Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

27
1
Low Cost
MrJamescot icon

ctfd-mcp-server

by MrJamescot

Sec2

Provides a Model Context Protocol (MCP) server to enable AI tools and automation to interact with the CTFd platform for challenge retrieval and flag submission.

Setup Requirements

  • ⚠️Hardcoded CTFd Base URL: The internal FastAPI backend (`server/main.py`) explicitly forces the target CTFd instance to `https://demo.ctfd.io`, ignoring `CTFD_BASE_URL` environment variables and API calls to `/set_base_url`. This makes the server unusable for any CTFd instance other than `demo.ctfd.io`.
  • ⚠️Conflicting Internal Ports and Services: The project consists of two FastAPI applications (`server/main.py` and `ctfd_mcp_server.py`) with conflicting default ports and internal communication logic. The `mcp_server.py` expects a backend at `127.0.0.1:8000`, but `server/main.py` defaults to `0.0.0.0:9999`. The `README`'s single run command (`python mcp_server.py`) is insufficient as it requires the backend to be running separately on the correct port.
  • ⚠️Local Credential Storage: Authentication tokens, cookies, username, and password are saved locally in plain text within `server_state.json`, posing a security risk if the server's file system is compromised.
Review RequiredView Analysis
The internal FastAPI backend (`server/main.py`) hardcodes the target CTFd instance to `https://demo.ctfd.io`, overriding all environment variables (`CTFD_BASE_URL` or `BASE_URL`) and user input through the `/set_base_url` endpoint. This creates a severe functional limitation and a potential security risk, as users attempting to connect to a private CTFd instance would unknowingly send credentials to `demo.ctfd.io`. Additionally, the project's internal communication is flawed: `ctfd_mcp_server.py` (the MCP interface, likely running on default FastAPI port 8000) attempts to call a backend at `http://127.0.0.1:8000`, which could result in a self-referential loop or connection failure since the actual backend (`server/main.py`) defaults to port `9999`. Authentication tokens, cookies, username, and password are saved unencrypted in `server_state.json`, which could be a risk if the server's file system is compromised.
Updated: 2025-11-20GitHub
27
1
Medium Cost
railsware icon
Sec8

The Coupler.io MCP Server provides seamless integration with Coupler.io APIs, enabling AI analysis of multi-channel marketing, financial, sales, e-commerce, and other business data by querying connected data flows.

Setup Requirements

  • ⚠️Requires Docker to run in container mode (as specified in Claude Desktop config)
  • ⚠️Requires a Coupler.io Personal Access Token
Verified SafeView Analysis
The `get-data` tool executes user-provided SQL queries directly on a downloaded SQLite database. While the database is opened in `readOnly` mode and the input `query` is validated to start with `SELECT` (mitigating write/delete risks), a malicious `SELECT` query could potentially be crafted for resource exhaustion (e.g., complex joins on large datasets) or to probe database structure if not fully isolated. However, the local and temporary nature of the SQLite file downloaded for each execution limits the scope of such an attack. No hardcoded secrets were found; `COUPLER_ACCESS_TOKEN` is correctly sourced from environment variables. Network requests are directed to a controlled Coupler.io API host and use signed URLs for data downloads.
Updated: 2026-01-07GitHub
27
1
Medium Cost
domdomegg icon

filesystem-mcp

by domdomegg

Sec8

This server provides tools for reading, creating, editing files, and listing directories on the local filesystem, enabling automation of tasks like configuration updates, report generation, and code refactoring.

