Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
Sec8

A server that interacts with GitHub's API to automate tasks like updating comments, managing pull requests, and manipulating files.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token with appropriate permissions.
  • ⚠️Requires Go 1.21 or higher for building from source, or Docker for running via image.
Verified SafeView Analysis
The code relies on a GITHUB_TOKEN for authentication, which should be handled securely. It doesn't appear to use dangerous functions like 'eval'. Network risks are primarily related to the GitHub API itself. No hardcoded secrets found. The use of go-github library is standard for interacting with the GitHub API.
Updated: 2025-11-22GitHub
30
1
High Cost
ArnoChenFx icon
Sec9

Integrates Perplexity AI's advanced search capabilities as a standardized tool using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Bun runtime for development and execution (though built output can run with Node.js).
  • ⚠️Requires a Perplexity AI API Key, which is for a paid service.
  • ⚠️The PERPLEXITY_API_KEY environment variable must be set for the server to function.
Verified SafeView Analysis
The server correctly handles the Perplexity API key by reading it from environment variables, preventing hardcoding. It uses the official Perplexity AI SDK, reducing direct network risk. No 'eval' or other highly dangerous functions are present. Input parameters are validated using Zod, enhancing robustness against malformed requests. The code is straightforward and does not contain obvious malicious patterns.
Updated: 2026-01-11GitHub
30
1
Low Cost
daxian-dbw icon

MCPServerPS

by daxian-dbw

Sec7

Creates a PowerShell module that serves as a Model Context Protocol (MCP) server, dynamically exposing tools defined in C# code, PowerShell scripts, or PowerShell modules.

Setup Requirements

  • ⚠️Requires PowerShell (pwsh.exe) to be installed and available in the PATH.
  • ⚠️The MCPServerPS module must be deployed to a PowerShell module path or invoked directly by its full path.
Verified SafeView Analysis
The server is designed to execute dynamically loaded PowerShell scripts and modules. While the core project does not show obvious direct vulnerabilities, the security relies heavily on the administrator ensuring that the '-ScriptRoot' or '-Module' parameters point to trusted and secure scripts/modules. Malicious scripts or modules, if loaded, could lead to arbitrary code execution with the server's privileges. The use of dedicated Runspaces for script tools enhances isolation between tools but not from a malicious tool itself. No 'eval' or hardcoded secrets were identified in the provided code snippets for runtime operation.
Updated: 2026-01-17GitHub
30
1
Medium Cost
ManuelVR461 icon

mysql-mcp-universal

by ManuelVR461

Sec6

Facilitate natural language interaction with MySQL and PostgreSQL databases via GitHub Copilot for CRUD and advanced operations.

Setup Requirements

  • ⚠️Requires Python 3.10+ and either MySQL 8.0+ or PostgreSQL 12+.
  • ⚠️A GitHub Copilot subscription is necessary for its intended use with natural language interaction.
  • ⚠️Manual editing of 'config/settings.json' is required for database credentials, and the absolute path to the 'run_server.bat' (or equivalent Linux/Mac command) must be manually configured in VS Code's user 'settings.json' for the MCP server.
Verified SafeView Analysis
The server uses prepared statements for all SQL queries to prevent SQL injection. Destructive operations (e.g., mass delete) require explicit confirmation, and mass updates/deletes require a WHERE clause. However, built-in encryption of database credentials in 'config/settings.json' is marked as 'PENDIENTE' (pending), meaning passwords are stored in plaintext. 'Auditoría de operaciones críticas' (Auditing of critical operations) is also pending. Users are strongly warned not to share 'config/settings.json' and to use environment variables for production. No obfuscation or obvious malicious patterns were found.
Updated: 2025-12-05GitHub
30
1
Medium Cost
s1community icon

mcp-hyperautomation

by s1community

Sec8

The Hyperautomation MCP Server bridges LLM clients and HyperAutomation workflows to enable dynamic security orchestration and incident response through natural language interactions.

