Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

18
12
High Cost
Ray0907 icon

arXiv-mcp

by Ray0907

Sec9

Provides a Model Context Protocol (MCP) server for searching and retrieving arXiv academic papers for LLMs.

Setup Requirements

  • ⚠️Python 3.10+ required for execution.
Verified SafeView Analysis
The server uses `httpx` for network requests to trusted `arxiv.org` and `r.jina.ai` URLs, and `urllib.parse.quote_plus` for query encoding, mitigating common injection risks. `BeautifulSoup` is used for HTML parsing. No `eval`, `exec`, or direct shell commands beyond the MCP framework are evident. No hardcoded secrets were found. The primary external risk comes from reliance on Jina Reader's service behavior.
Updated: 2025-12-18GitHub
18
2
Medium Cost
bmya icon
Sec9

The Odoo MCP Server provides tools to interact with Odoo 19's External JSON-2 API, enabling AI clients to perform CRUD operations and queries on Odoo databases with multi-company support.

Setup Requirements

  • ⚠️Requires a valid Odoo API Key, generated manually within the Odoo instance, with appropriate permissions.
  • ⚠️Requires multi-company configurations to be defined in an INI-style '.env' file, specifying Odoo URL, database, and API key per company.
  • ⚠️External API access requires an Odoo Custom pricing plan; it is not available on One App Free or Standard plans.
  • ⚠️For local Odoo instances when running in Docker, 'host.docker.internal' must be used in ODOO_URL instead of 'localhost'.
Verified SafeView Analysis
The server demonstrates good security practices including a multi-stage Docker build, running as a non-root user (UID 1000), and proper handling of sensitive API keys via an external .env file (mounted read-only). It uses robust error handling, connection pooling, and configurable timeouts/retries. No 'eval' or other direct code execution vulnerabilities are apparent in the provided source. The primary security consideration is the secure management of the Odoo API Key by the user outside the application code.
Updated: 2025-12-27GitHub
18
7
Low Cost
Teycir icon

Mcpwn

by Teycir

Sec9

Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Potential port conflicts (8888 for SSRF listener, 5353 for DNS listener).
  • ⚠️Requires a running or runnable Model Context Protocol (MCP) server as a target.
Verified SafeView Analysis
The tool is designed to generate and send malicious payloads to a target MCP server, which is its intended function. It uses `subprocess.Popen` to run the user-specified target server command, which is a standard approach for such tools. The `eval` pattern is found within a static payload for a deserialization test, and not used on uncontrolled input within the scanner's core logic. The tool's own code does not exhibit direct RCE, hardcoded secrets, or unintended network risks (it sets up listeners for OOB/SSRF detection as part of its testing functionality). It aims for 'Zero dependencies - pure Python stdlib', though older changelogs mention optional LLM-guided payload generation via an API key, which is not actively shown in the provided `payloads.py` or `MCPPentester.get_payloads` functions.
Updated: 2025-12-15GitHub
18
1
Low Cost
viraj-sh icon

uniclare-client

by viraj-sh

Sec4

Provides an unofficial client for Uniclare/Student Uni Portal to reveal hidden academic marks and integrates an MCP server for LLM-driven analysis.

Setup Requirements

  • ⚠️Requires a valid PHPSESSID obtained through login to interact with the unofficial Uniclare API, which is persisted locally in a .env file.
  • ⚠️Uses Python (requires 'pip install -r requirements/base.txt' for local execution from source) or Docker for containerized deployment.
  • ⚠️The frontend actively checks API health before enabling login, meaning the server must be fully operational for UI interaction.
Review RequiredView Analysis
The server stores the PHPSESSID (session ID) in a local '.env' file, which poses a local data security risk if the machine is compromised. Crucially, the FastAPI application is configured with 'allow_origins=['*']' for CORS, making it vulnerable to cross-site request forgery (CSRF) and other web-based attacks if deployed publicly without proper domain restrictions. Additionally, sensitive student data (profile, results) is cached unencrypted in a local SQLite database by 'requests_cache', increasing local data exposure risk. While the project is explicitly for 'personal educational purposes', this CORS setting is a critical security flaw for any public-facing deployment. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2025-12-31GitHub
18
16
High Cost
angrysky56 icon
Sec7

