Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

28
18
Medium Cost
szeider icon

mcp-dblp

by szeider

Sec9

Provides a Model Context Protocol (MCP) server for Large Language Models (LLMs) to access, search, and manage publications and BibTeX entries from the DBLP computer science bibliography database.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires `uv` package manager
Verified SafeView Analysis
The server uses standard `requests` for external API calls to dblp.org with a reasonable timeout of 10 seconds and an identifying User-Agent. There are no clear indications of arbitrary code execution vulnerabilities (e.g., `eval`, `exec`) using untrusted user input. The `subprocess.Popen` call in `src/mcp_dblp/tools.py` is for internal testing/orchestration and does not process external user input. No hardcoded secrets were found.
Updated: 2025-12-31GitHub
28
1
Medium Cost
christyfrink icon

mcp-maryland-opendata

by christyfrink

Sec6

Provides access to Maryland Open Data through the Socrata API, enabling search, aggregation, and custom queries for state payments, spending, and public records, particularly useful for campaign finance and political influence research.

Setup Requirements

  • ⚠️Requires Node.js v16 or higher
  • ⚠️Configuration for an MCP client requires an absolute path to the `build/server.js` file
Review RequiredView Analysis
Potential SoQL injection vulnerability exists in `search_state_payments` and `get_vendor_payment_totals` due to direct string concatenation of user-provided text parameters (e.g., `vendor_name`, `agency_name`, `category`, `fiscal_year`) into the SoQL WHERE clause without sufficient escaping or parameterization. While Zod is used for type validation, it does not prevent malicious string content. The `query_dataset` tool explicitly allows raw SoQL input, shifting query safety responsibility to the user. No hardcoded secrets were found, and client-side rate limiting is implemented.
Updated: 2025-11-19GitHub
28
57
Medium Cost
dermatologist icon

pyomop

by dermatologist

Sec6

A Python library providing tools for managing OMOP Common Data Model databases, including LLM-powered natural language querying, FHIR-to-OMOP data conversion, and PyHealth/PLP compatibility for machine learning pipelines.

Setup Requirements

  • ⚠️Requires installation of optional LLM dependencies ('pip install pyomop[llm]') for natural language querying features.
  • ⚠️Requires an API key (e.g., GOOGLE_API_KEY, OPENAI_API_KEY) for a paid external LLM service to use LLM features.
  • ⚠️Database requires initial setup and population (e.g., 'python -m pyomop -e Synthea27Nj -v 5.4 -n cdm.sqlite') before querying.
  • ⚠️HTTP transport for the MCP server requires additional 'starlette' and 'uvicorn' dependencies ('pip install pyomop[http]').
Review RequiredView Analysis
The MCP server exposes a 'run_sql' tool that directly executes arbitrary SQL statements provided by the client, which is a significant SQL injection vulnerability if the client/agent is not trusted or the server is exposed inappropriately. The 'docker-compose.yml' includes a hardcoded PostgreSQL password ('mypass'), posing a security risk for non-development deployments. The system fetches SQL query examples from external GitHub repositories ('OHDSI/QueryLibrary'), which carries a minor risk if the external source is compromised. Database operations like 'SET FOREIGN_KEY_CHECKS=0' and 'SET session_replication_role = replica' are used for performance during bulk loading; while common, they could lead to data integrity issues if input data is not thoroughly validated.
Updated: 2025-12-29GitHub
28
1
Low Cost
Peterpan-MU icon

MCP-Test

by Peterpan-MU

Sec3

Tests other Model Context Protocol (MCP) servers for connection, capabilities, and tool functionality.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Executing user-provided commands ('command' and 'args' parameters) poses a significant security risk if not run in a highly isolated environment with trusted inputs.
Review RequiredView Analysis
The server's primary function involves executing user-provided commands and arguments (via 'command', 'args', and 'env' parameters) on the host system using 'child_process.spawn' (TypeScript) or 'asyncio.create_subprocess_exec' (Python). This allows for arbitrary code execution on the machine running the MCP-Test server if an unauthorized or malicious actor can send 'callTool' requests. It is critical to run this server in a highly isolated and controlled environment, and only use it with trusted input.
Updated: 2025-11-20GitHub
28
1
Low Cost
sandraschi icon

fastsearch-mcp

by sandraschi

Sec7

Provides lightning-fast file search capabilities on Windows by directly accessing the NTFS Master File Table, integrated with Claude Desktop.

