Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

13
1
High Cost
luisrodriguesphd icon

mcp-rag-agent

by luisrodriguesphd

Sec9

This system provides Retrieval-Augmented Generation (RAG) capabilities, allowing an AI agent to answer questions based on a corpus of internal policy documents using hybrid search with MongoDB Atlas.

Setup Requirements

  • ⚠️Requires OpenAI API Key for both LLM calls and embedding generation (paid service).
  • ⚠️Requires a MongoDB Atlas cluster with Vector Search support (paid service).
  • ⚠️Critical: The default `EMBEDDING_DIMENSION` in `config.py` is `256`, but the default `EMBEDDING_MODEL_NAME` (`text-embedding-3-small`) expects `1536` dimensions. If `EMBEDDING_DIMENSION` is not explicitly set in the `.env` file to `1536`, embedding generation will fail.
  • ⚠️The `evaluation/main.py` script also uses OpenAI models, incurring additional costs for each evaluation run.
Verified SafeView Analysis
The project uses standard practices for handling sensitive information by loading API keys and database URIs from environment variables, preventing hardcoded secrets. It relies on external cloud services (OpenAI, MongoDB Atlas), necessitating secure configuration of these services (e.g., IP whitelisting, access controls). No 'eval' or other directly exploitable dangerous functions were found. The general security posture is good for a modern Python application.
Updated: 2025-12-23GitHub
13
3
Low Cost
tobedoit icon

gCalendar-mcp

by tobedoit

Sec9

This MCP server enables AI assistants to create and manage Google Calendar events.

Setup Requirements

  • ⚠️Requires Node.js v18 or later.
  • ⚠️Requires a Google Cloud Console project with Calendar API enabled.
  • ⚠️Requires OAuth2 Client ID, Client Secret, and a Google Refresh Token (which needs an initial OAuth flow to obtain).
Verified SafeView Analysis
The server correctly handles sensitive Google OAuth2 credentials via environment variables, avoiding hardcoding. It implements robust error handling, an idle timeout for resource management, and gracefully shuts down if stdin closes, preventing orphaned processes. Console logging is redirected to stderr to prevent interference with the JSON-RPC protocol on stdout. A SECURITY.md policy is also provided. Input validation is handled by the MCP SDK's schema definition.
Updated: 2025-12-19GitHub
13
4
Medium Cost
Mofesto icon
Sec8

Provides a Model Context Protocol (MCP) server for Fubon Securities API, offering comprehensive Taiwan stock trading functionalities and real-time/historical market data queries for AI agents.

Setup Requirements

  • ⚠️Requires a Fubon Securities account and an electronic PFX certificate.
  • ⚠️The `fubon-neo` Python SDK may require manual installation of platform-specific .whl files from the official Fubon website, not just `pip install` from PyPI.
  • ⚠️Requires a full restart of VS Code after initial MCP configuration to register correctly with Copilot Chat.
  • ⚠️Subject to Fubon API rate limits and data freshness policies. Some functions are only available during trading hours.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (username, password, PFX path/password), preventing hardcoding. HTTPS is used for API connections. PFX certificates are required for authentication, adding a layer of security. A `SECURITY.md` outlines vulnerability reporting. The core functionality relies on `fubon-neo`, an official SDK, shifting some trust to its security. However, improper handling of PFX files or environment variables by the user could still lead to compromise. There are no obvious `eval()` or obfuscation patterns detected in the provided code snippets.
Updated: 2025-12-15GitHub
13
4
Medium Cost
testomatio icon

mcp

by testomatio

Sec9

The Testomat.io MCP Server integrates with Testomat.io API to provide AI assistants (like Cursor or Claude) access to test management functionalities, enabling querying and manipulation of tests, suites, runs, plans, and labels.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher with built-in fetch support.
  • ⚠️Requires a Testomat.io account with API access.
  • ⚠️Requires a Testomat.io API Token (starting with 'testomat_') and a Project ID, which can be found in your Testomat.io account settings and project URL respectively.
Verified SafeView Analysis
The server handles API tokens and project IDs as command-line arguments or environment variables, avoiding hardcoding. It implements JWT authentication with automatic refresh on 401 errors, and explicitly escapes XML output to prevent injection vulnerabilities. No 'eval' or obfuscation is present in the provided source code, and network requests are made to configurable, trusted endpoints. The overall design appears to follow good security practices for an API client.
Updated: 2025-12-16GitHub
13
1
High Cost
Fieldy76 icon
Sec8

An agentic workflow using Large Language Models (LLMs) and various tools to plan travel itineraries for users.

