Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

23
20
Medium Cost
khuynh22 icon

mcp-wireshark

by khuynh22

Sec9

Integrate Wireshark/tshark capabilities into AI tools and IDEs for network packet capture and analysis.

Setup Requirements

  • ⚠️Requires Wireshark/tshark to be manually installed on the host system (not installed via pip).
  • ⚠️Live packet capture requires elevated system permissions (e.g., user in 'wireshark' group on Linux, administrator on Windows).
  • ⚠️The server uses stdio transport, meaning it's primarily designed for local/isolated environments (e.g., Claude Desktop, VS Code integration); remote hosting would require additional implementation of HTTP/SSE transport.
Verified SafeView Analysis
The server implements robust input validation for file paths, preventing path traversal attacks and limiting allowed file extensions (.pcap, .pcapng, .cap). Display filter expressions are sanitized to prevent command injection (e.g., checking for semicolons, pipes, backticks). Resource limits for packet count (max 10,000) and capture duration (max 300 seconds) mitigate potential denial-of-service. Subprocess execution (`run_tshark`, `run_dumpcap`) uses argument lists directly, which is inherently safer than shell execution. Live packet capture is an inherently privileged operation, and the documentation clearly states that it requires elevated permissions on most systems.
Updated: 2025-12-15GitHub
23
2
High Cost
nosolosoft icon

opencode-mcp

by nosolosoft

Sec6

An MCP (Model Context Protocol) server that provides seamless integration with OpenCode, the open-source AI coding agent for the terminal.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires OpenCode CLI to be installed and configured separately.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) to connect to the server.
Verified SafeView Analysis
The server wraps the OpenCode CLI, executing commands via `subprocess.create_subprocess_exec` with user-provided arguments. Key security risks, as identified in the `PLAN.md` and confirmed by code analysis, include: 1) Lack of validation for `allowed_operations` in `settings.py` (it's defined but not enforced). 2) Missing validation for `files` paths, extensions (`allowed_file_extensions`), and sizes (`max_file_size`) when provided to `opencode_run`. 3) Prompts and tool arguments are logged directly (e.g., in `server.py` `call_tool` and `execution.py`), posing a risk of sensitive information leakage. 4) The `execute_generic` tool and others pass user-controlled strings (e.g., `prompt`) directly to the underlying `opencode` CLI, which could potentially be exploited if the CLI itself has injection vulnerabilities, although `subprocess.create_subprocess_exec` is generally safer than `shell=True`. These unaddressed points significantly lower the score for an AI agent wrapper.
Updated: 2026-01-02GitHub
23
1
Medium Cost
swapnildagade1213 icon

mcp_server

by swapnildagade1213

Sec2

This server template provides a foundation for building Model Context Protocol (MCP) servers to integrate with AI assistants and other MCP clients, offering tools for GitHub, Microsoft Graph, weather data, and JWT decoding.

Setup Requirements

  • ⚠️Requires `uv` for Python environment and dependency management.
  • ⚠️Requires various external API keys/tokens (GitHub, Microsoft Graph, OpenWeatherMap).
  • ⚠️CRITICAL: The `mcp_demo.py` implementation for Microsoft Graph API credentials involves heavily obfuscated hardcoded secrets that are decrypted using `saltdata` and `keydata` parameters. This method of secret handling is highly non-standard and presents a significant security vulnerability, complicating setup and maintenance.
  • ⚠️Node.js is required to run the Model Context Protocol Inspector tool for testing.
Review RequiredView Analysis
CRITICAL security risks found. The `mcp_demo.py` file hardcodes and heavily obfuscates Microsoft Graph API credentials (client_id, client_secret, tenant_id) directly within the source code. These obfuscated secrets are then decrypted at runtime using `saltdata` and `keydata` passed as tool parameters, which is a highly insecure practice as it means sensitive API keys are present in the codebase and their effective security relies on additional runtime parameters. An OpenWeatherMap API key is also hardcoded in `mcp_demo.py`. Additionally, several network requests across different files (e.g., `requests.get`) are made with `verify=False`, which disables SSL/TLS certificate verification and makes the application vulnerable to Man-in-the-Middle (MITM) attacks. The `decode_jwttoken` tool explicitly disables signature verification, which could lead to misuse if not handled carefully. Despite the presence of `dotenv.load_dotenv()`, critical secrets are not loaded from environment variables but are hardcoded or passed directly as parameters, indicating poor secret management.
Updated: 2026-01-05GitHub
23
6
Medium Cost
razavioo icon

liara-mcp

by razavioo

Sec7

Enables AI assistants to deploy and manage applications, databases, and infrastructure on the Liara cloud platform through natural language commands.

