Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

14
1
High Cost
nickweedon icon
Sec9

Provides a secure and efficient library for binary blob storage and management within MCP server environments, particularly designed for shared Docker volumes.

Setup Requirements

  • ⚠️Requires 'libmagic' system library for MIME type detection (e.g., 'sudo apt-get install libmagic1' on Ubuntu).
  • ⚠️Designed for shared Docker volumes; direct filesystem access between containers requires careful volume configuration (e.g., host-bound volumes).
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The library demonstrates a high commitment to security. It includes explicit path traversal prevention (`validate_path_safety`), input sanitization for filenames (`sanitize_filename`), strict MIME type validation, and configurable size limits. Blob IDs are generated with strong randomness and validated against a strict regex pattern. No obvious use of dangerous patterns like 'eval' or insecure direct execution of user input was found. The primary external dependency, 'python-magic', is standard for MIME detection; its security relies on keeping system libraries up to date.
Updated: 2025-12-24GitHub
14
1
Medium Cost
shaharwiener icon

mcp-sql-server

by shaharwiener

Sec7

A secure Model Context Protocol (MCP) server for Microsoft SQL Server, providing safe, read-only database access with comprehensive protection layers, SQL script review, schema discovery, and execution plan analysis.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for local setup.
  • ⚠️Requires Microsoft SQL Server (e.g., via Docker container).
  • ⚠️Requires Python 3.11+.
  • ⚠️ODBC Driver 18 for SQL Server is needed for database connectivity (managed within the Docker image).
  • ⚠️The default Docker setup includes a hardcoded SA password for the SQL Server ('McpSql2025!Secure').
Review RequiredView Analysis
The server implements robust multi-layer security, including AST validation to enforce read-only queries (blocking INSERT, UPDATE, DELETE, DDL, and multi-statement batches), query cost checking, concurrency throttling, result set size limits, and configurable SQL Server query hints (MAXDOP, MAX_GRANT_PERCENT, NOLOCK, query timeout). It also blocks linked servers. However, the provided `docker-compose.yml` file hardcodes the `sa` password ('McpSql2025!Secure') for the SQL Server, which is a critical security vulnerability for production deployments. Although intended for development/testing, this poses a risk if not properly managed for other environments.
Updated: 2025-12-26GitHub
14
6
High Cost
olostep icon
Sec9

Provides an interface for AI agents and LLMs to perform web scraping, content extraction in various formats (HTML, Markdown, JSON, Plain Text), autonomous site crawling, URL discovery, and AI-powered web searches and answers.

Setup Requirements

  • ⚠️Requires OLOSTEP_API_KEY environment variable to be set, which is obtained by signing up on olostep.com/auth. Usage may incur costs depending on the Olostep API pricing model.
  • ⚠️Requires Node.js version 18.0.0 or higher to run the server.
Verified SafeView Analysis
The server functions primarily as a proxy to the external Olostep API. It robustly handles API key authentication via environment variables (OLOSTEP_API_KEY, ORBIT_KEY) passed in Authorization headers. Input parameters are validated using Zod schemas, mitigating common injection risks. All external API calls are wrapped in try-catch blocks for error handling. No 'eval', direct arbitrary filesystem access, or other obvious code execution vulnerabilities were identified within the provided source code. Its design using StdioServerTransport suggests an intention for sandboxed execution environments.
Updated: 2025-12-16GitHub
14
6
Low Cost
alexrwilliam icon

playwright-mcp-server

by alexrwilliam

Sec7

Provides a robust, token-aware Playwright browser automation server for Large Language Models (LLMs) and coding agents to interact with web content, supporting advanced features like anti-detection and multi-page management.