Setup Requirements

  • ⚠️Requires at least one LLM API Key (OpenAI, Anthropic, or Google) for full functionality (paid services). Falls back to a mock agent if no keys are provided.
  • ⚠️For real flight search (Amadeus) and payment processing (Stripe), API keys/secrets are required. Otherwise, mock data is used.
  • ⚠️Requires Python 3.8+ and dependencies from 'requirements.txt' (e.g., fastapi, uvicorn, pydantic, openai/anthropic/google-generativeai SDKs, pypdf, docx, httpx).
Verified SafeView Analysis
The application uses environment variables for API keys, avoiding hardcoding secrets. Network communication with external APIs (Amadeus, Open-Meteo, Stripe) utilizes httpx with status checks and timeouts. Stripe payment processing correctly uses idempotency keys and keeps the secret key server-side. File uploads are handled with server-side text extraction for documents (PDF, DOCX, TXT), which is safer, and passes raw binary for images to the LLM. However, the FastAPI CORS middleware is configured with `allow_origins=['*']` which is a significant security risk in production environments as it allows cross-origin requests from any domain. Additionally, the Google LLM provider explicitly disables all content safety settings (`BLOCK_NONE`), which could allow unfiltered harmful content to pass through the agent.
Updated: 2025-12-23GitHub
13
4
High Cost
NosytLabs icon
Sec3

Integrates AI assistants with the Presearch decentralized search engine to enable privacy-focused web search, intelligent scraping, deep research, and content analysis.

Setup Requirements

  • ⚠️Requires a PRESEARCH_API_KEY (obtained from Presearch, typically involving PRE tokens/payment) for most functional API calls.
  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Web scraping (using Puppeteer) launches Chromium and explicitly disables its sandbox (`--no-sandbox`), posing a critical security risk when processing untrusted web content. This is a severe deployment concern.
  • ⚠️Puppeteer dependencies require Chromium to be downloaded, which adds to setup time and disk space.
Review RequiredView Analysis
The `ContentFetcher` (used for scraping) launches Puppeteer with `--no-sandbox` and `--disable-setuid-sandbox` flags. Disabling the browser sandbox is a critical security vulnerability, as it removes a key layer of isolation and protection against malicious web content. If a scraped webpage contains an exploit, it could potentially escape the browser and gain access to the host system. While running in a Docker container (as suggested by `docker-compose.yml`) provides some isolation, `--no-sandbox` still significantly increases the risk within the container itself. There are no other immediate `eval` or direct arbitrary command execution from user input, and secrets are handled via environment variables, but the Puppeteer configuration is a major concern.
Updated: 2025-12-17GitHub
13
5
Medium Cost
arkinjo icon

RDFPortal-MCP

by arkinjo

Sec9

Facilitates SPARQL queries and API interactions with various biological/biomedical RDF databases for research and data integration.

Setup Requirements

  • ⚠️Requires Python >= 3.11.
  • ⚠️Requires the `uv` package manager for dependency installation and running the server.
  • ⚠️Designed for integration with Claude Desktop, using specific configuration paths as documented in the README.
Verified SafeView Analysis
The server uses `httpx` for external HTTP requests, which is a standard and generally safe library. File system operations (`os.makedirs`, `os.path.join`) are limited to creating a specific directory (`mie`) and saving MIE files within it. SPARQL endpoints are hardcoded and `dbname` is validated against a whitelist, significantly mitigating SSRF risks. No `eval`, `exec`, or other direct code execution patterns from user input are observed. No hardcoded sensitive credentials (e.g., API keys for external services beyond publicly listed SPARQL endpoints) are present in the provided code. The `.sh` script is a build-time script, not part of the runtime server.
Updated: 2025-12-16GitHub
12
2
High Cost
to-aoki icon

tiny_chat

by to-aoki

Sec4

A RAG-enabled chat application that integrates with various LLM backends (OpenAI, Ollama, vLLM) and a Qdrant vector database, offering web search capabilities and an OpenAI-compatible API.

Setup Requirements

  • ⚠️Requires an OpenAI-compatible LLM endpoint (e.g., OpenAI API, Azure OpenAI, Ollama, vLLM) for chat and RAG query processing. Default `server_url` is `http://localhost:11434/v1` (Ollama).
  • ⚠️Requires a Qdrant vector database (local file, in-memory, or remote server) for RAG functionality.
  • ⚠️For optimal performance with some RAG strategies (e.g., `ruri_xsmall`, `ruri_base_reranker`), a GPU is highly recommended.
  • ⚠️Requires Python 3.10 or later, along with numerous dependencies specified in `pyproject.toml` (e.g., `torch`, `sentence-transformers`, `qdrant-client`, `fastembed`, `mcp`, `fastapi`, `streamlit`).
Review RequiredView Analysis
The application includes a `webbrowser.open` call in the Streamlit UI which can open arbitrary local files or URLs. If `source_name` (from uploaded files, web search, or database metadata) contains a malicious path (e.g., `file://`), it could lead to local machine compromise. FastAPI endpoints (e.g., `tiny_chat.api.compat_openai`, `tiny_chat.api.rest`, `tiny_chat.api.continue_context_provider`, `tiny_chat.mcp.search_mcp`) are configured to listen on `0.0.0.0` by default, exposing them to all network interfaces. This requires careful network configuration (e.g., firewall, reverse proxy) to prevent unauthorized access. File system operations for directory processing in `tiny_chat.database.components.registration.py` could also pose a risk if the input path is not strictly controlled in an exposed environment.
Updated: 2025-12-19GitHub
12
2
High Cost
electronart icon

TARILIO

by electronart

Sec4

Desktop information retrieval with an integrated AI assistant, local LLM server, and Hugging Face LLM download capabilities, functioning as an MCP Client.

