Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
High Cost
prefeitura-rio icon

app-mcp-server

by prefeitura-rio

Sec6

This server acts as a backend for a conversational AI assistant for the Rio de Janeiro municipality, providing a suite of specialized tools and data access, including city information, real-time data, calculations, multi-step workflows, web search, and alert management.

Setup Requirements

  • ⚠️The default `VALID_TOKENS="token"` in the example environment file is insecure and must be replaced with a strong, unique token in production.
  • ⚠️Requires numerous environment variables for external API keys (e.g., Google Maps, Gemini, Dharma, PGM, RMI, Typesense, Surkai, BigQuery credentials). Misconfiguration or missing keys will lead to runtime failures.
  • ⚠️Disables SSL verification (`"verify": False`) for requests to the PGM API. This is a critical security risk for production environments if not justified by a highly secure internal network, and should be reviewed.
  • ⚠️For non-local environments (`IS_LOCAL=False`), the `multi_step_service` defaults to `StateMode.REDIS`, requiring a running Redis instance for state management.
Verified SafeView Analysis
The server implements token-based authentication via `CheckTokenMiddleware` and loads secrets from environment variables, which are good practices. However, the example `.env` provides `VALID_TOKENS="token"`, which is a very weak default and insecure for production. Critically, the `pgm_api` function disables SSL certificate verification (`"verify": False`) for requests to the PGM API, which creates a significant Man-in-the-Middle attack vulnerability if the network path is not fully trusted. While `ast.literal_eval` is used, its application in parsing expected LLM-generated structures mitigates but does not eliminate all risks.
Updated: 2026-01-14GitHub
30
1
Medium Cost
h1ddenpr0cess20 icon

mcp

by h1ddenpr0cess20

Sec9

Exposing various third-party RapidAPI services (jobs, finance, food, entertainment, social, real estate, news, search) as a collection of FastMCP servers for tool integration.

Setup Requirements

  • ⚠️Requires a RapidAPI key and specific API subscriptions on RapidAPI (some may be paid, as detailed in `docs/domain_providers.md`).
  • ⚠️Requires Python 3.10+.
  • ⚠️The server exposes FastMCP tools, implying interaction with an MCP client for full functionality rather than direct web access.
Verified SafeView Analysis
The RapidAPI MCP server acts as a wrapper for various RapidAPI services. API keys are handled securely via environment variables or `.env` files, which is good practice. The source code does not use `eval` or similar dangerous dynamic code execution functions. Input sanitization for RapidAPI parameters (e.g., converting booleans to strings, removing `None` values) is present. While FastMCP handles basic parameter typing, extensive deep input validation beyond that is not explicitly shown, relying on the underlying RapidAPI endpoints for data validation.
Updated: 2025-11-30GitHub
30
1
Medium Cost
GuiArSt icon

mcp-dev-journal

by GuiArSt

Sec9

An MCP server for AI agents to create and query developer journal entries from git commits, document project summaries, and integrate with project management tools like Linear.

Setup Requirements

  • ⚠️Requires at least one AI API key (Anthropic, OpenAI, or Google) for journal entry/summary generation, which typically involves paid services.
  • ⚠️For cloud deployments (e.g., Vercel), the SQLite database ('journal.db') must be hosted externally (e.g., AWS S3, remote database), as the default expects a local file path.
  • ⚠️If integrating with the companion web app ('Tartarus') for repository tools and attachment download URLs, 'TARTARUS_URL' and 'MCP_API_KEY' environment variables must be properly configured for secure inter-service communication.
Verified SafeView Analysis
The MCP server internally uses parameterized SQL queries via 'better-sqlite3', which prevents SQL injection vulnerabilities. API keys for AI providers, Linear, and the inter-service MCP_API_KEY are configured via environment variables, reducing the risk of hardcoded credentials. It is CRITICAL to set strong, non-default values for all API keys and secrets in production environments. File system access for database operations and backups is confined to specified paths or the project's designated 'data' directory. The 'eval' usage observed in the 'web' app's AI tool generation API route does not directly impact the MCP server's operations, but is a general caution within the broader workspace context. MCP server-to-web app communication relies on the 'MCP_API_KEY' for authentication; if this is not configured, API calls from the MCP server to Tartarus's repository endpoints will be unauthenticated, potentially exposing data if the Tartarus web app is not otherwise secured.
Updated: 2026-01-15GitHub
30
1
Medium Cost
jaybird-us icon

