️Requires Docker to run the server and PostgreSQL database.
  • ⚠️Requires Ollama to be installed and running locally, or API keys for OpenAI/Anthropic for LLM capabilities.
  • ⚠️For command-only IDEs (e.g., Zed, JetBrains, Claude Desktop), the `@recallium/mcp-client` npm package is required.
Verified SafeView Analysis
The architecture is privacy-first, designed to run locally, keeping data on the user's machine. It uses Docker for isolation. The `POSTGRES_PASSWORD` has a default value (`recallium_password`) in `recallium.env`, but the documentation explicitly warns to 'Change in production!'. No `eval` or blatant malicious patterns are evident in the provided source code (READMEs).
Updated: 2026-01-18GitHub
30
1
High Cost
pasie15 icon
Sec7

Provides an MCP interface to Scenario.com's generative AI API for tasks like text-to-image, image-to-image generation, model training, asset management, and image processing.

Setup Requirements

  • ⚠️Requires Scenario.com API Key and Secret (paid service) for authentication.
  • ⚠️When not using environment variables, the 'set-credentials' tool must be explicitly called first in each session to configure API access.
  • ⚠️Node.js runtime environment is required.
Verified SafeView Analysis
The server acts as a proxy to the Scenario.com API. Authentication relies on API keys provided via environment variables or session-based tools, which are handled in-memory and not persisted to disk. URL path and query parameters are constructed from tool arguments, relying on axios for proper encoding and the upstream API for input validation. The 'post-generate-custom' tool allows passing an arbitrary body, which could be a risk if the backend API is vulnerable to malicious JSON payloads. No direct use of 'eval' or unprotected shell command execution found.
Updated: 2025-11-23GitHub
30
66
Medium Cost
jlbadano icon

ig-mcp

by jlbadano

Sec8

Integrate AI applications with Instagram Business accounts to manage profiles, media, insights, and direct messages.

Setup Requirements

  • ⚠️Requires an Instagram Business Account connected to a Facebook Page.
  • ⚠️Direct Messaging features (`instagram_manage_messages`) require Advanced Access approval from Meta via a potentially lengthy App Review process (3-7 business days or more).
  • ⚠️Requires generating a long-lived Instagram Access Token, which involves a multi-step process through Facebook Developer tools.
Verified SafeView Analysis
The project follows good security practices: secrets are loaded from environment variables (no hardcoded credentials), input validation is present for tool arguments, `httpx` is used with timeouts and connection limits, and structured logging is implemented. Rate limiting helps prevent abuse. The tool that downloads images for validation (`_validate_image_aspect_ratio`) could be a minor concern if `image_url` can be controlled by a malicious external actor leading to potential SSRF or resource exhaustion, but within the typical MCP context where an AI provides the input, this risk is mitigated.
Updated: 2025-12-22GitHub
30
1
Medium Cost
Knuckles-Team icon

archivebox-api

by Knuckles-Team

Sec7

Provides an AI-agent-friendly Model Context Protocol (MCP) server and Python wrapper for interacting with an ArchiveBox web archiving instance, enabling programmatic access and automation.

Setup Requirements

  • ⚠️Requires a separate running ArchiveBox instance to connect to.
  • ⚠️Requires an LLM provider (e.g., OpenAI, Anthropic, Google, HuggingFace, or a local Ollama instance) and corresponding API keys, which may incur costs or require local setup.
  • ⚠️Complex authentication and authorization configurations are supported, requiring careful setup to avoid security vulnerabilities.
Verified SafeView Analysis
The project uses `pickle` for model serialization, which is a known vulnerability if untrusted data is deserialized (e.g., if an attacker can control the file path in `load_model`). The `ARCHIVEBOX_VERIFY` environment variable can be set to `False`, disabling SSL certificate validation and exposing the system to Man-in-the-Middle attacks. Default `admin/admin` credentials in `compose.yml` are weak and must be changed. The multiple authentication and authorization mechanisms (JWT, OAuth, OIDC, Eunomia) are powerful but add significant complexity, increasing the risk of misconfiguration.
Updated: 2026-01-19GitHub
30
1
Low Cost
canstralian icon

parrot_mcp_server

by canstralian

Sec3

Provides a robust Bash script library and a minimal MCP server stub for Raspberry Pi 5, focused on system automation, maintenance, and interaction with AI agents.