Setup Requirements

  • ⚠️Requires Google Cloud Project and BigQuery setup (potentially incurring costs, though BigQuery has a free tier).
  • ⚠️Requires service account JSON credentials file for Google Cloud, configured with appropriate BigQuery permissions.
  • ⚠️Requires a separate HyperAutomation platform (e.g., SentinelOne's platform for HyperAutomation workflows) with webhooks configured for each agent, which are external to this repository.
  • ⚠️Python 3.8+ and `uvicorn` (for SSE transport) are required dependencies.
Verified SafeView Analysis
The server's core logic (`server.py`) primarily acts as a proxy, sending requests to external HyperAutomation (HA) agent webhooks and polling Google BigQuery for results. Direct `eval` or `exec` vulnerabilities are not apparent within `server.py`. Input validation at the HA workflow level (checking `action`, `input`, `req_id` types) provides a basic layer of defense. However, the overall security highly depends on: 1. The secure configuration and trustworthiness of the external HyperAutomation platform where agents are deployed. 2. The security of the Google Cloud Platform project and service account credentials used for BigQuery access. 3. Proper handling of user-provided PQL queries to prevent injection if the HA platform doesn't adequately sanitize inputs, though the LLM is instructed on escaping backslashes. 4. Misconfiguration of webhook endpoints could lead to sensitive data exposure or unauthorized actions. Hardcoded BigQuery project/dataset/table IDs in agent JSONs could be a minor concern for flexibility but are overridden by environment variables in the Python server's `google_big_query_client.py`.
Updated: 2025-12-02GitHub
30
2
Medium Cost
Digital-Defiance icon

mcp-screenshot

by Digital-Defiance

Sec7

Provides cross-platform screenshot capabilities for AI agents, including full screen, window, and region capture, with built-in PII masking and security controls.

Setup Requirements

  • ⚠️Requires platform-specific binaries for screen capture (e.g., ImageMagick/grim on Linux, native screencapture on macOS, PowerShell on Windows/WSL) to be installed and accessible.
  • ⚠️PII masking relies on Tesseract OCR, which requires Tesseract to be installed and `TESSDATA_PREFIX` correctly configured.
  • ⚠️Running in headless environments (e.g., some CI/CD setups) may prevent successful screen/window capture due to the lack of a display server.
  • ⚠️Docker deployment might conditionally expose VNC port 5900 if `ENABLE_VNC=true` for debugging, which is a network security consideration.
Verified SafeView Analysis
The server uses `child_process.exec` to run platform-specific commands (e.g., `screencapture` on macOS, `import`/`grim` on Linux, `powershell.exe` on Windows/WSL) for screen and window capture. While necessary for its functionality, direct execution of external commands introduces an inherent risk of command injection if input is not meticulously sanitized. The `SecurityManager` implements robust path validation to prevent unauthorized file access and path traversal for save operations, and it includes rate limiting. The PowerShell scripts for Windows/WSL engines attempt to escape special characters, mitigating some injection vectors. Docker deployment includes `no-new-privileges` and non-root execution, which are good practices. However, the conditional `ENABLE_VNC` flag exposes port 5900, which can be a network risk if enabled in production. Overall, while conscious security efforts are made, the reliance on external command execution for core functionality means a moderate inherent risk.
Updated: 2026-01-07GitHub
30
1
High Cost
AzizMarashly icon

imap-readonly-mcp

by AzizMarashly

Sec9

Exposes read-only access to email mailboxes (IMAP, POP3, Microsoft Graph) via Model Context Protocol for AI agents.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️A YAML configuration file (e.g., `config/accounts.yaml`) specifying mailbox details is mandatory.
  • ⚠️Microsoft Graph accounts require OAuth configuration (client ID, client secret, authority) and optional dependencies (`msal`, `requests`).
Verified SafeView Analysis
The server is designed for read-only operations, minimizing potential for mutation. It uses Pydantic's `SecretStr` for sensitive credentials (passwords, client secrets) which is a good practice. OAuth token acquisition for Microsoft Graph is handled via `msal`. Input validation is present for tools. The SQLite cache is managed internally without exposing direct user control over file paths, and cursor decoding handles potential `ValueError` and `JSONDecodeError`. No `eval` or `exec` found. HTML to text conversion uses regex, which can sometimes be a vector, but appears to be for content stripping rather than arbitrary code execution. Overall, appears robust for its stated read-only purpose.
Updated: 2025-11-27GitHub
30
1
High Cost
Vertiiii icon

blender-mcp

by Vertiiii

Sec2

This server connects Blender, a 3D modeling software, with Claude AI via the Model Context Protocol (MCP) to provide intelligent assistance for 3D modeling tasks.

