Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

22
2
High Cost
georgiedekker icon

enterprise_mcp_server

by georgiedekker

Sec4

Provides a robust, multi-component Model Context Protocol (MCP) solution with an API Gateway for routing and management, an Enterprise MCP Server for core services like authentication and tool administration, and a Tool Server for operational tool execution, designed for integration with clients like Cursor and Claude Code.

Setup Requirements

  • ⚠️Requires Node.js 20+ and npm for Claude Code CLI integration (or Docker build handles this).
  • ⚠️Requires an active Claude account or API key for Claude Code functionality.
  • ⚠️Critical environment variables (`POSTGRES_PASSWORD`, `JWT_SECRET_KEY`, `ANTHROPIC_API_KEY`, Keycloak credentials) must be securely configured.
  • ⚠️The client credentials for the `/token` endpoint in `src/asgi.py` are hardcoded and must be changed in the source code or securely overridden for production.
Verified SafeView Analysis
CRITICAL: The `src/asgi.py` file contains hardcoded client credentials (`VALID_CLIENTS = {"cursor_client": "cursor_secret"}`) for its `/token` endpoint, posing a severe vulnerability for any client relying on this authentication mechanism. CRITICAL: The `docker-compose.yml` exposes Redis on `0.0.0.0:6378:6379` without authentication, making it susceptible to unauthorized access and data manipulation. The `claude_code` tool, while sandboxed (though bypassable via `SKIP_SANDBOX` env var), permits dynamic execution of `Read`, `Write`, and `Bash` tools, which could lead to remote code execution if the prompt input is compromised. Password hashing uses PBKDF2, which is less resilient than modern algorithms like bcrypt. An `/test-token` endpoint (in `src/api.py`) generates admin-level tokens, which could be dangerous if exposed in production. However, the system benefits from a layered architecture, Keycloak integration for advanced authentication, robust RBAC, parameterized SQL, and comprehensive audit logging, which improve overall security posture.
Updated: 2026-01-01GitHub
22
17
High Cost
stonehill-2345 icon

lite-mcp

by stonehill-2345

Sec2

A comprehensive framework for AI-driven testing and automation, providing various Model Context Protocol (MCP) servers for interacting with Android devices, file systems, databases, mouse/keyboard, and integrating external MCP services.

Setup Requirements

  • ⚠️Requires ADB (Android Debug Bridge) to be installed and in system PATH for Android and Fastbot servers.
  • ⚠️Python dependencies like `uiautomator2`, `Pillow`, `apkutils2`, `pymysql`, and `pyautogui` must be installed.
  • ⚠️External MCP services may require additional tools like `uvx` (for Python-based MCPs) or `Node.js`/`npm`/`npx` (for Node.js-based MCPs like Jina AI toolkit).
  • ⚠️MySQL server requires database host, port, user, password, and database name to be explicitly configured or provided via HTTP headers.
  • ⚠️For Android tools, Developer Options and USB debugging must be enabled on the physical device or emulator.
Review RequiredView Analysis
This server exhibits critical security vulnerabilities. Dynamic code execution (RCE) is present in `src/tools/external/external_mcp_server.py` via `exec` on data derived from external MCP tools, and explicitly in `web/services/system-tools/tools/CodeExecutorTool.js` (JavaScript `new Function()`), making it highly susceptible to malicious code injection if an attacker can control external tool definitions. SQL injection is possible in `src/tools/operate_mysql/opmysql_server.py` as the `operation_mysql` tool directly executes user-provided `sql` without proper sanitization. Shell injection is possible in `src/tools/android_tools/android_server.py` and `src/tools/fastbot_server.py` due to direct execution of `adb` commands constructed with user-provided arguments (e.g., `device_id`, `package_name`). The `_run_adb_command` function uses `subprocess.run` with raw user input in `cmd`. Database credentials are passed via HTTP headers in `opmysql_server.py`, which is insecure if not over HTTPS. The proxy server (`src/core/proxy_server.py`) has potential for Server-Side Request Forgery (SSRF) if `base_url` for target services can be manipulated. Running this server in any environment, especially with network exposure, poses severe risks including full system compromise.
Updated: 2025-12-22GitHub
22
3
Medium Cost
sgaunet icon

postgresql-mcp

by sgaunet

Sec9

Provides PostgreSQL integration tools as a Model Context Protocol (MCP) server for Claude Code.