Setup Requirements

  • ⚠️The core 'MCP server' is a minimal stub that polls files in `/tmp` by default, not a network-listening daemon. Expect a simulation, not a full server implementation out-of-the-box.
  • ⚠️Requires manual configuration (`PARROT_IPC_DIR`) to move IPC out of `/tmp` for even minimal security, as the default is critically insecure.
  • ⚠️Many scripts rely on `sudo` for system operations, requiring the user to have appropriate `sudo` privileges configured.
  • ⚠️External tools like `jq`, `bc`, and `mail` (mailutils) are required for full functionality and validation features.
Review RequiredView Analysis
The server has critical security vulnerabilities as documented by the project itself: 1. Insecure Inter-Process Communication (IPC) via world-readable files in /tmp, prone to race conditions and symlink attacks. The 'start_mcp_server.sh' still uses this vulnerable default. 2. No Authentication or Authorization for the MCP server, allowing any local process to send commands. 3. Insecure Cron Setup using predictable temporary files. While significant progress has been made on input validation functions in 'common_config.sh', not all scripts fully utilize them or inherent risks remain due to the fundamental architecture of the server stub.
Updated: 2026-01-09GitHub
30
1
Low Cost
demiliani icon
Sec8

A Visual Studio Code extension to automate the installation and configuration of the Dynamics 365 Business Central Admin MCP server for GitHub Copilot integration.

Setup Requirements

  • ⚠️Requires .NET 9 runtime to be installed for the actual MCP server (separate from Node.js/npm).
  • ⚠️Global npm package installation may require elevated permissions (admin/sudo) depending on system configuration.
Verified SafeView Analysis
The extension uses `child_process.exec` and `execSync` to run system commands (npm install/update/uninstall, Node.js/npm version checks, process management). While commands are mostly hardcoded or derived from trusted sources, installing global npm packages introduces a supply chain risk (dependency on `@demiliani/d365bc-admin-mcp`). File system operations are confined to expected configuration (`mcp.json`) and temporary directories. No direct use of `eval` or obvious obfuscation. Process termination logic (`taskkill`, `pkill`) targets specific executables, reducing broader system risk. The `.NET 9` requirement for the *installed* MCP server (not this extension itself) implies a dependency on another runtime. Overall, the implementation appears robust for its stated purpose, but inherent risks of running system commands and external package installations exist.
Updated: 2025-12-11GitHub
30
1
Medium Cost
aplaceforallmystuff icon

mcp-pihole

by aplaceforallmystuff

Sec9

Connects AI assistants to Pi-hole to manage DNS blocking, view statistics, and control ad-blocking features via natural language.

Setup Requirements

  • ⚠️Requires Pi-hole v6 with its API enabled.
  • ⚠️Requires a Pi-hole app password, which must be manually generated from the Pi-hole web interface.
  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires 'PIHOLE_URL' and 'PIHOLE_PASSWORD' environment variables to be explicitly set.
Verified SafeView Analysis
The server primarily acts as a wrapper around the Pi-hole v6 API. It correctly handles the Pi-hole password by requiring it as an environment variable (PIHOLE_PASSWORD) rather than hardcoding it. No 'eval' or direct arbitrary command execution via 'child_process' is observed. Network requests are made using 'fetch' to the user-configured PIHOLE_URL. The primary security consideration relies on the user providing a trusted PIHOLE_URL, as a malicious configuration could redirect the Pi-hole password to an untrusted endpoint. However, this is a configuration risk, not a code vulnerability within the server itself. Input validation for tools relies on the MCP SDK's schema definitions (e.g., 'type: string') and the Pi-hole API's internal handling of domain names, which is standard practice.
Updated: 2026-01-16GitHub
30
1
Medium Cost
localhost433 icon

icloud-mcp

by localhost433

Sec7

Manages iCloud calendar events via an HTTP Model Context Protocol (MCP) server for integration with MCP-aware clients like ChatGPT custom connectors.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires an Apple ID (email identity) and an iCloud app-specific password, not your main iCloud password.
  • ⚠️Critical security concern: The service must be kept private or secured with strong authentication (e.g., Cloudflare Access, IP allowlist) when exposed publicly, as it grants write access to your iCloud Calendar and handles sensitive credentials.
Verified SafeView Analysis
The server explicitly warns about the critical need to keep it private or fronted by authentication, as it forwards your iCloud app-specific password to Apple's CalDAV endpoint and provides write access to your calendar. Secrets are loaded from a .env file, which is good practice for storage, but the service itself must be securely deployed to prevent unauthorized access.
Updated: 2025-12-13GitHub
30
1
High Cost
jrszilard icon

diy-helper-webapp

by jrszilard

Sec8

An AI-powered web application designed to assist users with home improvement and DIY projects by providing guidance, building codes, material lists, store searches, and video tutorials through a conversational interface.

