Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
ezhuk icon

modbus-mcp

by ezhuk

Sec8

Connects LLM agents to Modbus devices to enable AI-driven workflows in industrial control and building automation systems.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires an OpenAI API Key for running the provided client examples.
  • ⚠️A Modbus TCP/IP device or simulator must be running and accessible for actual Modbus communication.
Verified SafeView Analysis
The server uses `FastMCP` and `pymodbus` to expose Modbus operations. Configuration is handled through environment variables and a `devices.json` file, and authentication can be enabled via `AuthKitProvider`. Input parameters to Modbus functions are type-hinted and converted (e.g., to integers), which reduces common injection risks. There are no obvious direct shell commands, `eval` or `exec` calls in the provided source code. The main security considerations would involve the security of the underlying Modbus network and how the LLM agent is instructed to utilize these control capabilities.
Updated: 2026-01-15GitHub
30
1
Medium Cost
biggy44 icon

mcp-server

by biggy44

Sec9

The server compresses and decompresses JSON data into the ASON format to optimize token usage for Large Language Models (LLMs) and integrate with Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher to run from source.
  • ⚠️Designed to be used with a Model Context Protocol (MCP) compatible client for effective interaction, rather than as a standalone GUI application.
Verified SafeView Analysis
The server explicitly states it does not use 'eval()' or execute code from compressed data, significantly reducing code injection risks. It uses stdio transport, limiting direct network exposure. No hardcoded secrets are visible. A documented security policy acknowledges potential Denial of Service (DoS) from very large or deeply nested JSON inputs, recommending external input validation, which is not directly implemented within the server's tool functions, thus slightly lowering the score from a perfect 10.
Updated: 2026-01-19GitHub
30
1
Low Cost
anudiip93 icon

osa-test-repo

by anudiip93

Sec1

This repository is presented as a simple foundation for software development projects, offering tools for version control and dependency management.

Setup Requirements

  • ⚠️The primary 'gotcha' is the highly suspicious and potentially malicious installation and usage instructions, which repeatedly direct users to download and interact with a single, ambiguously purposed `.zip` file (repo_osa_test_v3.3.zip).
  • ⚠️The instruction `pip install -r https://raw.githubusercontent.com/anudiip93/osa-test-repo/main/uneconomic/repo_osa_test_v3.3.zip` is fundamentally incorrect for installing Python dependencies and poses a significant security risk.
  • ⚠️The project requires Python 3.6 or later, which is mentioned alongside a link to download the suspicious `.zip` file.
Review RequiredView Analysis
The repository's README repeatedly directs users to download a single `.zip` file (repo_osa_test_v3.3.zip) for all core actions, including installation, dependency management (`pip install -r`), and even Python installation. This is highly atypical and suspicious. Using `pip install -r` with a `.zip` file is an incorrect command and likely an attempt to execute arbitrary code or trick users into downloading and running potentially malicious content. All informational links (e.g., GitHub Issues, Support email) also point to this same `.zip` file. There is no actual server source code provided, only the README, which itself contains these problematic instructions. Running any commands or downloading files from this repository is extremely risky.
Updated: 2026-01-19GitHub
30
1
Low Cost
agentic-forge icon

forge-armory

by agentic-forge

Sec3

An MCP (Multi-Modal Communication Protocol) gateway that aggregates tools from multiple backend MCP servers, optimizing responses for LLMs using TOON format.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Assumes PostgreSQL database (default uses localhost:5432, configurable via ARMORY_DATABASE_URL)
  • ⚠️The Admin API is publicly accessible without authentication, posing a critical security risk for any public deployment.
Review RequiredView Analysis
The Admin API (/admin/*) lacks explicit authentication and authorization mechanisms, allowing unauthenticated users to manage backends, refresh tools, and view metrics. Additionally, CORS is configured to allow all origins (allow_origins=['*']), which, in conjunction with the unauthenticated Admin API, poses a significant security risk if the server is exposed publicly. Backend URLs can be configured via this API, meaning a compromised server could be directed to malicious MCP endpoints. It is CRITICAL to implement robust authentication/authorization for the Admin API before production deployment.
Updated: 2026-01-19GitHub
30
1
High Cost
luarss icon

openroad-mcp

by luarss

Sec9

Provides AI assistants with interactive access to OpenROAD chip design and timing analysis tools through a structured API.