Setup Requirements

  • ⚠️Requires a valid Liara API token, which must be generated from the Liara console.
  • ⚠️Requires Node.js version >= 18.0.0 to run.
  • ⚠️Users of Node.js version managers (nvm, fnm, nodenv) may encounter PATH issues and need to use an alternative MCP configuration explicitly sourcing their Node.js environment.
Verified SafeView Analysis
The core server primarily acts as a proxy to the Liara API over stdio, limiting direct external network attack surface from tool calls. API tokens are expected to be provided via environment variables, which is good practice. The `bin/setup.js` script uses `execSync` for initial setup commands (e.g., `npm install -g`) which carries inherent risks, but this is for setup, not runtime execution. The `unwrapApiResponse` function uses broad `any` types for parsing, which could be less robust to unexpected API response formats but doesn't present an immediate execution vulnerability. There are no obvious hardcoded secrets in the runtime code. The `execCommand` service function, designed for running commands in app containers, explicitly delegates to external tools (like `liara app shell`) rather than executing arbitrary commands on the MCP server itself.
Updated: 2025-12-28GitHub
23
2
Low Cost
harehare icon

mq-mcp

by harehare

Sec7

Acts as a Model Context Protocol (MCP) server for AI assistants, enabling them to query and process Markdown and HTML content using the mq query language.

Setup Requirements

  • ⚠️Requires `curl` and `bash` for the official installation script to run.
  • ⚠️The installation script modifies the user's shell profile (`.bashrc`, `.zshrc`, etc.) to add the `mq-mcp` binary to the system's PATH.
  • ⚠️Manual JSON configuration is required for integration with specific AI assistants (e.g., Claude Desktop, VS Code with MCP Extension).
Verified SafeView Analysis
The server's core functionality involves evaluating user-provided `mq` query strings against HTML or Markdown content (`engine.eval(&query, ...)`). While `mq-lang` is a specialized query language (similar to `jq` for JSON) and is likely designed with sandboxing in mind, any `eval`-like mechanism on user-supplied input introduces a potential attack surface. A vulnerability within the `mq-lang` engine could theoretically be exploited through this interface. No other direct security risks like hardcoded secrets or arbitrary shell command injection outside of the `mq-lang` context are evident. The installation script utilizes checksums for binary verification, which is a good security practice.
Updated: 2026-01-03GitHub
23
26
Medium Cost
commerce-operations-foundation icon

mcp-reference-server

by commerce-operations-foundation

Sec6

Standardize and manage fulfillment operations for AI agents by providing a universal interface to various fulfillment systems.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires careful configuration of the `ADAPTER_TYPE`, `ADAPTER_PACKAGE` or `ADAPTER_PATH`, and `ADAPTER_CONFIG` environment variables to connect to a specific fulfillment backend.
  • ⚠️A separate fulfillment system or API is required for real-world operations beyond the built-in mock adapter.
Verified SafeView Analysis
The server's core extensibility mechanism, the `AdapterFactory`, allows dynamic loading of adapters from NPM packages or local files, executing them with full system permissions. This is explicitly highlighted in the codebase as a security warning. Deployers must ensure that only trusted adapter packages/files are configured, especially in production, to prevent arbitrary code execution vulnerabilities. The server does implement configuration validation, log sanitization, and security policy application for production environments (e.g., forcing sanitization and disabling debug logs), which are good practices. However, the inherent risk of dynamic code loading from potentially untrusted sources remains a critical concern if not properly managed by the deployment environment.
Updated: 2025-12-16GitHub
23
3
High Cost
cyberlife-coder icon

agile-planner-mcp-server

by cyberlife-coder

Sec8

Generates agile project artifacts (epics, features, user stories) using AI, compatible with various LLMs and IDEs like Windsurf, Claude, and Cursor.

