Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
scopweb icon

mcp-go-mysql

by scopweb

Sec9

Provides a secure MySQL database management interface via the Model Context Protocol (MCP) for AI tools like Claude Desktop, featuring intelligent security and operation blocking.

Setup Requirements

  • ⚠️Requires an existing and accessible MySQL server.
  • ⚠️Strongly recommends creating a dedicated MySQL user with minimal permissions, not root.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json` file.
  • ⚠️MySQL connection details (host, port, user, password, database) must be provided via environment variables (e.g., a `.env` file).
Verified SafeView Analysis
The project demonstrates a strong focus on security, implementing a multi-layered defense against common database attacks. It features comprehensive SQL injection, path traversal, and command injection prevention (23+ SQLi patterns blocked), explicit blocking of dangerous SQL operations (e.g., DROP DATABASE, DELETE/UPDATE without WHERE), configurable DDL blocking, and a table access whitelist. Credentials are handled via environment variables and masked in logs. Connection pooling, context timeouts, and TLS support are documented. A robust security test suite is included, covering various CVEs, CWEs, and injection types, with recommendations for `govulncheck` and `staticcheck`. A minor concern is the `allowNativePasswords=true` option in the DSN used by `internal/mysql.go::getDB()`. While the primary `internal/client.go::Connect()` method (used for core tools like 'query' and 'execute') does not include this, `internal/mysql.go`'s `getDB()` is used by `internal/analysis.go` (e.g., ExplainQuery) and some simpler list/describe functions. This specific DSN setting could allow unencrypted password transmission for those particular calls if the MySQL server itself is not configured to enforce TLS, potentially downgrading security for these operations.
Updated: 2025-11-30GitHub
30
1
High Cost
jameslbarnes icon

hermes

by jameslbarnes

Sec7

An MCP server enabling AI agents (Claudes) to share ambient conversation summaries on a public bulletin board, facilitating thought sharing, search, comments, and personalized email digests.

Setup Requirements

  • ⚠️Requires Firebase (Google Cloud project) for persistent storage; configured via `FIREBASE_SERVICE_ACCOUNT_BASE64`, `FIREBASE_SERVICE_ACCOUNT`, or `GOOGLE_APPLICATION_CREDENTIALS`.
  • ⚠️Requires Anthropic API Key (`ANTHROPIC_API_KEY`) for AI summarization and daily digests (paid service).
  • ⚠️Requires Firecrawl API Key (`FIRECRAWL_API_KEY`) for scraping external conversation links (paid service).
  • ⚠️Requires Namecheap API Key (`NAMECHEAP_API_KEY`), Username (`NAMECHEAP_USERNAME`), and Client IP (`NAMECHEAP_CLIENT_IP`) for d-stack ingress DNS management, indicating reliance on external DNS provider.
  • ⚠️Default `JWT_SECRET` must be changed in production for robust security.
  • ⚠️Deployment is primarily designed for Docker and Phala Cloud TEE, which may have specific setup requirements.
Verified SafeView Analysis
The server runs within a Trusted Execution Environment (TEE) providing hardware isolation for secret keys and pending entries in memory, which is a strong security measure. A recovery file persists pending entries to a Docker volume on graceful shutdown; while the README states TEE protection covers pending entries, the explicit disk persistence via a volume should be verified to be TEE-encrypted to fully align with 'memory-only' claims. A significant functional security gap is the absence of a server-side anonymization/sensitivity filter for the `write_journal_entry` content. Although the tool schema *forces* Claude to perform a `sensitivity_check` before writing, the server does not programmatically re-validate or filter the `entry` content itself, relying solely on Claude's adherence to privacy guidelines. The default `JWT_SECRET` value `hermes-default-secret-change-in-production` should be changed for production deployments. Namecheap credentials (`NAMECHEAP_API_KEY`, `NAMECHEAP_USERNAME`, `NAMECHEAP_CLIENT_IP`) are used for DNS management and are passed as environment variables. No obvious 'eval' or malicious code patterns were found.
Updated: 2026-01-17GitHub
30
1
Low Cost
bercianor icon

mcp-forge-python

by bercianor

Sec9

A production-ready MCP (Model Context Protocol) server template for building AI-powered applications with OAuth 2.0 authentication and JWT validation.

