Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

11
2
Medium Cost
NightHammer1000 icon

n1ght-mcp

by NightHammer1000

Sec4

Developer toolkit enhancing AI agents with data manipulation, AI delegation, and semantic search capabilities via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Gemini CLI tool to be installed and configured for AI delegation (`n1ght_gemini_*` tools).
  • ⚠️Requires Codex CLI tool to be installed and configured for AI delegation (`n1ght_codex_*` tools).
  • ⚠️Semantic search functionality downloads ~800MB of AI models (embedding and reranking) on first use and is GPU-accelerated for optimal performance (falls back to CPU if no GPU available, but will be slower).
Review RequiredView Analysis
CRITICAL RISK: The `n1ght_data_*` tools accept `filePath` as a direct input parameter, which is then used in `fs.readFile` and `fs.writeFile` operations without explicit path sanitization or containment checks (e.g., ensuring `filePath` is within `process.cwd()`). This creates a path traversal vulnerability, allowing a malicious AI agent to potentially read from or write to arbitrary locations on the host file system (e.g., `../../etc/passwd`). While the `gemini` and `codex` CLI calls escape prompts before passing them to `spawn` with `shell: true`, the general use of `shell: true` can still introduce risks if underlying CLI tools have their own vulnerabilities or if argument handling is not perfectly robust. Additionally, downloading binary models from HuggingFace (`node-llama-cpp`) introduces a supply chain risk, as a compromised model could execute malicious code.
Updated: 2025-12-17GitHub
11
2
High Cost
agentic-profile icon

cloud-a2a-mcp-quickstart

by agentic-profile

Sec8

Deploys a scalable server infrastructure with Agent-to-Agent (A2A) and Model Context Protocol (MCP) services for managing digital identities, venture profiles, community activities, and verifiable credentials, leveraging cloud-native data stores and AI models.

Setup Requirements

  • ⚠️Requires manual access request for Claude 3.5 Haiku model in the AWS Bedrock console.
  • ⚠️Requires a local Redis (Valkey) instance running for local backend development.
  • ⚠️Utilizes AWS Neptune for the 'volunteer' MCP, requiring a deployed Neptune cluster endpoint and port configuration.
Verified SafeView Analysis
CORS is broadly configured (`origin: '*'`), which may be too permissive for some production deployments. A default `ADMIN_DID` is hardcoded for administrative tasks, which should be overridden with a custom value in production environments.
Updated: 2025-12-16GitHub
11
1
Low Cost
nyo16 icon

conduit_mcp

by nyo16

Sec9

Provides an Elixir-based Model Context Protocol (MCP) server library with a Phoenix integration example for exposing AI tools, resources, and prompts via a web API.

Setup Requirements

  • ⚠️Requires Elixir and Mix to be installed.
  • ⚠️Familiarity with the Phoenix framework is beneficial for advanced integration and customization.
  • ⚠️Requires `mix deps.get` to fetch project dependencies.
Verified SafeView Analysis
The server leverages Phoenix's robust security features. It explicitly guides users to use environment variables for secrets (e.g., `MCP_AUTH_TOKEN`, `SECRET_KEY_BASE`) and provides comprehensive parameter validation using NimbleOptions, including type checking, constraints (min/max, length), enums, and custom validators, which mitigates common injection and malformed input risks. Configurable authentication strategies (Bearer Token, API Key, Custom Function) and CORS settings allow for secure deployment. The core library's stateless, pure-function architecture minimizes state-related vulnerabilities. No direct `eval` or arbitrary code execution mechanisms are evident in the provided runtime code.
Updated: 2025-12-20GitHub
11
1
Medium Cost
BamaCharanChhandogi icon

BlogCaster-MCP

by BamaCharanChhandogi

Sec9

Enables publishing, listing, and deleting blog posts across multiple platforms (Hashnode, Dev.to, WordPress) from an MCP-enabled AI client.

Setup Requirements

  • ⚠️Users must manually obtain API keys/tokens for each blogging platform (Hashnode, Dev.to, WordPress) from their respective developer settings and input them into the provided web dashboard.
  • ⚠️API tokens are ephemeral and tied to a specific chat session (Durable Object instance); they will need to be re-entered if a new chat session is started.
  • ⚠️For self-hosted production deployments, critical environment variables (ENCRYPTION_KEY, MAGIC_LINK_SECRET, RESEND_API_KEY) must be securely configured in the Cloudflare Worker environment.
Verified SafeView Analysis
The server demonstrates strong security practices for token handling, including encryption (AES-GCM) with an environment-provided key, and storage in isolated Cloudflare Durable Objects. Authentication uses a magic link system with HMAC-signed tokens. Input validation is performed using Zod. The custom Markdown-to-HTML conversion for WordPress is minimal and intentionally avoids complex parsing, reducing potential XSS vectors. The primary security concern is the 'MAGIC_LINK_SECRET' having a default 'dev-secret-unsafe' fallback, which is insecure if not explicitly configured in a production environment.
Updated: 2025-12-20GitHub
11
1
Low Cost
s2005 icon

wcli0

by s2005

Sec9

Provides a Model Context Protocol (MCP) server for secure command-line interactions on Windows systems, allowing MCP clients to execute commands in PowerShell, CMD, Git Bash, Bash, and WSL with configurable security controls.

