Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

14
2
Medium Cost
iunera icon

data-philter

by iunera

Sec5

Data Philter provides a local-first conversational interface for enterprise data, translating Natural Language to SQL (NL2SQL) using sovereign AI and the Model Context Protocol (MCP) to query databases like Apache Druid and ClickHouse.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed and running.
  • ⚠️Requires access to an existing Apache Druid or ClickHouse cluster.
  • ⚠️Requires either a local Ollama installation (which the installer can assist with) or an OpenAI API Key for AI model inference.
Verified SafeView Analysis
The `install.sh` script executes `curl | sh` for Ollama installation on Linux, which is a known security risk as it runs an external script directly. Kubernetes example configurations (kustomization.yaml) show hardcoded `DRUID_AUTH_USERNAME` and `DRUID_AUTH_PASSWORD`, although the README warns against this in production. Docker images use `latest` tags, which can lead to unpredictable deployments. The `run.sh` script sources `.env` files, which could pose a risk if the environment files contain malicious commands.
Updated: 2025-12-23GitHub
14
1
Low Cost
rubykv icon

mcp-servers

by rubykv

Sec8

Provides a monorepo for Microservices Communication Protocol (MCP) servers, enabling integration of various development and QA tools like Playwright, Jira, and Xray with the Windsurf platform.

Setup Requirements

  • ⚠️Requires 'mcp' Python package to be installed (`pip install mcp`).
  • ⚠️Playwright server requires 'Playwright' and 'pytest' installed in the environment.
  • ⚠️Jira server requires JIRA_BASE_URL, JIRA_EMAIL, and JIRA_API_TOKEN environment variables.
  • ⚠️Xray server requires XRAY_CLIENT_ID and XRAY_CLIENT_SECRET environment variables.
Verified SafeView Analysis
The server generally follows good security practices. Environment variables are used for sensitive credentials (Jira, Xray API tokens). There are no `eval` or `os.system` calls. The Playwright server uses `subprocess.run` to execute `pytest`, constructing the command as a list (`cmd`), which is safer against shell injection than using a single string with `shell=True`. Input paths (`test_path`, `project_dir`) are checked for existence, adding a layer of validation. Potential indirect risks could arise if a malicious `test_path` points to a compromised `pytest` configuration or a test file designed to exploit vulnerabilities in `pytest` itself, but this is outside the direct control or flaw of this server's code.
Updated: 2025-12-26GitHub
14
1
Medium Cost
titaniummachine1 icon

Lmaobox_Context_Server

by titaniummachine1

Sec3

An MCP (Model Context Protocol) server providing Lmaobox Lua API context, generated type definitions, and Lua project bundling/deployment capabilities for IDE integration.

Setup Requirements

  • ⚠️Requires Node.js for automation scripts (bundling, type generation). `npm install` must be run in the `automations/` directory.
  • ⚠️Requires Lua 5.4+ compiler. The system attempts to auto-install it using `automations/install_lua.py`, which downloads binaries from external sources (introducing supply chain risk and using unverified SSL).
  • ⚠️Requires Python 3.9+ for the core MCP server.
  • ⚠️The `bundle` tool explicitly blocks for up to 10-12 seconds during execution, which can freeze AI models. It recommends using absolute paths for `projectDir` to avoid confusion with the server's CWD.
Review RequiredView Analysis
The server executes external scripts (Node.js, Python installer, Lua compiler) via `subprocess.run` and `subprocess.spawn` based on user-provided paths (`projectDir`, `filePath`, `deployDir`). This poses a significant risk for arbitrary code execution or file system manipulation if inputs are not perfectly sanitized. Critically, the `automations/install_lua.py` script, which auto-installs Lua, uses `ssl._create_unverified_context()` when downloading binaries, making it highly vulnerable to Man-in-the-Middle attacks and supply chain compromise. The lack of robust input validation for paths passed to `subprocess` functions is a major concern. There are no obvious hardcoded secrets or 'eval' usage, but the underlying execution model is inherently risky.
Updated: 2025-12-24GitHub
14
1
Low Cost
yc-w-cn icon
Sec6

The Douyin MCP Server provides tools to parse Douyin video share links, extract watermark-free download URLs, download video files, and retrieve video information, designed for self-use or integration with automation tools.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Ensure the configured `WORK_DIR` (default: `.data`) has write permissions, otherwise the server will exit.
  • ⚠️Requires a Node.js package manager (`pnpm` is recommended for installation, or `npx` for direct execution).
Review RequiredView Analysis
The `DouyinProcessor.parseShareUrl` function directly uses the user-provided `shareText` (after extracting the first URL via a broad regex) in an `axios.get` request. This initial request is not strictly validated against known Douyin domains before execution. This makes the server vulnerable to Server-Side Request Forgery (SSRF), where a malicious `share_link` could compel the server to make requests to arbitrary internal or external hosts. While subsequent logic attempts to construct Douyin-specific URLs, the first network request is a direct SSRF vector.
Updated: 2025-12-25GitHub
14
2
Low Cost
SonarSource icon
Sec8

Integrates SonarQube (Cloud or Server) with the Zed editor, launching a Docker container to provide code quality and security analysis capabilities.

