Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
thepwagner icon

urfave-cli-mcp

by thepwagner

Sec9

Reuses existing urfave/cli applications as Model Context Protocol (MCP) servers, allowing them to be invoked as tools by MCP clients.

Setup Requirements

  • ⚠️The underlying `urfave/cli` application must print its intended results to `stdout` for the MCP client to receive them.
  • ⚠️Requires a Go runtime environment to compile and run the application.
Verified SafeView Analysis
The server executes `os.Args[0]` (the current executable) with arguments derived from MCP tool calls. This design mitigates direct command injection as it avoids shell execution. The primary risk would be vulnerabilities present in the wrapped `urfave/cli` application itself. The library includes a safeguard against invoking the 'mcp' command recursively.
Updated: 2026-01-18GitHub
30
1
High Cost
ismaeldosil icon

finashopping-mcp

by ismaeldosil

Sec9

This MCP server enables Claude Desktop to search, compare, and calculate information about Uruguayan financial products like loans, credit cards, and insurance, and provides financial guidance.

Setup Requirements

  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Requires `FINASHOPPING_SERVICE_USERNAME` and `FINASHOPPING_SERVICE_PASSWORD` environment variables for backend API authentication. Without these, the server will not function.
  • ⚠️Intended for use with Claude Desktop and the Model Context Protocol (MCP).
Verified SafeView Analysis
The server's code is clear TypeScript and does not show signs of obfuscation or direct use of dangerous functions like `eval`. It connects to a backend API using `axios`, handling JWT authentication with automatic token refresh. Crucially, it relies on `FINASHOPPING_SERVICE_USERNAME` and `FINASHOPPING_SERVICE_PASSWORD` environment variables for backend authentication, which is a good practice to avoid hardcoding credentials. Error handling for network issues is present. The primary security consideration for the user is ensuring these environment variables are securely managed.
Updated: 2026-01-11GitHub
30
1
Low Cost
mmorris35 icon

devplan-mcp-server

by mmorris35

Sec8

Generate detailed, Haiku-executable development plans and specialized AI agents for Claude Code, incorporating lessons learned and issue remediation workflows.

Setup Requirements

  • ⚠️Requires Cloudflare account and Wrangler CLI for deployment
  • ⚠️Requires Cloudflare KV Namespace binding (`DEVPLAN_KV`)
  • ⚠️Requires Cloudflare Durable Object Namespace binding (`MCP_OBJECT`)
  • ⚠️Authentication is disabled by default; must set `AUTH_ENABLED = "true"` in `wrangler.toml` and manage API keys for production use
Verified SafeView Analysis
The server includes authentication (API key validation, rate limiting) which is good, but `AUTH_ENABLED` defaults to `false` in `wrangler.toml`, meaning it's open-access unless explicitly configured. The `createApiKey` admin function is not exposed as a public endpoint, mitigating a potential risk. IP addresses are hashed for privacy-preserving usage tracking. Cloudflare bot detection is used for MCP endpoints. Overall, robust security features are available, but deployment requires careful configuration of the `AUTH_ENABLED` variable.
Updated: 2026-01-19GitHub
30
1
High Cost
PyJudge icon

pdf4vllm-mcp

by PyJudge

Sec8

PDF content extraction and search, optimized for messy documents and vision language models (LLMs), with features for text corruption detection, reading order preservation, and token management.

Setup Requirements

  • ⚠️The `grep_pdf` tool requires the external `pdfgrep` system utility to be installed (e.g., `brew install pdfgrep` on macOS or `apt install pdfgrep` on Ubuntu).
  • ⚠️Requires Python 3.10+.
  • ⚠️The `read_pdf` tool, especially in `auto` or `image_only` mode when extracting images, can generate very high token counts due to base64 encoding of image data, potentially leading to increased LLM costs and context window limitations. Configuration options are available to manage this.
Verified SafeView Analysis
The server uses `subprocess.run` to execute the external `pdfgrep` utility for the `grep_pdf` tool. While arguments are passed as a list to prevent shell injection, the `pattern` argument is interpreted as a regex by `pdfgrep` by default, which could theoretically be exploited for a ReDoS (Regular Expression Denial of Service) attack. This risk is partially mitigated by a 60-second timeout and a `max_count` limit for matches. Path traversal risks for file access are explicitly addressed and mitigated by the `validate_path_security` function, ensuring all file operations are constrained to the current working directory.
Updated: 2026-01-12GitHub
30
1
Medium Cost
miyamamoto icon

jvlink-mcp-server

by miyamamoto

Sec8

This server allows users to analyze JRA-VAN horse racing data using natural language queries, translating them into SQL for detailed statistical analysis and trend identification.