Setup Requirements

  • ⚠️Requires reviewing and customizing `config.json` for security (e.g., allowed paths, blocked commands).
  • ⚠️Requires Node.js 18 or later.
  • ⚠️Requires WSL/Git Bash to be installed on the host system for their respective shell types to function.
Verified SafeView Analysis
The server implements a robust, multi-layered security model including command blocking, argument blocking, operator blocking, working directory restrictions, command length limits, and command timeouts. Path traversal in log directories is explicitly prevented. It features an inheritance-based configuration system for granular control over security settings for each shell. Warnings are clearly provided for '--yolo' and '--unsafe' flags which disable most safety features. The primary security risk comes from misconfiguration or intentional disabling of safety features.
Updated: 2025-12-21GitHub
11
2
Medium Cost
LarsArtmann icon

web-client-errors-mcp

by LarsArtmann

Sec8

Detects client-side web errors on websites for AI coding agents to debug.

Setup Requirements

  • ⚠️Requires Bun runtime (not Node.js) for execution and dependency management.
  • ⚠️Playwright requires browser binaries (Chromium, etc.) which might need manual installation (`bunx playwright install`) or a specific path set via `PLAYWRIGHT_BROWSERS_PATH`.
  • ⚠️Running headless browsers can consume significant CPU and RAM, especially for extended `waitTime` or concurrent sessions.
Verified SafeView Analysis
The server uses Playwright to browse arbitrary URLs provided by the user, which is an inherent risk. It launches Chromium with `--no-sandbox` and `--disable-setuid-sandbox` flags, a common practice in containerized headless environments, but reduces browser isolation. Input validation is performed using Zod schemas for all tool parameters, significantly mitigating injection risks. Hardcoded JavaScript executed via `page.evaluate` is benign. Logging includes sensitive data redaction. While DOM snapshot capture is mentioned in documentation and configuration, the provided source code does not show its full implementation, which could pose an XSS/PII risk if not properly sanitized upon completion.
Updated: 2025-12-15GitHub
11
1
Low Cost
pulseengine icon

mcp

by pulseengine

Sec2

A Rust framework for building Model Context Protocol (MCP) servers with pluggable backends, handling protocol compliance, transport, authentication, and monitoring.

Setup Requirements

  • ⚠️Requires Rust toolchain (`cargo`) for development and execution.
  • ⚠️Requires Python 3.9+ for external validation scripts and Python SDK compatibility testing.
  • ⚠️Default server configuration has authentication disabled; critical manual configuration is required for secure deployments.
  • ⚠️Network transports (HTTP/WebSocket) do not enforce TLS by default, requiring manual configuration for secure communication.
Review RequiredView Analysis
The default `ServerConfig` (used if not explicitly overridden by the developer) has authentication disabled (`auth_config.enabled = false`). This means, by default, the server's public endpoints (RPC, Dashboard, Alerting, Metrics) are completely unprotected. This is a critical security vulnerability for any public-facing deployment. The Dashboard and Alerting endpoints expose sensitive operational data and allow state changes (e.g., acknowledging alerts) without authentication. While the framework provides robust security features (authentication, rate limiting, input sanitization, HTTPS enforcement in `pulseengine_mcp_security_middleware` and `pulseengine_mcp_auth`), they are opt-in and not enabled by default. Developers must explicitly configure and enable security measures, which poses a significant risk of accidental insecure deployment.
Updated: 2025-12-21GitHub
11
2
Medium Cost
sumo-mcp icon

sumo-mcp

by sumo-mcp

Sec9

This server powers AI chatbots with historical and live sumo wrestling data by acting as an interface to the Model Context Protocol.

Setup Requirements

  • ⚠️Requires `https://sumo-api.com` to be operational, as it is a core dependency not controlled by this project.
  • ⚠️Requires a Go development environment to build and run the executable.
  • ⚠️Interacting with the server requires an MCP-compatible client or AI chatbot framework, as it exposes tools via the Model Context Protocol.
Verified SafeView Analysis
The Go source code itself appears to be well-structured and does not contain obvious security vulnerabilities like `eval`, obfuscation, or hardcoded credentials. Network operations use standard http clients with reasonable timeouts. The primary security consideration (and functionality dependency) is its reliance on the external `https://sumo-api.com` service, which is clearly disclosed in the README.
Updated: 2025-12-16GitHub
11
3
Medium Cost
iceener icon
Sec4

Facilitates AI agent management of email contacts, segments, newsletters, and campaigns via Resend.

