Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

27
2
Medium Cost
s-morgan-jeffries icon

omnifocus-mcp

by s-morgan-jeffries

Sec8

Interact with and manage OmniFocus tasks, projects, folders, and tags on macOS, including UI navigation and comprehensive filtering.

Setup Requirements

  • ⚠️Requires macOS, as OmniFocus is a macOS-only application.
  • ⚠️Requires the OmniFocus application to be installed and running.
  • ⚠️Requires granting macOS Accessibility access and Automation permissions for OmniFocus when first run.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The core functionality relies on executing dynamically generated AppleScript via `osascript`. This introduces a potential risk of AppleScript injection if user-provided input is not correctly escaped. However, a robust `_verify_database_safety` mechanism is implemented which, in 'test mode', validates the target database, and for 'destructive operations' in production, blocks execution if the environment is not explicitly configured for testing. This significantly mitigates the risk of accidental modification of a user's production data, limiting potential malicious impact to read-only operations or, in test mode, to a designated test database. No direct network calls for data transfer are observed within the core `OmniFocusConnector`.
Updated: 2025-11-18GitHub
27
1
High Cost
andrefaria24 icon

Homelab

by andrefaria24

Sec7

This repository provides an Ansible-driven homelab setup for deploying and managing various services, including HashiCorp MCP (Multi-Cloud Platform) servers for Terraform and Vault.

Setup Requirements

  • ⚠️Requires Ansible to be installed and configured with an inventory for deployment.
  • ⚠️Critical environment variables (e.g., `SMB_ADDR`, `GH_TOKEN`, `VAULT_TOKEN`, `TFE_LICENSE`, `POSTGRES_PASSWORD`) must be set and securely managed, typically via `.env` files.
  • ⚠️Specific network configurations, like the Macvlan setup for Plex, require prior host network configuration.
  • ⚠️K3s installation requires replacing the `<STATIC TOKEN>` placeholder with a secure token.
  • ⚠️Requires manual download and placement of `virtio-win-guest-tools.exe` and Virtio drivers for Windows VM setups on KVM/Proxmox.
Verified SafeView Analysis
The project follows good security practices by utilizing environment variables for secrets (e.g., `SMB_USER`, `GH_TOKEN`, `POSTGRES_PASSWORD`, `VAULT_TOKEN`) instead of hardcoding them directly in Docker Compose files. Credential files for SMB mounts are created with restrictive permissions (`0600`). However, some placeholders like `k3s_static_token: "<STATIC TOKEN>"` explicitly require user replacement and could pose a risk if left unconfigured. The overall security relies heavily on the user's secure management of `.env` files and proper configuration of services.
Updated: 2026-01-08GitHub
27
1
Medium Cost
shikano35 icon
Sec8

This MCP Server allows AI Agents to access and interact with the Haiku Monument Database API, enabling search, retrieval, and analysis of haiku monuments, poets, and geographical data related to Japanese haiku culture.

Setup Requirements

  • ⚠️Requires Node.js 20 or later.
  • ⚠️Requires manual configuration in an AI agent's MCP settings file (e.g., Claude Desktop, Cursor).
  • ⚠️Relies on the external 'kuhi.jp' API being available and responsive.
Verified SafeView Analysis
The server uses a broad CORS policy (Access-Control-Allow-Origin: *) which can be a security concern in general web applications, but is less critical for a local MCP server designed to be accessed by AI agents on the same machine or trusted network. No obvious hardcoded secrets, 'eval' usage, or malicious patterns were found. API calls are directed to a specified external API, 'https://api.kuhi.jp'.
Updated: 2026-01-08GitHub
27
1
Low Cost
jungjaehoon-lifegamez icon

claude-plugins

by jungjaehoon-lifegamez

Sec8

MAMA is a memory-augmented assistant for Claude Code that tracks decision evolution and provides automatic context injection to prevent repeating mistakes.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Initial setup may involve downloading a ~120MB embedding model via Transformers.js, which can take 1-2 minutes.
  • ⚠️Requires `better-sqlite3` and potentially `sqlite-vec` native modules; build toolchains may be needed if installation fails.
  • ⚠️Requires minimum 100MB of disk space for database and models.
  • ⚠️Certain advanced features (e.g., LLM re-ranking, LLM-based intent analysis) depend on a locally running Ollama server.
Verified SafeView Analysis
The server's network interactions are primarily local (127.0.0.1) for embedding services (port 3847) and Ollama (port 11434), minimizing external attack surface. No obvious hardcoded secrets were found, and authentication tokens are configurable. A minor concern is the direct string interpolation for `rowid` in an SQLite `INSERT` statement (`plugins/mama/src/core/db-adapter/sqlite-adapter.js`). While mitigated by a `Number()` cast and `Number.isInteger()` validation to ensure it's an integer, universally parameterized queries are generally preferred to completely eliminate this class of potential vulnerabilities. However, the comments indicate this is a limitation of the `sqlite-vec` library, and the explicit type enforcement reduces the immediate risk of SQL injection.
Updated: 2026-01-08GitHub
27
2
Medium Cost
rahulsethi icon

