Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

26
1
High Cost
PfandAhter icon
Sec7

Orchestrates banking requests through Google Gemini function-calling workflows and ModernBank backend services.

Setup Requirements

  • ⚠️Requires Google Gemini API Key (Paid).
  • ⚠️Requires downstream ModernBank Account, Transaction, and Payment services to be running and accessible at specified URLs (e.g., `http://localhost:8084/api/v1`).
Verified SafeView Analysis
The system acts as an API gateway, propagating `Authorization`, `X-User-Id`, `X-User-Email`, `X-User-Role` headers to downstream services. This is a standard microservices pattern but requires robust authentication/authorization in client and backend services. The `PaymentService` contains commented-out JWT parsing and a hardcoded `fromAccount = ""` which is a bug, but this service is currently not integrated with Gemini function calls and thus poses no immediate threat via the AI. Critical financial operations (`transfer_money`) rely on parameters extracted by Gemini from user input, which are then passed to the `TransactionService`. Extensive `GLOBAL_PROMPT` engineering and a `MissingInputResolver` are used to guide Gemini and handle missing parameters, which are crucial for preventing misuse and ensuring correct function execution. The direct function invocation endpoint `/v1/api/mcp/invoke` is stubbed and returns `null`, reducing its attack surface.
Updated: 2025-11-20GitHub
26
1
Low Cost
Rohan171819 icon
Sec8

Manages personal expenses by allowing users to add, list, summarize, and delete expense entries.

Setup Requirements

  • ⚠️Database is stored in a temporary directory (e.g., /tmp), meaning all expense data will be lost on system restart or cleanup.
  • ⚠️Requires Python version 3.13 or higher.
Verified SafeView Analysis
The application uses parameterized queries with aiosqlite, preventing SQL injection. No 'eval' or obfuscation is present. The server binds to '0.0.0.0', which is standard but means it's accessible from any IP on the network; proper firewalling is crucial if exposed to untrusted networks. No authentication/authorization layer is implemented, assuming a trusted user or environment. No hardcoded secrets were found.
Updated: 2025-11-20GitHub
26
1
High Cost
danny-avila icon

server-filesystem

by danny-avila

Sec9

Provides a secure Node.js server implementing Model Context Protocol (MCP) for AI clients to perform a wide range of filesystem operations with strict access control.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Server will throw an error if started without command-line allowed directories AND the client does not support or provide MCP Roots.
  • ⚠️On Windows, symlink creation (relevant for testing security features) may require Developer Mode or Administrator privileges.
Verified SafeView Analysis
The server demonstrates strong security practices with explicit path normalization, comprehensive symlink resolution (via `fs.realpath` and `isPathWithinAllowedDirectories`) to prevent traversal attacks, and strict enforcement of allowed directories. File write operations use atomic renames and the 'wx' flag to prevent race conditions and overwrites through existing symlinks. Dynamic allowed directories via MCP Roots are also validated. No hardcoded secrets or 'eval' usage observed. The primary risk lies in misconfiguring the allowed directories or if an attacker could bypass the `validatePath` function before any file operation.
Updated: 2025-11-18GitHub
26
1
High Cost
trustspirit icon

mcp

by trustspirit

Sec9

Integrate Google Gemini API features (text generation, chat, image analysis, web search, embeddings, image/video generation) into a Model Context Protocol (MCP) server for local or remote AI client applications.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (paid service, obtained from Google AI Studio).
  • ⚠️Requires Node.js (>=18) and pnpm to run directly, or Docker/Docker Compose for containerized execution.
Verified SafeView Analysis
The server correctly loads API keys from environment variables and does not appear to contain 'eval' or other dynamic code execution vulnerabilities. It uses standard Node.js and Google Generative AI SDKs. CORS is enabled, which is acceptable for local client integration but would require stricter origin control if exposed publicly. Notably, the Gemini safety settings are configured to 'BLOCK_NONE' for all harm categories, meaning the model will not proactively block potentially harmful content. This is a configuration choice for AI output, not a vulnerability in the server's code, but users should be aware of this setting.
Updated: 2026-01-07GitHub
26
1
Low Cost
Evan-Kim2028 icon

igloo-mcp

by Evan-Kim2028

Sec9

AI-first operations and analytics for Snowflake via Model Context Protocol (MCP), including SQL query execution, metadata cataloging, dependency graph building, and managing 'living reports' with AI assistance.