Setup Requirements

  • ⚠️Requires a Resend account with a verified sending domain (paid service after free tier limits).
  • ⚠️A `BEARER_TOKEN` must be manually generated (e.g., `openssl rand -hex 32`) and securely set in environment variables or secrets.
  • ⚠️CRITICAL: Origin validation (`isAllowedOrigin`) is disabled by default in production, accepting requests from any source. Users *must* implement a proper origin allowlist in `src/shared/mcp/security.ts` or `src/utils/security.ts` for secure production deployments to prevent CSRF attacks.
  • ⚠️Email templates used by the `send` tool must be pre-published in the Resend dashboard.
  • ⚠️Exposes full email sending and contact management capabilities to an AI agent, requiring careful client-side review and confirmation of actions to prevent unintended or malicious email sending.
Verified SafeView Analysis
The server implements bearer token authentication and input validation via Zod schemas, which are good practices. However, a critical security vulnerability exists in its default configuration: the `isAllowedOrigin` function (used for origin validation) is a placeholder that always returns `true` in production. This means, by default, the server accepts requests from *any* origin when deployed to a public endpoint, making it highly susceptible to Cross-Site Request Forgery (CSRF) attacks if a client is tricked into sending requests with a valid bearer token. Additionally, the README explicitly warns that giving an AI agent access to email sending capabilities carries significant risks, including misinterpretation of instructions and unintended email broadcasts. Users must implement client-side review and confirmation mechanisms.
Updated: 2025-12-09GitHub
11
1
Medium Cost
puran-water icon

ix-design-mcp

by puran-water

Sec8

Ion exchange system design and performance prediction for water treatment, including breakthrough analysis, regeneration optimization, and economic costing.

Setup Requirements

  • ⚠️PHREEQC executable required (install and set PHREEQC_EXE environment variable).
  • ⚠️WaterTAP/IDAES dependencies (Pyomo, IDAES, WaterTAP) are complex to install, but integration is optional (controlled by IX_WATERTAP).
  • ⚠️Python 3.8+ required.
Verified SafeView Analysis
`subprocess.run` is used for external executables (PHREEQC, WaterTAP helper scripts) without `shell=True` on user-controlled input, mitigating direct command injection risks. Extensive logging, including tracebacks on errors, is present; consider log sanitization/access control in production. No obvious hardcoded credentials or `eval` with untrusted input.
Updated: 2025-12-20GitHub
11
2
High Cost
ari1110 icon

doc-manager-mcp

by ari1110

Sec9

Manages the entire documentation lifecycle for software projects, automating creation, maintenance, quality assessment, and synchronization, primarily through an MCP server interface for AI agents.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires Git installed for most operations (change detection, history preservation, gitignore parsing).
  • ⚠️Requires 'tree-sitter' and 'tree-sitter-language-pack' Python packages for semantic analysis, symbol indexing, and code snippet validation. Installation is crucial for full functionality, with a warning if missing.
Verified SafeView Analysis
The project demonstrates robust security practices, including atomic file writes with locking (file_lock), path sanitization and boundary validation (safe_resolve, validate_path_boundary) to prevent directory traversal, and careful handling of subprocess commands. Git command inputs (e.g., since_commit) are explicitly validated to accept only SHA hashes, mitigating command injection risks. Network requests for external asset validation are opt-in and include timeouts. Relies on external TreeSitter libraries which introduce a dependency chain, but these are standard and trusted.
Updated: 2025-12-16GitHub
11
2
Medium Cost
damalis icon
Sec1

A comprehensive Docker Compose setup for deploying a full-stack development environment including Nginx as a reverse proxy, n8n for workflow automation, Ollama and Open WebUI for local AI, PostgreSQL with pgvector for data storage, Mailhog for email testing, WAHA for WhatsApp integration, and Portainer for container management, with automated SSL certificates.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose (though `install.sh` attempts to install them).
  • ⚠️Primarily designed for Linux operating systems, with specific support for multiple package managers.
  • ⚠️Requires interactive setup via `install.sh` for domain names, subdomains, email, and database credentials.
  • ⚠️Significant system resources are recommended for AI components (16GB RAM minimum, 32GB recommended; 8-core CPU; 20GB+ disk space; optional NVIDIA GPU).
  • ⚠️For remote deployments, proper DNS A records must be configured for the main domain and all subdomains for Certbot SSL provisioning.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `install.sh` script executes `sudo chmod 666 /var/run/docker.sock`, which sets world-writable permissions on the Docker daemon socket. This allows any local user on the host system to interact with the Docker daemon, effectively granting them root privileges on the host. This is a severe privilege escalation vulnerability. Additionally, sensitive credentials (database, pgAdmin, API keys) are prompted for and stored unencrypted in a `.env` file, which should have strict file system permissions. Mailhog's credential handling stores the database username in plaintext.
Updated: 2025-12-17GitHub
PreviousPage 260 of 713Next