Setup Requirements

  • ⚠️Requires Blender 3.0 or newer to be installed locally.
  • ⚠️The BlenderMCP server (`blender-mcp` Python package) needs to be running, and a separate Blender Addon (which acts as a socket server) must be installed and enabled within Blender to establish communication.
  • ⚠️API Keys for third-party services (PolyHaven, Sketchfab, Hyper3D) are required for full functionality; some may be paid or require registration.
Review RequiredView Analysis
CRITICAL: The `execute_blender_code` function in `addon.py` uses `exec(code, namespace)` to execute arbitrary Python code provided by the AI. While the execution is within a Blender-specific namespace, an external AI, if unconstrained or compromised, can execute any Python code with Blender's privileges, leading to potential file system manipulation, network access, or other malicious actions on the user's system. This is a severe security risk. Additionally, a free trial API key for Hyper3D is hardcoded in `addon.py`, which is a security vulnerability as it could be abused. API keys for PolyHaven, Hyper3D, and Sketchfab are stored unencrypted in Blender's scene properties.
Updated: 2026-01-19GitHub
30
1
High Cost
loda-lang icon

loda-mcp

by loda-lang

Sec9

Provides a Model Context Protocol (MCP) interface to the LODA Language API, enabling AI models to interact with LODA programs and integer sequences from the On-Line Encyclopedia of Integer Sequences (OEIS).

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher and npm 8.0.0 or higher.
  • ⚠️Relies on an external LODA API (default: https://api.loda-lang.org/v2) for all core functionality, meaning it's not a standalone local LODA interpreter or database.
Verified SafeView Analysis
The server primarily acts as a proxy, forwarding requests to an external LODA API endpoint. The tool named `eval_program` does not execute arbitrary code locally on the MCP server; instead, it sends the LODA program code to the remote API for evaluation. Input parameters for tools are validated (e.g., ID format, limits). The `LODA_API_BASE_URL` can be overridden, but defaults to a secure `https` endpoint. No hardcoded secrets were found. The primary security risk would involve the trustworthiness of the external LODA API itself or a misconfigured `LODA_API_BASE_URL` pointing to a malicious server.
Updated: 2026-01-18GitHub
30
1
Low Cost
AkerBP icon

mcp-registry

by AkerBP

Sec9

Provides a centralized API for applications like VS Code with GitHub Copilot to discover and access Model Context Protocol (MCP) servers within the AkerBP organization.

Setup Requirements

  • ⚠️Python 3.11+ is required for local execution.
  • ⚠️Dependencies must be installed via pip (requirements.txt).
  • ⚠️Docker/Docker Compose is required for containerized deployment.
Verified SafeView Analysis
The server is a simple Flask application that serves hardcoded data from an in-memory list. Input parameters (limit, cursor) are handled safely with type conversions (int, str). There are no obvious code injection vulnerabilities like 'eval' or direct shell commands. No hardcoded sensitive secrets are visible in the provided code. CORS is explicitly enabled for all origins ('*') which is acceptable for a public read-only registry service, but it means any domain can query it. Overall, the attack surface is minimal.
Updated: 2025-12-04GitHub
30
5
High Cost
finmap-org icon

mcp-server

by finmap-org

Sec9

The Finmap MCP Server provides comprehensive historical financial market data for various stock exchanges, offering tools to list exchanges, sectors, tickers, retrieve market overviews, stock data, and company profiles.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher to run locally.
  • ⚠️Data for some exchanges (US, LSE, HKEX) is noted as 'availableSince' dates in the future within the provided metadata.
  • ⚠️Financial data is typically only available for weekdays (Monday to Friday).
Verified SafeView Analysis
The server uses Zod for robust input validation, preventing common injection vulnerabilities. It fetches data from hardcoded, trusted GitHub raw content URLs (finmap-org repositories), reducing the risk of malicious external data sources. No 'eval' or direct command execution of user-supplied input was found. Cross-Origin Resource Sharing (CORS) is configured with 'Access-Control-Allow-Origin: *', which is standard for public APIs but allows requests from any domain. No sensitive hardcoded secrets were identified in the provided source code.
Updated: 2025-11-19GitHub
30
1
Medium Cost
lhabacuc icon

MCP-server

by lhabacuc

Sec2

An AI-powered DevOps and PC automation agent that interprets natural language commands to interact with the local filesystem, terminal, Git, and desktop environment via a web interface or command-line.

Setup Requirements

  • ⚠️Requires GROQ_API_KEY (paid service) to be configured as an environment variable.
  • ⚠️Python 3.8 or higher is required.
  • ⚠️PyAutoGUI functionalities (desktop automation, screenshots) require a graphical display environment and potentially additional system dependencies (e.g., `scrot` on Linux) to be fully functional.
Review RequiredView Analysis
CRITICAL RISK: The agent provides tools (e.g., `run_command` with `shell=True`, file manipulation, desktop automation via `pyautogui`) that allow the AI to execute arbitrary shell commands and control the user's PC without explicit human confirmation for each action. This is a severe vulnerability for remote code execution, data manipulation, and privacy breaches if the AI misinterprets instructions, its prompts are manipulated, or the web server is exposed externally without robust authentication.
Updated: 2026-01-17GitHub
PreviousPage 209 of 713Next