Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Medium Cost
ChistokhinSV icon

gns3-mcp

by ChistokhinSV

Sec5

A FastAPI service that acts as a Model Context Protocol (MCP) server for GNS3, enabling AI agents to automate network lab creation, configuration, and troubleshooting through SSH, console, TFTP, and HTTP proxy functionalities.

Setup Requirements

  • ⚠️Requires GNS3 server instance to be running and accessible.
  • ⚠️Requires Docker for deploying the SSH proxy service, which is a core component.
  • ⚠️For Windows service installation, requires 'uv/uvx' and 'WinSW', along with administrator privileges to set environment variables and install the service.
  • ⚠️PNG diagram export requires the 'cairosvg' library, which is an optional dependency.
Review RequiredView Analysis
The system utilizes an SSH proxy service that exposes a `/local/execute` endpoint, allowing arbitrary commands to be run via `subprocess.run(shell=True)` without explicit input sanitization. This is a critical remote code execution vulnerability if the proxy is exposed or compromised. Although intended for local execution within a Docker container, this pattern introduces significant risk. API key authentication is implemented for HTTP transport, but if `MCP_API_KEY` is not set, it's auto-generated and logged, which could expose it if logs are accessible. The `verify_ssl=False` option for GNS3 connections, while practical for self-signed certificates in labs, reduces overall security by disabling certificate validation.
Updated: 2025-11-30GitHub
30
1
Medium Cost
wuye-ai icon
Sec7

Provides a Model Context Protocol (MCP) server that acts as an intelligent AI assistant for the property management industry, offering daily news and a specialized knowledge base.

Setup Requirements

  • ⚠️Requires a CRIC Wuye AI Access Token for functionality (obtained via their website).
  • ⚠️Requires Node.js (v16.0.0+) and npm (v8.0.0+) to run locally.
  • ⚠️Requires an MCP-compatible client (e.g., MCP Inspector, Cline) to interact with the server.
Verified SafeView Analysis
Based on the provided truncated source code (primarily READMEs and configuration files), there are no immediately apparent hardcoded secrets or malicious patterns. The server utilizes environment variables or HTTP headers for Access Token management, which is good practice. However, a full security audit of the `index.js` implementation code is not possible due to its summary status, so potential vulnerabilities within the core logic cannot be assessed.
Updated: 2026-01-19GitHub
30
1
Medium Cost
grokify icon

aha-mcp-server

by grokify

Sec9

This server enables AI assistants to retrieve and search various Aha! workspace data objects by exposing them as tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an Aha! workspace with API access.
  • ⚠️Requires a generated Aha! API token.
  • ⚠️Requires Go 1.24.1 or later to build/run from source.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (AHA_API_TOKEN, AHA_DOMAIN), which is a good security practice. API interactions are conducted over HTTPS. The GraphQL search tool uses parameterized queries to mitigate injection risks. No obvious use of 'eval' or other highly dangerous dynamic code execution patterns were found.
Updated: 2026-01-13GitHub
30
1
Medium Cost
Ignaceassuring178 icon

ai-local-agents

by Ignaceassuring178

Sec8

Provides various local AI agents for voice interaction, basic chat, web scraping, and PDF document summarization and Q&A using Ollama LLMs and Streamlit UIs.

Setup Requirements

  • ⚠️Requires a local Ollama server running with the desired LLM (e.g., 'phi', 'llama3') downloaded.
  • ⚠️Requires microphone access and potentially additional system packages (e.g., 'espeak' on Linux) for the voice assistant.
Verified SafeView Analysis
The code primarily uses well-established libraries (requests, BeautifulSoup, PyPDF2, LangChain, Streamlit) for parsing and data handling, reducing the risk of direct command injection. There are no explicit uses of 'eval()' or 'exec()', nor hardcoded API keys/secrets for external services. However, several components process arbitrary user-provided URLs (web scraper) or uploaded PDF files (PDF bot) and pass this content to a local LLM. This introduces a potential, albeit mitigated, risk of prompt injection or resource exhaustion if very large or malicious content is fed to the LLM or if the scraping/parsing process encounters malformed inputs. Content limits (e.g., '[:2000]', '[:3000]', '[:5000]') are in place to mitigate large input issues. The 'speech_recognition' library by default uses Google's speech recognition API, which sends audio data externally; users concerned about privacy should configure a local STT engine or be aware of this. Given that LLMs are run locally (Ollama), the direct network exposure is minimized. The primary risks are more at the application logic level (LLM interaction, potentially malformed input handling) rather than critical code execution vulnerabilities.
Updated: 2026-01-19GitHub
30
1
Medium Cost
Knuckles-Team icon

documentdb-mcp

by Knuckles-Team

Sec5

Provides an LLM-powered agent and tools for managing and querying DocumentDB (MongoDB-compatible) instances, including CRUD operations, collection, and user management.