Setup Requirements

  • ⚠️Requires Python 3.11+ and `uv` (dependency manager) to be installed.
  • ⚠️The 'local' JWT validation strategy requires an external OAuth provider (e.g., Keycloak, Auth0) with a JWKS endpoint.
  • ⚠️Requires significant configuration in `config.toml` to replace placeholders for OAuth settings (e.g., `jwks_uri`, `issuer`, `audience`, `client_id`, `client_secret`) and deployment (e.g., Docker image repository in `chart/values.yaml`).
Verified SafeView Analysis
The server employs several strong security measures, including: careful avoidance of `eval` in JWT condition checks, configurable CORS, redaction of sensitive headers in access logs, basic rate limiting for JWT validation, and whitelisting of OAuth/JWKS URIs to prevent SSRF attacks. Secrets (`client_id`, `client_secret`) are expected to be provided via environment variables (`MCP_CLIENT_ID`, `MCP_CLIENT_SECRET`) or Kubernetes secrets, not hardcoded. The `jwt_exposed_claims` configuration allows control over which JWT claims are accessible to tools, mitigating PII leakage. The default host is `127.0.0.1` to prevent accidental exposure, with clear warnings for changing to `0.0.0.0`. Environment variable expansion in configuration (`safe_expandvars`) is also whitelisted. The system encourages an 'external' JWT strategy, offloading validation to an upstream proxy, which is a robust security pattern.
Updated: 2025-11-29GitHub
30
1
Medium Cost
Foxhunt icon
Sec9

This server provides tools to interact with a self-hosted GitLab instance to fetch and manage project, issue, and wiki data.

Setup Requirements

  • ⚠️Requires Node.js runtime (v18+ recommended based on package-lock.json for @modelcontextprotocol/sdk)
  • ⚠️Requires a self-hosted GitLab instance URL configured via GITLAB_HOST
  • ⚠️Requires a GitLab API Token with appropriate permissions configured via GITLAB_API_TOKEN
Verified SafeView Analysis
Environment variables (GITLAB_API_TOKEN, GITLAB_HOST) are correctly used for sensitive data. Input validation is handled robustly using Zod schemas for all tool arguments, which significantly mitigates common injection risks. Network communication uses axios to the configured GitLab host, which is a standard and secure way for API interaction. There are no 'eval' or other directly dangerous functions identified. The primary security consideration relies on the user ensuring the GITLAB_HOST is legitimate and the API token has appropriate permissions.
Updated: 2025-12-02GitHub
30
1
Low Cost
jojoprison icon

mcp-music-forge

by jojoprison

Sec8

Scalable MCP server and HTTP API for downloading, transcoding, and tagging audio from various online sources like SoundCloud and YouTube.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for the recommended setup.
  • ⚠️Python 3.12 or newer is required.
  • ⚠️The `ffmpeg` command-line tool must be available in the environment (or Docker container).
  • ⚠️A Redis server is required for the task queue.
  • ⚠️By default, the SoundCloud provider respects its Terms of Use, only downloading tracks explicitly marked as downloadable by the uploader. This can be overridden.
  • ⚠️A `SOUNDCLOUD_COOKIE_FILE` is necessary for accessing private or region-locked SoundCloud tracks.
Verified SafeView Analysis
The `CORSMiddleware` is configured with `allow_origins=["*"]`, which can be a security risk if the API is exposed publicly. Ensure `SOUNDCLOUD_COOKIE_FILE` is handled with strict permissions. External tools like `yt-dlp` and `ffmpeg` are used via `subprocess.run`; argument construction appears safe, mitigating direct command injection. File system operations generally use `pathlib` and internally managed `job_id`s, reducing path traversal risks. No `eval` or obvious obfuscation found.
Updated: 2025-12-04GitHub
30
1
High Cost
Pilsertech icon

HelixDB-MCP-Server

by Pilsertech

Sec4

AI Memory Layer MCP Server provides a business and customer intelligence system with semantic search and relationship tracking, built on HelixDB graph database with vector embeddings.

