Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
justifi-tech icon

mcp-server

by justifi-tech

Sec9

AI-assisted payment management through a Model Context Protocol (MCP) server, providing JustiFi payment tools for integration with AI agents and workflows.

Setup Requirements

  • ⚠️Requires Node.js 16+ and Python 3.11+
  • ⚠️Uses 'uv' for Python package management, not 'pip'
  • ⚠️Requires JUSTIFI_CLIENT_ID and JUSTIFI_CLIENT_SECRET environment variables for JustiFi API access
  • ⚠️Additional configuration (MCP_SERVER_URL, Auth0 details) required for HTTP transport with OAuth
Verified SafeView Analysis
The project demonstrates a high level of security awareness, especially for financial operations. Payment creation is strictly enforced to 'test mode' in production via API key and test card validation. Environment variables are used for all secrets. The OAuth 2.1 implementation plan outlines robust security measures including Auth0 integration, HTTPS, token validation, secure credential management (AWS Secrets Manager), network segmentation (ALB, private subnets, security groups), and input sanitization (in examples). A minor concern is the use of `spawnSync` for Python version checks in the Node.js wrapper, which executes dynamic code, but its scope is limited and low risk.
Updated: 2025-12-05GitHub
30
1
Medium Cost
andreswebs icon

mcbox

by andreswebs

Sec8

Provides a lightweight and portable pluggable MCP (Model Context Protocol) server for AI agents to execute local tools via stdio transport.

Setup Requirements

  • ⚠️Requires Homebrew for installation (other methods unsupported currently).
  • ⚠️Requires `bash` and `jq` to be installed on the system.
  • ⚠️For development, Node.js (LTS), NPM CLI, shellcheck, and shfmt are required.
Verified SafeView Analysis
The server design emphasizes security through stdio transport and JSON schema validation of tool inputs. It uses `jq` for safe parsing of JSON arguments, mitigating common shell injection risks for core operations. However, the overall security critically depends on the custom tool implementations (`tools.bash`) provided by the user. If user-defined tools do not properly validate and sanitize their inputs, especially when calling external commands (e.g., `sqlite3` without sanitizing the query), vulnerabilities could be introduced. The documentation explicitly highlights input validation as a best practice for tool developers.
Updated: 2025-12-15GitHub
30
1
Medium Cost
digitalsamba icon
Sec8

Manage Digital Samba video conferencing platform resources (rooms, sessions, recordings, etc.) using natural language commands via AI assistants following the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Digital Samba Developer Key for API access.
  • ⚠️A Digital Samba account is necessary to interact with the underlying video conferencing platform.
  • ⚠️Full OAuth functionality requires configuring specific environment variables (e.g., OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET).
  • ⚠️For production deployments, Redis is highly recommended for persistent session storage (via REDIS_URL) to avoid session data loss on server restarts.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive data like API keys and OAuth secrets. It implements a standard OAuth 2.0 authorization code flow with PKCE for enhanced security. Session management can use Redis for persistence and better security in production, with a fallback to in-memory storage (warned about data loss on restart). CORS is broadly enabled (`Access-Control-Allow-Origin: *`), which is common for public APIs but should be noted.
Updated: 2026-01-19GitHub
30
1
Low Cost
depoll icon

lsmcp

by depoll

Sec9

Provides AI models with semantic code understanding and refactoring capabilities via Language Server Protocol (LSP) integration.

Setup Requirements

  • ⚠️Docker is highly recommended, and often required for smooth cross-platform operation, especially for native LSP server installations.
  • ⚠️Requires specific language servers (e.g., `typescript-language-server`, `python-lsp-server`) to be installed in the environment where `lsmcp` runs. Auto-installation might fail or isn't supported for all languages in native (non-Docker) environments.
  • ⚠️Node.js version >= 20.0.0 is required.
Verified SafeView Analysis
The project emphasizes a 'container-first architecture' with Docker, providing good isolation. It uses `child_process.spawn` with `shell: false` and includes input sanitization functions (`escapeRegExp`, `escapeShell`, `validateFilePath`, `sanitizeFileURI`) to prevent command injection and path traversal. Filesystem modifications are performed through `src/utils/file-operations.ts` which relies on URIs being safe. The `executeCommand` tool allows executing LSP server commands, which could be a vector if the underlying LSP server exposes dangerous commands, but this is a function of LSP itself. Overall, good security practices are evident.
Updated: 2025-11-28GitHub
30
1
Medium Cost
Digital-Defiance icon