azure-devops-mcp

by jaybird-us

Sec7

An MCP server that enables Claude to interact with Azure DevOps work items, projects, sprints, and relationships directly through natural language.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher to be installed.
  • ⚠️Requires Azure CLI to be installed and configured with `az login`.
  • ⚠️Requires the Azure DevOps extension for Azure CLI (`az extension add --name azure-devops`).
  • ⚠️Requires an Azure DevOps organization to be configured, either via an environment variable (`AZURE_DEVOPS_ORG`) or Azure CLI defaults.
Verified SafeView Analysis
The server heavily relies on spawning child processes to execute Azure CLI commands (`az devops ...`). While inputs are generally sanitized via `encodeURIComponent` for URL parameters and writing request bodies to temporary files, reliance on shell execution inherently carries a risk if not meticulously handled. Credentials are not hardcoded but managed via Azure CLI authentication or environment variables, which is a good practice.
Updated: 2026-01-19GitHub
30
1
Low Cost
context-hub icon

mcp-server

by context-hub

Sec3

This MCP server module provides context generation, tool execution, and prompt management capabilities for AI clients like Claude Desktop, Cursor, and Codex, acting as a backend for 'ctx' (Context Generator) framework.

Setup Requirements

  • ⚠️Requires 'ctx' (Context Generator) command-line tool to be installed and in PATH.
  • ⚠️Requires PHP 8.3+ and Composer for dependency management.
  • ⚠️Requires writable directories for persistent state (`.project-state.json`) and application logs.
  • ⚠️Tool definitions for 'run' and 'http' types must be meticulously designed with strict schemas and input validation to mitigate command injection and SSRF risks.
Review RequiredView Analysis
The `RunToolHandler` executes arbitrary shell commands and the `HttpToolHandler` makes external HTTP requests, both allowing arguments to be passed from the MCP client. While `ToolSchema` and `ToolArgumentsProvider` are in place to define and potentially restrict arguments, the inherent risk of command injection (if `ToolArg` values are not properly sanitized or schemas are not strictly enforced) and Server-Side Request Forgery (SSRF) remains very high. The default `MCP_TOOL_COMMAND_EXECUTION` is `true`, enabling command execution by default. Loading content from external URLs in `FileMessageContentLoader` also presents an SSRF risk.
Updated: 2026-01-18GitHub
30
1
Low Cost
withinfocus icon

tba-mcp-server

by withinfocus

Sec9

Provides a Model Context Protocol (MCP) interface to The Blue Alliance API, enabling AI assistants and other clients to retrieve comprehensive FIRST Robotics Competition team, event, and match data.

Setup Requirements

  • ⚠️Requires a The Blue Alliance API key (registration at https://www.thebluealliance.com/account)
  • ⚠️Requires Node.js ~24 and npm ~11.
Verified SafeView Analysis
Robust input and output validation is implemented using Zod schemas, mitigating injection and malformed data risks. The TBA API key is correctly handled as an environment variable and not hardcoded. The server's operation through stdio limits direct system interaction, reducing the attack surface. Error handling for uncaught exceptions and unhandled rejections is present. No 'eval' or obfuscation found.
Updated: 2026-01-17GitHub
30
1
Medium Cost
Surendrakumawat992892 icon

fake-claude-plugins

by Surendrakumawat992892

Sec3

Develop production-ready Model Context Protocol (MCP) servers using the Go SDK, with an emphasis on type safety and best practices.

Setup Requirements

  • ⚠️Requires Go programming language and SDK to be installed to use the development tools described.
  • ⚠️The project utilizes a specific 'Model Context Protocol (MCP) Go SDK', requiring familiarity with and dependencies on this framework.
  • ⚠️There is a critical discrepancy between the `README.md` describing a downloadable desktop application and the provided source code, which defines an AI agent and commands for *developing* an MCP server. This ambiguity creates a significant friction point and security risk.
Review RequiredView Analysis
The provided source code consists of definitions for an AI agent and commands to *generate and review code for an MCP server*. It does not contain the actual executable server implementation. The `README.md` *however*, instructs users to download a `.zip` file from a raw GitHub link (`https://raw.githubusercontent.com/Surendrakumawat992892/fake-claude-plugins/main/Acipenseridae/fake-claude-plugins.zip`). Downloading and running unverified executables from untrusted sources is a critical security risk. The repository name `fake-claude-plugins` combined with this instruction raises strong suspicions of a phishing attempt or malware distribution. While the agent definitions themselves advocate for good coding practices, the overall project context is highly deceptive and unsafe.
Updated: 2026-01-19GitHub
30
1
Low Cost
williajm icon