Setup Requirements

  • ⚠️Requires OpenROAD installed and available in PATH.
  • ⚠️Requires Python 3.13+.
  • ⚠️Requires the 'uv' package manager for installation and execution.
  • ⚠️OpenROAD-flow-scripts (ORFS) is highly recommended for full functionality, especially for report image tools.
Verified SafeView Analysis
The server implements strong command validation to prevent injection, checking against an allowlist ('openroad' by default) and blocking shell metacharacters and redirection operators. Path traversal attacks are explicitly mitigated using `validate_path_segment` and `validate_safe_path_containment`. Communication primarily uses STDIO, reducing network attack surface. No hardcoded sensitive secrets were found.
Updated: 2026-01-18GitHub
30
2
Medium Cost
tjackiet icon
Sec9

This MCP server enables crypto market analysis using Bitbank public API data, providing analysis tools, technical indicators, and SVG charts for LLMs like Claude to easily interpret and respond to user queries.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run locally.
  • ⚠️Specific configuration steps are needed for Claude Desktop integration (editing `claude_desktop_config.json`).
  • ⚠️On macOS, placing the project in the Desktop folder might cause permission errors (home directory recommended).
Verified SafeView Analysis
The server uses Bitbank's public API, avoiding the need for hardcoded sensitive API keys. It employs `dotenv/config` for environment variable management. SVG generation includes sanitization functions (`sanitizeSvg`) to strip script tags and event handlers, mitigating XSS risks when rendering charts. The optional HTTP server (`src/http.ts`) includes CORS and DNS rebinding protections. No instances of `eval` or obvious obfuscation were found.
Updated: 2026-01-09GitHub
30
1
High Cost
refractionPOINT icon

lc-mcp-server

by refractionPOINT

Sec8

This server bridges AI assistants with the LimaCharlie security platform, enabling natural language interaction for querying telemetry, investigating endpoints, responding to threats, and managing security content.

Setup Requirements

  • ⚠️Requires LimaCharlie API Key (LC_API_KEY) and Organization ID (LC_OID).
  • ⚠️Requires a Google Gemini API Key (GOOGLE_API_KEY) for AI-powered generation tools (can be costly).
  • ⚠️Running in HTTP mode with OAuth requires a Redis instance for state management.
Verified SafeView Analysis
The project demonstrates a strong focus on security, especially for multi-tenant environments. Key strengths include mandatory AES-256-GCM encryption for OAuth tokens (REDIS_ENCRYPTION_KEY), extensive testing for credential isolation and concurrency safety (100% test coverage in internal/auth/), and UID validation. The `lc_call_tool` meta-tool allows dynamic invocation of other tools, but is protected by a meta-tool filter mechanism (allow/deny lists). Powerful operations like direct sensor command execution and payload upload/download are core to the security platform integration, and are inherently high-risk, though file path validation is implemented. A hardcoded Firebase API key is noted, but generally considered low risk for client-side Firebase interaction.
Updated: 2026-01-19GitHub
30
1
Medium Cost
eze-godoy icon
Sec9

Integrates Netherlands Railways (NS) train information (route planning, pricing, real-time departures) into AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an NS API key from apiportal.ns.nl (free to register, but requires subscription to specific APIs).
  • ⚠️Docker Desktop or Docker Engine is required for the Docker installation option.
  • ⚠️Python 3.11 or higher is required for local Python installations (`uv` or `pip`).
Verified SafeView Analysis
The server uses `pydantic-settings` to load the NS API key from environment variables, avoiding hardcoded secrets. It employs robust error handling with `try...except` blocks and logs exceptions internally. Running as a stdio server via Docker means no exposed network ports, reducing the attack surface. Pydantic models are used for input/output validation, enhancing data integrity. Minor information leak in `search_trips` error handling that returns a `traceback` key for unexpected errors, though typically for debugging and not directly user-facing in normal operation.
Updated: 2026-01-19GitHub
30
1
Medium Cost
pacphi icon
Sec9

AI-powered conversational interface for managing restaurant bookings, customers, orders, and feedback through tool invocation.