Setup Requirements

  • ⚠️Requires Go 1.25+ for building from source.
  • ⚠️Requires access to a running PostgreSQL database.
  • ⚠️Database connection details (`POSTGRES_URL` or `DATABASE_URL` environment variable, or via `connect_database` tool) must be configured.
  • ⚠️Requires a `.mcap.json` file at the project root for Claude Code integration.
Verified SafeView Analysis
The server enforces read-only operations for 'execute_query' and 'explain_query' tools (SELECT and WITH statements only), which significantly reduces risk. It uses parameterized queries and explicitly quotes identifiers in SQL queries where needed, mitigating common SQL injection vulnerabilities. Connection parameters are handled via environment variables or explicit tool calls, preventing hardcoded secrets. The server communicates over standard I/O (stdio), limiting direct network exposure to external clients. There is a minor, theoretical risk if the schema or table names themselves could somehow embed injection attempts *after* quoting in specific fallback queries within `ListTablesWithStats` or `GetTableStats`, but given MCP's structured tool invocation, this is highly unlikely to be exploitable without highly unusual input.
Updated: 2026-01-01GitHub
22
1
Low Cost
dwmkerr icon

ark-demo

by dwmkerr

Sec1

Provides a Micro-agent Capabilities Protocol (MCP) server that enables AI agents to execute arbitrary shell commands within a containerized Alpine Linux environment.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster and Helm CLI for deployment as it's provided as a Helm chart (`shell-mcp`).
  • ⚠️Commands are executed within an Alpine Linux container, which implies specific tooling (`apk`) and behaviors might differ from other Linux distributions.
  • ⚠️The `execute-shell-command` tool performs no intrinsic input validation or sanitization, placing the full responsibility for command safety on the calling agent or any upstream orchestration.
Review RequiredView Analysis
The `execute_command` function in `server.py` directly executes the provided `command` string using `bash -c`. This allows for arbitrary shell command injection, posing a critical security risk. An AI agent (or an attacker controlling the agent's input) could be prompted to execute malicious commands within the server's container, potentially leading to data exfiltration, system reconnaissance, or denial-of-service. There is no server-side input validation or sanitization implemented to mitigate this vulnerability.
Updated: 2026-01-04GitHub
22
16
Low Cost
diegorafs icon
Sec8

Enables AI coding agents to control and inspect a live Chrome browser for reliable web automation, in-depth debugging, and performance analysis.

Setup Requirements

  • ⚠️Requires Node.js v20.19+ or v22.12+ (latest maintenance LTS).
  • ⚠️Requires Chrome (current stable version or newer).
  • ⚠️May encounter issues with OS-level sandboxing (e.g., macOS Seatbelt, Linux containers) in some MCP clients, which can prevent Chrome from launching. A workaround is to disable sandboxing or manually connect to a separate Chrome instance.
Verified SafeView Analysis
The server's primary function is to expose browser control (including arbitrary JavaScript execution via `page.evaluate` in the browser context) to an MCP client. While this is the intended and transparent design, it means a compromised or malicious MCP client could leverage this power to perform actions within the controlled browser. The project explicitly outlines these disclaimers, emphasizing responsible usage.
Updated: 2025-12-21GitHub
22
2
Low Cost
totonga icon
Sec9

Serves as a Model Context Protocol (MCP) server to enable AI agents and developers to interact with ASAM ODS (Open Data Services) servers, providing tools for Jaquel query validation, schema inspection, efficient timeseries data access, measurement analysis, and Jupyter notebook generation.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires an accessible ASAM ODS server for full functionality (e.g., schema inspection, query execution, data access).
  • ⚠️Designed to be run by an MCP client (e.g., Claude Desktop, VS Code) for interaction.
Verified SafeView Analysis
The server does not use `eval` or obfuscation. It handles external ASAM ODS server connections, taking sensitive credentials (URL, username, password) as arguments to the `ods_connect` tool. The documentation states these credentials are held only in memory during the connection. SSL certificate verification is supported and enabled by default, which is a good security practice. While test fixtures (e.g., in `conftest.py`) contain hardcoded demo credentials, these are isolated to the test suite and not part of the deployable application logic. The primary network risk lies in the trustworthiness and security of the external ASAM ODS server it connects to.
Updated: 2026-01-02GitHub
22
20
Medium Cost
microcmsio icon

microcms-mcp-server

by microcmsio

Sec8

This MCP server enables AI assistants like Claude to interact with and manage content and media within the microCMS headless CMS.

Setup Requirements

  • ⚠️Requires microCMS Service ID and API Key (paid microCMS account likely needed for full functionality, especially Management API tools).
  • ⚠️Node.js version >= 18.0.0 is required.
  • ⚠️Specific microCMS API permissions are needed for certain tools (e.g., media management, status changes, member management), and some features are plan-dependent (e.g., media upload for Team, Business, Advanced, Enterprise plans).
Verified SafeView Analysis
The server primarily uses environment variables or CLI arguments for sensitive microCMS API keys, which is a secure practice. It explicitly checks for the presence of these credentials at startup. All API interactions are via HTTPS to official microCMS domains. There are no indications of 'eval', code obfuscation, or other common malicious patterns. The media upload functionality includes a 5MB size limit for direct file uploads, and handles base64 data securely. Security is largely dependent on the user's careful handling of their microCMS API key.
Updated: 2025-12-22GitHub
22
6
Medium Cost
heroku icon
Sec1

Provides a Model Context Protocol (MCP) server for executing arbitrary Python code with optional package installations, supporting HTTP, SSE, and STDIO transports.