Setup Requirements

  • ⚠️Requires JRA-VAN DataLab membership (a paid service) to acquire the underlying horse racing data.
  • ⚠️Requires `jrvltsql` (a separate Windows-only tool) to create and maintain the database files.
  • ⚠️Requires Python 3.11 or higher runtime environment.
Verified SafeView Analysis
The server employs robust SQL injection prevention mechanisms, including explicit checks for dangerous keywords (DROP, DELETE, UPDATE, etc.) in `execute_safe_query` and parameter escaping for LIKE clauses. However, the default setup for network access (SSE/HTTP mode) is unauthenticated, as acknowledged in the documentation (`REMOTE_SETUP.md`), which poses a risk if exposed to untrusted networks without additional security measures like authentication and HTTPS/TLS.
Updated: 2025-12-14GitHub
30
4
Low Cost
CrackingShells icon

Hatch

by CrackingShells

Sec2

Hatch is a package manager for Model Context Protocol (MCP) servers, providing environment isolation, multi-type dependency resolution (system, Python, Docker, other Hatch packages), and multi-host deployment to various AI tools and IDEs.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Conda or Mamba recommended for Python environment isolation.
  • ⚠️Docker required for Docker-based dependencies.
  • ⚠️Linux package manager (e.g., `apt`) required for system dependencies; macOS and Windows system package managers not yet supported.
  • ⚠️Development setup requires `pip install -e .` and `npm install`.
Review RequiredView Analysis
Critical security risks identified: 1. **Lack of Package Integrity Verification**: Downloaded packages (Hatch, Python, Docker) are NOT cryptographically verified (no checksums, no signatures). This is explicitly stated in 'Limits and Known Issues' and means malicious packages or compromised registries/networks could lead to arbitrary code execution without detection. 2. **System-Level Code Execution with Elevated Privileges**: The 'System Installer' executes system package manager commands (e.g., `apt`) which can require `sudo`. Combined with the lack of package integrity verification, this presents a severe risk of system compromise if untrusted packages specify malicious system dependencies. 3. **Default Auto-Approval in Non-TTY Environments**: The dependency installation orchestrator automatically approves installation prompts in non-TTY environments. While useful for CI/CD, this automates the execution of unverified code, exacerbating the risk. 4. **Race Conditions for Critical State Files**: 'Limits and Known Issues' notes non-atomic file I/O for `environments.json` and package caches, leading to potential corruption. This can have security implications if state is manipulable. 5. **Supply Chain Risk**: Direct Git URL dependencies for `hatch_validator` and `@artessan-devs/sr-uv-plugin` in `pyproject.toml` introduce additional risk if those repositories are compromised. The project's own documentation clearly states it is 'less suitable for: Production deployments, Multi-tenant systems, High-security environments'.
Updated: 2026-01-06GitHub
30
1
Low Cost
DreamCats icon

mcp-server

by DreamCats

Sec9

A flexible MCP server providing various time-related functionalities, including current time, timestamps, time range processing, timezone conversions, relative time calculations, and comprehensive time information, using the FastMCP framework.

Verified SafeView Analysis
The `super-time` module itself primarily performs time-related calculations and does not appear to involve direct external network calls, complex authentication mechanisms, or access sensitive external resources. No use of `eval` or obvious hardcoded secrets was found within the provided source for this module. Its overall security posture is largely dependent on the underlying `FastMCP` framework and the secure configuration of its deployment environment.
Updated: 2026-01-11GitHub
30
1
Medium Cost
balazhaa icon
Sec9

Provides a load-balanced Tavily Model Context Protocol (MCP) server with multi-API key rotation and failover for enhanced web search, extraction, crawling, and mapping.

Setup Requirements

  • ⚠️Requires a Tavily API Key (paid service) for all operations.
  • ⚠️Docker is the recommended deployment method, though a local Node.js setup is also possible.
  • ⚠️Requires a modern Node.js runtime (>=18.0.0 based on package.json engines and esbuild dependencies).
Verified SafeView Analysis
The source code demonstrates strong security practices including explicit data sanitization and truncation of API responses to prevent content injection and oversized payloads. API keys are correctly managed via environment variables and an internal pool with error tracking and rotation for failover. CORS is set to allow all origins on the SSE endpoint, which is a common configuration for a public-facing API but might require stricter firewall rules depending on deployment context.
Updated: 2026-01-19GitHub
30
1
Low Cost
adityajoshi12 icon

fabric-mcp-server

by adityajoshi12

Sec8

Enables AI assistants to interact with Hyperledger Fabric blockchain networks by exposing a set of blockchain management and interaction tools.