Setup Requirements

  • ⚠️Requires Node.js and npm to run.
  • ⚠️Directly manipulates the local filesystem; caution is advised regarding permissions and potential data loss if misused by a controlling agent.
  • ⚠️When using HTTP transport, an available port (default 3000) is required and should be securely exposed.
Verified SafeView Analysis
The server directly manipulates the local filesystem, which inherently carries significant security implications if the controlling agent is compromised or misused. However, the provided source code does not contain direct 'eval' or arbitrary command execution vulnerabilities. File operations are performed using standard Node.js `fs/promises` APIs, and input parameters are validated via Zod schemas. Path expansion using `os.homedir()` limits path traversal risks to the user's home directory context. The `str_replace` tool specifically checks for unique occurrences, mitigating risks of unintended broad replacements. While the implementation appears robust for its stated purpose, the powerful nature of direct filesystem access necessitates deployment in a trusted environment with a thoroughly vetted controlling agent.
Updated: 2026-01-07GitHub
27
1
Low Cost
jungjaehoon-lifegamez icon

MAMA

by jungjaehoon-lifegamez

Sec8

Memory-augmented assistant for LLMs (Claude Code/Desktop) to track decision evolution, provide session continuity, simulate workflows, and offer a mobile chat/graph viewer interface.

Setup Requirements

  • ⚠️Initial setup (first '/mama-save') takes ~1-2 minutes for MCP server and embedding model download/compilation.
  • ⚠️Requires platform-specific build tools (Xcode Command Line Tools, build-essential, windows-build-tools) for `better-sqlite3` native module compilation.
  • ⚠️Requires ~500MB free disk space for embedding model cache and database.
  • ⚠️Potential network issues when downloading embedding models from Hugging Face CDN for the first time.
Verified SafeView Analysis
By default, the server binds to `127.0.0.1` (localhost only), ensuring local-first security. Extensive documentation and explicit warnings are provided regarding critical security risks if exposed externally via tunnels (e.g., ngrok, Cloudflare). External access can lead to full system compromise. Robust recommendations for Cloudflare Zero Trust authentication are given for production use. Token-based authentication is available but strongly discouraged for production, highlighted as 'TESTING ONLY'. The project demonstrates a strong awareness of security implications and provides mechanisms and guidance for securing deployments.
Updated: 2026-01-08GitHub
27
39
Medium Cost
itxaiohanglover icon

mcp-codestyle-server

by itxaiohanglover

Sec4

Provides code template search and retrieval tools for IDEs and AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires JDK 17+ and Maven 3.9+ for building and running.
  • ⚠️A remote repository server is required for initial template downloads and remote search mode (`repository.remote-path` must be configured).
  • ⚠️The server JAR (`mcp-codestyle-server-1.0.2.jar`) must be built locally before running.
Review RequiredView Analysis
The server downloads ZIP files from a configurable `repository.remote-path` and extracts them to a local cache. If the `repository.remote-path` is configured to an untrusted source, malicious ZIP files could be downloaded and extracted, potentially leading to directory traversal attacks, arbitrary file writes, or other forms of system compromise. The `Hutool ZipUtil.unzip` function is used for extraction, and while Hutool generally implements safeguards, this remains a critical point if the remote server is compromised or untrusted.
Updated: 2025-12-18GitHub
27
1
Medium Cost
MiguelTVMS icon

tplink-omada-mcp

by MiguelTVMS

Sec9

Provides a Model Context Protocol (MCP) server to expose TP-Link Omada controller APIs to AI copilots and automation workflows, enabling control and monitoring of network devices.

Setup Requirements

  • ⚠️Requires access to a configured TP-Link Omada controller.
  • ⚠️Requires Omada API credentials (Client ID, Client Secret, OmadaC ID) from Omada Platform Integration settings.
  • ⚠️Requires Node.js 24+ for local development or Docker for containerized deployment.
Verified SafeView Analysis
The server demonstrates strong security practices for an API adapter. It uses environment variables for sensitive credentials (OMADA_CLIENT_ID, OMADA_CLIENT_SECRET, OMADA_NGROK_AUTH_TOKEN) to avoid hardcoding. Robust input validation is implemented using Zod schemas for all tool arguments. Logging of sensitive data (e.g., authorization headers, tokens) is explicitly handled with masking functions. It supports strict SSL validation for Omada controller connections. For HTTP/SSE transports, it includes DNS rebinding protection and allows configuration of allowed origins, defaulting to localhost for security. The server relies on the Omada controller's OAuth 2.0 implementation for authentication and authorization, and its internal architecture is modular, reducing attack surface. Potential risks are primarily external, residing in the security of the Omada controller itself and the management of Omada API credentials.
Updated: 2026-01-08GitHub
27
1
Medium Cost
gen0sec icon