Setup Requirements

  • ⚠️Requires OPENAI_API_KEY or GROQ_API_KEY, which are typically for paid services.
  • ⚠️Requires Node.js v14.0.0 or higher.
  • ⚠️For MCP mode, the MCP_EXECUTION environment variable or --mcp flag is crucial to prevent unintended behavior on Windows (e.g., opening Notepad).
Verified SafeView Analysis
The server sanitizes user-provided input for file and directory names using `createSlug` and `sanitizeFileName` before file system operations, mitigating path traversal and injection risks. API keys are loaded from environment variables (e.g., OPENAI_API_KEY, GROQ_API_KEY) and not hardcoded. Network calls are exclusively to trusted LLM APIs. Stdin/stdout communication in MCP mode includes JSON parsing with error handling. Overall, good practices are in place for input/output handling and API key management.
Updated: 2026-01-02GitHub
22
32
High Cost
ramkansal icon

pentestMCP

by ramkansal

Sec2

This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.

Setup Requirements

  • ⚠️Docker Desktop or Engine required.
  • ⚠️OWASP ZAP instance must be running and accessible from inside the Docker container (default http://localhost:8888).
  • ⚠️Python 3.13 or higher is specified for local development (though the Docker image handles its own Python version).
  • ⚠️SecLists repository needs to be cloned locally for wordlist-based tools to function correctly.
Review RequiredView Analysis
This project is an MCP server for penetration testing tools, which inherently carry significant security risks if misused. It uses 'subprocess' to execute external offensive security binaries (Nmap, Nuclei, SQLMap, NetExec, Impacket tools, Certipy, Responder, mitm6, etc.) which can be highly disruptive or illegal if run without explicit authorization against target systems. A hardcoded ZAP API key ('ZAP_API_KEY="v6r0iikqecitmhhj2kistk1iui"') is present in 'start_services.sh', which is a critical security vulnerability as it could allow unauthorized control over the ZAP instance if the container's network is compromised or the key is leaked. Many Active Directory tools are explicitly warned as 'EXTREMELY DISRUPTIVE'.
Updated: 2025-12-16GitHub
22
2
Medium Cost
doublegate icon

CyberChef-MCP

by doublegate

Sec9

Provides a Model Context Protocol (MCP) server for CyberChef operations, enabling AI assistants and other MCP clients to programmatically utilize its extensive data manipulation capabilities for cybersecurity tasks like encryption, encoding, compression, and forensic analysis.

Setup Requirements

  • ⚠️Docker must be installed and running.
  • ⚠️For local Node.js development, `npx grunt configTests` is required to generate operation configurations.
  • ⚠️The `-i` (interactive) flag is critical when running the Docker container in client mode (e.g., `docker run -i --rm cyberchef-mcp`).
  • ⚠️Building from source may require setting `NODE_OPTIONS=--max_old_space_size=2048` to increase Node.js heap size.
Verified SafeView Analysis
The project demonstrates a very strong focus on security. It uses a Chainguard distroless Docker image (zero-CVE baseline, non-root execution, read-only filesystem, SLSA Build Level 3 provenance) for a reduced attack surface. All inputs are validated against `zod` schemas. Recent updates fixed critical vulnerabilities including cryptographic randomness weaknesses (`Math.random()` replaced with `crypto.randomBytes()`), multiple Regular Expression Denial of Service (ReDoS) vulnerabilities (addressed by a `SafeRegex.mjs` module with pattern length limits and timeout-based validation), and arbitrary code execution via `eval()` (replaced with safe DOM script creation, although this specific fix was for the upstream web UI, which is removed in this MCP fork). The server communicates via standard input/output (stdio), which means it does not open network ports itself, reducing external attack surface. Resource limits for input size and operation timeouts are configurable. The upstream CyberChef explicitly states, 'Cryptographic operations in CyberChef should not be relied upon to provide security in any situation,' which implies that while the *implementation* might be correct, the *algorithms* themselves (e.g., ROT13, RC4, older hash functions) are not suitable for modern security; this is a general cryptographic caution rather than an implementation flaw in this project.
Updated: 2026-01-01GitHub
22
2
Low Cost
MetaMask icon