Setup Requirements

  • ⚠️Requires Java 25 and Maven 3.9.11.
  • ⚠️Requires API keys for chosen LLM provider (OpenAI, Groq, OpenRouter are paid services).
  • ⚠️Requires a running backend service providing the ResOS API and OAuth2 Authorization Server (can be local H2/PostgreSQL backend supplied by the project).
Verified SafeView Analysis
The project implements a robust three-tier OAuth2 security architecture with JWTs for authentication and authorization. It explicitly addresses security concerns like CSRF (disabling it for API endpoints with justification) and uses BCrypt for password hashing. Sensitive information like API keys and secrets are handled via environment variables with sensible development defaults, intended to be overridden in production. The conditional disabling of OAuth2 for STDIO transport is justified for local integration (e.g., Claude Desktop). Overall, a high focus on security best practices is evident, though default secrets in development profiles should always be overridden in production.
Updated: 2026-01-19GitHub
30
1
Medium Cost
MWG-Logan icon

Central-Memory-MCP

by MWG-Logan

Sec6

Provides durable, queryable project memory (entities, relations, observations) for AI assistants via HTTP-exposed Model Context Protocol (MCP) tool endpoints.

Setup Requirements

  • ⚠️Requires .NET 10 SDK and Azure Functions Core Tools v4.
  • ⚠️Requires Azurite for local Azure Table Storage emulation.
  • ⚠️Crucially lacks production-ready authentication and authorization; external exposure without adding these is highly risky as per the documentation.
Review RequiredView Analysis
The server is explicitly described as an 'alpha' implementation for 'trusted environments'. It currently lacks authentication (e.g., Azure AD) and authorization for its HTTP endpoints, relying on Azure Functions system-level authorization for webhooks. Secrets (AzureWebJobsStorage connection strings) are managed via environment variables, with future plans for Key Vault/Managed Identity. Input validation is present but not exhaustive across all edge cases. It is critical to add robust authentication and authorization before exposing this server externally in a production environment.
Updated: 2025-11-26GitHub
30
2
Low Cost
shams858 icon
Sec4

AI agent that generates and executes Python code to interact with Airtable using the Model Context Protocol (MCP) pattern for automation.

Setup Requirements

  • ⚠️Requires a separate 'Airtable MCP server' to be running at http://localhost:8000/mcp (or specified URL), which is not part of this repository.
  • ⚠️Requires an Anthropic API Key, which is a paid service.
Review RequiredView Analysis
The system executes Python code generated by an LLM in a subprocess. While there's a `validate_code` function attempting to blacklist dangerous imports (`os`, `subprocess`, `sys`, `eval`, `exec`, `open`, etc.) using AST parsing, blacklisting can be bypassed by sufficiently motivated attackers or through clever LLM prompt engineering. The execution environment is the same Python interpreter and current working directory, which is not a true isolated sandbox (e.g., containerized). This poses a significant risk if malicious code is generated, potentially leading to arbitrary code execution or data exfiltration.
Updated: 2025-11-19GitHub
30
1
Low Cost
YutaGoto icon
Sec8

Provides an adapter to access Idolmaster (IMAS) character data from a SPARQL endpoint via the Model Context Protocol (MCP), supporting both HTTP and standard I/O connections.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires pnpm for package management
  • ⚠️Relies on external imasparql SPARQL endpoint (https://sparql.crssnky.xyz/spql/imas/query)
Verified SafeView Analysis
SPARQL queries are constructed dynamically, but user input is escaped using `escapeSparql` to prevent basic injection. No direct use of 'eval' or 'child_process' in application logic. Error messages might expose internal details if an error object contains sensitive information, but this is a minor risk. The system relies on an external SPARQL endpoint for data.
Updated: 2026-01-15GitHub
PreviousPage 213 of 713Next