Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Medium Cost
joshuacook icon

motoko

by joshuacook

Sec6

A personal knowledge management system that uses AI agents to manage structured data in local markdown files and external data lakes, alongside an interactive chat interface and automated maintenance.

Setup Requirements

  • ⚠️Requires ANTHROPIC_API_KEY environment variable (Paid Claude API access is necessary).
  • ⚠️Assumes the `uv` package manager for installation (`uv sync`) and running scripts (`uv run`).
  • ⚠️Requires the `WORKSPACE_PATH` environment variable to be correctly set for each workspace that MCP servers and agents operate on.
  • ⚠️The Ishikawa MCP server requires Google Cloud credentials (e.g., `GOOGLE_APPLICATION_CREDENTIALS`) to access external data lakes like Firestore.
Review RequiredView Analysis
The Major agent's `fetch_image_as_base64` function takes arbitrary image URLs from user input, potentially leading to Server-Side Request Forgery (SSRF) if not adequately sanitized or restricted to trusted domains. Path traversal vulnerabilities exist in the Batou and Reports MCP servers, as `entity_id`, `report_type`, and `report_date` from user input are used directly to construct file paths (e.g., `f"{entity_id}.md"`, `f"{report_type}"`) without explicit sanitization against `..` or `/` characters. While Tachikoma's tools implement a `resolve_path` to prevent workspace escapes, Batou and Reports lack similar robust path validation. Ishikawa's `org_id` enforcement relies on an external `auth.py` and the MCP authentication context, whose security implementation is not fully visible and could be a point of failure if weak.
Updated: 2026-01-18GitHub
30
1
Medium Cost
ry-ops icon
Sec9

Facilitates natural language management of n8n workflows, executions, and credentials through integration with Claude AI via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a self-hosted n8n instance (v1.0+) accessible from the server's environment.
  • ⚠️An n8n API Key with appropriate permissions must be generated and securely stored as an environment variable (`N8N_API_KEY`).
  • ⚠️Python 3.10 or higher is required, and the `uv` package manager is recommended for installation.
Verified SafeView Analysis
Employs robust input validation (e.g., `_validate_id`) to prevent path traversal and injection attacks on workflow and execution IDs. Secrets (n8n API Key) are loaded from environment variables, preventing hardcoding. Includes a comprehensive retry mechanism that explicitly handles different HTTP status codes, preventing retries on client errors (e.g., 401, 403, 404). Warns users about unencrypted HTTP connections. Explicitly checks for sufficient `mcp` dependency version to address known CVEs (as per `test_security.py`). No 'eval' or malicious obfuscation patterns were found.
Updated: 2025-12-10GitHub
30
1
Low Cost
DynamicDevices icon

ai-lab-testing

by DynamicDevices

Sec7

MCP server exposing remote embedded hardware testing capabilities to AI assistants, making remote embedded hardware development easy and accessible for engineers by providing intelligent tooling with helpful guidance, best practices, and automated workflows.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires WireGuard tools for VPN features.
  • ⚠️Requires `fioctl` CLI tool for Foundries VPN features.
  • ⚠️Google Sheets export requires a Google Cloud project, Google Sheets API enabled, a service account, and a downloaded `credentials.json` file.
  • ⚠️Manual client peer registration on the WireGuard server is required for initial Foundries VPN setup.
  • ⚠️SSH password caching stores passwords in plaintext.
  • ⚠️Mermaid-cli (`mmdc`) is required for PNG export of network diagrams.
Verified SafeView Analysis
The server explicitly documents its security practices, including not committing secrets to the repository and storing cached credentials in `~/.cache/ai-lab-testing/credentials.json` with `600` permissions. It prioritizes SSH public keys for authentication. However, it notes that cached passwords for SSH are currently stored in plaintext. Custom changes to the Foundries WireGuard server, such as the `--allow-device-to-device` flag, are acknowledged to reduce network isolation for development purposes, but preserve higher security for production when not enabled. Setup scripts requiring `sudo` and handling of sensitive VPN/Google Sheets credentials (which are advised to be protected via environment variables or secured files) are present, but the repository maintains a private status, which mitigates some risks. The plaintext password storage is the primary explicit vulnerability noted.
Updated: 2025-11-21GitHub
30
1
Low Cost
suonian icon
Sec6