A polymorphic MCP server that guides AI assistants through structured coding workflows using a Neo4j knowledge graph, supporting specialized 'incarnations' for data analysis, knowledge graph management, research orchestration, and adaptive engineering lead protocols.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance.
  • ⚠️Requires setting NEO4J_PASSWORD environment variable (default password 'password' is insecure and should be changed).
  • ⚠️Requires Python libraries: 'pandas', 'openpyxl', 'xlrd' for data processing. 'sentence-transformers', 'numpy' for LV framework.
  • ⚠️Optional but highly recommended: Qdrant vector database, often run via Docker, for full LV framework functionality.
Verified SafeView Analysis
The system relies on a Neo4j database which must be securely configured; default 'password' is used in development scripts and should be changed in production. File processing scripts handle various formats (Excel, JSON, CSV) which carry inherent risks, but the implementation uses standard libraries and internal subprocess calls, which mitigates external command injection risks. Parameterized queries are used for Neo4j operations.
Updated: 2025-12-17GitHub
18
6
Low Cost
freevisionsk icon

autoform-mcp

by freevisionsk

Sec9

Serves as a Model Context Protocol (MCP) server for the Slovensko.Digital Autoform API, enabling search of Slovak corporate bodies (companies, organizations) by name or registration number (IČO/CIN).

Setup Requirements

  • ⚠️Requires paid access to the Slovensko.Digital Autoform API to obtain an API token.
  • ⚠️Requires `AUTOFORM_PRIVATE_ACCESS_TOKEN` to be set as an environment variable or passed via `Authorization: Bearer <token>` / `x-autoform-private-access-token` HTTP headers.
  • ⚠️Requires Python 3.12+.
Verified SafeView Analysis
The server securely handles API tokens by expecting them via HTTP headers or environment variables and explicitly states that tokens are never stored. It sanitizes URLs to prevent token leakage in logs or error messages. Communication with the external Autoform API is expected to be encrypted via HTTPS. The code includes a monkey-patch to `FunctionTool.run` to strip extra, non-signature arguments (common in LLM contexts), which is a specific code modification but not inherently malicious, as it calls the original function with sanitized inputs.
Updated: 2025-12-16GitHub
18
6
High Cost
MarioDeFelipe icon

sap-datasphere-mcp

by MarioDeFelipe

Sec9

AI-powered data exploration, integration, and management for SAP Datasphere environments, enabling natural language interaction for data discovery, metadata exploration, analytics, ETL, and database user management.

Setup Requirements

  • ⚠️Requires Python 3.10+ to be installed.
  • ⚠️Requires an SAP Datasphere tenant with an OAuth 2.0 application (Technical User) configured with specific API scopes (e.g., DATASPHERE_DATA_READ, DATASPHERE_CATALOG_READ).
  • ⚠️Requires environment variables (DATASPHERE_BASE_URL, DATASPHERE_CLIENT_ID, DATASPHERE_CLIENT_SECRET, DATASPHERE_TOKEN_URL) to be configured in a .env file. Never commit this file to version control.
  • ⚠️Some tools, particularly for database user management, require the SAP Datasphere CLI to be installed and authenticated locally.
Verified SafeView Analysis
The server implements robust security measures including OAuth 2.0 with automatic token refresh and encrypted storage for credentials. It has explicit input validation, SQL sanitization to prevent injection, and sensitive data redaction. Consent management is in place for high-risk operations. Credentials are loaded from environment variables (.env file) and not hardcoded. The use of 'subprocess.run' for SAP CLI commands is a controlled interaction and is mitigated by input validation and consent mechanisms.
Updated: 2025-12-22GitHub
18
3
Medium Cost
ssdeanx icon

ssd-ai

by ssdeanx

Sec6

An AI development assistant that uses natural language to help developers with a wide range of coding, planning, debugging, and project management tasks across TypeScript, JavaScript, and Python projects.

Setup Requirements

  • ⚠️Python 3.x must be installed and discoverable in the system PATH for Python code analysis tools to function.
  • ⚠️A Chrome, Chromium, Edge, or Brave browser must be installed and discoverable (or `CHROME_PATH` environment variable set) for browser automation tools (`monitor_console_logs`, `inspect_network_requests`) to operate.
  • ⚠️Requires Node.js 18.0 or higher and TypeScript 5.0 or higher.
Verified SafeView Analysis
The server uses `puppeteer-core` to launch a headless browser with `--no-sandbox` flags, which significantly reduces security when navigating to untrusted external URLs. While intended for debugging, if an attacker can control the `url` parameter in `monitor_console_logs` or `inspect_network_requests` tools, it could potentially expose the server to browser-based vulnerabilities or information leakage from untrusted web content. All other components (Python script execution via stdin, SQLite with prepared statements, and HTTP transport with configurable CORS) appear to follow good security practices. Access control is not required by default for discovery endpoints.
Updated: 2025-12-25GitHub
18
16
Low Cost
delphi-blocks icon

MCPConnect

by delphi-blocks

Sec5

To build Model Context Protocol (MCP) Servers in Delphi for connecting Large Language Models (LLMs) to external tools and data.