mcp-x402

by MetaMask

Sec7

Generates X402 payment headers and looks up associated wallet addresses for internet-native payments using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js version 22 or higher.
  • ⚠️An Ethereum private key (for signing) is required; it can be provided via the `PRIVATE_KEY` environment variable, or a new one will be generated and stored locally in `wallet.json` if not provided.
  • ⚠️A `wallet.json` file containing a private key may be created in the current working directory if `PRIVATE_KEY` environment variable is not set. This file must be secured appropriately.
Verified SafeView Analysis
The server prioritizes using a private key from `process.env.PRIVATE_KEY`. However, if this environment variable is not set, it will lazily generate a new Ethereum private key and store it in a `wallet.json` file in the current working directory. Storing private keys on disk is a significant security risk, especially in non-ephemeral or poorly secured environments, as it could lead to compromise of the signing wallet. The project acknowledges this as an 'Experimental ⚠️' feature and plans 'Configurable key management and signing' in its roadmap. No 'eval' or obvious malicious patterns were found.
Updated: 2026-01-01GitHub
22
2
Low Cost
javaos74 icon
Sec3

UiPath Model Context Protocol (MCP) Server with a Web UI for managing multiple MCP endpoints and integrating with UiPath processes for automation.

Setup Requirements

  • ⚠️Critical Security Configuration: The default `SECRET_KEY` environment variable must be changed, and the initial `admin`/`admin` user password must be updated immediately after setup to prevent unauthorized access and token forgery.
  • ⚠️Python/Node.js Pre-requisites: Requires Python 3.11+ and Node.js 18+ for development.
  • ⚠️`uv` Package Manager: The project strongly recommends and uses `uv` for Python dependency management, which might be new to some users.
  • ⚠️UiPath Orchestrator Dependency: Requires a running UiPath Orchestrator instance with appropriate API access (Personal Access Token or OAuth 2.0 client credentials) configured via the Web UI.
  • ⚠️Frontend Build Step: The React frontend must be built (`./build.sh`) before creating Docker images or deploying to production, which is a separate step from the backend.
Review RequiredView Analysis
CRITICAL VULNERABILITIES: 1. SSL Verification Disabled: The system defaults to `verify=False` for HTTPX requests when connecting to non-UiPath Cloud URLs, which is a critical vulnerability for Man-in-the-Middle (MITM) attacks. While this might be a workaround for self-signed certificates in on-premise environments, it should be configurable and ideally use a trusted certificate store. 2. Weak Default Secrets: A hardcoded default `SECRET_KEY` is used for JWT token signing if not overridden by an environment variable, making JWT tokens easily forgeable. Similarly, a default `admin`/`admin` user is created on first startup, exposing the system to immediate compromise if left unchanged. Other concerns include: non-expiring API tokens and support for passing tokens in URL query parameters, which is less secure.
Updated: 2026-01-01GitHub
22
1
Medium Cost
Komorebi-yaodong icon

edge-tts-mcp-server

by Komorebi-yaodong

Sec4

Provides a Model Context Protocol (MCP) server for integrating high-quality Microsoft Edge TTS capabilities with AI agents, allowing them to generate and merge natural-sounding speech, then upload it to a cloud storage service.

Setup Requirements

  • ⚠️Relies on a reverse-engineered and undocumented Microsoft Edge TTS API, which is subject to breakage or changes without notice.
  • ⚠️Contains a hardcoded Microsoft Translator API secret key within the source code, posing a security risk.
  • ⚠️Requires a Node.js runtime environment to execute (typically via `pnpm` and `dist/index.js`).
Review RequiredView Analysis
The server includes a hardcoded secret key (`oik6PdDdMnOXemTbwvMn9de/h9lFnfBaCWbGMMZqqoSaQaqUOqjVGm5NqsmjcBI1x+sS9ugjB55HEJWRiFXYFw==`) within the `EdgeTTSClient` for signing requests to Microsoft's Translator API endpoint (`dev.microsofttranslator.com`). This is a critical security vulnerability, as it exposes an authentication credential in plain text within the source code. While input sanitization (`escapeXml`, `preprocessText`) is present for speech content, the hardcoded secret makes the server unsafe for production environments or any scenario where this key should be protected.
Updated: 2026-01-04GitHub
PreviousPage 244 of 713Next