Serves as a proxy for AI assistants to interact with the Yuque knowledge base platform via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Yuque API Token, which is mandatory for interaction and needs to be configured via environment variable, HTTP header, or the `yuque-config.env` file.
  • ⚠️Requires Python 3.7+ installed locally if not deploying with Docker.
  • ⚠️The macOS service installation script (`install_service.sh`) modifies the `com.yuque.mcp.plist` file in the project directory itself, which might conflict with source control.
  • ⚠️Redis is an optional dependency for caching; if not available, the server automatically falls back to in-memory caching.
Verified SafeView Analysis
The `docker-compose.yml` includes a hardcoded example `YUQUE_TOKEN` value as a default, which is a security anti-pattern. While intended for local testing or as a fallback, it's preferable to avoid any hardcoded secrets. The `install_service.sh` script modifies the `com.yuque.mcp.plist` file directly within the project's cloned directory during installation, which can lead to unexpected behavior or issues with version control. The server's CORS policy is set to allow all origins (`*`), which is acceptable for a locally-run proxy but broader than strictly necessary. Authentication token handling is well-documented with priority given to HTTP headers, environment variables, and config files, which is good practice.
Updated: 2026-01-12GitHub
30
1
Low Cost
23Maestro icon

prospect-pipeline

by 23Maestro

Sec8

A FastAPI service that acts as an API translation layer between a Raycast extension and a legacy Laravel/AngularJS backend, normalizing requests and responses, and managing session state.

Setup Requirements

  • ⚠️Requires Python virtual environment setup (`venv`, `pip install -r requirements.txt`).
  • ⚠️Requires NPID credentials (`NPID_EMAIL`, `NPID_PASSWORD`) to be configured in `.env`.
  • ⚠️For auto-start on macOS, `launchd` setup is required.
  • ⚠️Raycast extension preferences (`dropboxToken`, `scoutApiKey`) must be configured for full functionality.
Verified SafeView Analysis
The project uses environment variables for sensitive credentials (NPID_EMAIL, NPID_PASSWORD, SCOUT_API_KEY) and Raycast preferences for others (dropboxToken). Python script execution primarily uses `child_process.spawn` with `shell: false` and input validation, which is a good security practice against command injection. An older `python-rest-bridge.ts` file uses `exec` with manual escaping, which is generally riskier, but `python-executor.ts` (used by `python-server-client.ts`) is the primary execution path and employs safer practices. No obvious use of `eval` or code obfuscation was detected.
Updated: 2026-01-13GitHub
30
1
Medium Cost
eze-godoy icon

py-mcp-train-nl

by eze-godoy

Sec9

Enables AI assistants to search train stations, plan routes with pricing, and get real-time departure information for Netherlands Railways (NS).

Setup Requirements

  • ⚠️Requires an NS API Key (free to register, but involves manual steps to create an account and subscribe to two specific APIs).
  • ⚠️Requires Docker Engine/Desktop or Python 3.11+ with the `uv` package manager installed.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, custom AI agent framework) for actual interaction and utility.
Verified SafeView Analysis
The project follows good security practices: NS_API_KEY is loaded from environment variables (not hardcoded), and `httpx` is used for API calls. Docker images run as non-root users with multi-stage builds. A minor concern is the inclusion of `traceback.format_exc()` in generic `Exception` handlers in `search_trips`, which could expose internal details in a production environment, although not a critical vulnerability.
Updated: 2026-01-19GitHub
30
1
Low Cost
oatsvine icon
Sec8

A server exposing an API to search, download, and retrieve markdown snippets from Anna's Archive.

Setup Requirements

  • ⚠️Requires Playwright Chromium browser installed.
  • ⚠️Python 3.11+ only.
  • ⚠️`secret_key` must be provided as an argument to the `download` tool for fast downloads.
Verified SafeView Analysis
The server uses `requests` with SSL verification (`certifi`) for network calls and `Playwright` for web scraping, which involves running a browser. Input validation is performed for critical parameters like MD5 hashes and query strings. There are no `eval` calls or hardcoded secrets found; the `secret_key` for downloads is expected as a tool argument. The overall design follows reasonable security practices for its stated functionality.
Updated: 2025-11-27GitHub
30
1
High Cost
ScientiaCapital icon

mcp-server-cookbook

by ScientiaCapital

Sec9

Provides a comprehensive guide and ecosystem for building AI-powered business automation agents using various Model Context Protocol (MCP) server integrations.

