Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
Oxidane-bot icon

paper-download-mcp

by Oxidane-bot

Sec7

Download academic papers from multiple sources with intelligent routing, including metadata retrieval and batch processing.

Setup Requirements

  • ⚠️Requires `PAPER_DOWNLOAD_EMAIL` environment variable to be set for Unpaywall API compliance. (Backward compatible with `SCIHUB_CLI_EMAIL`).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Relies on `curl-cffi` and `cloudscraper` for some CDN bypass mechanisms, which might have platform-specific installation challenges or dependencies.
Verified SafeView Analysis
The tool's core functionality involves accessing academic papers from various online sources, including Sci-Hub, which operates in a legal gray area and may violate copyright laws in some jurisdictions. The README explicitly warns users about this. It employs advanced network techniques like User-Agent rotation, rate limiting, and optional Cloudflare/CDN bypasses (`curl-cffi`, `cloudscraper`) for robust downloading. While these methods are common in web scraping, they can be perceived as aggressive. File downloads are directed to a configurable output directory (defaulting to './downloads') and include basic PDF header and size validation. No hardcoded secrets were found; sensitive configurations like email are handled via environment variables or user configuration files. No 'eval' or obvious code injection vulnerabilities were identified within the provided source.
Updated: 2026-01-12GitHub
30
1
High Cost
scraperapi icon

scraperapi-mcp

by scraperapi

Sec8

Enables LLM clients to retrieve and process web scraping requests using the ScraperAPI service, providing access to web content for AI models.

Setup Requirements

  • ⚠️Requires Python 3.11+ (if not using Docker for deployment)
  • ⚠️Requires a ScraperAPI API Key, which is a paid service
Verified SafeView Analysis
The server correctly uses environment variables for the ScraperAPI key, preventing hardcoded secrets. Pydantic's `AnyUrl` is employed for URL validation, which helps mitigate basic URL injection risks. There is no usage of `eval` or direct shell command execution without proper input sanitization visible in the provided source code. The core function involves making external HTTP requests based on user-provided URLs, which is its intended purpose. Potential risks associated with the content returned from external websites are inherent to web scraping but not due to vulnerabilities in the server's implementation.
Updated: 2025-12-11GitHub
30
1
Low Cost
254binaryninja icon

spotify-mcp

by 254binaryninja

Sec9

An MCP server enabling AI agents to control Spotify playback and manage playlists through a set of defined tools.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️A Spotify Developer account with a registered application and a premium Spotify account are mandatory.
  • ⚠️Requires a `.env` file with `SPOTIFY_CLIENT_ID` and `SPOTIFY_CLIENT_SECRET`.
  • ⚠️There is a discrepancy between the provided `server.py` code (`if __name__ == "__main__":`) and the troubleshooting section of the README (which suggests `if __name__ == "__server__":`). This could lead to confusion if the `mcp` CLI tool relies on `__server__`.
Verified SafeView Analysis
The server uses `spotipy` for Spotify API interaction, which is a well-established library. Sensitive credentials (client ID/secret) are loaded from environment variables via a `.env` file, preventing hardcoding. The OAuth flow uses `http://127.0.0.1:8888/callback` as a redirect URI, which is standard and safe for local development. The requested Spotify scopes are extensive (`user-read-playback-state`, `user-modify-playback-state`, `user-library-read`, `user-library-modify`, `playlist-modify-public`, `playlist-modify-private`), granting broad control over the user's Spotify account. This is necessary for its functionality but implies that a compromised server could perform significant actions on the user's behalf. However, the code itself does not contain obvious vulnerabilities like `eval`, `exec`, or direct shell command injection points.
Updated: 2025-11-24GitHub
30
1
Medium Cost
jcp-tech icon

DevTools

by jcp-tech

Sec3

An AI-powered debugging and system support agent that automates the analysis, investigation, and resolution of software issues in Django/MySQL systems.

Setup Requirements

  • ⚠️Requires multiple API keys/services: Google GenAI (for LLM), GitHub Personal Access Token (for GitHub MCP), Google OAuth (for UI login), and Firebase API key (for email login).
  • ⚠️Requires Docker daemon to be running for both the `github-mcp-server` and the `GenAI Toolbox` (for MySQL interaction). A configured MySQL instance is also mandatory.
  • ⚠️The `SESSION_SECRET` environment variable *must* be set to a strong, random value for the UI to be secure. The `DJANGO_SERVER_URL` environment variable must point to a running Django application instance for lookup tools to function.
  • ⚠️If `DISABLE_WEB_DRIVER` is not set to '1', a Chrome browser and a compatible ChromeDriver must be installed and properly configured for the Selenium-based UI investigation tools to operate.
Review RequiredView Analysis
CRITICAL: The `DevTools/fileEditor.py` tool grants read/write/delete access to files within the repository root. While `_is_safe_path` attempts to restrict this, autonomous file manipulation by an AI agent is a significant security risk, potentially leading to critical data loss, corruption, or arbitrary code execution if exploited or misused. CRITICAL: The `SESSION_SECRET` in `UI/main.py` has a default value of 'CHANGE_ME_LONG_RANDOM'. This must be replaced with a strong, randomly generated secret in production to prevent session hijacking. The `selenium_tools.py` can navigate to arbitrary URLs and capture screenshots, which could expose sensitive data or trigger unwanted actions if untrusted inputs are processed. Reliance on external MCP (Multi-Container Platform) servers (GitHub, GenAI Toolbox) introduces dependencies on their security and configuration. The `videoAnalyzer.py` downloads videos, and the safety of `_download_video_internal` is not detailed, posing a potential risk for arbitrary file downloads.
Updated: 2025-11-25GitHub
30
1
Medium Cost
sakthisundar-16 icon

ai-infrastructure-agent

by sakthisundar-16

Sec4

Manage AWS infrastructure using natural language commands with AI.