Setup Requirements

  • ⚠️Requires Snowflake CLI (`snow`) to be installed and configured with a valid profile (e.g., `~/.snowflake/config.toml`).
  • ⚠️Requires Quarto CLI to be installed for advanced report rendering features (e.g., HTML, PDF, Markdown).
  • ⚠️Initial setup may involve configuring Snowflake profiles and permissions for the `snow` CLI to access metadata or execute queries.
Verified SafeView Analysis
The server implements robust security measures including: comprehensive SQL validation to prevent dangerous operations (e.g., DELETE, DROP) with customizable allow/disallow lists; stringent path validation to prevent directory traversal attacks; and careful escaping of SQL identifiers and session parameters to mitigate SQL injection risks. It also performs early validation of Snowflake profiles. While relying on an external `snow` CLI means its security posture is also relevant, the project demonstrates a strong focus on secure coding practices.
Updated: 2026-01-06GitHub
26
1
Medium Cost
bshandley icon

homelab-mcp

by bshandley

Sec3

Provides AI models with remote control capabilities for monitoring and managing homelab infrastructure, including Docker, OPNsense, TrueNAS, Proxmox, and Home Assistant.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed on the target host.
  • ⚠️Requires API credentials for OPNsense, TrueNAS, Proxmox, and Home Assistant to enable respective integrations.
  • ⚠️For Level 4 (Manage) Docker operations, the `/opt/stacks` volume mount in `docker-compose.yml` must be changed from `ro` (read-only) to `rw` (read-write), granting high privileges.
  • ⚠️Disables SSL certificate validation (`rejectUnauthorized: false`) for external API calls (OPNsense, TrueNAS, Proxmox), which can be a security concern if connecting over untrusted networks.
Review RequiredView Analysis
The server grants AI models direct, high-privilege control over critical infrastructure components (Docker, Proxmox, TrueNAS, OPNsense). The `docker_exec` tool (Level 4) allows arbitrary command execution within containers, a severe security risk. API integrations for Proxmox, TrueNAS, and OPNsense explicitly disable SSL certificate validation (`rejectUnauthorized: false`), making them vulnerable to Man-in-the-Middle attacks if the network is not trusted. While authentication (API Key, OAuth) and capability levels are implemented, the potential for destructive actions or privilege escalation from a compromised AI or misconfigured server is extremely high, as explicitly warned in the README. Hardcoded secrets are not present; environmental variables are used for configuration. No code obfuscation or `eval` usage detected.
Updated: 2026-01-07GitHub
26
3
Medium Cost
JustinBeckwith icon

linkinator-mcp

by JustinBeckwith

Sec9

Provides link checking capabilities for AI assistants to scan webpages and local files for broken links using the linkinator library.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires manual configuration with MCP clients (e.g., Claude Code, Claude Desktop) unless using `npx install-mcp`.
Verified SafeView Analysis
The server acts as a wrapper around the `linkinator` library. It validates input parameters using Zod schemas, mitigating common injection risks. Communication with the MCP client occurs over standard I/O (stdio), reducing external attack surfaces for control commands. However, the underlying `linkinator` tool, when configured by the user/AI, can perform network requests to arbitrary URLs or serve local files (via `serverRoot` option) from the system running the MCP server. Exposing options like `allowInsecureCerts` by the client or AI could lead to insecure connections if explicitly chosen. Overall, the implementation itself appears robust and does not introduce obvious new vulnerabilities beyond the inherent nature of running a local tool with such capabilities.
Updated: 2026-01-04GitHub
26
1
Low Cost
0brym icon

mcp

by 0brym

Sec7

A modular, config-driven Model Context Protocol (MCP) server designed to expose a variety of configurable tools (filesystem, shell, HTTP, utilities) to AI agents via JSON-RPC over stdio, with a strong emphasis on security through configuration.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Security is configuration-dependent: careful review of `config.json` is critical to prevent unintended access or command execution.
  • ⚠️No built-in input validation beyond basic JSON Schema types for custom plugins, business logic validation must be implemented per tool.
Verified SafeView Analysis
The server explicitly prioritizes 'security by configuration' and implements mechanisms like path restrictions for filesystem operations, command whitelisting/blacklisting for shell execution, and domain filtering for HTTP requests. However, it utilizes powerful primitives: 'plugins/shell.js' directly executes shell commands via `child_process.exec`, and 'plugins/utils.js' includes a 'calculate' tool that uses the `Function` constructor (similar to `eval`) for mathematical expressions. While input sanitization and configurable restrictions are in place, these methods can introduce significant vulnerabilities if the configuration is not carefully managed or if the sanitization/whitelisting logic contains flaws. Misconfiguration, particularly by enabling broad shell commands or paths, could lead to severe system compromise. The server's security is highly dependent on the user's careful and restrictive configuration.
Updated: 2025-11-18GitHub
26
1
Medium Cost
ZHLOVEYY icon

mymcp_backend

by ZHLOVEYY

Sec1

A Go backend server for managing and exposing MCP (Multi-Agent Communication Protocol) services, including dynamic registration and execution of user-defined Go functions as MCP tools.