Setup Requirements

  • ⚠️Docker required to be installed and accessible via `docker_path`.
  • ⚠️SonarQube token required for authentication.
  • ⚠️SonarQube organization key (for Cloud) or server URL (for Server) required.
Verified SafeView Analysis
The Rust source code itself appears well-structured and does not contain any obvious malicious patterns, direct 'eval' calls, or hardcoded secrets. It passes sensitive information (SonarQube token, URL, organization) as environment variables to the Docker command, which is a standard practice for secrets management. The primary security consideration outside this codebase is the `mcp/sonarqube` Docker image; its contents and trustworthiness are crucial for overall security, but are not available for review in the provided source code.
Updated: 2025-12-22GitHub
13
2
High Cost
viktor-ferenczi icon

se-mcp-for-plugin-dev

by viktor-ferenczi

Sec4

Provides a code indexing and search server for AI coding agents to assist in Space Engineers game plugin development.

Setup Requirements

  • ⚠️Requires Space Engineers game installed via Steam and `SPACE_ENGINEERS_ROOT` environment variable defined.
  • ⚠️Requires specific versions of .NET 8.0 SDK (Windows x64), ILSpy 8.2.0.7535, and Python 3.12+.
  • ⚠️Requires `ilspycmd`, `python`, `git` executables to be on system PATH.
Verified SafeView Analysis
The server explicitly suggests exposing `127.0.0.1:8000` publicly via a reverse proxy without built-in authentication (noted as TODOs: 'Authentication with a secret URL path', 'Authentication with a Bearer token'). If exposed publicly without proper external authentication and HTTPS, this could grant untrusted agents access to filesystem operations like `search_code_advanced`, `create_temp_directory`, and `clear_settings`, posing a significant security risk. Running locally without public exposure is safer.
Updated: 2025-12-20GitHub
13
1
High Cost
larpig icon

mcp-rag-agent

by larpig

Sec9

This server provides a production-ready RAG agent for question answering on internal company policies, utilizing hybrid search and grounded responses.

Setup Requirements

  • ⚠️Requires MongoDB Atlas account (Paid, for vector search functionality)
  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Python 3.11+ only
Verified SafeView Analysis
The server uses external services (MongoDB Atlas, OpenAI) with API keys loaded from environment variables, which is a good practice. The MCP server, when integrated locally, primarily uses stdio transport, reducing direct network exposure. No explicit 'eval' or other highly dangerous functions were found. Network access is inherently required for the database and LLM API calls.
Updated: 2025-12-23GitHub
13
3
Medium Cost
aoutpost2-rgb icon

getoutpost-mcp-server

by aoutpost2-rgb

Sec9

Integrates real-time Indian options market data and volatility analytics from GetOutpost.in into AI chats, enabling quantitative analysis and trading insights.

Setup Requirements

  • ⚠️Requires a GetOutpost.in account and API tokens (access token, refresh token) obtained by signing up and logging in.
  • ⚠️Requires manual creation and configuration of a local credentials JSON file (`~/.getoutpost_credentials.json`) on your device.
  • ⚠️Requires Node.js version >=24.0.0.
Verified SafeView Analysis
The server design emphasizes local credential storage and secure HTTPS communication with the GetOutpost.in API. Credentials (ACCESS_TOKEN, REFRESH_TOKEN, EMAIL) are stored locally in a user-managed JSON file and are automatically refreshed by the server. No 'eval' or obvious obfuscation techniques were found. The HTTP server (`mcp_server.ts`) uses `cors` with `origin: '*`, which allows cross-origin requests from any domain. While the intended use is likely a local desktop extension, this broad CORS policy could be a minor security concern if the local server instance were exposed publicly without proper network segmentation.
Updated: 2025-12-16GitHub
13
1
Low Cost
trento-project icon

mcp-server

by trento-project

Sec5

The Trento MCP Server enables AI assistants to manage and monitor SAP systems by translating natural language commands into interactions with the Trento Project API.

