Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse Directory Why Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:

SORT:

Vetted Servers(8554)

Medium Cost

Weather-MCP-Server

by iamthite

Sec5

Provides comprehensive weather information and tools via a Model Context Protocol (MCP) server using FastMCP and WeatherAPI.com.

Setup Requirements

⚠️The `WEATHER_API_KEY` is hardcoded in `main.py` and overrides any environment variable or `.env` file setting, preventing users from easily using their own API key.
⚠️Requires a WeatherAPI.com account (free tier available) to obtain an API key, although a hardcoded key is currently provided.
⚠️Requires Python 3.10+.

Verified SafeView Analysis

The `WEATHER_API_KEY` is hardcoded directly in `main.py` (`weather_server.py`). While `python-dotenv` is used to load environment variables, the hardcoded value overrides any user-provided key, making it impossible for users to supply their own API key without modifying the source code. This is a significant security flaw as it exposes a single API key to all users of the repository/image and prevents proper secret management. There is no user authentication or rate limiting implemented by default, which should be considered for production deployments.

Updated: 2025-12-15GitHub→

Medium Cost

adeo-mozaic-mcp

by MerzoukeMansouri

Sec9

Provides AI assistants with intelligent access to the Mozaic Design System's design tokens, components, icons, and documentation for code generation and lookup.

Setup Requirements

⚠️Requires Node.js 25+ (specifically mentioned in `package.json` and `DEVELOPMENT.md` to avoid `better-sqlite3` native module mismatches with Claude Desktop).
⚠️Requires a database build (`pnpm build`) before starting the server, which clones Mozaic Design System repositories via Git SSH. This necessitates `git` and SSH keys configured for GitHub access.
⚠️The install script uses `jq` for automatic configuration of `claude_desktop_config.json`; if `jq` is not found, manual editing of the config file is required.

Verified SafeView Analysis

The server primarily processes static data from cloned Git repositories and communicates via stdio, limiting direct network exposure during runtime. The `execSync` function is used in the build script (`scripts/build-index.ts`) for cloning repositories and running `npm install`, which is an acceptable practice for a build-time process using fixed commands. There are no apparent uses of `eval`, obfuscation, or direct handling of untrusted user input for critical operations. It relies on `better-sqlite3`, a native Node.js module, which requires trust in the library itself.

Updated: 2025-12-15GitHub→

Low Cost

mcp-tiny-erp-server

by DanielRudnick

Sec3

The server acts as an MCP (Model Context Protocol) gateway for the Tiny ERP API, exposing its functionalities as tools for AI agents or other clients.

Setup Requirements

⚠️Requires proper JWT token generation and passing from client, containing `tenant_id` and `tiny_token`.
⚠️The `mcp_filtro_clientes_excel` tool has a hardcoded dependency on a CSV file at `/mnt/user-data/uploads/contatos_teste.csv`, which must exist and be accessible.
⚠️Requires an active Tiny ERP account and a valid API token (which is passed via the JWT).

Review RequiredView Analysis

CRITICAL: The server explicitly decodes JWT tokens without signature validation, stating 'Decodifica JWT manualmente (sem validação de assinatura)'. This means an attacker could forge JWTs containing any tenant_id and tiny_token, bypassing authentication if they know the payload structure. HIGH: CORS is set to `allow_origins=['*']`, which is a significant security risk for production environments as it allows any domain to make cross-origin requests. MEDIUM: The `mcp_filtro_clientes_excel` tool relies on a hardcoded CSV path (`/mnt/user-data/uploads/contatos_teste.csv`), which could lead to file system vulnerabilities if not properly secured.

Updated: 2025-12-16GitHub→

Medium Cost

miaw-mcp-server

by skyrmionz

Sec9

Connects ChatGPT to Salesforce Enhanced Chat (MIAW) to enable AI assistants to seamlessly hand off conversations to human or AI agents within Salesforce, displaying a live chat widget when transferred to a human agent.

Setup Requirements

⚠️Requires a Salesforce Org with Enhanced Chat (MIAW) enabled and specifically configured as 'Custom Client' with Omni-channel routing.
⚠️Requires a ChatGPT Plus or Team subscription with Developer Mode enabled for MCP Connectors or the ability to create Custom GPTs.
⚠️Critical messaging rules must be explicitly copied into Custom GPT instructions for correct agent response formatting (verbatim, no commentary) and proper `show_salesforce_chat` tool usage (only for live agents, not chatbots).
⚠️Deployments to Heroku require a Heroku account (even free tier typically needs credit card verification for identity).

Verified SafeView Analysis

Salesforce credentials (SCRT URL, Org ID, ES Developer Name) are correctly handled as environment variables, not hardcoded. Access tokens from Salesforce are stored server-side in-memory only and explicitly not persisted to disk, significantly reducing data retention risks. The server prevents exposing JWTs to ChatGPT by managing authentication internally with session IDs. Cross-Origin Resource Sharing (CORS) is enabled broadly (`*`), which is common for public APIs but could be tightened if client origins are specific. Content Security Policy (CSP) is defined for the embedded widget. No 'eval' or other directly malicious patterns were found in the provided source.