Setup Requirements

  • ⚠️Requires access to `gitlab.com/fundamental_tools/go-fundamental/config`, which appears to be a private or internal GitLab dependency and will prevent `go mod tidy` from succeeding without proper authentication or vendoring.
  • ⚠️The `README.md` provides a generic `git clone` command (`https://github.com/your_username/your_repository.git`) which conflicts with the actual GitLab-based import paths (`gitlab.com/go-mcp/my-mcp-backend`), meaning the correct repository clone URL is missing from the instructions.
  • ⚠️The core functionality involves interpreting user-supplied Go code, requiring careful review of the sandboxing mechanisms to prevent unintended system access or resource abuse.
Review RequiredView Analysis
The server allows dynamic execution of user-provided Go source code via the Yaegi interpreter in the `/api/functomcp/codetrial` and `/api/functomcp/register` endpoints. While Yaegi is designed for safe Go interpretation, executing arbitrary user code from external sources (even with AST manipulation and import control) presents significant security risks, including potential interpreter vulnerabilities, resource exhaustion attacks, or unintended side effects if the sandboxing mechanism can be bypassed. Additionally, `service/pkg/mid/mcpAuth.go` contains a hardcoded `Authorization: 'xxxx'` value which, if used in a production setup, could lead to severe authentication bypasses for SSE connections.
Updated: 2025-11-19GitHub
26
1
Medium Cost
raahulrawat icon

docsynthai

by raahulrawat

Sec8

An intelligent document processing server that classifies documents using rule-based and AI (Gemini Vision) methods via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Google API Key for Gemini Vision in non-mock mode (paid API usage).
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️PDFs are not directly supported for classification; they must be converted to images first.
Verified SafeView Analysis
The server uses `json.load`/`json.dump` for rule persistence, which is safe. Base64 decoding and image processing use PIL, which is generally robust but not immune to image-based exploits; however, size limits are enforced (`MAX_IMAGE_BYTES`, `MAX_BASE64_BYTES`). The Google API key is supplied at runtime via a tool, not hardcoded, and stored in memory, which is acceptable for server operation. No direct `eval` or `exec` of user-controlled input found. Overall, the system appears designed with reasonable security considerations for its scope.
Updated: 2025-11-19GitHub
26
1
Medium Cost
beejak icon

MCP_Scanner

by beejak

Sec9

Comprehensive security scanning for Model Context Protocol (MCP) servers, including static analysis, runtime monitoring, and AI-powered detection of vulnerabilities.

Setup Requirements

  • ⚠️Requires OpenAI/Anthropic/Google API Key(s) (Paid) for commercial LLM analysis, otherwise defaults to local Ollama.
  • ⚠️Requires local Ollama server running and models pulled (e.g., `ollama serve`, `ollama pull codellama`) for local AI analysis.
  • ⚠️Semgrep external tool is needed for Semgrep integration features.
  • ⚠️Optional API keys (VULNERABLE_MCP_API_KEY, NVD_API_KEY) for enhanced threat intelligence features.
Verified SafeView Analysis
The server's core (Rust) is robust, with explicit error handling, verified zero `unwrap()` calls, and extensive logging. It actively detects dangerous patterns (e.g., `eval`, `os.system`, malicious scripts) in *scanned code* rather than using them internally. External API integrations (LLMs, NVD, VulnerableMCP) use `reqwest` with timeouts and error handling, and API keys are managed via environment variables. The system itself appears well-hardened against common security pitfalls in its own implementation.
Updated: 2026-01-07GitHub
26
38
Medium Cost
panther-labs icon

mcp-panther

by panther-labs

Sec8

Panther's MCP server integrates AI agents with the Panther security platform to enable writing/tuning detections, interactively querying security logs, and managing alerts (triage, comment, resolve) using natural language.

Setup Requirements

  • ⚠️Requires `PANTHER_API_TOKEN` and `PANTHER_INSTANCE_URL` environment variables configured with appropriate Panther permissions.
  • ⚠️Requires Python 3.12+ (if not using Docker).
  • ⚠️Assumes `uv` is installed for Python-based execution.
Verified SafeView Analysis
The server uses environment variables for API tokens and instance URLs, which is good practice. It explicitly enables SSL for API communication. The `query_data_lake` tool directly executes SQL, which inherently carries a risk of SQL injection if user inputs are not carefully managed by the AI agent; however, the `wrap_reserved_words` function helps mitigate some specific identifier-related risks. The documentation also explicitly calls for time filters in queries for performance and partitioning. `PANTHER_ALLOW_INSECURE_INSTANCE` is an opt-in environment variable that can disable SSL verification, which should be used with caution. Overall, the implementation shows good security awareness, but the nature of a SQL execution tool requires vigilance.
Updated: 2025-12-23GitHub
PreviousPage 236 of 713Next