Setup Requirements

  • ⚠️Requires an external DocumentDB (or MongoDB) instance, or can use the provided `ghcr.io/microsoft/documentdb/documentdb-local:latest` Docker image.
  • ⚠️Requires access to an LLM provider (e.g., OpenAI API Key, Anthropic API Key, or a local Ollama setup). Defaults to OpenAI with `http://localhost:1234/v1` and API key 'llama' for local testing.
  • ⚠️Docker and Docker Compose are the primary intended deployment methods, simplifying the setup of multiple interdependent services.
Review RequiredView Analysis
The `run_command` tool (`documentdb_mcp.py`) allows executing arbitrary commands directly against the DocumentDB instance, posing a significant security risk if an LLM agent is compromised or misbehaves. The `pickle.load` function is used in `utils.py` for model loading, which can lead to remote code execution if untrusted `.pkl` files are processed. Binding services to `0.0.0.0` in Docker Compose is common but requires careful external firewall configuration to prevent unintended network exposure. While authentication mechanisms like JWT/OIDC are supported, they do not mitigate the inherent danger of the `run_command` tool if an authenticated entity uses it maliciously.
Updated: 2026-01-19GitHub
30
1
High Cost
alexchilton icon
Sec3

Manages a Calibre ebook library and enriches metadata by exposing various tools and capabilities to AI models like Claude Desktop.

Setup Requirements

  • ⚠️Requires Calibre ebook management software installed with CLI tools (`calibredb`, `ebook-meta`) accessible in system PATH (e.g., `/Applications/calibre.app/Contents/MacOS/`).
  • ⚠️Requires `CALIBRE_LIBRARY_PATH` environment variable to be correctly configured for the user's Calibre library (e.g., `/Users/YOUR_USERNAME/Calibre Library`).
  • ⚠️First run will download large machine learning models (~350MB combined for semantic search and genre classification), requiring internet access and disk space. This can cause initial delays.
Review RequiredView Analysis
Extensive use of `subprocess.run` to interact with `calibredb` and `ebook-meta` CLI tools. Several tool parameters (e.g., `search_term`, `query`, `file_path`, `title`, `authors`, `isbn` in `calibre_tools/cli_wrapper.py`) are passed directly from user input without explicit sanitization, posing a risk of command injection, which could lead to arbitrary code execution or data manipulation if the underlying Calibre CLI tools are vulnerable to such input. The `calibre_sql` tool executes arbitrary SQL queries (though in read-only mode), which could lead to information disclosure of database schema or denial-of-service via resource-intensive queries. No obvious hardcoded secrets were found. Consider implementing `shlex.quote` for all user-provided arguments passed to subprocess calls.
Updated: 2025-12-05GitHub
30
1
Medium Cost
airy10 icon

GedcomMCP

by airy10

Sec5

A robust MCP server for AI agents to create, edit, and query genealogical data from GEDCOM files.

Setup Requirements

  • ⚠️Requires local file system read/write permissions for GEDCOM files, which could pose a security risk if not run in a sandboxed environment.
  • ⚠️Optimal usage assumes interaction via `fastmcp`, `qwen-cli`, or `gemini-cli` tools.
  • ⚠️Requires `fuzzywuzzy` and `python-levenshtein` for fuzzy search functionality; the server will issue a warning if these are not installed, and fuzzy search will be unavailable.
Verified SafeView Analysis
The server allows loading and saving GEDCOM files to arbitrary paths on the local file system specified by the user. While `validate_gedcom_path` checks for a `.ged` extension and file/directory existence, it uses `Path(file_path).resolve()`, which does not sandbox access to a specific safe directory. This means a malicious actor (or an overzealous AI agent) could instruct the server to read or write any `.ged` file accessible by the server process's user permissions, potentially leading to unauthorized data access or modification outside the intended project directory if the server is not run in a strictly contained environment (e.g., a Docker container with restricted volume mounts, or as a low-privilege user). No hardcoded secrets or 'eval' statements were found.
Updated: 2025-11-27GitHub
30
1
Medium Cost
kiransth77 icon

aionmcp

by kiransth77

Sec3

AionMCP serves as a model-independent tool server for AI agents and LLMs, dynamically importing OpenAPI, GraphQL, and AsyncAPI specifications to expose them as executable tools. It includes self-learning capabilities, autonomous documentation, and real-time monitoring.

Setup Requirements

  • ⚠️Requires Go 1.21+ development environment for building and running directly.
  • ⚠️No built-in authentication/authorization for the API by default, making it insecure for public exposure.
  • ⚠️Requires Docker/Docker Compose for containerized setup, or manual Go build and execution.
Review RequiredView Analysis
CRITICAL: The core server's API endpoints (e.g., /api/v1/import-spec, /api/v1/tools/:name/invoke) appear to lack authentication and authorization by default. This allows any client to import specifications and execute tools, posing a significant security risk if exposed to untrusted networks. Future enhancements mention JWT-based agent authentication, but it's not currently implemented. The `import-spec` API also allows specifying local file paths or arbitrary URLs, which could lead to path traversal or Server-Side Request Forgery (SSRF) vulnerabilities if not properly sanitized. Running in a production or untrusted environment without an external API gateway, strong firewall rules, and robust authentication is highly insecure.
Updated: 2025-11-30GitHub
30
1
Medium Cost
JesusMaster icon

github-see-mcp-server

by JesusMaster

Sec6

Integrate GitHub API functionalities (Issues, Pull Requests, Repositories) into a Model Context Protocol (MCP) server using Server-Sent Events (SSE) for AI agent interaction.