Setup Requirements

  • ⚠️Playwright browsers (Chromium, Firefox, WebKit) must be installed separately using `playwright install`.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Using `--channel chrome` for real Google Chrome requires the browser to be installed on the system and configured correctly.
Verified SafeView Analysis
The server itself does not contain obvious malicious patterns or hardcoded secrets. It employs `_resolve_artifact_path` to mitigate directory traversal for artifact access. However, its core functionality includes the `evaluate` tool, which executes arbitrary JavaScript within the browser context, and `intercept_route` for network modification. These powerful capabilities, if controlled by a compromised or malicious agent, could be leveraged for browser-side attacks (e.g., data exfiltration, XSS, bypassing security measures). Running the HTTP server on '0.0.0.0' by default also poses a network exposure risk if not properly secured, necessitating external firewalling or network isolation.
Updated: 2025-12-16GitHub
14
1
Low Cost
theHamdiz icon

daisy-days

by theHamdiz

Sec4

Zed extension providing DaisyUI documentation search, design concept references, and HTML layout generation for UI development.

Setup Requirements

  • ⚠️Requires Rust 1.85+ (edition 2024)
  • ⚠️Requires `wasm32-wasip1` target for WASM extension, though server build primarily needs base Rust toolchain.
Review RequiredView Analysis
Several functions within the MCP server directly embed user-provided string arguments into HTML or JavaScript contexts without proper sanitization or input validation. This introduces Cross-Site Scripting (XSS) and HTML/JavaScript injection vulnerabilities if the server receives maliciously crafted JSON-RPC requests. Specifically: - `create_chart`: The `id` and `chart_type` parameters are directly inserted into HTML attributes and JavaScript code, respectively, without escaping. - `create_complex_table`: Column names are directly embedded into `<th>` tags, allowing HTML injection. - `generate_theme`: Theme parameters like `name`, `primary`, `base` are directly formatted into CSS-like strings, vulnerable to CSS injection if interpreted in a style block. - `scaffold_form`: The form `title` and field `name`s are vulnerable to HTML injection. - `get_script`: The `component` parameter is directly inserted into a JavaScript string, vulnerable to JS injection. While the `LayoutEngine::sanitize_text` function is used for layout titles, this sanitization is not consistently applied across all output-generating tools. The server operates via local standard I/O, which limits direct network-based attack surfaces, but injection risks remain if the client (e.g., Zed editor or an LLM making tool calls) passes untrusted input.
Updated: 2025-12-26GitHub
14
4
Low Cost
itsocialist icon

mcp-config-manager

by itsocialist

Sec8

Visual configuration and management for Model Context Protocol (MCP) servers across multiple AI development clients.

Setup Requirements

  • ⚠️Primarily designed for macOS. Compatibility on other platforms is not guaranteed or officially supported.
  • ⚠️Requires manual 'Right-click -> Open' on first launch on macOS, as the application is not yet notarized.
  • ⚠️Managed MCP servers may require specific external runtimes (e.g., Python, Node.js, Docker, Java) to be pre-installed and available in the user's system PATH.
Verified SafeView Analysis
The application is an Electron desktop app, which fundamentally manages and launches external Model Context Protocol (MCP) servers configured by the user. This design inherently involves executing external commands specified in configuration files. The project demonstrates strong security awareness through: 1. **Command Validation:** The `ValidationEngine` explicitly checks for potentially dangerous arguments (e.g., `sudo`, `rm`, `eval`, arbitrary shell commands) in user-defined MCP server configurations. It also validates command existence and executability. 2. **Path Resolution:** The `MCPClient` attempts to resolve full paths for commands using system utilities (`which`) and common directories to prevent unintended command execution. 3. **Environment Variable Sanitization:** The `ValidationEngine` checks for sensitive data (API keys, tokens, passwords) in environment variables specified for MCP servers and warns the user. 4. **OAuth Loop Prevention:** The `MCPClient` includes logic to detect and mitigate potential OAuth/authentication loops in spawned server processes by monitoring stderr and imposing cooldowns/limits. 5. **No Hardcoded Secrets (Runtime):** No hardcoded API keys or sensitive credentials are found within the application's runtime logic. Build scripts correctly use environment variables for macOS notarization. 6. **No `eval` of User Input:** There is no direct use of `eval` or similar dynamic code execution functions with untrusted user input within the application's core logic. However, any application that launches external, user-specified executables carries an inherent risk. While significant efforts are made to validate and sanitize input, a highly sophisticated and tailored malicious configuration could potentially exploit subtle vulnerabilities in the command execution context. Overall, for its intended purpose, the application appears safe to run given its robust defensive mechanisms.
Updated: 2025-12-17GitHub
14
1
Low Cost
fr0ster icon
Sec8