mcp-server

by gen0sec

Sec8

Provides tools and context for LLMs to generate and validate Wirefilter WAF rules based on natural language descriptions or CVE identifiers, integrating with external vulnerability databases.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️For local setup, `uv`, `mcpb`, and `git` prerequisites must be installed.
  • ⚠️Relies on an external WAF validation API (defaults to `https://public.gen0sec.com/v1/waf/validate`) for rule validation, which must be accessible.
  • ⚠️The ProjectDiscovery CVE plugin requires an API key if enabled.
Verified SafeView Analysis
The server uses `subprocess.run` to interact with `git` for repository cloning/pulling, which, while commands are hardcoded, relies on `repo_url` from configuration. It also makes external HTTP requests to a configurable WAF validation API and ProjectDiscovery API. Malicious configuration of `WAF_VALIDATION_API_URL` or `PROJECTDISCOVERY_API_KEY` could lead to data exfiltration or other network-based attacks. No 'eval' or obvious obfuscation was found, and sensitive API keys are expected to be configured by the user via environment variables or a YAML file.
Updated: 2026-01-08GitHub
27
1
Low Cost
bobmatnyc icon
Sec6

Installs and manages Model Context Protocol (MCP) servers for AI coding tools.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Optimal functionality (e.g., faster installations) relies on `uv` being available in PATH.
  • ⚠️Full feature set (e.g., native CLI operations, specific platform detection confidence) depends on various AI coding tool CLIs (`claude`, `cursor`, `codex`, `gemini`) and MCP server binaries (`mcp-ticketer`) being available in PATH.
Verified SafeView Analysis
The `mcp_doctor.py` module, designed for diagnostics, executes commands specified in `MCPServerConfig` objects via `subprocess.Popen`. This means that if an `MCPServerConfig` (e.g., from a compromised or untrusted configuration file) contains malicious commands, the diagnostic tool will attempt to execute them. While the purpose of the installer is to manage these configurations, this capability is a security risk when dealing with untrusted inputs. The self-update mechanism also performs external network requests to PyPI to check for updates.
Updated: 2026-01-08GitHub
27
41
Medium Cost
itsalfredakku icon

youtrack-mcp

by itsalfredakku

Sec9

An enterprise-grade Model Context Protocol (MCP) server for JetBrains YouTrack 2025.2, enabling AI assistants (e.g., Claude, VSCode extensions, Continue.dev, custom connectors) to access and manage YouTrack issues, sprints, dependencies, time tracking, and knowledge base content via a tool-based interface.

Setup Requirements

  • ⚠️Requires YouTrack instance URL (`YOUTRACK_URL`) and a permanent access token (`YOUTRACK_TOKEN`) to be set as environment variables.
  • ⚠️For enhanced security and data isolation, it is highly recommended to set the `PROJECT_ID` environment variable to restrict AI access to a single YouTrack project.
  • ⚠️OAuth2 authentication, if preferred, requires a local callback server to run on a specified port (default 8080) which might necessitate local firewall configuration.
Verified SafeView Analysis
The server demonstrates strong security practices including comprehensive input validation (using `ParameterValidator` and `@validateParams` decorator), robust error handling with context logging, and sensitive data sanitization (`text-sanitizer.ts`) to prevent XSS. A critical security feature is the `resolveProjectId` mechanism, which enforces project isolation if `PROJECT_ID` is set in the environment, preventing AI tools from accessing unauthorized projects. OAuth2 authentication is implemented with PKCE, a secure flow for public clients. No direct `eval` or hardcoded production secrets are evident. The architecture promotes safe, tool-based access to YouTrack data.
Updated: 2025-12-22GitHub
26
1
Medium Cost
TiM00R icon
Sec3

AI-powered remote Linux server management, enabling natural language control over server commands, file transfers, and automated workflows.