Setup Requirements

  • ⚠️Requires Node.js v16 or higher.
  • ⚠️Requires a GitHub Personal Access Token, which needs to be generated and configured in a `.env` file.
  • ⚠️Default CORS policy (`origin: "*"`) is insecure for production environments and should be explicitly configured via `CORS_ALLOW_ORIGIN` environment variable.
Verified SafeView Analysis
The server uses environment variables for sensitive data like GITHUB_TOKEN and API_KEY, which is good practice. Input sanitization is implemented using DOMPurify for potentially user-generated content, mitigating some injection risks. However, CORS is configured with `origin: "*"` by default (`app.use(cors({ origin: "*" }))`), which poses a significant security risk by allowing any domain to interact with the server. For production, `CORS_ALLOW_ORIGIN` should be explicitly set to restrict access. Additionally, the GitHub Personal Access Token is expected to be passed from the client (`mcp-remote`) in a `GITHUB_TOKEN` header, meaning the server acts as a proxy for the client's token. This design shifts the responsibility of token security and scope management to the client and upstream agent, rather than the MCP server enforcing granular access with a server-side token. While common in some proxy patterns, it implies a higher trust in the client, and `API_KEY`'s role in client authentication is not clearly demonstrated in the provided code snippet.
Updated: 2025-12-02GitHub
30
1
Medium Cost
ExpertVagabond icon

solana-mcp-server

by ExpertVagabond

Sec4

This server provides a Model Context Protocol (MCP) interface for comprehensive Solana blockchain interactions, including wallet management, transaction handling, and SPL token operations.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Wallets and private keys are stored only in volatile memory and are not persisted; this setup is not suitable for production use or managing real funds, as keys will be lost on server restart.
Review RequiredView Analysis
Private keys for created and imported wallets are stored exclusively in volatile memory (`wallets` Map) and are not persisted. This is explicitly noted by the developer as 'not for production' and poses a critical risk if the server process is compromised or restarted, leading to permanent loss or exposure of funds. While there are no obvious malicious patterns, `eval` usage, or hardcoded sensitive credentials, the fundamental approach to key management makes it unsafe for handling real funds in a persistent or production environment.
Updated: 2025-12-15GitHub
30
1
Medium Cost
michael-trullion icon

mcp-servers

by michael-trullion

Sec8

This server integrates Redash with Cursor IDE to enable AI-powered management and interaction with Redash queries, dashboards, and visualizations for data analysis and reporting.

Setup Requirements

  • ⚠️REDASH_URL and REDASH_API_KEY environment variables are strictly required for the Redash server (throws error if missing).
  • ⚠️PostgreSQL credentials (POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD) are required for non-demo mode operations; otherwise, the PostgreSQL server runs with mock data.
  • ⚠️The 'kubectl' CLI tool must be installed and configured on the host for the Kubernetes server to function, as it uses child_process.spawn('kubectl').
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (e.g., REDASH_URL, REDASH_API_KEY, PostgreSQL credentials, Kubeconfig), which is good practice. There are no obvious code obfuscation or direct 'eval' patterns. However, several tools (e.g., Redash's `create_query`, `execute_query`, PostgreSQL's `mcp__execute_query`, Kubernetes' `exec_in_pod`) allow the execution of arbitrary SQL queries or shell commands. While this is an intended feature for an agent-based system and relies on the security of the underlying APIs (Redash, Postgres, Kubernetes) to prevent direct injection, it grants high privileges to the calling agent/LLM. Misuse by an untrusted or unconstrained agent could lead to data exposure or unauthorized operations.
Updated: 2025-12-09GitHub
30
1
Medium Cost
SameerShrivastava-SF icon

Salesforce-MCP-Server

by SameerShrivastava-SF

Sec9

Transforms Claude Desktop into a powerful Salesforce IDE for development, metadata management, SOQL execution, multi-org operations, and automation through natural language commands.

Setup Requirements

  • ⚠️Requires Claude Desktop (specific desktop application).
  • ⚠️Requires careful configuration of `claude_desktop_config.json` with absolute paths, which can be error-prone.
  • ⚠️Salesforce org setup: OAuth login requires browser interaction; username/password login needs security token if IP is not trusted. Local OAuth callback server uses port 1717, which might conflict with other services (though the server attempts to free the port).
Verified SafeView Analysis
The project demonstrates strong security awareness, particularly with explicit input validation for SOQL queries (`validate_soql_query`) and API names. Network requests to Salesforce use `requests` and `simple_salesforce`, which are standard and secure. The OAuth callback server runs locally and attempts to free ports using `psutil.Process.terminate()`, which is a powerful operation, but seems contained to managing its own local environment. No direct `eval` or unvalidated `os.system` calls are apparent. No obvious hardcoded secrets other than the Salesforce `PlatformCLI` client ID, which is public.
Updated: 2025-12-10GitHub
PreviousPage 210 of 713Next