Provides an ABAP connection layer for SAP systems (on-premise and BTP) to interact via ADT protocol, handling authentication, session management, and HTTP requests.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires access to an SAP ABAP system (on-premise or BTP) and valid credentials (username/password for Basic Auth, or a service key JSON file for JWT/OAuth2).
  • ⚠️Disabling TLS certificate validation via NODE_TLS_REJECT_UNAUTHORIZED=0 is intended only for development with self-signed certificates and should never be used in production due to severe security implications.
Verified SafeView Analysis
The package employs standard practices for basic and JWT authentication, including base64 encoding credentials. It leverages Axios for HTTP requests, securely managing session cookies and CSRF tokens. The included CLI tool initiates a temporary local HTTP server for OAuth callbacks, a standard procedure for such tools. A configurable environment variable (NODE_TLS_REJECT_UNAUTHORIZED or TLS_REJECT_UNAUTHORIZED) permits disabling TLS certificate validation, which, while beneficial for development with self-signed certificates, is explicitly warned against for production use due to inherent security risks. No 'eval', code obfuscation, or malicious patterns were identified.
Updated: 2025-12-25GitHub
14
3
Medium Cost
scalvert icon
Sec9

A Playwright-based testing framework for evaluating and testing Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires an external MCP server to be running and accessible (via stdio or http transport).
  • ⚠️LLM API keys (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY), typically from paid accounts, are required for LLM host simulation or LLM judge features.
  • ⚠️Requires Node.js and Playwright setup for test execution.
Verified SafeView Analysis
The project functions as an MCP client and testing framework. It adheres to good security practices by retrieving API keys from environment variables and storing OAuth tokens securely on the filesystem with restrictive permissions (0o600 for files, 0o700 for directories). Network requests are primarily for discovering and interacting with the target MCP server and OAuth providers, which is inherent to its function. `JSON.parse` is used appropriately for protocol communication and internal data. No obvious malicious patterns or obfuscation were found.
Updated: 2025-12-18GitHub
14
3
Medium Cost
scalvert icon

server-tester

by scalvert

Sec9

A Playwright-based testing framework for Model Context Protocol (MCP) servers, enabling validation of server behavior, tool functionality, protocol conformance, and LLM-driven evaluations.

Setup Requirements

  • ⚠️Requires LLM API keys (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY) for LLM-driven evaluation and judge features, incurring paid usage costs.
  • ⚠️Requires Node.js and npm/npx for installation and execution.
  • ⚠️Requires Playwright for running tests and generating reports.
  • ⚠️Automated OAuth setup (if used) requires test user credentials (username/password) to be provided via environment variables for browser automation.
Verified SafeView Analysis
The project is a testing framework, not a server itself. It's designed to interact with external MCP servers via stdio (executing local commands) or HTTP. Potential risks are managed responsibly: - **Command Execution (stdio transport)**: The framework executes commands (e.g., `node server.js`, `npx ...`) as configured in `playwright.config.ts`. This is a high-privilege operation, but the commands are explicitly defined by the developer in the configuration, not derived from untrusted user input. - **OAuth Token Storage**: Sensitive OAuth tokens and client information are stored locally (default in user's home directory under `.local/state/mcp-tests` on Linux/macOS, `%LOCALAPPDATA%\mcp-tests` on Windows) with restrictive file permissions (`0o600` for files, `0o700` for directories) to prevent unauthorized access. - **Automated OAuth Login**: The `performOAuthSetup` utility automates browser-based OAuth login, which requires test user credentials (e.g., `TEST_USER`, `TEST_PASSWORD`). This is a powerful feature intended for controlled test environments. - **Dynamic Imports**: Uses dynamic imports for LLM SDKs (`openai`, `anthropic`) and the `open` package, but these are for known, specified dependencies, not arbitrary code execution. - **JSON Parsing**: JSON parsing is used for configuration files, test data, and tool responses, all within expected and controlled contexts. Overall, the project is considered safe to run, provided its configurations (especially command execution for stdio transport) are set up responsibly by the developer.
Updated: 2025-12-18GitHub
14
3
Medium Cost
mschoch icon

