Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
Sec8

This project provides a Spring Boot starter for integrating MCP (Model Controller Protocol) services, enabling developers to define HTTP API functions using annotations.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) installed.
  • ⚠️Requires Maven for building and running.
  • ⚠️Explicitly compatible with Spring Boot 2.1.x, which is an outdated version and may lead to compatibility issues or security vulnerabilities with newer Spring Boot versions or libraries.
Verified SafeView Analysis
The server dynamically invokes methods based on user input (tool name and arguments). However, this is constrained to methods explicitly annotated with `@McpFunction` on registered Spring beans, limiting the attack surface to defined functions. Parameter conversion is basic and limited to primitive types. There are no obvious `eval` or arbitrary code execution vulnerabilities. The usage of `ThreadLocal` for `HttpServletRequest` is standard. Compatibility with Spring Boot 2.1.x is noted, which is an old version and might pose security risks if not updated/patched properly, but this is an environmental concern, not a code-level vulnerability in the provided snippets.
Updated: 2025-11-25GitHub
30
1
Low Cost
hyperpolymath icon

poly-secret-mcp

by hyperpolymath

Sec7

Unified Model Context Protocol (MCP) server for managing secrets through HashiCorp Vault and Mozilla SOPS, enabling AI assistants and other MCP clients to securely handle credentials and sensitive data.

Setup Requirements

  • ⚠️Requires Deno runtime (>=2.0.0) to be installed.
  • ⚠️Requires HashiCorp Vault CLI installed and configured with `VAULT_ADDR` and `VAULT_TOKEN` environment variables for Vault tools.
  • ⚠️Requires Mozilla SOPS CLI installed and configured with a `.sops.yaml` file for SOPS tools.
Verified SafeView Analysis
The server executes external CLI tools (Vault, SOPS) via `Deno.Command.run`. While Deno's `Command` typically treats array arguments as literal strings (preventing basic shell injection), the code directly concatenates user-provided inputs into single string arguments before passing them to the CLI (e.g., `--field=` + field, `["` + key + `"] "` + value + `"`). This pattern could potentially lead to application-level injection vulnerabilities if the underlying CLI tools (Vault or SOPS) misinterpret or improperly process crafted strings that exploit internal parsing flaws. However, the project's `SECURITY.md` demonstrates a strong commitment to security, including CI-enforced checks, non-root container usage, no hardcoded secrets, and clear vulnerability reporting policies. Future integration with a formally verified `proven` library for access control and audit logging is planned, which would significantly enhance security.
Updated: 2026-01-18GitHub
30
1
High Cost
Nice-Wolf-Studio icon

databento-mcp-server

by Nice-Wolf-Studio

Sec9

Accessing and analyzing professional market data from DataBento via a Model Context Protocol (MCP) server or Claude Code skills.

Setup Requirements

  • ⚠️Requires Node.js v18+ runtime.
  • ⚠️Requires a DataBento API key (access to most datasets requires a paid subscription).
  • ⚠️Requires either Claude Desktop (for MCP server mode) or Claude Code CLI (for skills mode).
Verified SafeView Analysis
The server loads the DataBento API key from environment variables, which is a secure practice. It implements robust input validation and comprehensive error handling, mitigating risks from malformed inputs or API failures. There are no direct uses of 'eval' or obvious obfuscation. The main risk, as with any API client, is ensuring the DATABENTO_API_KEY environment variable is kept confidential in the deployment environment.
Updated: 2025-11-25GitHub
30
1
High Cost

The Platform Engineering Copilot MCP server acts as an AI-powered orchestrator, exposing specialized AI agents for infrastructure management, compliance auditing, cost optimization, resource discovery, environment lifecycle, and security assessment to external AI tools and web applications.

Setup Requirements

  • ⚠️Requires Azure OpenAI API Key (Paid) and a configured Azure OpenAI deployment (e.g., GPT-4o).
  • ⚠️Requires .NET SDK 9.0+ and Node.js 18+ for local development of all components.
  • ⚠️For Docker deployments, `az login` must be run on the host machine before starting containers, as credentials are mounted from `~/.azure`.
  • ⚠️Database migrations need to be run for the SQLite (default) or SQL Server database.
Verified SafeView Analysis
The project demonstrates a strong focus on security, particularly for Azure Government compliance (FedRAMP, DoD Impact Levels, STIGs) and uses features like Azure Key Vault for secret management. It leverages Azure AD for authentication, including CAC/PIV support. Default development passwords for SQL are present in docker-compose files but are placeholders intended to be overridden by environment variables. Network binding to 0.0.0.0 is common in Docker, with ingress/firewall expected in production. No 'eval' or direct malicious patterns were observed within the application source code itself.
Updated: 2026-01-13GitHub
30
1
High Cost

Exposing comprehensive Home Assistant control as a FastAPI/OpenAPI REST and WebSocket API, including AI vision, real-time events, and code execution for AI assistants, automation platforms, and custom integrations.

