Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

11
2
Medium Cost
josefdc icon

Uniprot-MCP

by josefdc

Sec8

Provides LLM agents with structured, resilient access to UniProtKB protein data, including entries, sequences, Gene Ontology annotations, and ID mappings.

Setup Requirements

  • ⚠️Requires Python 3.11 or 3.12.
  • ⚠️Default CORS policy is wide open; users must configure environment variables to restrict it for production deployments.
Verified SafeView Analysis
The project follows good security practices, including input validation via Pydantic models, defensive parsing of API responses, and retry mechanisms for network resilience. It uses `httpx.AsyncClient` with `trust_env=True`, which is common but means the client can be influenced by environment proxies. CORS is configured with a default wide-open policy (`*` for origins, methods, headers) which is acknowledged as insecure for production in the `SECURITY.md` and requires user configuration to restrict. No direct database access, hardcoded secrets, or obvious malicious patterns were found. The `SECURITY.md` outlines a clear vulnerability reporting process.
Updated: 2025-12-15GitHub
11
1
Medium Cost
uchimanajet7 icon

openai-responses-mcp

by uchimanajet7

Sec9

A lightweight MCP server for AI clients (like Claude Code/Desktop) to leverage OpenAI Responses API with autonomous web search capabilities over stdio.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Node.js v20 or later
  • ⚠️`model_profiles.answer` must be configured in YAML for full functionality, or defaults to 'gpt-5.2'
Verified SafeView Analysis
The server follows good security practices by requiring API keys via environment variables (no hardcoding in YAML/code) and explicitly warns against storing secrets in config. Debug logging is designed to avoid sensitive information like full query text, instructions, or API keys, instead showing metadata like query length or truncated error bodies. Configurable `base_url` and external policy file paths are present, which are standard features but could be misconfigured by a user to point to malicious sources.
Updated: 2025-12-21GitHub
11
1
Low Cost
aPeterHeise icon

snowflake-mcp-server

by aPeterHeise

Sec3

Provides a semantic layer for Snowflake, translating natural language questions into SQL using an LLM and a defined glossary.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid service)
  • ⚠️Requires a Snowflake account (Paid service)
  • ⚠️Python 3.10 or higher required
  • ⚠️Environment variables for Snowflake and OpenAI credentials must be configured in a .env file
Review RequiredView Analysis
The server directly executes SQL queries generated by an LLM based on user input and a glossary. This poses a significant risk if the LLM is prompted to generate malicious SQL (e.g., DROP TABLE, DELETE FROM, data exfiltration queries, or complex injections). There is no explicit validation or sanitization of the generated SQL before execution by the `run_sql` function. While environment variables are used for credentials, the execution of arbitrary LLM-generated SQL without stringent safeguards is a critical vulnerability. The `SNOWFLAKE_ROLE` might offer some protection but is not a complete solution against all malicious SQL types.
Updated: 2025-12-20GitHub
11
1
Medium Cost
toorop icon
Sec6

Provides a Model Context Protocol (MCP) server for fetching YouTube video transcripts using yt-dlp, designed for integration with AI tools like Claude Desktop and other HTTP clients.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for deployment.
  • ⚠️If `AUTH_ENABLED=false` (as in the provided docker-compose.yml), a reverse proxy (e.g., Caddy, Nginx) configured with authentication is critical for securing all endpoints.
  • ⚠️Node.js and npx are required client-side for the `mcp-remote` adapter if integrating with Claude Desktop.
Verified SafeView Analysis
The provided `docker-compose.yml` explicitly sets `AUTH_ENABLED=false`, which disables the server's internal API key authentication. This means the server will be completely unauthenticated by default if deployed with this configuration without an external reverse proxy (e.g., Caddy, Nginx) handling authentication. The README *strongly advises* using a reverse proxy for production security. No direct `eval` or obvious malicious patterns were found in the `server.py` code.
Updated: 2025-12-21GitHub
10
1
Medium Cost
ess-dive icon

essdive-mcp

by ess-dive

Sec9

An MCP server for querying ESS-DIVE and ESS-DeepDive environmental data, facilitating dataset search, retrieval, identifier conversion, and file-level metadata analysis for language models.

Setup Requirements

  • ⚠️Requires 'uv' for installation and dependency management.
  • ⚠️An ESS-DIVE API token is required for authentication to access data.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server handles API tokens securely by accepting them via command-line arguments or environment variables, avoiding hardcoding. It uses standard and robust HTTP clients (httpx, requests) for network communication. File parsing for FLMD uses Python's `csv` module with explicit sanitization, reducing injection risks. No `eval` or `exec` functions are used, and no obvious malicious patterns or obfuscation are present.
Updated: 2025-12-19GitHub
10
2
Low Cost
harmonsir icon
Sec9

A Python-based filesystem MCP Agent designed to perform user-requested file and directory operations with a focus on security and resource limits.