Setup Requirements

  • ⚠️Requires a running Hyperledger Fabric network as an external dependency.
  • ⚠️Requires a valid Hyperledger Fabric connection profile (JSON file) to be accessible.
  • ⚠️Requires an enrolled user identity (certificate + private key) to be configured in a file system wallet, which can be created using the provided `create-wallet` utility script.
Verified SafeView Analysis
The server utilizes official Hyperledger Fabric SDKs and loads all critical configuration (e.g., wallet paths, connection profiles, user IDs) from environment variables, preventing hardcoded secrets. It functions as a bridge, meaning the overall security posture heavily relies on the proper setup and security of the underlying Hyperledger Fabric network and the management of the user identity wallet. The HTTP transport, built with Express, handles basic error responses. While `express-rate-limit` is a dependency of the MCP SDK, no explicit rate limiting or advanced authentication for the `/mcp` endpoint is configured within the provided server code. This implies that the server expects to operate in a controlled environment where the AI assistant's access is implicitly authorized. Chaincode arguments are passed directly, making the security of the smart contracts' input validation critical.
Updated: 2026-01-13GitHub
30
1
Low Cost
Hochfrequenz icon

TransformerBee.mcp

by Hochfrequenz

Sec9

This server acts as a Model Context Protocol (MCP) wrapper for the TransformerBee service, enabling conversion between EDIFACT and BO4E data formats.

Setup Requirements

  • ⚠️Requires a running TransformerBee service, specified via TRANSFORMERBEE_HOST (e.g., http://localhost:5021).
  • ⚠️Python 3.11 or higher is required.
  • ⚠️The `uv` package manager is listed as a dev-dependency, and MCP tooling may assume its presence, potentially leading to minor setup friction.
Verified SafeView Analysis
The code uses environment variables for sensitive information like `TRANSFORMERBEE_CLIENT_ID` and `TRANSFORMERBEE_CLIENT_SECRET`, which is good practice. It also handles exceptions during API calls. There are no direct `eval` calls, obfuscation, or hardcoded secrets in the provided source. The primary security consideration lies with the `transformer.bee` service it connects to, as this MCP server acts as a proxy.
Updated: 2026-01-12GitHub
30
1
High Cost
chrisguillory icon

claude-workspace

by chrisguillory

Sec7

Provides a persistent Python execution environment and browser automation capabilities for Claude Code, enabling stateful computation and web interaction.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires 'uv' tool installed globally, and '~/.local/bin' in PATH
  • ⚠️Selenium MCP (macOS): Requires 'snappy' via Homebrew, and 'Chrome > View > Developer > Allow JavaScript from Apple Events' enabled, may prompt for Keychain access on first run
  • ⚠️Selenium MCP: Chrome/Chromium browser must be installed
Verified SafeView Analysis
The Python Interpreter component inherently executes arbitrary Python code, and the browser automation component can perform sensitive actions and handle authentication data (e.g., cookies, local storage). This is by design, but means the security posture largely depends on the trustworthiness of the code it is instructed to execute and the user's approval of those actions. Explicit warnings are provided about handling exported profile state files as credentials. The 'selenium-browser-automation' component accesses the macOS Keychain and system files for Chrome profiles, requiring elevated trust. `mitmproxy` can be initiated for proxying, which, if misconfigured, could introduce network vulnerabilities.
Updated: 2026-01-18GitHub
30
1
Medium Cost
P-de-Jong icon

codebridge-mcp

by P-de-Jong

Sec7

Transforms VSCode into a multi-instance MCP server, enabling AI assistants to access and interact with the entire development environment across multiple workspaces.

Setup Requirements

  • ⚠️Requires VSCode 1.80.0+
  • ⚠️Requires Node.js 18+
Verified SafeView Analysis
The server operates an HTTP endpoint primarily on `localhost`, which generally limits external attack surface. However, it uses `cors` with `origin: '*'` by default and disables `enableDnsRebindingProtection` explicitly for local development. While noted for development, these settings could pose risks if the server were exposed externally or in certain network configurations. Direct access to VSCode APIs via MCP tools is powerful; security relies on the trustworthiness of the connected AI client and proper client-side authentication/authorization, which is outside the scope of this server's direct implementation.
Updated: 2026-01-19GitHub
PreviousPage 212 of 713Next