Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

9
1
Low Cost
1999AZZAR icon
Sec3

Provides a Model Context Protocol (MCP) interface for executing commands locally or remotely via SSH, enabling AI models to interact with system terminals.

Setup Requirements

  • ⚠️Requires SSH key-based authentication (`~/.ssh/id_rsa` or `SSH_KEY_PATH` environment variable) for remote execution.
  • ⚠️Shell configuration errors (e.g., from oh-my-bash or alias-hub) can cause server startup issues, requiring execution with `bash --noprofile --norc`.
  • ⚠️Requires Node.js version 18 or higher.
Review RequiredView Analysis
The server is highly vulnerable to command injection. The `executeCommand` function passes user-supplied `command` strings directly to `child_process.exec` (for local execution) and `ssh2` shell streams (for remote interactive shell execution) without robust shell-specific escaping or sanitization. While `executeWithExec` attempts basic double-quote escaping, it does not reliably mitigate other shell metacharacters, allowing potential execution of arbitrary commands. The `CONTRIBUTING.md` highlights the importance of input validation and never executing user input directly, but this principle is not fully implemented in the core command execution logic.
Updated: 2025-12-17GitHub
9
1
Low Cost
HermanErKu icon
Sec9

Manages iCloud Calendar events, allowing listing and creation of events.

Setup Requirements

  • ⚠️Requires generating an App-specific password from your Apple ID account management page.
  • ⚠️Requires a Python environment with the specified dependencies (caldav, icalendar, fastmcp, python-dotenv).
  • ⚠️Specific configuration steps are outlined for integration with Claude Desktop.
Verified SafeView Analysis
The server relies on environment variables for sensitive iCloud credentials (Apple ID and app-specific password), which is a good security practice. No hardcoded secrets, `eval` usage, or obvious direct code vulnerabilities were found. It connects to the official iCloud CalDAV server over HTTPS, which is expected and secure. The primary security consideration is the secure management of the `.env` file or environment variables in the deployment environment.
Updated: 2025-12-15GitHub
9
1
Low Cost
YouMap-app icon

youmap-mcp

by YouMap-app

Sec9

An MCP (Model Context Protocol) server for the YouMap API, enabling AI assistants to create and manage maps, posts, and geographic content through natural language interactions.

Setup Requirements

  • ⚠️Requires YouMap API credentials (either YOUMAP_API_KEY or YOUMAP_CLIENT_ID and YOUMAP_CLIENT_SECRET) to function.
  • ⚠️Image generation and search tools (`generate_image`, `search_image`) require additional external API keys: SERP_API_KEY, BFL_API_KEY, and UNSPLASH_ACCESS_KEY.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server uses environment variables for all API keys and secrets, avoiding hardcoding. It handles authentication (API key and OAuth 2.0) with token refresh. External image APIs (SerpAPI, Unsplash, BFL) are used, with the `search_image` tool including logic to filter low-quality or watermarked images and validate URLs before returning them, which is a good security practice. The HTTP server mode uses 'cors' with 'origin: true' (allowing all origins), which is a common pattern for API tools but should be secured at the infrastructure level (e.g., via a WAF) in production to prevent unintended access if not behind an API gateway.
Updated: 2025-12-17GitHub
9
1
Medium Cost
SatyasaiNandigam icon

practice-mcp-server

by SatyasaiNandigam

Sec8

A personal AI assistant backend server for managing notes, tasks, and calendar events, with web scraping and semantic search capabilities.

Setup Requirements

  • ⚠️Requires an OpenAI API Key for embedding functionality (paid service).
  • ⚠️Requires a running Qdrant instance, accessible at 'http://localhost:6333' by default.
  • ⚠️Requires Google API credentials (credentials.json) and an OAuth setup for Google Calendar features.
Verified SafeView Analysis
The server primarily uses parameterized queries for SQLite interactions, which is good practice for preventing SQL injection. Manual sanitization is performed for `LIKE` clauses in `get_notes` and `search_notes` (replacing single quotes), which provides some protection but is less robust than true parameterization for pattern matching. Web scraping uses a request timeout, and Google Calendar integration follows a standard OAuth flow, storing tokens securely. No `eval` or obvious obfuscation detected.
Updated: 2025-12-15GitHub
8
1
Medium Cost
mbrock icon

busker

by mbrock

Sec7

Persistent, observable, and re-attachable process sessions for CLI commands, primarily intended as infrastructure for LLM coding agents and general task management. It provides structured output logging and integrates with RDF knowledge graphs.