Updated: 2025-12-16GitHub→

High Cost

MCP-SQL-Server

by joaoGabriel55

Sec2

This server provides a natural language interface to query an SQLite database using a local large language model (Ollama) to convert questions into SQL queries, accessible via a chat-based web application.

Setup Requirements

⚠️Requires a local Ollama installation to be running.
⚠️Requires the 'qwen2.5:latest' model to be downloaded via Ollama (`ollama run qwen2.5:latest`).
⚠️The SQLite database needs to be initialized by running `npm run init:db` in the server directory.

Review RequiredView Analysis

CRITICAL: The server directly executes SQL queries generated by the Ollama LLM based on user input. This poses a significant SQL injection risk, as a malicious or improperly prompted LLM could generate harmful SQL commands (e.g., DROP TABLE, data manipulation) that would be executed against the database. There are no explicit sanitization or validation layers for the generated SQL before execution. The Ollama host and model are hardcoded, and the server runs on a fixed port. No hardcoded API keys or external secrets were found, but the direct execution of LLM-generated SQL makes it unsafe for environments with untrusted input.

Updated: 2025-12-17GitHub→

Medium Cost

MinecraftDeveloperMCP

by center2055

Sec8

Provides an HTTP API for Spigot/Paper Minecraft servers to enable external tooling for automated administration and management.

Setup Requirements

⚠️Requires Java 17+ to run the Minecraft server.
⚠️Requires an extra network port to be open on the server host, which might require port forwarding or a tunneling service (e.g., playit.gg).
⚠️A secure, random token MUST be configured in `config.yml` (default token is insecure) for server security.

Verified SafeView Analysis

The server implements token-based authentication and robust path normalization checks to prevent directory traversal vulnerabilities during file operations. Critical security hinges entirely on users configuring a strong, random token, as explicitly warned in the README, because the API grants full console (operator-level) access. The default token is insecure and must be changed.

Updated: 2025-12-17GitHub→

Medium Cost

uapf-mcp

by UAPFormat

Sec7

The uapf-mcp server acts as a Model Context Protocol (MCP) gateway for UAPF packages, connecting to a uapf-engine instance to expose UAPF tools and resources.

Setup Requirements

⚠️Requires a running UAPF Engine instance reachable at `UAPF_ENGINE_URL` (defaults to http://localhost:3001).
⚠️Requires correct `UAPF_MCP_MODE` and corresponding path/directory environment variables (`UAPF_PACKAGE_PATH` or `UAPF_WORKSPACE_DIR`) to define its operation mode (package vs. workspace).
⚠️Requires Node.js >=18 and TypeScript compilation (`npm run build`) before running the production server.

Verified SafeView Analysis

The server uses environment variables for sensitive configurations, which is good practice. Session IDs are generated using `randomUUID()`. However, the default CORS origin is `*`, which is overly permissive for production and should be restricted. The debug log (`UAPF_DEBUG_LOG`) records full HTTP requests/responses (including headers and body) to disk, which could expose sensitive data if the log file is not properly secured. While claims enforcement is supported via `UAPF_SECURITY_MODE=claims_enforce` and an `HttpVerifier`, the default `claims_declare` mode only reports claims without enforcing them, meaning sensitive operations might not be blocked by default. The `HttpVerifier` relies on an external URL (`UAPF_DIDVC_VERIFIER_URL`) for verification, and the security of this endpoint is critical and not managed by this server. No `eval` or blatant malicious patterns were found in the provided source code.

Updated: 2025-12-15GitHub→

Low Cost

palo-mcp

by jpitc-ca

Sec5

Provides an AI agent with tools to manage Palo Alto Networks firewalls, specifically for creating, listing, updating, and deleting address objects and security policies, and executing operational commands.

Setup Requirements

⚠️Requires access to a Palo Alto Networks firewall.
⚠️Requires a Palo Alto firewall API key with necessary permissions.
⚠️Python environment with `panos` and `fastmcp` libraries installed.
⚠️The advanced setup (`003-n8n`) requires Docker and Docker Compose.

Review RequiredView Analysis

The server disables SSL certificate verification warnings (`urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)`), which makes connections vulnerable to man-in-the-middle attacks. This is a critical security risk for any deployment outside of a strictly controlled, trusted lab environment where self-signed certificates are explicitly managed. The server also requires a firewall API key with potentially broad administrative privileges, and exposes a tool to run arbitrary operational CLI commands, increasing the risk if the server or AI agent is compromised.

Updated: 2025-12-16GitHub→

Medium Cost

leafy-bank-capitalmarkets-mcp

by mongodb-industry-solutions

Sec8

AI-powered financial data analysis and portfolio management using MongoDB MCP Server to process queries against time-series data.