Setup Requirements

  • ⚠️Requires Node.js version >= 20.9.0 for `next` framework compatibility and Supabase SDK.
  • ⚠️Requires a Supabase project set up with specific tables for 'user_inventory', 'projects', and 'shopping_list_items'.
  • ⚠️Google OAuth must be configured in Supabase and Google Cloud if Google Sign-in is desired.
Verified SafeView Analysis
The application follows good security practices by using environment variables for API keys and performing server-side user authentication with Supabase before database operations. AI tool usage is explicitly defined via a `switch` statement, mitigating risks of arbitrary code execution from AI outputs. Input validation and HTML sanitization are implemented for web content fetching. Potential areas for vigilance include the integrity of AI-generated tool arguments and robust error handling for external API responses. Frontend storage for guest projects is handled securely via localStorage, without server-side interaction.
Updated: 2026-01-13GitHub
30
1
Medium Cost
Sakhir786 icon
Sec9

Provides advanced 18-layer trading intelligence for autonomous options trading, integrating real-time market data with technical and options analysis.

Setup Requirements

  • ⚠️Requires Polygon.io API Key (Paid service for market data).
  • ⚠️Requires specific environment variables for paths (TRADEPILOT_PRODUCTION_PATH, TRADEPILOT_LAYERS_PATH), portfolio value (TRADEPILOT_PORTFOLIO_VALUE), and optional alert channels (TRADEPILOT_DISCORD_WEBHOOK, TRADEPILOT_SLACK_WEBHOOK, TRADEPILOT_TELEGRAM_TOKEN, TRADEPILOT_TELEGRAM_CHAT_ID).
  • ⚠️The full 'AI options trading copilot' experience implies integration with an external Large Language Model (e.g., Claude, ChatGPT), which would incur additional API costs and require separate API keys/setup for the LLM itself.
Verified SafeView Analysis
The server correctly uses environment variables for API keys and sensitive information, which is a strong security practice. The README also advises against committing .env files. It performs network requests to external APIs (Polygon.io, Discord, Slack, Telegram) as part of its core functionality, which are inherent network risks typical of such services. No 'eval' or obvious malicious patterns were detected in the provided code snippets.
Updated: 2025-11-26GitHub
30
1
Low Cost
fsans icon
Sec6

The server provides AI agents with direct access to FileMaker databases through the FileMaker Data API, enabling natural language interactions for data querying, record management, database introspection, and script execution.

Setup Requirements

  • ⚠️Requires FileMaker Server with Data API enabled and accessible over the network.
  • ⚠️Node.js v18 or higher is required.
  • ⚠️Default client-side SSL certificate validation is disabled (`rejectUnauthorized: false`), posing a security risk; must be enabled manually for production use.
  • ⚠️Persistent storage of database credentials in plain text files (`config.json`, `connections.json`) on the local filesystem, although protected by file permissions, may be a concern for some users/environments.
Review RequiredView Analysis
CRITICAL: SSL/TLS certificate validation is disabled by default in the `FileMakerAPIClient` (`rejectUnauthorized: false`), which is a severe security risk in production for Man-in-the-Middle attacks. Credentials (passwords) are stored persistently in plain text in `~/.filemaker-mcp/config.json` and `~/.filemaker-mcp/connections.json`. While file permissions are restricted to owner-only (`0o600`), this is still a risk if the local system is compromised. The server can be configured to run over HTTP (non-encrypted) transport, which transmits sensitive data in plaintext, explicitly warned against for production use.
Updated: 2025-11-27GitHub
30
1
Low Cost
sanjusathian icon

ai-specs

by sanjusathian

Sec3

This server provides a backend API for an Applicant Tracking System (ATS), primarily focusing on managing job positions and candidates within an AI-assisted development context.

Setup Requirements

  • ⚠️Docker required for database setup
  • ⚠️PostgreSQL database required (can be set up via Docker Compose)
  • ⚠️Manual .env file creation required for backend and frontend
Review RequiredView Analysis
The source code explicitly states a critical security risk: 'Currently no authentication middleware implemented' and 'No authorization checks implemented (all users can update any position)'. This means unauthenticated and unauthorized users could potentially modify or access any data. Additionally, it notes 'Text inputs are validated but not sanitized (should be added)', indicating a potential risk for injection vulnerabilities if the frontend does not properly escape output.
Updated: 2026-01-19GitHub
PreviousPage 203 of 713Next