Setup Requirements

  • ⚠️HelixDB server must be running (default: 127.0.0.1:6969).
  • ⚠️Requires Rust 1.70+ to build from source.
  • ⚠️By default, configured to use a local embedding server (e.g., Ollama or a Python embedding server) which must be running at `http://127.0.0.1:8699/embed`. Alternatively, requires an OpenAI/Gemini API key for paid services if configured for cloud embedding, or a separate TCP embedding server.
  • ⚠️The server enables TCP and HTTP listeners by default without authentication, making it unsafe for untrusted network exposure.
Review RequiredView Analysis
The server explicitly states that its TCP transport has 'no authentication required', and no authentication mechanism is apparent for its HTTP transport either. This makes it unsafe to expose to untrusted networks without external authentication/authorization. API keys can be stored directly in `mcpconfig.toml` which is a bad practice for production environments. The `do_query` tool mitigates direct database command injection by whitelisting allowed HelixDB query endpoints.
Updated: 2025-11-25GitHub
30
1
Low Cost
techmaharaj icon
Sec2

Allows an AI model (Claude) to remotely control a Kubernetes cluster by exposing kubectl commands as Model Context Protocol (MCP) tools.

Setup Requirements

  • ⚠️Requires `kubectl` to be installed and configured with access to a Kubernetes cluster.
  • ⚠️For remote access, an `ngrok` account and `Claude Pro` subscription are necessary.
  • ⚠️CRITICAL: The server has no authentication configured, making it highly insecure if exposed to the internet.
Review RequiredView Analysis
CRITICAL: The server exposes direct `kubectl` command execution via MCP tools without any authentication mechanism, as explicitly stated in the README. Anyone with access to the server's endpoint (e.g., via ngrok) can execute arbitrary `kubectl` commands (create, delete pods, get cluster info) on the connected Kubernetes cluster. This poses a severe security risk, allowing for potential unauthorized access, resource manipulation, or denial of service.
Updated: 2025-12-03GitHub
30
1
Medium Cost
TonisOrmisson icon

limesurvey-mcp

by TonisOrmisson

Sec9

A Model Context Protocol (MCP) server that exposes LimeSurvey Remote API functionality as MCP tools for standardized interaction.

Setup Requirements

  • ⚠️Requires a running LimeSurvey instance with its RemoteControl2 API enabled and accessible via the configured URL.
  • ⚠️Requires valid LimeSurvey API credentials (username and password) with appropriate permissions for the operations to be performed.
  • ⚠️Requires Node.js (version 18 or higher is recommended by the SDK's engine configuration) if not run via Docker.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive credentials (API URL, username, password) and does not hardcode them. It implements a 'read-only' mode as a security feature. The codebase itself does not contain 'eval', obfuscation, or obvious malicious patterns. Network risks are primarily dependent on the security of the underlying LimeSurvey instance (e.g., use of HTTPS for LIMESURVEY_API_URL) and the environment in which this server is deployed. The server manages a session key for the LimeSurvey API, releasing it on shutdown, which is good practice.
Updated: 2025-12-01GitHub
30
1
High Cost
SnappStats icon

kg-mcp

by SnappStats

Sec8

Provides tools to extract, search, and insert sports-associated information into a knowledge graph, and to generate scout reports for players using AI agents.