Setup Requirements

  • ⚠️Requires Home Assistant 2025.11+.
  • ⚠️Relies on automatic SUPERVISOR_TOKEN injection via s6-overlay, which can be prone to specific environment issues if the structure changes.
  • ⚠️Requires external VLM API (e.g., OpenAI, Anthropic, or local model via Open-WebUI) and corresponding API credentials for camera analysis tools.
  • ⚠️The Python code execution tool exposes a high-risk `exec()` function, requiring extreme caution or deployment in an isolated and ephemeral environment.
Review RequiredView Analysis
The `ha_execute_python` endpoint allows executing arbitrary Python code using `exec()`. While `safe_globals` attempts to sandbox the environment by providing access only to specified libraries (pandas, numpy, matplotlib, json, datetime, re), `exec()` is an extremely high-risk function. A sophisticated attacker or an LLM with unexpected behavior could potentially bypass the sandbox or leverage vulnerabilities in the exposed libraries to gain unauthorized access or execute arbitrary commands on the host system. This is a critical vulnerability if the endpoint is not perfectly secured and the sandbox is not rigorously tested against advanced exploits. Direct file write operations are also present (`ha_write_file`).
Updated: 2025-12-12GitHub
30
1
Low Cost

Optimizes Claude Code context windows by interactively enabling/disabling MCP servers and managing plugins through a TUI or CLI.

Setup Requirements

  • ⚠️Requires Node.js 20 or later.
  • ⚠️Changes made while Claude Code is running will only take effect on the next session restart (exit Claude Code before running 'mcp' for immediate effect).
  • ⚠️For VSCode's integrated terminal on macOS, set `"terminal.integrated.macOptionIsMeta": true` for single-press Option key shortcuts.
Verified SafeView Analysis
The project demonstrates robust security practices for its domain, including atomic writes, automatic backups, and file locking to prevent configuration corruption during file system operations. External command execution (`claude mcp list`, `claude` binary launch) is central to its functionality, with command arguments passed through by the user. Input validation for adding new servers (`!/^[a-zA-Z0-9_-]+$/.test(name)`) mitigates potential command injection risks for server names. Plugin installation fetches from local marketplace directories, not arbitrary network URLs. No hardcoded secrets or 'eval' usage are present. The primary security considerations are the integrity of the Claude Code CLI and the user's system environment.
Updated: 2026-01-09GitHub
30
1
High Cost
dgaida icon

PyADM1ODE

by dgaida

Sec6

Framework for modeling, simulating, and optimizing agricultural biogas plants based on the Anaerobic Digestion Model No. 1 (ADM1).

Setup Requirements

  • ⚠️Requires Mono runtime (on Linux/macOS) or .NET Framework (on Windows) for C# DLL interaction.
  • ⚠️Requires the `pythonnet` library for Python-C# interoperability, which may have specific installation requirements (e.g., `vs2015_runtime` on Windows).
  • ⚠️Initial ADM1 state for digesters must typically be provided via a CSV file (e.g., `data/initial_states/digester_initial8.csv`).
Review RequiredView Analysis
The project relies on `pythonnet` to interact with C# DLLs (`substrates.dll`, `biogas.dll`, `plant.dll`, `physchem.dll`). While these DLLs are included in the repository's `dlls/` directory (mitigating risk from arbitrary external downloads), they are opaque binary components that cannot be easily audited within the Python ecosystem. This introduces a significant trust dependency on the pre-compiled C# code. If these DLLs were compromised or maliciously altered, they could execute arbitrary code on the host system. The broader project context also mentions an 'MCP server for LLM integration', which, if implemented without stringent input validation and sandboxing, could present further remote code execution vulnerabilities.
Updated: 2026-01-11GitHub
30
1
Low Cost
my-mcp-hub icon

node-mcp-server

by my-mcp-hub

Sec8

A template for building Model Context Protocol (MCP) compatible servers with support for multiple transport protocols like HTTP, SSE, and standard I/O.

Verified SafeView Analysis
The server uses Fastify, a robust web framework. Input validation for tools is implemented using Zod, which is a good practice for type safety and preventing unexpected data. Session IDs are generated using nanoid. By default, CORS is configured to allow all origins, which is typical for a template but should be restricted in a production environment to prevent cross-origin attacks. No direct 'eval' or obvious command injection vulnerabilities were found without proper sanitization.
Updated: 2026-01-15GitHub
30
1
Low Cost
zerob13 icon

slidev-mcp

by zerob13

Sec1

An AI-powered server designed to generate and manage Slidev presentation slides and projects.