SAPDatasphereMCP

by rahulsethi

Sec9

Enable AI agents to perform read-only data exploration, schema introspection, querying, and profiling on SAP Datasphere assets via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires a working SAP Datasphere tenant (unless DATASPHERE_MOCK_MODE=1 is set for in-memory demo data).
  • ⚠️Requires a configured SAP Datasphere technical OAuth client with a token URL, client ID, client secret, and necessary permissions to call Catalog & Consumption APIs.
Verified SafeView Analysis
The server is explicitly designed for read-only operations, significantly reducing risks of data modification. All sensitive credentials (tenant URL, OAuth client ID/secret, token URL) are loaded from environment variables, preventing hardcoding. TLS verification is enabled by default for HTTPS communication, though it can be optionally disabled with a clear warning regarding security implications (e.g., for corporate proxies). There are no instances of `eval` or `exec` found in the provided source code, and no obfuscation. OData filter and order expressions are passed directly to the SAP Datasphere API, relying on Datasphere's own sanitization; however, given the read-only nature, the risk of malicious injection is mitigated to information leakage rather than data corruption.
Updated: 2026-01-05GitHub
27
28
Medium Cost
fastly icon

mcp

by fastly

Sec9

Securely control Fastly CDN/edge infrastructure through natural language interactions with AI assistants.

Setup Requirements

  • ⚠️Requires Fastly CLI (Command Line Interface) to be installed and accessible in the system's PATH.
  • ⚠️Requires a Fastly account with the CLI authenticated via `fastly profile create` (environment variables like FASTLY_API_TOKEN are explicitly discouraged for MCP clients).
  • ⚠️Building from source requires Go 1.23+; pre-built binaries are available.
  • ⚠️Specific configuration within your AI assistant (e.g., Roo Code, Claude Desktop) is needed to define the MCP server endpoint and command path.
Verified SafeView Analysis
The project demonstrates a very strong 'security-first' approach. It features multiple layers of input validation against command injection (no shell execution, shell metacharacter blocking, path traversal prevention), a strict command allowlist and denylist, and mandatory `--user-reviewed` flag for dangerous operations (e.g., delete, purge, create). It performs binary security checks on the Fastly CLI to prevent tampering (e.g., world-writable permissions on Unix). Sensitive tokens in responses are optionally encrypted using an ephemeral (non-persisted) key, protecting them in transit/display to the LLM. No hardcoded secrets were found. The HTTP server defaults to localhost, minimizing network exposure. The level of defense-in-depth is exceptionally high for a CLI wrapper.
Updated: 2025-12-25GitHub
27
1
Low Cost
TedTschopp icon
Sec9

Provides a Model Context Protocol (MCP) server for TTRPG Game Masters to dynamically generate game content (encounters, NPCs, locations, etc.) by bridging static data hosted on GitHub Pages with a Cloudflare Worker.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and configuration.
  • ⚠️Requires `npm install` and `npx wrangler login` for Cloudflare Worker setup.
  • ⚠️Custom domain configuration (`ttrpg-mcp.tedt.org/mcp`) is required in the Cloudflare Dashboard after deployment.
  • ⚠️The worker's `src/index.js` hardcodes the data source URL (`https://ttrpg-mcp.tedt.org/data/`). For a custom deployment, this URL must be manually updated in the source code, despite `wrangler.toml` defining a `DATA_BASE_URL` variable which is currently not utilized by the JavaScript.
  • ⚠️MCP client configuration (e.g., Claude Desktop) needs to be updated manually with the server endpoint URL and `http` transport type.
Verified SafeView Analysis
The server architecture relies on static JSON data from GitHub Pages and a Cloudflare Worker for dynamic logic. Input parameters for tools are normalized (e.g., to lowercase) before data lookup, mitigating simple injection risks. Tool names are checked against a predefined list, preventing arbitrary function calls. There are no exposed 'eval' or direct arbitrary code execution vectors. No hardcoded sensitive secrets are apparent in the provided source code. The worker fetches data from a hardcoded public URL (https://ttrpg-mcp.tedt.org/data/), relying on the integrity of that static site, which is part of the same project. This design choice is generally secure as long as the GitHub Pages content remains untampered.
Updated: 2026-01-07GitHub
27
1
Low Cost
1999AZZAR icon
Sec3

A focused Model Context Protocol (MCP) server that acts as a project's memory system and workflow guardian, providing streamlined database operations and advanced knowledge graph capabilities for intelligent project management.