Setup Requirements

  • ⚠️Requires an AWS Account with configured IAM permissions. The example policy uses broad service-level permissions (e.g., 'ec2:*'), which should be refined for production to adhere to the principle of least privilege.
  • ⚠️Requires a paid AI provider API key (OpenAI, Google Gemini, Anthropic) or AWS Bedrock access. All options incur usage costs.
  • ⚠️Requires Go 1.24.2+ for script-based installation or Docker for containerized deployment.
  • ⚠️The default web UI configuration allows all Cross-Origin Resource Sharing (CORS) origins, which is a significant security risk if the application is exposed beyond localhost.
Review RequiredView Analysis
CRITICAL: The web server's WebSocket handler (`pkg/api/server.go`) explicitly sets `upgrader.CheckOrigin: func(r *http.Request) bool { return true }` and the `corsMiddleware` sets `Access-Control-Allow-Origin: *`. This means the web UI is vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Origin Attacks if exposed publicly in production without modification. IAM permissions provided in the example (`ec2:*`, `vpc:*`, etc.) are broad, granting extensive control over AWS resources. This high level of access, combined with potential web UI vulnerabilities and the LLM's susceptibility to prompt injection, presents significant risks if not managed with extreme care. While the documentation correctly advises using environment variables for API keys and `dry_run` is enabled by default, the default web server configuration makes it unsafe for general deployment without immediate security hardening.
Updated: 2026-01-19GitHub
30
1
Low Cost
jonat-han-tech icon

ddc-ci-control-bridge

by jonat-han-tech

Sec8

Controls monitor settings (brightness, contrast, power, input) via DDC/CI, integrating with Home Assistant via MQTT and exposing control to AI agents via FastMCP.

Setup Requirements

  • ⚠️Requires a DDC/CI-compatible monitor with a USB connection.
  • ⚠️Requires the DDC_API_KEY environment variable to be set.
  • ⚠️May require special OS permissions (e.g., i2c group on Linux) for DDC/CI communication.
Verified SafeView Analysis
The server leverages DDC/CI for monitor control, MQTT for Home Assistant integration, and FastMCP for AI agent control. Input validation for MCP tools is handled by Zod schemas, which is a good practice. However, the DDC_API_KEY is used as the MQTT password, creating a single point of failure if the MQTT broker is exposed publicly without proper network segmentation or if the API key is compromised. The documentation acknowledges this risk and recommends network security measures. A known build-time privilege escalation vulnerability in the 'pkg' devDependency is noted but is not a runtime risk.
Updated: 2026-01-19GitHub
30
1
Low Cost
tekspry icon

DotnetFastMCP

by tekspry

Sec9

Provides a .NET framework for building secure, scalable Model Context Protocol (MCP) servers, supporting enterprise-grade OAuth authentication and LLM interaction templates.

Setup Requirements

  • ⚠️Requires .NET 8.0 SDK.
  • ⚠️Requires manual registration of an application with an external OAuth provider (e.g., Azure AD, Google, GitHub, Auth0, Okta, AWS Cognito) to enable authentication.
  • ⚠️Mandatory configuration of sensitive credentials (client IDs, secrets, domains/tenant IDs) as environment variables for chosen authentication provider.
Verified SafeView Analysis
The framework is designed with enterprise-grade security in mind, leveraging ASP.NET Core, OAuth 2.0/OpenID Connect for authentication, JWT token verification, and attribute-based authorization. It strongly emphasizes using environment variables for secrets. Security best practices are documented.
Updated: 2026-01-18GitHub
30
1
High Cost
Riti0208 icon

nano-banana-mcp

by Riti0208

Sec8

This server provides a Model Context Protocol (MCP) interface for advanced image generation, editing, analysis, and batch processing using Google's Gemini 2.5 Flash Image Preview and Gemini 3 Pro Image Preview models.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (paid service).
  • ⚠️Requires Node.js 18.0.0 or higher.
Verified SafeView Analysis
The server uses `@modelcontextprotocol/sdk` with a `StdioServerTransport`, which primarily communicates over standard I/O, limiting direct external network exposure. The Google Gemini API key is correctly managed via environment variables (`GEMINI_API_KEY`) and not hardcoded. File system operations (`fs.readFile`, `fs.writeFile`, `fs.mkdir`) are performed for image input and output. The default output directory is `~/Downloads/nano-banana-images`, but custom `outputDir` and `imagePath` arguments are accepted. While control over these paths could theoretically lead to unintended file access in a highly compromised client environment, this is a common and expected interaction for a local agent-based tool and not an inherent vulnerability in the server logic itself. No 'eval' or other direct code execution vulnerabilities were found.
Updated: 2025-12-09GitHub
30
1
Medium Cost
vishnu2kmohan icon

mcp-server-langgraph

by vishnu2kmohan

Sec9

A production-ready Model Context Protocol (MCP) server for building and deploying multi-LLM LangGraph agents, complete with fine-grained authorization, comprehensive observability, and a unique visual workflow builder that generates production-ready Python code.