Setup Requirements

  • ⚠️Requires Node.js runtime environment.
  • ⚠️Utilizes pnpm for package management; other package managers might not work seamlessly.
  • ⚠️The core 'AI content generation' features advertised in the README (e.g., generating presentation content, slide content) are implemented with deterministic templating logic in the provided source code, not actual calls to an external AI/LLM model. Users expecting true AI-driven prose generation would need to integrate their own LLM API.
  • ⚠️Requires the `npx` command to be available for template initialization, which typically comes with npm.
Review RequiredView Analysis
CRITICAL: The `create-slidev-project` tool is highly vulnerable to command injection and path traversal. The `projectPath` argument, which comes directly from user input, is used unsanitized in `node:child_process.exec` (via `npx degit ... "${projectPath}"`) and `node:fs` operations. An attacker could inject arbitrary shell commands (e.g., `$(rm -rf /)` or remote code execution payloads) by manipulating `projectPath`. Additionally, path traversal with `../../` could lead to arbitrary file overwrites or creation outside the intended project directory.
Updated: 2026-01-15GitHub
30
1
Low Cost
Jing-yilin icon

linkedin-mcp-server

by Jing-yilin

Sec3

Provides a Model Context Protocol (MCP) server for accessing LinkedIn data via the HarvestAPI service.

Setup Requirements

  • ⚠️Requires a HarvestAPI API key (HARVESTAPI_API_KEY or LINKEDIN_API_KEY environment variable is mandatory, HarvestAPI is a paid service).
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires a TypeScript build step (`npm run build`) before execution.
Review RequiredView Analysis
The server has a critical path traversal vulnerability. The `save_dir` parameter, available in most tools, takes an unsanitized string which is then used in `fs.writeFileSync(path.join(dir, filename))`. An attacker or malicious LLM prompt could provide a `save_dir` like `../../../../../tmp` to write files to arbitrary locations on the host system, potentially leading to data corruption, information disclosure, or even remote code execution if combined with writing an executable file to a known execution path.
Updated: 2026-01-10GitHub
30
1
Medium Cost
Sec3

This server provides a collection of example Model Context Protocol (MCP) servers, demonstrating integration with various external data sources and smart home devices (Philips HUE, Austrian public data like Linz Innovationshaupplatz, klimaaktiv funding, Firmenbuch, and legal texts).

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to run.
  • ⚠️The 'Firmenbuch' example requires a `FIRMENBUCH_API_KEY` which must be obtained from 'justizonline.gv.at' (might require registration).
  • ⚠️The 'Philips HUE' example requires `PHILIPS_HUE_BRIDGE_ADDRESS`, `PHILIPS_HUE_API_KEY`, and `PHILIPS_HUE_LIGHT_IDS`. An initialization script (`npm run philips-hue:init`) is provided to help acquire these, but it requires physical interaction with the Philips HUE Bridge (pressing a button).
  • ⚠️The Philips HUE example has a critical security vulnerability due to disabling TLS certificate validation (`rejectUnauthorized: false`), making it unsafe for use in untrusted network environments.
Review RequiredView Analysis
The Philips HUE example (`examples/philips-hue/fetchHUE.ts`) explicitly sets `rejectUnauthorized: false` for its `undici` agent. This critically disables SSL/TLS certificate validation for connections to the Philips HUE bridge. While possibly intended for local networks or specific development setups where self-signed certificates might be used, this practice opens the connection to Man-in-the-Middle (MITM) attacks. An attacker on the local network could easily intercept or alter communication with the Hue Bridge. This is a severe security flaw for any network communication. Additionally, the server depends on API keys (Firmenbuch, Philips HUE) passed via environment variables, which is a good practice, but the overall lack of robust input sanitization beyond `zod` schemas (which validate structure but not necessarily malicious content for external systems) could be a concern if the external APIs are untrusted.
Updated: 2025-12-10GitHub
30
1
Medium Cost
brainbloodbarrier icon

3dslicer-claude-bridge

by brainbloodbarrier

Sec6

Provides Claude Code with programmatic access to 3D Slicer for AI-assisted medical image analysis, surgical planning, and radiomics research.

Setup Requirements

  • ⚠️Requires 3D Slicer 5.0+ with the WebServer extension installed and running on localhost:2016.
  • ⚠️For full functionality, may require additional 3D Slicer extensions (e.g., HD-BET, SwissSkullStripper).
  • ⚠️Intended for localhost-only use; not suitable for production, clinical data, or remote access due to lack of authentication/encryption and arbitrary code execution capabilities.
  • ⚠️Installation requires `uv` package manager and specific configuration in `~/.claude/mcp.json`.
Verified SafeView Analysis
The server includes an `execute_python` tool that allows execution of arbitrary Python code in 3D Slicer's environment. This is a critical security risk if misused or deployed in an untrusted environment. However, the project explicitly states it is an 'educational/research tool for localhost use only' and 'not suitable for clinical data or production environments'. Input validation is robustly implemented for other tools to prevent common injection attacks. Audit logging for `execute_python` calls is present but for traceability, not enforcement. No hardcoded secrets were found.
Updated: 2026-01-10GitHub
PreviousPage 214 of 713Next