Setup Requirements

  • ⚠️Requires the 'mcp' Python library to be installed (`pip install -U mcp`).
  • ⚠️Understanding the 'sandbox' mode is crucial: by default, it restricts operations to the configured `ROOT_DIR`. Disabling it (via CLI arg or env var) allows absolute path access outside this root.
  • ⚠️Python environment required (likely Python 3.8+ for asyncio features).
Verified SafeView Analysis
The server implements a robust sandbox mechanism (`resolve_path` and `_is_subpath`) to prevent path traversal attacks, defaulting to `True`. Disabling the sandbox via `--sandbox false` or `MCP_FILESYSTEM_SANDBOX=false` allows access to absolute paths outside the configured root, but this is explicitly prompted during interactive startup. There are no obvious 'eval' calls, obfuscation, or hardcoded secrets. File content reads are capped at ~32KB for batch operations, mitigating excessive data exfiltration risks.
Updated: 2025-12-15GitHub
10
1
Medium Cost
freema icon
Sec6

This server provides an interface for interacting with Google Analytics 4, Google Search Console, and Google AdSense APIs to manage properties, fetch data, and generate reports.

Setup Requirements

  • ⚠️**Deprecated Package**: The package is officially deprecated and no longer maintained. Users are encouraged to migrate to 'Metrifyr', implying no future updates or security patches for this server.
  • ⚠️**Google OAuth Credentials Required**: Requires `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET` to be set as environment variables. Missing credentials will prevent the server from running and using tools.
  • ⚠️**Interactive OAuth Flow**: Initial authentication requires an interactive OAuth flow that opens a browser and listens on `http://localhost:8085/callback`. This can be a friction point in headless environments or if the port is already in use.
  • ⚠️**Enable Google APIs**: Users might need to manually enable specific Google APIs (e.g., AdSense Management API, Google Analytics Admin API, Google Analytics Data API, Google Search Console API) in their Google Cloud project for the tools to function correctly.
  • ⚠️**Node.js Version**: Requires Node.js version 20.0.0 or higher.
Review RequiredView Analysis
The project is marked as 'Deprecated' in its README, indicating it is no longer maintained and will not receive security patches or updates, which is a critical long-term security risk. OAuth tokens are stored in a `tokens.json` file within the `process.cwd()/.credentials` directory. While this is explicitly managed, it increases the risk of accidental exposure if the project directory is committed to version control or shared improperly, compared to storing in a user-specific configuration directory (e.g., `~/.config`). There are no immediate signs of malicious patterns like 'eval' or command injection in the provided code, and input arguments are validated using Zod schemas. The OAuth flow involves starting a local HTTP server for callback, which is a standard and generally safe practice.
Updated: 2025-12-19GitHub
10
1
Low Cost
trebortGolin icon

amorce_py_sdk

by trebortGolin

Sec9

The Amorce Python SDK enables secure, cryptographically verified communication between AI agents and integration with various AI frameworks, including human-in-the-loop approval workflows for critical transactions.

Setup Requirements

  • ⚠️Requires Python 3.9+.
  • ⚠️Relies on external Amorce Trust Directory (directory.amorce.io) and Orchestrator (orchestrator.amorce.io) services for production functionality, though custom endpoints can be configured.
  • ⚠️Specific features like Google Secret Manager integration or the Human-in-the-Loop example's LLM interpretation require additional dependencies (e.g., 'google-cloud-secret-manager', 'google-generativeai').
  • ⚠️Requires an accessible MCP wrapper server for MCP tool integration (e.g., 'http://localhost:5001').
Verified SafeView Analysis
The SDK is built with strong security principles, including Ed25519 cryptographic signatures for agent authentication ('X-Agent-Signature', 'X-Amorce-Agent-ID'). It enforces a zero-trust model, verifying every incoming request. Identity management uses secure providers (local file, environment variables, Google Secret Manager). Public key distribution relies on a Trust Directory for automatic key revocation and discoverability. Human-in-the-Loop (HITL) support provides an additional layer of security for high-value or sensitive actions. No 'eval' or malicious patterns were found. The primary 'risk' is reliance on the Amorce network infrastructure for full functionality, but this is inherent to the protocol's design.
Updated: 2025-12-19GitHub
10
1
Low Cost
KevinZhao-07 icon

Fusion-Mcp-Server

by KevinZhao-07

Sec8

Controls Fusion 360 CAD software directly from Claude Desktop using natural language via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Autodesk Fusion 360 (proprietary software) to be installed and running.
  • ⚠️Requires Claude Desktop (proprietary software) to be installed and configured.
  • ⚠️Requires manual installation of a Python script within Fusion 360, which must be run and kept active during use.
  • ⚠️The path to `server.py` in the Claude Desktop configuration file (`claude_desktop_config.json`) must be manually updated to the user's specific repository location.
Verified SafeView Analysis
The server architecture involves two local Python servers: an MCP server (`server.py`) communicating with Claude Desktop via stdio, and a Fusion 360 HTTP server (`fusion_http_server.py`) running within Fusion 360 on `localhost:8080`. The Fusion HTTP server is only accessible from the local machine, significantly limiting external attack surface. It directly processes tool commands and parameters received via HTTP POST requests and executes corresponding Fusion 360 API calls. There is no usage of `eval` or direct arbitrary code execution. The primary security risk would be if another process on the local machine could send malicious HTTP requests to `localhost:8080` to manipulate Fusion 360, but the scope of actions is limited to predefined CAD operations. Input validation for parameters is split between the MCP server (absolute validation) and Fusion server (proportional validation, handled by Fusion's API). Overall, given its local-only operation and limited command set, it is reasonably secure.
Updated: 2025-12-19GitHub
10
1
Medium Cost
Frostday icon

Agent4Molecule

by Frostday

Sec3

Assists in molecular discovery pipelines, including enzyme design, heme binder design, and protein-protein diffusion, by orchestrating AI models and computational chemistry tools.