Setup Requirements

  • ⚠️Requires Python 3.12+ (managed with pyenv).
  • ⚠️Requires extensive Google Cloud setup, including a project, location, and service account credentials for Vertex AI (Gemini API) and Cloud Trace.
  • ⚠️Requires an active MongoDB instance (MONGO_URI) and an external Knowledge Graph service (KG_URL).
Verified SafeView Analysis
No direct use of 'eval' or obvious hardcoded secrets. Environment variables are managed via dotenv and Doppler (recommended). Relies on external services (Google GenAI, MongoDB, Hudl API, DDGS). The Cloud Run deployment configuration specifies `--allow-unauthenticated`, meaning the API endpoint is public; proper authentication/authorization must be handled by the consuming client or FastMCP's internal mechanisms, or an external layer. The prompt engineering for AI agents is detailed, which helps mitigate risks associated with generative AI output.
Updated: 2025-11-28GitHub
30
1
Low Cost
aserper icon

jellyseerr-mcp

by aserper

Sec4

Provides an MCP (Model Context Protocol) interface for LLM clients to interact with Jellyseerr, enabling media search and request functionality.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires a running Jellyseerr instance with an API key.
  • ⚠️Requires `JELLYSEERR_URL` and `JELLYSEERR_API_KEY` environment variables.
Review RequiredView Analysis
The presence of the `get-pip.py` file, which is largely obfuscated (using base85 encoding) and performs complex system-level operations (like monkeypatching pip internals), significantly raises security concerns. While it might be the official get-pip script, its direct inclusion and obfuscation within the project's source code make it difficult to audit and introduces a large, opaque attack surface. Additionally, the `raw_request` tool allows LLMs to perform arbitrary HTTP methods (GET, POST, PUT, DELETE) against any endpoint of the configured Jellyseerr API, which could be abused to trigger unintended actions or retrieve sensitive data if the LLM client is compromised or poorly constrained.
Updated: 2025-12-12GitHub
30
1
Low Cost
AojdevStudio icon

simple-memory-mcp

by AojdevStudio

Sec9

This server provides persistent AI memory and knowledge graph storage, enabling AI assistants to maintain context across sessions and integrate with tools like Obsidian for visualization.

Setup Requirements

  • ⚠️Node.js v18+ is required to run the server.
  • ⚠️Requires write permissions to the configured MEMORY_PATH (default: ~/.cursor/memory.json) for persistent storage.
  • ⚠️For full utility, an MCP-compatible AI client (e.g., Claude Desktop, Cursor IDE) is necessary.
Verified SafeView Analysis
The server is designed for local, user-permissioned operation, primarily using file system operations (read/write JSON) for persistence. It includes JSON schema validation for MCP tool inputs. The `SECURITY.md` file indicates a strong awareness of best practices, emphasizing private disclosure for vulnerabilities, and warning against exposing the server over a network due to lack of built-in authentication. There are no obvious malicious patterns or dynamic code execution from untrusted input (like `eval`). Risks primarily involve file system permissions for the configured memory and Obsidian vault paths, and the absence of data encryption for local storage.
Updated: 2025-12-05GitHub
30
1
Low Cost
bwalheim1205 icon

aws-mcp-gateway

by bwalheim1205

Sec8

Exposes AWS Lambda functions as MCP-compatible tools, allowing them to be discovered, listed, and invoked programmatically via an HTTP gateway.

Setup Requirements

  • ⚠️Requires Go 1.21 or higher if running as an executable.
  • ⚠️Requires an AWS account with configured Lambda functions to expose.
  • ⚠️Requires AWS credentials (via IAM role or environment variables) for Lambda invocation.
  • ⚠️Requires a YAML configuration file (`tools.yaml`) detailing the Lambda functions to expose as MCP tools.
Verified SafeView Analysis
Relies on standard AWS SDK credential chain (IAM roles, environment variables) for Lambda authentication. Input payload is passed directly to Lambda functions; the security of the invoked Lambda function is paramount. No hardcoded secrets or obvious malicious patterns found in the gateway's source code. The server can be configured to run over SSE or Stream mode, and the exposed port (default 8080) should be properly secured in deployment.
Updated: 2026-01-16GitHub
PreviousPage 205 of 713Next