Setup Requirements

  • ⚠️Requires Windows 10/11 or Windows Server 2016+ (platform-specific).
  • ⚠️Requires Administrator privileges for service installation and control (start/stop/restart).
  • ⚠️Requires building the C++ Windows service using Visual Studio 2022 Build Tools, CMake 3.20+, and potentially WiX Toolset for the installer (though the `STATUS_REPORT.md` indicates the C++ service startup crash issue is now fixed).
  • ⚠️Python 3.8+ is required (specifically 3.10+ as per `pyproject.toml`).
Verified SafeView Analysis
The project employs a dual-process architecture: a Python MCP bridge (user privileges) communicating with a C++ Windows service (LocalSystem privileges) via named pipes. The C++ service performs direct NTFS MFT access and can execute system commands like 'chkdsk' (via subprocess.run). The Python bridge interacts with Windows services and system resources. These operations are inherently high-privilege on Windows and require careful input validation and secure design. The `SystemResourceMonitorTool` has a `callback_url` parameter (though commented out in code and explicitly disallowed by architectural documentation for network activity), which would be a potential exfiltration risk if enabled. Named pipe ACLs are designed to restrict access to the launching user. No obvious hardcoded secrets are present in the provided code snippets. The overall design prioritizes privilege separation for security.
Updated: 2025-11-22GitHub
28
4
Low Cost
binrchq icon

roma

by binrchq

Sec8

An AI-powered, ultra-lightweight jump server (bastion host) providing secure and efficient remote access solutions with native AI integration through Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires SSH keys to be configured for both users and the jump server itself for secure authentication.
  • ⚠️A database (SQLite for development/quickstart, MySQL/PostgreSQL for production) is required for persistent storage.
  • ⚠️Default API keys, administrator passwords, and SSH keys provided in demo configurations must be changed immediately for any production deployment to avoid security vulnerabilities.
Verified SafeView Analysis
The project demonstrates strong security awareness with features like SSH key authentication (password login disabled by default), API key authorization, Role-Based Access Control (RBAC), space isolation, IP blacklisting, rate limiting, and comprehensive audit logging. Sensitive data like user passwords are Bcrypt hashed, and resource credentials are AES-256-GCM encrypted. Default/demo credentials (API keys, passwords, SSH keys) are present in example configuration files and Docker Compose setups; while explicitly stated for demo purposes and replaceable via a generation script, this still presents a potential risk if not changed in production environments. The documentation clearly outlines security best practices to mitigate these risks.
Updated: 2026-01-05GitHub
28
1
Medium Cost
joemclo icon
Sec8

A Model Context Protocol (MCP) server for searching UK property prices from HM Land Registry and performing local postcode lookups.

Setup Requirements

  • ⚠️Requires Node.js >= 18 and npm >= 7 to run.
  • ⚠️The `lookup-postcodes` tool requires a separate download and setup of the Ordnance Survey Code-Point Open dataset (via `npm run setup:postcodes`) to build a local SQLite database, as this data is not bundled.
  • ⚠️The `search-property-prices` tool relies on the external HM Land Registry SPARQL endpoint, which may experience availability issues or rate limiting.
Verified SafeView Analysis
The server employs good security practices for external data interactions. SPARQL queries for the HM Land Registry endpoint use string escaping (`.replace(/"/g, '\"')`) to prevent injection within string literals. Queries to the local SQLite database for postcode lookups use parameterized statements, which effectively guards against SQL injection. The local postcode database is opened in read-only mode, reducing the risk of data manipulation. Dependency versions are relatively up-to-date, and the `@modelcontextprotocol/sdk` was recently updated to address a DNS rebinding vulnerability. No direct `eval` or user-controlled command execution with unsanitized input was observed. Potential risks are primarily related to the external HM Land Registry API's availability or rate limits, which are outside the server's control.
Updated: 2026-01-10GitHub
28
1
Low Cost
Prantick icon
Sec8

Provides a zero-config framework for building Model Context Protocol (MCP) servers using a manifest file, enabling schema-driven tool, resource, and prompt exposure.