Setup Requirements

  • ⚠️Requires manual modification of numerous hardcoded paths (e.g., for EnzyGen, Heme Binder, PPDiff, ColabFold, FastMD repositories and their conda environments) directly in the Python source code for any new environment.
  • ⚠️Demands complex and extensive Conda environment management, including multiple specialized environments (`enzygen`, `docking`, `esp`, `fastmds`, `diffusion`, `mlfold`, `ppdiff`, `vina`) with specific Python and package versions, often requiring manual installation and dependency resolution steps detailed in separate setup guides.
  • ⚠️Designed for High-Performance Computing (HPC) environments, necessitating access to a SLURM scheduler for job submission and Apptainer/Singularity for containerized applications (e.g., AlphaFold2/3, ColabFold).
Review RequiredView Analysis
The system extensively uses `subprocess.Popen` and `os.system` with f-strings for building and executing shell commands, creating numerous potential command injection vulnerabilities. Parameters from user input are not consistently sanitized before being used in these commands. Critical paths to external tools and environments are hardcoded in multiple server scripts (`enzygen_server.py`, `heme_binder_server.py`, `ppdiff_server.py`), making the system less portable and potentially exposing sensitive file system structures. The use of `ast.literal_eval` on potentially unsanitized input is a minor but existing risk. The underlying scientific tools (e.g., Open Babel, Vina, ClustalW) and HPC environment (SLURM, Apptainer) add to the attack surface if not configured securely.
Updated: 2025-12-19GitHub
10
1
High Cost
WilliamNing316 icon

crypto-mcp-server

by WilliamNing316

Sec9

Provides a Model Context Protocol (MCP) server with an integrated Agent for real-time cryptocurrency market data queries and analysis using the Binance Public API.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm for setup.
  • ⚠️Requires stable network access to Binance Public REST API (api.binance.com).
  • ⚠️The Agent component requires an external LLM API (default `https://llmapi.paratera.com`) and may incur costs, especially for higher volume or complex queries due to potentially large data payloads (e.g., 500 K-lines or 100 order book entries) and multi-turn conversations. An `LLM_API_KEY` might be required for the chosen LLM.
  • ⚠️Manual creation and configuration of `config.json` (from `config.json.example`) is necessary for the Agent, and users must ensure `LLM_API_KEY` is not committed to version control.
Verified SafeView Analysis
The server uses `zod` for robust input schema validation across all tools, significantly mitigating risks from malformed inputs. Network requests are made to the public Binance API, which does not require API keys for these endpoints. Sensitive LLM API keys are explicitly configured via `config.json` (excluded from version control) or environment variables, with clear warnings against committing them. The custom HTTP server implementation includes basic error handling for JSON parsing and requests. No 'eval' or other obviously dangerous code execution patterns are observed. The primary remaining theoretical risk is a highly compromised LLM generating valid but misleading tool call arguments, though input validation lessens this.
Updated: 2025-12-19GitHub
10
1
Medium Cost
adibirzu icon
Sec9

Enables AI assistants (like Claude) to perform natural language querying, analysis, and basic management of security logs within Oracle Cloud Infrastructure (OCI) Logging Analytics, leveraging the Logan Security Dashboard's capabilities.

Setup Requirements

  • ⚠️Requires an Oracle Cloud Infrastructure (OCI) account with Logging Analytics enabled and appropriate IAM policies.
  • ⚠️Requires OCI CLI configured or specific OCI credential environment variables (e.g., OCI_USER_ID, OCI_FINGERPRINT, OCI_TENANCY_ID, and OCI_KEY_FILE or OCI_PRIVATE_KEY_CONTENT).
  • ⚠️The Claude Desktop configuration (in `claude_desktop_config.json`) requires **absolute paths** for the server command and arguments, which is a common source of setup errors.
  • ⚠️Python 3.8+ is required for the core Python backend, with Python 3.10+ recommended for the optional pure-Python `fastmcp_server`.
Verified SafeView Analysis
The server utilizes environment variables for OCI credentials and OAuth configuration, actively redacts sensitive information in logs, and has a `.gitignore` specifically designed to prevent credential leakage. Python scripts are spawned as subprocesses with controlled arguments, mitigating direct code injection risks from query inputs. OAuth 2.0 authentication is implemented with token introspection. While custom 'eval' and 'extract' operations are used within the OCI Logging Analytics query context, these are not JavaScript/Python 'eval' and are subject to internal query sanitization, reducing the risk of server-side arbitrary code execution.
Updated: 2025-12-19GitHub
PreviousPage 261 of 713Next