Setup Requirements

  • ⚠️Requires Delphi 10 or newer for compilation and development.
  • ⚠️Requires manual installation and setup of the separate 'Neon' serialization library by cloning its repository.
  • ⚠️Building a server involves creating a Delphi WebBroker application and configuring components programmatically.
  • ⚠️For Claude Desktop, an intermediate tool (`mcp-remote` via `npx`) is required as it doesn't support HTTP transport natively.
Review RequiredView Analysis
The provided source code is primarily a README and project metadata. It lacks the actual Delphi implementation files, preventing a comprehensive security audit of the server's core logic. The README mentions 'API-Key authentication for http transport (more to be implemented),' suggesting an evolving security model. Without the full source code, it's impossible to check for common vulnerabilities like insecure deserialization (beyond the use of Neon, whose security needs separate review), hardcoded secrets in the application logic, or other malicious patterns. Therefore, a definitive security assessment cannot be made.
Updated: 2025-12-15GitHub
17
5
Medium Cost
kljensen icon
Sec9

Enables AI assistants to engage in dynamic, structured, and revisable problem-solving through sequential thoughts.

Setup Requirements

  • ⚠️Requires an MCP-compatible AI assistant (e.g., Claude, OpenAI, GitHub Copilot) to function as intended.
  • ⚠️Requires configuration in a `.mcp.json` file, specifying the server's executable path.
  • ⚠️Building from source requires the Rust toolchain (Rustup, Cargo).
Verified SafeView Analysis
The server is implemented in Rust, communicating via standard I/O (stdio), which inherently reduces many common security vulnerabilities. No dynamic code execution ('eval' equivalents), network listeners, or hardcoded secrets were identified within the provided source. The internal state management is isolated to the server process, minimizing external attack surface.
Updated: 2025-12-22GitHub
17
1
Medium Cost
jdutton icon
Sec9

Production-ready MCP (Model Context Protocol) server with dual-mode operation (STDIO & HTTP), multi-LLM integration, and OAuth authentication, designed for horizontal scalability and comprehensive observability.

Setup Requirements

  • ⚠️Mandatory `TOKEN_ENCRYPTION_KEY` is required for secure token storage and must be manually generated if not using a secure secrets manager.
  • ⚠️LLM-powered tools require API keys (e.g., `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, `GOOGLE_API_KEY`) from respective providers, which are typically paid services. The server gracefully degrades if not configured.
  • ⚠️Full OAuth authentication (Google, GitHub, Microsoft) requires external app registration, client IDs, secrets, and specific redirect URI configurations in their respective developer consoles.
  • ⚠️For secure production deployments, especially on Vercel, the `ALLOWED_USERS` environment variable must be explicitly configured with a comma-separated list of authorized email addresses.
  • ⚠️Requires Node.js version 22 or higher, which might necessitate environment upgrades.
Verified SafeView Analysis
The project demonstrates a strong focus on security, including: enforcing spec-driven development for API changes, mandatory pre-commit validation with security checks, explicit detection of unprotected admin endpoints, prevention of sensitive data storage in files for production (enforces Redis/DB), scanning for secrets in logs, OAuth with dynamic client registration (DCR) including rate limiting and secret expiration, PKCE support, and AES-256-GCM encryption for token storage. `helmet` and `cors` are used in the HTTP server. Strict PII logging policies are outlined. Proper configuration of `TOKEN_ENCRYPTION_KEY` and `ALLOWED_USERS` is critical.
Updated: 2025-12-30GitHub
17
3
High Cost
ironystock icon

agentic-obs

by ironystock

Sec7

Enables AI assistants to programmatically control OBS Studio for automated scene switching, recording, streaming, and visual monitoring.

Setup Requirements

  • ⚠️Requires Go 1.25.5+ installed and configured in PATH.
  • ⚠️Requires OBS Studio 28+ with its built-in WebSocket server enabled (Tools -> WebSocket Server Settings) and configured for the correct port (default 4455) and an optional password.
  • ⚠️The first run will involve an interactive setup process in the terminal to configure OBS connection details and enable/disable various tool groups. This can be bypassed using environment variables for headless environments.
Verified SafeView Analysis
The OBS WebSocket password is stored unencrypted in the local SQLite database. While this is a known and documented trade-off for local, single-user deployments, it poses a risk if the database file is accessed by unauthorized users on a shared machine. The HTTP server defaults to binding on 'localhost' and explicitly validates allowed hosts ('localhost', '127.0.0.1', '0.0.0.0') to prevent external exposure. Path traversal attempts are actively prevented for screenshot requests, and HTTP POST body sizes are limited.
Updated: 2025-12-22GitHub
PreviousPage 250 of 713Next