Setup Requirements

⚠️Docker Required for running the application.
⚠️MongoDB Atlas cluster required, with specific 'binanceCryptoData' and 'yfinanceMarketData' collections populated using provided sample data.
⚠️AWS account with Bedrock access (specifically for Claude models) and AWS CLI configured for SSO on the host machine is mandatory.
⚠️Required environment variables for MongoDB MCP Server connection and AWS Bedrock model must be set in a '.env' file.

Verified SafeView Analysis

The `mongodb-mcp-server` is explicitly configured to run in `--readOnly` mode, significantly mitigating risks of data modification or deletion. The `mcp_aggregate` tool accepts a `customPipeline` parameter, which, if combined with a non-read-only MCP server, could allow for arbitrary aggregation pipeline injection. The `/api/mcp/aws-debug` endpoint exposes environment variable names and checks for the existence of AWS credential files without authentication, which could aid an attacker in mapping the environment in a production setting. However, for a demonstration, and with the read-only constraint, the risks are well-contained.

Updated: 2025-12-17GitHub→

Medium Cost

jira-mcp-server

by ankitranjan5

Sec7

A Spring Boot service providing OAuth2 authenticated tools for LLM agents to manage Jira issues and Confluence pages.

Setup Requirements

⚠️Requires Atlassian OAuth app credentials (Client ID, Client Secret, Callback URL).
⚠️A strong encryption password for Jasypt (JASYPT_ENCRYPTOR_PASSWORD) must be provided and not be the default 'myencryptionpassword'.
⚠️A PostgreSQL database is required for token storage.

Verified SafeView Analysis

The application securely stores encrypted access and refresh tokens in a PostgreSQL database and uses Jasypt for encryption. It leverages Spring Security for OAuth2 flows. The 'principalName' (UUID) acts as a bearer token for LLM agent authentication; its secrecy is critical. Weak default values for 'jasypt.encryptor.password', 'spring.datasource.username', and 'spring.datasource.password' are present in 'application.yaml' and must be overridden with strong, secret values via environment variables in production. Failure to do so would significantly lower the security posture. No 'eval' or similar dynamic code execution risks were found.

Updated: 2025-12-16GitHub→

High Cost

prompt-learning-mcp

by erichowens

Sec8

Stateful prompt optimization and learning from performance history for LLM-based agents.

Setup Requirements

⚠️Requires OpenAI API Key (Paid Service) for embeddings and LLM-based optimization/evaluation.
⚠️Requires Docker to run local Qdrant (vector database) and Redis (caching) containers.
⚠️Requires Node.js 18+.

Verified SafeView Analysis

The server uses environment variables for API keys and database URLs, avoiding hardcoded secrets. It employs LLM calls for evaluation and optimization, which are generally safe if prompts do not introduce code execution. The `cli.ts` and `setup.ts` scripts utilize `execSync` and `node -e` for system commands and configuration, respectively. While these carry inherent risks, they are used within the context of installation and CLI operations, where the user has initiated the commands. Input validation for `transcript_path` in `handleHook` is limited to existence, but in the context of Claude Code hooks, this path is expected to be controlled by the system. Overall, the security posture is strong for its intended purpose.

Updated: 2025-12-16GitHub→

Medium Cost

figma_mcp_server_actor

by oabolade

Sec9

Enables AI assistants to interact with Figma designs and projects using natural language commands via the Model Context Protocol.

Setup Requirements

⚠️Requires a valid Figma Personal Access Token (PAT).
⚠️Apify deployments result in ephemeral container URLs, requiring frequent updates to AI client configurations and full restarts of the AI client (e.g., Cursor IDE, Claude Desktop) for each new Actor run.
⚠️Full design modification via Figma REST API is limited and may require the Figma Plugin API.

Verified SafeView Analysis

The server implements the Model Context Protocol (MCP) JSON-RPC 2.0 specification, securely wrapping Figma API calls. It uses a `switch` statement to map incoming MCP methods to specific internal functions, preventing arbitrary method invocation. Input parameters for tools are validated via JSON schemas, reducing the risk of injection vulnerabilities. Authentication relies on a Figma Personal Access Token (PAT) provided as an environment variable or input, which is a standard and secure practice for API keys. It explicitly checks for authentication and throws an error if missing. Cross-Origin Resource Sharing (CORS) is set to allow all origins (`Access-Control-Allow-Origin: *`), which is common for public APIs but means requests can be made from any web domain. There are no obvious signs of 'eval', obfuscation, or direct command injection in the provided code snippets. The server leverages caching for GET requests, enhancing performance without introducing security risks. OAuth 2.0 support is planned but not fully implemented, so PAT is the current sensitive secret to manage.

Updated: 2025-12-16GitHub→

PreviousPage 264 of 713Next