Setup Requirements

  • ⚠️Requires a Heroku account and Heroku CLI for remote deployment and testing.
  • ⚠️Requires an API_KEY environment variable for authentication, which must be securely managed.
  • ⚠️Remote HTTP/SSE tests (`remote` context) auto-skip if the Heroku web dyno is asleep or scaled to zero, requiring manual scaling up for full testing.
Review RequiredView Analysis
CRITICAL: The server is designed to execute arbitrary Python code and install arbitrary packages provided by a client, without robust sandboxing. The `code_exec_python` tool explicitly states it has access to networking, the filesystem, and the standard library. This functionality inherently allows for Remote Code Execution (RCE) if a malicious client can access the server. The `USE_TEMP_DIR` option only isolates package installations within a temporary virtual environment, not the underlying execution environment from the host system. Deployment in a highly restricted, isolated environment (e.g., a container with minimal privileges) is essential but not enforced by the codebase itself. No hardcoded secrets were found.
Updated: 2025-12-29GitHub
22
1
Medium Cost
kuc-arc-f icon

mcp_client_7ex

by kuc-arc-f

Sec4

An Electron desktop application client for interacting with a remote GoLang MCP server, leveraging Google Gemini for AI capabilities and tool calling.

Setup Requirements

  • ⚠️Requires a Google Generative AI API Key (Paid) for Gemini models.
  • ⚠️Requires a separate GoLang MCP server running at `http://localhost:8080/mcp` (or configured `VITE_MCP_URL`), which is not included in this repository.
  • ⚠️An `Authorization` key (`VITE_API_KEY`) must be correctly configured in the client's `.env` and on the remote GoLang MCP server for successful API communication.
Review RequiredView Analysis
Sensitive API keys (VITE_GOOGLE_GENERATIVE_AI_API_KEY, VITE_API_KEY) are exposed within the client-side Electron application bundle. These keys are read from the .env file and assigned to process.env in the main Electron process, making them vulnerable to extraction through reverse engineering of the packaged application. Additionally, the use of `dangerouslySetInnerHTML` for rendering LLM output introduces a potential Cross-Site Scripting (XSS) vulnerability if the LLM's response or any intermediate tool output contains malicious HTML/JavaScript that bypasses `marked.js` sanitization. The overall system security is highly dependent on the security and integrity of the external GoLang MCP Server, which is not part of this codebase.
Updated: 2026-01-04GitHub
21
5
Low Cost
kenforthewin icon

docker-mcp-server

by kenforthewin

Sec8

A Model Context Protocol (MCP) server for containerized execution and file operations, enabling AI assistants to interact with a Docker environment via HTTP.

Setup Requirements

  • ⚠️Requires Docker to be installed and running on the host machine.
  • ⚠️A bearer token is auto-generated on each container startup; it must be retrieved from container logs and manually configured in the MCP client.
  • ⚠️The server's working directory (`/app/workspace`) inside the container is a volume mount to the host's `./tmp` directory, affecting file persistence and external access.
Verified SafeView Analysis
The server implements bearer token authentication and supports workspace isolation via an 'Execution-Id' header, enhancing security. Tool filtering via `ALLOWED_TOOLS` environment variable is a good practice for reducing the attack surface. Direct shell command execution is inherently powerful and relies on the trustworthiness of the client (AI agent) and the container's isolated environment. The default `Access-Control-Allow-Origin: *` setting for CORS is broad and should be restricted in production environments. The authentication token is auto-generated and logged to stdout, requiring careful handling in production to prevent exposure. The `docker-compose.yml` explicitly comments out a dangerous `/var/run/docker.sock` mount, indicating awareness of container escape risks.
Updated: 2025-12-27GitHub
21
1
Low Cost
jnaskali icon

rpg-mcp

by jnaskali

Sec9

Provides an MCP server with RPG utilities like dice rolling, success checks, and random event generation for Large Language Models.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer
  • ⚠️Requires 'uv' for dependency management and running locally
  • ⚠️Manual MCP client configuration involves replacing a placeholder path '/PATH_TO/rpg-mcp/'
Verified SafeView Analysis
The code does not use 'eval' or other directly exploitable functions. Input validation is present for critical parameters like probabilities and dice expressions. No hardcoded secrets are evident. The use of 're.fullmatch' for dice rolling prevents injection. File operations for corporation names use standard safe practices. The `fastmcp` framework is designed for secure tool execution, but HTTP/SSE transport (if enabled) would require external security measures.
Updated: 2026-01-02GitHub
21
4
Low Cost
conorheffron icon

mcp-charity

by conorheffron

Sec9

A server for querying charity information by name, location, or cause via an HTTP API.

Verified SafeView Analysis
The source code appears safe. It does not use 'eval' or other dynamic code execution functions. No hardcoded secrets or sensitive network configurations are present. Data is loaded from a local JSON file, and queries are performed in-memory safely. The 'stateless_http=True' flag for FastMCP is noted but does not pose a security vulnerability for this particular application, which doesn't rely on session state.
Updated: 2025-12-29GitHub
PreviousPage 245 of 713Next