ithreemcp

by mschoch

Sec4

Controls the i3 window manager using natural language commands via AI assistants.

Setup Requirements

  • ⚠️Requires the i3 window manager to be running with socket access.
  • ⚠️Requires Go 1.23+ for building from source.
  • ⚠️Designed to be run as a child process by an MCP client (e.g., ollmcp) rather than a standalone daemon.
Verified SafeView Analysis
The `RunCommand` tool allows execution of arbitrary i3 commands, including those that can run external shell commands via i3's `exec` directive. This presents a significant security risk if the MCP client or the orchestrating AI assistant is untrusted, compromised, or not properly constrained, as it could lead to arbitrary code execution on the user's system. There is no server-side validation or sanitization of the commands passed to `RunCommand`. Users should exercise extreme caution and only run this server with trusted MCP clients and AI models in controlled environments.
Updated: 2025-12-18GitHub
14
3
Low Cost
JanGoebel icon
Sec7

Enables Large Language Models (LLMs) to control LabVIEW applications by exposing LabVIEW VIs as tools, prompts, and resources via an HTTP server.

Setup Requirements

  • ⚠️Requires a LabVIEW Development Environment to run the server.
  • ⚠️Requires installation of IG HTTP Server Toolkit and JKI JSONtext VIPM packages.
  • ⚠️Currently, not all LabVIEW datatypes are fully supported, which may limit functionality.
Verified SafeView Analysis
The provided information is limited to the README file; actual LabVIEW source code was not available for a deep security audit. Based on the description, there are no obvious direct malicious patterns like 'eval' or obfuscation mentioned. The server operates over HTTP and defaults to localhost, reducing immediate network exposure, but any open port inherently carries some risk. Reliance on 'IG HTTP Server Toolkit' and 'JKI JSONtext' are dependencies to consider.
Updated: 2025-12-18GitHub
14
3
High Cost
mcp-testing icon

server-tester

by mcp-testing

Sec7

A Playwright-based testing framework for evaluating and testing Model Context Protocol (MCP) servers, including protocol conformance and LLM host simulation.

Setup Requirements

  • ⚠️Requires an existing MCP server (stdio or HTTP) to test.
  • ⚠️Using LLM host simulation or LLM-as-judge (e.g., via `simulateLLMHost`, `createJudge`) requires API keys for paid LLM providers (e.g., OpenAI, Anthropic).
  • ⚠️Node.js and Playwright dependencies must be installed (`npm install`).
Verified SafeView Analysis
The framework allows direct execution of shell commands for `stdio` transport configurations (e.g., `node server.js`). While this is a core feature for launching local servers under test, it represents a critical security risk if the `mcpConfig.command` is sourced from an untrusted input, potentially leading to arbitrary code execution. The HTTP transport connects to configured `serverUrl`, which also requires trust in the configuration source. There are no apparent hardcoded secrets or obfuscation. HTML reports and UI elements sanitize user-provided content (e.g., `JSON.stringify`, `escapeHtml`, `stripAnsiCodes`) to mitigate XSS risks.
Updated: 2025-12-18GitHub
PreviousPage 255 of 713Next