Setup Requirements

  • ⚠️Requires a running Trento Server (version 3.x or later).
  • ⚠️Requires an MCP-compatible AI assistant (e.g., VS Code with GitHub Copilot, Claude Desktop, SUSE AI).
  • ⚠️Requires a Trento Personal Access Token (PAT) for API authentication, which is typically passed via the 'Authorization' header and internally mapped to a BEARER_TOKEN environment variable by the server.
  • ⚠️The server's HTTP timeouts for headers and writes are set to zero, which can be a security vulnerability (e.g., slowloris attacks).
  • ⚠️Conditional requirement: Either `TRENTO_MCP_TRENTO_URL` or `TRENTO_MCP_OAS_PATH` must be provided.
Review RequiredView Analysis
The server includes an `InsecureSkipTLSVerify` option which, if enabled, can expose sensitive data to man-in-the-middle attacks. While disabled by default, its presence is a configurable risk. More critically, the MCP server's HTTP transports (SSE and Streamable) are configured with `ReadHeaderTimeout: 0` and `WriteTimeout: 0`. A zero `ReadHeaderTimeout` makes the server vulnerable to slowloris attacks by allowing clients to hold connections open indefinitely with partial requests, potentially leading to denial of service. The authentication mechanism for tool execution relies on setting a `BEARER_TOKEN` environment variable globally within the process, protected by a mutex. While the mutex attempts to prevent race conditions, using a process-global environment variable for per-session authentication is inherently fragile and carries risks, such as potential leakage to unintended child processes or subtle timing vulnerabilities in highly concurrent scenarios, especially given it's a workaround for a dependency's design.
Updated: 2025-12-24GitHub
13
2
High Cost
AubinSeptier icon

gradio-mcp-hack

by AubinSeptier

Sec7

The MCP Server provides AI agents with tools to search for job offers and analyze resumes, specifically for job seekers.

Setup Requirements

  • ⚠️Requires `poppler-utils` system dependency.
  • ⚠️Requires `NEBIUS_API_KEY` for VLM/LLM services.
  • ⚠️Job Search Tool (JobSpy) may face rate-limiting or blocking from certain job sites, especially LinkedIn.
  • ⚠️Resume Extractor only supports single-page PDF resumes.
Verified SafeView Analysis
The server uses `os.environ.get` for API keys (e.g., NEBIUS_API_KEY), avoiding hardcoded secrets. It relies on external libraries like `pdf2image` (requiring `poppler-utils`) and `jobspy` for PDF processing and web scraping, respectively. While these introduce dependencies that could have their own vulnerabilities, the server's code itself does not show immediate signs of `eval`, `exec`, or direct shell injection. Network requests are made to external LLM/VLM APIs (Nebius) and job boards (JobSpy), which is inherent to its functionality. The `BlaxelToolWrapper` in the agentic client part can convert local file paths to base64 for remote transmission, which could be a risk if arbitrary server-side paths were allowed as input, but in the context of the Gradio application, `gr.File` typically handles user uploads safely by providing temporary paths to the uploaded content.
Updated: 2025-12-20GitHub
13
2
Medium Cost
mah007 icon

odooMCP

by mah007

Sec6

Acts as a secure intermediary for AI agents (ChatGPT, Google Gemini) to interact with Odoo instances via a JSON-RPC 2.0 compliant API.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for easy deployment.
  • ⚠️Requires a running Odoo instance (versions 10.0 to 18.0).
  • ⚠️By default, SSL certificate verification for the Odoo connection is disabled (ssl.CERT_NONE), which is insecure for production use and should be addressed.
  • ⚠️Requires configuration of `MCP_API_KEY` for secure access to the proxy endpoints.
Review RequiredView Analysis
The server implements API Key authentication to protect access to the MCP server itself. However, it disables SSL certificate verification (`ssl.CERT_NONE`) for connections to the Odoo instance. While noted as 'for development' in the code, this is a critical security vulnerability for production environments as it makes the connection susceptible to Man-in-the-Middle attacks. Additionally, `docker-compose.yml` contains example API keys which should be replaced with strong, unique secrets.
Updated: 2025-12-19GitHub
13
1
Medium Cost
wspotter icon

felix

by wspotter

Sec6

Real-time conversational AI voice assistant with local processing, autonomous tool execution, and PWA support.

Setup Requirements

  • ⚠️Requires local Ollama instance with a model (e.g., `llama3.2`) installed and running.
  • ⚠️Music features require MPD (Music Player Daemon) server to be running (default: `localhost:6600`).
  • ⚠️Image generation requires ComfyUI to be installed and Stable Diffusion models to be downloaded (e.g., `v1-5-pruned.safetensors`).
  • ⚠️Piper TTS may require `espeak-ng 1.52+` (a fix script `fix_piper_espeak.sh` is provided).
  • ⚠️Long-term memory requires `openmemory` Python package and a running instance (local SQLite with Ollama embeddings).
Review RequiredView Analysis
The `calculate` tool uses `eval()` with input sanitization, which is inherently risky and could be a vector for code injection if not perfectly secured. The `ADMIN_TOKEN` in `server/config.py` can be empty or weak, potentially allowing unauthorized administrative access. User and session data is stored in local JSON files, which is suitable for a local-first application but lacks enterprise-grade security features like encryption at rest or robust access control. Tool argument sanitization needs consistent vigilance across all 56+ tools. `subprocess` is used for external binaries (Piper, Whisper.cpp, ComfyUI), which is common but requires careful input validation to prevent command injection.
Updated: 2025-12-23GitHub
PreviousPage 256 of 713Next