mcp-process

by Digital-Defiance

Sec3

Provides a secure and auditable environment for AI agents to manage system processes, monitor resources, and orchestrate long-running services.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires a configuration file (e.g., `mcp-process-config.json`) with explicitly allowed executables; the default allowlist is empty. Failure to configure this will prevent most operations.
  • ⚠️Running without Docker requires manual `npm install` and `npm run build`.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `ServiceManager.executeHealthCheck` function directly spawns health check commands (`child_process.spawn`) without performing security validations (e.g., executable allowlist, argument injection checks) via the `SecurityManager`. This means an attacker capable of defining or modifying a `ServiceConfig` (including its `healthCheck.command`) could execute arbitrary commands on the host system, bypassing all intended security layers. This is a severe remote code execution vulnerability. Other security measures like executable allowlisting, argument validation, environment sanitization, and privilege prevention are well-implemented for `process_start` operations, but this specific flow bypasses them. Hardcoded dangerous environment variables are blocked, and the Docker setup promotes non-root execution and capability dropping, which are good practices. No obfuscation or obvious hardcoded secrets were found.
Updated: 2026-01-17GitHub
30
1
Low Cost
matsjfunke icon

header-test-mcp

by matsjfunke

Sec8

An MCP server designed for debugging custom header implementations in MCP hosts/clients by providing a tool to retrieve request headers.

Setup Requirements

  • ⚠️Requires Node.js v18 or above
  • ⚠️Requires PNPM v10 or above
Verified SafeView Analysis
The server enables wildcard CORS ('Access-Control-Allow-Origin: *'), which is a security risk in production but acceptable for its stated debugging purpose. The `currentRequestHeaders` global variable can be overwritten by concurrent requests, potentially leading to stale information for debugging, but does not pose a direct critical security vulnerability like data leakage to unauthorized parties.
Updated: 2025-12-11GitHub
30
17
High Cost
pamosima icon
Sec9

Provides comprehensive access to Cisco ThousandEyes v7 API functionality for network monitoring, performance analysis, and troubleshooting with enterprise-grade security.

Setup Requirements

  • ⚠️Requires ThousandEyes API v7 Bearer Token (TE_TOKEN) which must be obtained from a ThousandEyes account.
  • ⚠️Primary deployment uses Docker, requiring Docker Engine and Docker Compose.
  • ⚠️Requires Python 3.12 or newer.
Verified SafeView Analysis
The server explicitly implements multiple security features including read-only operations, environment-only credentials (ThousandEyes API token), secure token handling (masking in logs, not stored on disk), HTTPS communication, Bearer Token authentication, and non-root container execution. No 'eval' or similar dangerous patterns were found in the provided Python source code. Docker Compose configuration includes 'no-new-privileges:true' and resource limits. The README states 'Rate Limit Respect' but its implementation is not directly visible in the provided Python code, which is a minor point.
Updated: 2025-12-29GitHub
30
1
Low Cost
aadversteeg icon

chronos-mcp-server

by aadversteeg

Sec9

A time-related server providing timezone-aware date and time information via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️.NET 9.0 SDK required for local development/deployment.
  • ⚠️Docker required for container deployment.
Verified SafeView Analysis
The provided source code snippets (appsettings, launchSettings, README) do not contain executable logic that would introduce common security risks like 'eval' or obfuscation. Configuration is handled via standard .NET Core mechanisms (appsettings.json, environment variables). The server's functionality (providing date/time) is inherently low-risk. No hardcoded secrets were visible in the truncated code.
Updated: 2026-01-19GitHub
30
1
High Cost
eborden icon
Sec5

Provides an AI-accessible interface for a LogSeq knowledge graph, enabling LLMs to traverse the graph, track concepts over time, and build comprehensive context through specialized tools.

Setup Requirements

  • ⚠️Requires LogSeq Desktop application to be running.
  • ⚠️Requires LogSeq HTTP server to be enabled via LogSeq's settings (Settings → API → Enable HTTP server).
  • ⚠️Requires a LogSeq authentication token to be generated and configured in `~/.logseq-mcp/config.json`.
Verified SafeView Analysis
The server constructs Datalog queries by directly embedding user-provided input (e.g., page names, topic names) into the query string. While inputs are lowercased, this pattern is generally susceptible to Datalog injection if a malicious actor (e.g., a compromised LLM or a user manipulating tool arguments) can craft specific inputs. However, the server is designed to run locally, accessing a user's local LogSeq instance, which significantly limits the impact of such a vulnerability to the user's own data.
Updated: 2026-01-09GitHub
30
1
Low Cost
elsantiwg icon

MCP-para-todo

by elsantiwg

Sec8

An educational MCP server that connects language models with external tools in real-time, focusing on providing real-world context and extending LLM capabilities.