Setup Requirements

  • ⚠️Requires specific GGML binaries (DLLs) as indicated in the README truncated section, which might be challenging to set up correctly.
  • ⚠️Functionality includes a 'Local LLM server' and 'Hugging Face LLM downloads', implying significant local resource requirements (CPU, GPU, memory, storage) for AI features.
  • ⚠️The project is a .NET desktop application, as indicated by `eSearch/Properties/launchSettings.json` and mentions of Visual Studio, likely requiring Windows and Visual Studio for development and possibly for full setup/build.
  • ⚠️Commercial 'PRO' versions exist with additional closed-source code and licensing requirements, meaning the open-source version may have feature limitations or different terms of use for commercial applications.
Review RequiredView Analysis
The `setInnerHTML` function in `browser_init.js` is used to inject `customRenderHtml`, `CSS`, and `JS` provided by `window.ExtrasProvider`. If the content supplied by `ExtrasProvider` is derived from untrusted sources (e.g., user-provided documents, remote servers, or maliciously crafted local files), this presents a significant Cross-Site Scripting (XSS) vulnerability. The `tiff.min.js` file is a minified Emscripten output, making its underlying C/C++ code difficult to audit for security without original source. While `link_handler.js` properly opens external links in a separate browser, the overall dynamic content injection mechanism without explicit sanitization makes it risky.
Updated: 2025-12-21GitHub
12
3
High Cost
gomcpgo icon

filesys

by gomcpgo

Sec9

A secure MCP server providing filesystem operations with controlled access to specified directories for agent-based interactions.

Setup Requirements

  • ⚠️Requires `MCP_ALLOWED_DIRS` environment variable to be set to a comma-separated list of absolute paths to existing directories. Failure to set this will prevent any file operations.
  • ⚠️The Go programming language environment is required to run the server directly from source or to build the binary.
  • ⚠️Potential for high LLM token consumption due to large file content being returned by `read_file`, `read_multiple_files`, or extensive results from `list_directory` and `search_in_files`.
Verified SafeView Analysis
The server implements robust path validation including symbolic link resolution using `filepath.EvalSymlinks()` to prevent traversal attacks. It enforces canonical path checking against a list of explicitly allowed directories, preventing `../` traversal and prefix matching attacks (e.g., `/allowed` vs `/allowed_attacker`). Non-existent paths for write operations are validated by checking their parent directory chains. Broken symbolic links are explicitly blocked. All access denial attempts are logged with a 'SECURITY:' prefix for monitoring. Allowed directories are configured via an environment variable, preventing hardcoded paths. While highly secure, no system is entirely impervious to all theoretical attack vectors, hence a 9/10.
Updated: 2025-12-17GitHub
12
1
Medium Cost
sinditech icon
Sec2

Provides a Java/Jakarta EE implementation of Anthropic's Model Context Protocol (MCP) to integrate custom features (tools, prompts, resources) with AI models.

Setup Requirements

  • ⚠️Requires a Jakarta EE compliant application server (e.g., Open Liberty) for deployment, not a simple executable JAR.
  • ⚠️Requires Maven to build the project (`mvn clean package -e`).
  • ⚠️The `MCPServerContainers` feature requires a running Docker daemon accessible from the server host.
Review RequiredView Analysis
The `MCPServerContainers.java` module, provided as an example feature, exposes direct Docker client interaction via `@Tool` annotations (e.g., running, removing, building containers). If enabled and callable by an LLM without extremely robust authorization and sandboxing, this could lead to critical Remote Code Execution (RCE), Denial of Service (DoS), or information disclosure on the host system. This is a severe security risk. External API URLs are hardcoded in `MCPRealWeather.java`, which, while not immediately critical for public weather APIs, is generally a bad practice for sensitive keys.
Updated: 2025-12-24GitHub
12
1
Medium Cost
iamsamuelfraga icon

mcp-pipedrive

by iamsamuelfraga

Sec9

Provides Claude with comprehensive access to the Pipedrive CRM API, enabling seamless automation of sales workflows, deal management, contact organization, and activity tracking through natural language conversations.

Setup Requirements

  • ⚠️Pipedrive API Token is a mandatory prerequisite for functionality.
  • ⚠️Requires Claude Desktop to be installed for local integration.
  • ⚠️Node.js version 18 or higher is required.
  • ⚠️File upload and download features require the server to have appropriate local filesystem access.
Verified SafeView Analysis
The Pipedrive API Token is correctly handled via environment variables, preventing hardcoding in the source. Extensive input validation using Zod schemas is implemented for all tool arguments, which significantly reduces the risk of injection attacks or unexpected behavior from malformed inputs. No 'eval' statements or obfuscated code were found. The tool uses local filesystem access for file upload and download functionalities, which is a legitimate feature but requires careful consideration of deployment environment permissions and containerization to prevent unintended file access. Overall, strong security practices are evident.
Updated: 2025-12-22GitHub
PreviousPage 258 of 713Next