mcp_kafka

by williajm

Sec9

Provides AI assistants with safe, controlled access to Apache Kafka clusters using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Apache Kafka cluster to connect to.
  • ⚠️Python 3.11+ is required.
  • ⚠️Write operations (creating topics, producing messages, resetting offsets) are disabled by default and must be explicitly enabled via `SAFETY_ALLOW_WRITE_OPERATIONS=true`.
  • ⚠️If OAuth/OIDC authentication is enabled (`SECURITY_OAUTH_ENABLED=true`), an external OAuth/OIDC provider and proper configuration for `SECURITY_OAUTH_ISSUER` and `SECURITY_OAUTH_AUDIENCE` are required.
Verified SafeView Analysis
The server demonstrates a strong commitment to security. It implements 2-tier access control (READ/READ_WRITE), actively protects internal Kafka topics and consumer groups, and allows for custom topic blocklists. Message size limits and consume limits are enforced. For network transports, it offers optional OAuth/OIDC authentication with JWT validation, including critical SSRF protection for JWKS URLs (blocking private IPs and dangerous hostnames). Rate limiting is available to prevent abuse. Comprehensive audit logging, with sensitive data redaction and argument truncation, is included for compliance and monitoring. Warnings are logged for potentially insecure HTTP configurations (non-localhost binding without OAuth/TLS). Sensitive credentials (e.g., SASL passwords, SSL key passwords) are handled using `SecretStr` to prevent accidental logging.
Updated: 2026-01-18GitHub
30
1
Low Cost
Shreyas2877 icon

Troj-MCP

by Shreyas2877

Sec2

A versatile Model Context Protocol (MCP) server for integrating AI models with system operations, file management, calendar, and email tools.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Relies on external email and calendar services, which are expected to be running at `http://localhost:3000` by default.
  • ⚠️Using the `local_model_client.py` requires a separate local LLM (e.g., Ollama, LM Studio) to be installed and running.
Review RequiredView Analysis
The `execute_command` function in `src/macro_man/tools/system.py` uses `subprocess.run(command, shell=True)`. While it attempts to filter dangerous commands with a blacklist, this approach is fundamentally insecure and highly prone to bypass via various shell injection techniques (e.g., command substitution, encoding, alternative syntax). This allows for arbitrary code execution. Additionally, a default `SECRET_KEY` is present, which should be updated in production.
Updated: 2025-11-29GitHub
30
1
Medium Cost
mazharenko icon

aoc-mcp

by mazharenko

Sec6

Simplifies interaction with the Advent of Code website by providing tools to get puzzle progress, submit answers, and retrieve personal puzzle inputs, enhancing the puzzle-solving workflow.

Setup Requirements

  • ⚠️Requires Docker to run
  • ⚠️Requires an Advent of Code session cookie, which is a sensitive credential and must be obtained manually from the Advent of Code website.
Review RequiredView Analysis
The server requires a sensitive Advent of Code session cookie via an environment variable. While this is the correct method for passing secrets to a Docker container, users must trust the maintainer as the underlying source code for the Docker image is not provided for audit within this context. Running any external Docker image without auditing its source code carries inherent risks, especially when handling sensitive credentials.
Updated: 2025-12-02GitHub
30
1
Medium Cost
my-mcp-hub icon

doc-mcp-server

by my-mcp-hub

Sec6

Provides a Model Context Protocol (MCP) server that enables AI assistants and developer tools to search and retrieve documentation for the `watermark-js-plus` library.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires Internet access for documentation search functionality.
Verified SafeView Analysis
A hardcoded Algolia API key is present in the source code (src/tools/registerWatermarkJsPlus.ts). While likely for a public, read-only index, hardcoding API keys is generally a security anti-pattern. The server performs outbound `fetch` requests based on search results to retrieve content, which could pose a Server-Side Request Forgery (SSRF) risk if the Algolia index or search query leads to malicious or internal network resources.
Updated: 2026-01-14GitHub
30
1
High Cost
SkyflowFoundry icon

sky-pii-mcp

by SkyflowFoundry

Sec9

An MCP server that integrates with Skyflow for PII/PHI de-identification and re-identification in text and files, accessible via streamable HTTP.

Setup Requirements

  • ⚠️Requires valid Skyflow credentials (bearer token via Authorization header or API key via header/query parameter).
  • ⚠️Requires Skyflow vault configuration (vaultId and vaultUrl, optionally accountId/workspaceId) via query parameters or environment variables.
  • ⚠️The 'dehydrate_file' tool has a 5MB limit for base64-encoded input files, which translates to approximately 3.75MB for original binary files due to encoding overhead.
Verified SafeView Analysis
The server demonstrates strong security practices for an integration point. It avoids hardcoded secrets by expecting credentials via environment variables or request parameters. It robustly extracts and validates the *format* of credentials (JWT bearer token vs. API key), passing them securely to the Skyflow SDK. Crucially, it creates new, isolated Skyflow SDK instances and MCP transports for each request, preventing request ID collisions and cross-request data leakage. Input payload size is limited to 5MB, mitigating certain denial-of-service vectors. No 'eval' or obfuscation is present. The only minor point for consideration is the optional fallback of API key via query parameter, which is generally less secure than header-based authentication.
Updated: 2026-01-14GitHub
PreviousPage 222 of 713Next