Setup Requirements

  • ⚠️Requires API keys for chosen LLM providers (e.g., ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY) if not using local models.
  • ⚠️Code execution backend typically requires a running Docker daemon and potentially access to `/var/run/docker.sock` or a Kubernetes cluster.
  • ⚠️Full feature set requires external databases: Redis (for session/checkpointing) and PostgreSQL (for GDPR/OpenFGA).
  • ⚠️OpenFGA authorization requires explicit store and model IDs to be configured (`OPENFGA_STORE_ID`, `OPENFGA_MODEL_ID`).
Verified SafeView Analysis
The server implements extensive security measures, especially around code execution and secret handling. Key controls include: a `CodeValidator` to prevent dangerous imports (`os`, `subprocess`), builtins (`eval`, `exec`), and patterns; Docker/Kubernetes sandboxing for isolated code execution (running as non-root, restricted networks by default); `SecretString` for obfuscating secrets in logs/exceptions; and explicit sanitization for logging and HTTP headers. Authentication for builder endpoints is enforced, and path traversal in file operations is rigorously validated. These practices are backed by dedicated unit and integration tests.
Updated: 2026-01-19GitHub
30
2
Low Cost
cs97jjm3 icon
Sec9

Provides a comprehensive toolkit for Business Analysts to manage agile workflows, including sprint planning, backlog management, requirements formatting, and various calculation tools.

Setup Requirements

  • ⚠️Requires Node.js to be installed on the system.
  • ⚠️The recommended 'one-click bundle install' method requires the `@modelcontextprotocol/cli` tool (mcpd) to build the `.mcpb` file.
  • ⚠️Specifically designed to run as an extension within Claude Desktop.
Verified SafeView Analysis
The server operates locally via `stdio` and does not make external network requests for its core functionality. It reads configuration from environment variables, which are not sensitive secrets. No use of `eval` or similar dangerous functions was found. Dependencies are minimal and standard for an MCP server.
Updated: 2026-01-07GitHub
30
1
Medium Cost
learn-automated-testing icon

selenium_mcp_server

by learn-automated-testing

Sec7

A Model Context Protocol (MCP) server that provides browser automation capabilities using Selenium WebDriver for AI-powered test planning, generation, and healing.

Setup Requirements

  • ⚠️Requires Python 3.10+ (checked during npm install)
  • ⚠️Requires Node.js 16.0.0+ for the npm wrapper
  • ⚠️Requires Chrome browser to be installed on the system
  • ⚠️Downloads ChromeDriver executable on first run, requiring internet access
Verified SafeView Analysis
The server's core functionality involves executing arbitrary JavaScript within the controlled browser instance (`driver.execute_script`). While this is standard for browser automation, it poses a risk if the AI client or its prompts are compromised, potentially leading to malicious browser actions (e.g., navigating to phishing sites, submitting sensitive data). The `reset_automation_session` tool uses `pkill` and `kill` commands, which are powerful and could have unintended side effects if not carefully scoped, though the implementation attempts to target only automation-related processes. `webdriver_manager` downloads unverified binaries from the internet on first use, which is a common supply chain risk for browser automation tools.
Updated: 2026-01-19GitHub
30
1
Low Cost
InfinityFlowApp icon

csharp-mcp

by InfinityFlowApp

Sec3

This server provides a Model Context Protocol (MCP) interface for AI assistants to dynamically evaluate and execute C# scripts using Roslyn, either directly or from .csx files.

Setup Requirements

  • ⚠️Requires .NET 9.0 SDK or later for local development/running.
  • ⚠️Requires Docker for containerized deployment or dnx for NuGet-based installation.
  • ⚠️Internet connection is required for NuGet package downloads when `#r "nuget:..."` directives are used in scripts.
Review RequiredView Analysis
The server's core function is to execute arbitrary C# code (`eval` pattern). Scripts run in the same process context as the MCP server, posing a significant risk if untrusted code is executed. While file access can be restricted via `CSX_ALLOWED_PATH` (which is disabled in Docker, relying on Docker's volume mounts), and a timeout exists, there is no mention of robust sandboxing (e.g., AppDomains with limited permissions, separate isolated processes) for untrusted code. Pre-imported namespaces like `System.Net.Http` allow scripts to make network calls. This tool requires extreme caution and should only be used with fully trusted C# scripts or in highly isolated, sandboxed environments.
Updated: 2026-01-19GitHub
PreviousPage 204 of 713Next