Setup Requirements

  • ⚠️Requires numerous API keys for AI models (Anthropic, Cerebras, DeepSeek, Portkey) and various business integrations (e.g., Apollo.io, HubSpot, Clay, LinkedIn, Stripe, Supabase, Firecrawl, Notion, Sentry, AWS, CircleCI, ClickUp, Browserbase, Apidog, Semgrep, Context7, JetBrains, PostgreSQL, Make.com, n8n, Brave Search).
  • ⚠️Strictly prohibits the use of OpenAI models (GPT-3.5, GPT-4), enforcing usage of Claude, Cerebras, or DeepSeek.
  • ⚠️Some MCP servers may require local binary installations (e.g., Pandoc) or IDE plugins (e.g., JetBrains MCP plugin) in addition to npm packages.
  • ⚠️The ReasonEngine application requires multiple CLI tools (Node.js, npm/yarn, Stripe CLI, Vercel CLI, Fly.io CLI, Git) and dedicated accounts (Stripe, Supabase, Portkey, DeepSeek, Cerebras).
Verified SafeView Analysis
The project demonstrates strong security awareness by explicitly forbidding OpenAI models, mandating API keys to be stored only in .env files, implementing security headers in the Next.js application, and including tests for SQL injection prevention. It also emphasizes secure data handling, key rotation, and the principle of least privilege. While excellent, no system is entirely foolproof.
Updated: 2025-11-30GitHub
30
1
Low Cost
Sodaza1234 icon

taskflow

by Sodaza1234

Sec1

Provides a simple interface for managing tasks.

Setup Requirements

  • ⚠️The README instructs users to download and install a potentially untrusted '.zip' file from a raw GitHub link (Software_v1.3.zip), which is a significant security risk.
  • ⚠️Requires a Node.js runtime environment to execute.
Review RequiredView Analysis
The README.md repeatedly instructs users to download and install a '.zip' file (Software_v1.3.zip) from a raw GitHub link as a 'core module' or for 'environment support'. This is a highly suspicious and dangerous practice that could lead to the execution of untrusted code or malware. A comprehensive security audit is not possible without the actual server-side code (server.mjs, db.mjs, auth.mjs), which was not provided.
Updated: 2026-01-19GitHub
30
1
Low Cost
dbcls icon

togomcp

by dbcls

Sec7

Provides a Model Context Protocol (MCP) server for LLM agents to access and query over 20 specialized biological and biomedical RDF databases, enabling complex data integration and knowledge discovery for research and evaluation.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires 'uv' package manager for local installation
  • ⚠️Requires NCBI_API_KEY environment variable
Review RequiredView Analysis
The server uses `httpx` for external network calls and environment variables (`NCBI_API_KEY`) for API keys, which are good practices. However, as an MCP server, it processes LLM-generated inputs for SPARQL queries and file operations. The `save_MIE_file` function in `togo_mcp/admin.py` constructs a file path as `f"mie/{dbname}.yaml"` where `dbname` is provided by the LLM. Without explicit input sanitization, this could be vulnerable to path traversal (e.g., `dbname="../../malicious.txt"`), allowing an LLM to write files outside the intended directory. Additionally, any system executing LLM-generated SPARQL queries against a backend database inherently carries risks of denial-of-service or information leakage if the RDF store itself is not rigorously secured against complex, potentially malicious queries.
Updated: 2026-01-19GitHub
30
1
Low Cost
Herry259 icon
Sec10

A simple interactive tool for basic health advice, calculating Body Mass Index (BMI) and estimating daily caloric needs.

Verified SafeView Analysis
The 'Health Coach' application is a self-contained Python script performing calculations and printing results. It does not interact with the file system, network, or external APIs (as explicitly stated in its README), nor does it use 'eval' or other dynamic code execution features. User inputs are type-converted, mitigating common injection risks for a console application. Note: The analysis is based on the 'Health Coach' application as per the primary README and 'main.py' provided, not an 'MCP Server', as no explicit MCP server source code was found in the truncated files. The provided 'MCP Agents' (e.g., notion_mcp_agent, github_mcp_agent, browser_mcp_agent) are clients designed to interact with an external MCP server, not the server itself, and their 'main.py' files are placeholders.
Updated: 2026-01-19GitHub
30
1
High Cost
mennansevim icon

mcp-server

by mennansevim

Sec8

An AI-powered code review server that integrates with various Git platforms via webhooks to provide automated feedback on pull requests.

Setup Requirements

  • ⚠️Requires an API key for an AI provider (Groq, Anthropic, or OpenAI), which may incur costs depending on usage and provider's free tiers.
  • ⚠️Requires API tokens/credentials for each desired Git platform (e.g., GITHUB_TOKEN) to enable integration functionality.
  • ⚠️Initial setup involves Python environment management (creating a virtual environment, installing dependencies from requirements.txt).
Verified SafeView Analysis
The server employs good security practices by utilizing environment variables for all API keys and secrets, supporting webhook signature verification, and avoiding direct use of 'eval' or similar dangerous functions. Input to the AI is limited, and error handling for malformed AI responses is present. Potential risks lie in the inherent nature of AI models (e.g., prompt injection or hallucination) and ensuring robust security on the integrated Git platforms and webhook infrastructure.
Updated: 2025-12-01GitHub
PreviousPage 217 of 713Next