Setup Requirements

  • ⚠️Requires Node.js (>= 18.0.0) to be installed.
  • ⚠️The default database (`memory.db`) is created directly in the project's root directory, potentially cluttering it and posing a data isolation risk.
  • ⚠️Critical security vulnerabilities exist in file import/export and SQL execution if tool arguments are sourced from untrusted input without strict validation.
Review RequiredView Analysis
The server exhibits critical security vulnerabilities due to its handling of file paths and direct SQL execution: 1. The `import_data` and `export_data` tools allow arbitrary `filePath` inputs without sanitization or confinement to a safe directory. An attacker controlling these inputs could perform directory traversal to read or write any file on the system, potentially leading to data exfiltration or remote code execution. 2. The `import_data` tool, when used with `format: 'sql'`, executes raw SQL commands from a user-specified file. This, combined with the lack of file path validation, could allow an attacker to execute arbitrary SQL, including commands that drop tables, alter data, or even attach external malicious databases. 3. While `execute_sql` supports parameterized queries, its description in the README encourages raw SQL execution without parameters, which can lead to SQL injection if the query string is not fully trusted. 4. The `memory.db` file is created directly in the current working directory, which is not ideal for data isolation or security. 5. There is no explicit authentication or authorization layer implemented in the server itself, relying solely on the security of the MCP client and its communication channel.
Updated: 2026-01-07GitHub
27
1
Low Cost
Semsemq icon
Sec3

A remote Model Context Protocol (MCP) server that exposes unauthenticated calculator tools via Cloudflare Workers for AI agents.

Setup Requirements

  • ⚠️The server does not implement any authentication, making all exposed tools publicly accessible.
  • ⚠️Requires deployment to Cloudflare Workers or local execution using the Cloudflare `wrangler` CLI.
  • ⚠️Connecting local MCP clients like Claude Desktop requires an additional `mcp-remote` proxy to bridge local connections to the remote Cloudflare Worker.
Verified SafeView Analysis
The server is explicitly designed 'Without Auth' as stated in the README, meaning all exposed API endpoints (/sse and /mcp) are publicly accessible without any authentication or authorization checks. This makes it suitable only for public demonstration or non-sensitive tools. There are no obvious code injection points or hardcoded secrets found in the provided source.
Updated: 2026-01-07GitHub
27
3
Low Cost
yshngg icon
Sec7

Enables natural language interaction with Prometheus metrics and queries by acting as a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Go 1.23.0+ if building from source.
  • ⚠️Requires a running Prometheus server (v2.x) to connect to.
  • ⚠️Requires a compatible Model Context Protocol (MCP) client to interact with.
Verified SafeView Analysis
The server itself is implemented in Go, uses standard libraries, and does not exhibit obvious code injection vulnerabilities like 'eval' or hardcoded secrets. It acts as a direct proxy for the Prometheus HTTP API, including administrative endpoints (e.g., TSDB Snapshot, Delete Series, Reload, Quit). The primary security consideration is operational: without an additional authorization layer built into this MCP server, any MCP-compatible client granted access to this server gains full control over the Prometheus instance, including potentially destructive or disruptive actions. Deployment should include strict network access controls and careful management of MCP client capabilities.
Updated: 2026-01-06GitHub
27
1
Medium Cost
jvm icon

usql-mcp

by jvm

Sec9

Enables AI assistants and other Model Context Protocol (MCP) clients to query a wide range of databases via the usql universal SQL CLI.

Setup Requirements

  • ⚠️Requires Node.js 16 or newer to be installed.
  • ⚠️The 'usql' universal SQL CLI must be installed and available in the system's PATH.
  • ⚠️Database connections need to be configured either via environment variables (e.g., USQL_POSTGRES) or in a 'config.json' file.
Verified SafeView Analysis
The server implements robust security features including credential sanitization in logs and error messages, and a comprehensive query safety analyzer (`query-safety-analyzer.ts`). This analyzer detects and can block dangerous operations like `DROP`, `TRUNCATE`, and `DELETE`/`UPDATE` without a `WHERE` clause, configurable via settings (`allowDestructiveOperations`, `blockHighRiskQueries`, `blockCriticalRiskQueries`, `requireWhereClauseForDelete`). SQL queries are executed via `child_process.spawn`, which is safer than direct shell execution as it avoids shell injection risks with properly separated arguments. No 'eval' or obvious obfuscation is present in the provided source. Rate limiting is also available to prevent abuse. Overall, strong security practices are in place.
Updated: 2026-01-07GitHub
27
1
Medium Cost
dominiquekossi icon

mcp-agent-kit

by dominiquekossi

Sec4

Simplifies the creation and management of AI agents, chatbots, and Model Context Protocol (MCP) servers with various LLM providers.

Setup Requirements

  • ⚠️Requires API keys for commercial LLM providers (OpenAI, Anthropic, Gemini) which may incur costs.
  • ⚠️Requires a local Ollama server running and models pulled (`ollama serve`, `ollama pull <model>`) if using the Ollama provider.
  • ⚠️The use of `eval` in an example tool handler (`examples/smart-tool-calling.ts`) presents a severe security risk if copied into production code without extensive input sanitization.
Review RequiredView Analysis
The example `smart-tool-calling.ts` file demonstrates a `calculate` tool using `eval(params.expression)`. While noted as 'don't use in production!', this is a critical remote code execution vulnerability if user input were to reach it. Its presence as a direct example of tool implementation poses a significant security risk for developers who might adapt it. No other obvious hardcoded secrets or malicious patterns were found; API keys are correctly managed via environment variables.
Updated: 2025-11-20GitHub
PreviousPage 234 of 713Next