Setup Requirements

  • ⚠️Requires a TypeScript build step (npx tsc) before running.
  • ⚠️Requires custom `manifest.json` and handler function implementations to define server capabilities.
Verified SafeView Analysis
The server primarily communicates via standard I/O (StdioServerTransport), which limits external network attack surface. Input validation for tools is enforced using AJV against defined `inputSchema` in the manifest, a strong practice. However, error messages returned from handlers include the full `err.message`, which could potentially leak sensitive internal information if handlers are not careful about what they throw. Loading the `manifest.json` via `fs.readFileSync` could theoretically be a path traversal risk if the `manifestPath` input were user-controlled and not properly sanitized, though typical usage (e.g., `path.join(__dirname, "manifest.json")`) mitigates this.
Updated: 2025-11-20GitHub
28
3
High Cost
datum-cloud icon

datum-mcp

by datum-cloud

Sec9

Manages Datum Cloud network infrastructure (organizations, projects, domains, HTTP proxies/routes, gateways, traffic policies, DNS, and CRD schemas) via an agent-compatible server.

Setup Requirements

  • ⚠️Requires interactive browser login for OAuth2.1 (PKCE) authentication on first use (credentials stored in system keychain).
  • ⚠️Requires an MCP client (e.g., Claude Desktop, Cursor) configured to use the `datum-mcp` binary.
  • ⚠️Installation via `install.sh` may require `sudo` to place the binary in `/usr/local/bin`.
Verified SafeView Analysis
Utilizes OAuth 2.1 (PKCE) for robust authentication and stores sensitive credentials (refresh tokens) securely in the system keychain (e.g., macOS Keychain). The default operation mode is stdio, limiting network exposure. HTTP mode binds to localhost by default. No obvious 'eval' or malicious patterns were identified in the Go source code. The `curl | sh` installation method is common but requires trust in the source. The `DATUM_TOKEN` environment variable allows overriding interactive login for automation but requires the user to manage the token's security.
Updated: 2025-11-19GitHub
28
1
Medium Cost
sockeon icon

mcp

by sockeon

Sec8

This MCP server provides intelligent assistance to developers working with the Sockeon framework, offering code generation, configuration helpers, and real-time documentation access via AI assistants.

Setup Requirements

  • ⚠️Requires manual, OS-specific client configuration (editing JSON files) for AI assistants like Claude Desktop, Cursor, or VS Code.
  • ⚠️Requires providing the absolute path to `public/server.php` in the client configuration, which can be a common point of error.
Verified SafeView Analysis
The `SockeonResources::getValidationRule` method reads local PHP files based on a `rule` parameter. While the `McpResourceTemplate` attribute likely restricts the format of `{rule}` (e.g., to a single filename), a theoretical path traversal vulnerability could exist if not properly handled by the MCP SDK, potentially allowing access to arbitrary local files. Documentation fetching from GitHub raw content (sockeon/docs) carries a minor, inherent risk if the source repository were compromised. Generated code (via stubs) is returned to the client and not executed by the server, shifting the execution risk of generated content to the client/user. No direct `eval` or `shell_exec` calls are present in the provided code.
Updated: 2025-11-20GitHub
28
1
Medium Cost
pietro-franca icon
Sec8

Integrate an AI chat agent with an MCP Server using n8n workflows to enable dynamic, tool-assisted responses for user queries.

Setup Requirements

  • ⚠️Requires n8n to be installed and running.
  • ⚠️Requires an OpenAI API Key (Paid service for gpt-4o-mini).
  • ⚠️Requires an external MCP Server to be running and accessible at a specified URL.
Verified SafeView Analysis
The system message for the AI Agent explicitly restricts it to only use `brave_web_search` and `brave_local_search` tools, mitigating the risk of arbitrary tool execution via dynamic parameter injection. The `executeTool` operation takes dynamic `toolName` and `toolParameters` from the AI, which would be a critical vulnerability without this restriction. However, the overall security depends on the trustworthiness of the external MCP server and the tools it exposes.
Updated: 2025-11-19GitHub
28
1
Medium Cost
jon-the-dev icon
Sec9

Provides domain name, IP, and network information through WHOIS and DNS lookups, designed for LLM workflows.

Setup Requirements

  • ⚠️Requires the `whois` command-line tool to be installed on the system (not a Python package).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Poetry for dependency management.
Verified SafeView Analysis
The server uses `asyncio.create_subprocess_exec` to run the `whois` command, passing user input as a distinct argument, which significantly mitigates command injection risks. Domain inputs are robustly sanitized (`clean_domain` function) before being used in queries. DNS queries use the `dnspython` library and trusted public nameservers. The file-based cache uses SHA256 hashes for cache keys, preventing path traversal. There are no hardcoded secrets or `eval` usage. Logging is directed to stderr, avoiding interference with JSON-RPC output.
Updated: 2026-01-09GitHub
PreviousPage 231 of 713Next