Setup Requirements

  • ⚠️Requires manual configuration of `hosts.yaml` with server connection details (host, user, password).
  • ⚠️Requires modification of Claude Desktop's configuration (`%APPDATA%\Claude\claude_desktop_config.json` on Windows, or equivalent on Linux) to register the MCP server.
  • ⚠️Relies on password-based SSH authentication; while `paramiko` supports SSH keys, the provided configuration and examples primarily demonstrate password usage.
  • ⚠️Requires a Python virtual environment for installation and execution.
  • ⚠️Needs the `REMOTE_TERMINAL_ROOT` environment variable configured in Claude Desktop's `mcpServers` entry to specify the installation directory.
Review RequiredView Analysis
The server has critical command injection vulnerabilities. In `src/tools/sftp_compression_tar.py`, the `extract_tarball_via_ssh` function constructs `tar` commands using `remote_archive_path` and `remote_extract_path` without proper shell quoting. Similarly, in `src/tools/sftp_compression_upload.py`, the `chmod -R` command uses `remote_dir` without quoting. This allows a malicious actor (e.g., a jailbroken AI or manipulated input) to inject arbitrary shell commands, leading to remote code execution on the connected server. While some path sanitization (`validate_path`) and `shlex.quote` are used in other parts (e.g., single file SFTP, backup creation), these critical directory transfer commands are unprotected. The system also inherently trusts the AI to generate safe commands, making a jailbroken AI a significant risk.
Updated: 2026-01-07GitHub
26
1
Low Cost
shandut icon
Sec8

Manages Shopify checkout branding (colors, typography, logos) via a Model Context Protocol (MCP) server or HTTP API for AI assistants or direct programmatic control.

Setup Requirements

  • ⚠️Requires a Shopify store with Admin API access (typically Shopify Plus or Development store).
  • ⚠️Requires specific Shopify Admin API scopes: `read_checkout_branding_settings`, `write_checkout_branding_settings`, `write_files`.
  • ⚠️Requires manual configuration of Shopify credentials in a `.env` file.
Verified SafeView Analysis
The server uses environment variables for sensitive API tokens and includes robust redaction in logging. The HTTP server wrapper enables CORS for all origins (`origin: true`) by default which is generally safe for local development but would require stricter configuration (e.g., behind a proxy with restricted origins) if exposed publicly in production.
Updated: 2025-11-19GitHub
26
1
Low Cost
xue20010808 icon

word2pdf_hello_mcp

by xue20010808

Sec1

This MCP server serves as a scaffold to demonstrate building and deploying AI-powered tools, resources, and prompts using the Smithery CLI and FastMCP framework.

Setup Requirements

  • ⚠️Requires Smithery API key for deployment (not strictly for local dev)
  • ⚠️Requires `uv` (a modern Python package installer/runner) to be installed
  • ⚠️Requires Python 3.10 or higher
Review RequiredView Analysis
CRITICAL: The `hello` tool function directly downloads an executable file (`du.exe`) from `https://live.sysinternals.com/du.exe` and saves it as `hello.exe` to the user's 'Downloads' directory every time the tool is called. This pattern, even with a benign executable, represents a severe supply chain and arbitrary file write vulnerability. If the `Source_Server` URL could be manipulated (e.g., through a compromised dependency or a controlled config parameter), this could lead to arbitrary code execution. Additionally, all exceptions during the download process are suppressed (`except Exception as e: pass`), hiding potential failures and making it difficult to detect malicious activity or operational issues.
Updated: 2025-11-18GitHub
PreviousPage 235 of 713Next