Setup Requirements

  • ⚠️Requires a WeatherAPI Key for the 'weather' tool functionality (free tier available).
  • ⚠️The README suggests a WebSocket client connection (`ws://localhost:3000`), but the server code implements an HTTP POST endpoint (`http://localhost:3000/mcp`). This discrepancy might confuse users attempting to integrate.
  • ⚠️The server, as coded in `src/mcp/server.ts`, currently only registers and exposes the 'weather' tool, despite the README listing 'word_definition' and 'evaluate_math' as implemented. Users wishing to use these other tools would need to modify `src/mcp/server.ts` to register them.
  • ⚠️The 'mathTool' in `src/tools/math.ts` relies on the 'mathjs' library, but 'mathjs' is not listed in `package.json` dependencies. If the 'mathTool' were to be registered and used, it would lead to a runtime error unless 'mathjs' is manually installed.
Verified SafeView Analysis
The server loads API keys from environment variables, which is good practice. The `mathjs.evaluate` function, if used, is generally considered safe from arbitrary code execution according to its documentation as it does not access the global scope. No hardcoded secrets or 'eval' statements were found. Error messages could expose some internal details but are not critical vulnerabilities for this context. The server uses HTTP POST, not WebSockets, despite README examples.
Updated: 2025-11-27GitHub
30
1
High Cost
milasd icon

Memo-MCP

by milasd

Sec8

Provides a local LLM Model Context Protocol (MCP) server for journaling with Retrieval-Augmented Generation (RAG) to search and retrieve personal memo and journal entries.

Setup Requirements

  • ⚠️Requires Python 3.12+ to run.
  • ⚠️Relies on `uv` package manager and `Task` (Taskfile) for setup and execution.
  • ⚠️Memo data must follow a specific `data/memo/YYYY/MM/DD.md` folder structure, which needs to be manually prepared or generated.
Verified SafeView Analysis
The server is designed for local, personal use, communicating via standard I/O (stdio) with LLM clients. This greatly reduces network attack surface compared to a web-exposed service. Hardcoded secrets are not present; configurations like `qdrant_api_key` are optional environment variables and default to `None`. The use of `pickle.load` for FAISS and simple vector stores, while generally unsafe for untrusted data, is used here for self-generated, local persistence, which is a lower risk within the intended local application context. Privacy warnings are clearly stated for sensitive data when using external models. No 'eval' or obvious malicious patterns found.
Updated: 2025-11-23GitHub
30
6
Medium Cost
rafaeljusto icon

teamwork-ai

by rafaeljusto

Sec2

The Assigner acts as a webhook server that listens for Teamwork.com task events, analyzing them using AI to assign tasks to users based on skills, job roles, costs, and workload, and then generates an explanatory comment.

Setup Requirements

  • ⚠️Requires a Teamwork.com account and API token.
  • ⚠️Requires configuration and potentially paid API access for an AI agent (Anthropic, OpenAI) or a running local Ollama server.
  • ⚠️Requires a separate Model Context Protocol (MCP) server to be running and accessible for prompt retrieval (e.g., from github.com/teamwork/mcp).
  • ⚠️Lack of webhook authenticity checks (no token/checksum validation) means anyone can trigger the server's actions.
Review RequiredView Analysis
CRITICAL: The server explicitly states in its documentation that 'there's no token or checksum check implemented in the server' for incoming webhooks. This means any unauthenticated external party can send POST requests to the `/teamwork-ai/webhooks/task` endpoint, potentially triggering unauthorized task assignments, comments, or denial-of-service through resource exhaustion. Sensitive API tokens (Teamwork, Anthropic, OpenAI) are handled via environment variables, which is a good practice. No 'eval' or obvious code obfuscation found. The Ollama DSN may include `username:password` in the URL, but the client implementation does not explicitly add Basic Auth headers, meaning these credentials would be ignored for authentication by the default HTTP client.
Updated: 2026-01-07GitHub
PreviousPage 223 of 713Next