Setup Requirements

  • ⚠️Requires a C compiler (e.g., gcc) for CGO dependencies (libvterm).
  • ⚠️The default backend requires Linux with systemd and a D-Bus session bus. A portable 'posix' backend is available, but the systemd integration is central to the project's vision.
  • ⚠️Requires a pre-built `swash` binary or running `make build` to correctly handle CGO flags and vendored headers; direct `go build` may fail.
Verified SafeView Analysis
The project's core functionality involves executing arbitrary commands (`swash run`), which is inherently high-risk, requiring careful input sanitization and execution context control. While WASM components (oxigraph, libvterm) provide sandboxing for those specific libraries, the main Go application itself is not sandboxed. The `systemd` backend leverages robust process management, but relies on correct configuration and the integrity of systemd itself. The custom Go implementation of the journal file format (`pkg/journalfile`), involving low-level binary I/O and hash table management, is complex and could be a source of subtle bugs. The HTTP API (`swash http serve`) and RDF graph service (`swash graph serve`) are potential network attack surfaces if exposed publicly, allowing for unauthorized command execution, SPARQL injection, or resource exhaustion. It is critical to ensure these services are bound to localhost or Unix sockets and secured appropriately for local access only.
Updated: 2025-12-13GitHub
8
1
Medium Cost
Ahmeth4n icon

renef-mcp

by Ahmeth4n

Sec5

Provides an MCP server interface to the Renef dynamic instrumentation toolkit for Android ARM64 reverse engineering and security analysis.

Setup Requirements

  • ⚠️Requires ADB (Android Debug Bridge) to be installed and configured on the host machine.
  • ⚠️Requires a rooted Android device for most functionality (e.g., starting renef_server, deploying binaries).
  • ⚠️The `renef` CLI binary and `libagent.so` must be present locally and deployed to the Android device, which is handled by the `renef_server_deploy` tool.
Review RequiredView Analysis
The server acts as a wrapper for the `renef` CLI, a dynamic instrumentation toolkit for Android ARM64. Its core functionality involves executing powerful commands on a connected Android device, including: 1. **Arbitrary Lua Code Execution**: Tools like `renef_exec` and `renef_zero_copy_multiline_exec` directly execute user-provided Lua scripts on the target device. If the MCP server is exposed to untrusted input, this could lead to arbitrary code execution on the rooted Android device. 2. **Root Privileges**: Many operations (e.g., `renef_server_start`, `renef_server_logs`) invoke `adb shell su -c ...`, requiring root access on the target Android device. This grants the server (and any user interacting with it) extensive control over the device. 3. **Process Manipulation and Memory Patching**: By design, `renef` performs hooking, memory modification, and code injection on target processes. These are inherently high-risk operations if used improperly or with malicious intent. The server itself does not appear to contain typical web/application vulnerabilities (e.g., SQL injection, XSS) in its Python implementation. However, due to its purpose as a control plane for a powerful security tool, it enables operations that carry significant security risks if operated with untrusted input or in an insecure environment. Users should exercise extreme caution and ensure inputs are validated and controlled.
Updated: 2025-12-15GitHub
8
1
Medium Cost
l4b4r4b4b4 icon

portfolio-mcp

by l4b4r4b4b4

Sec9

A financial portfolio management and analysis server for AI agents, providing tools for data fetching, analysis, optimization, and secure handling of financial data.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Using 'uv' for dependency management is recommended.
  • ⚠️For persistent caching in HTTP modes (SSE, streamable-http), a Redis server is implicitly assumed/recommended unless 'CACHE_BACKEND' is explicitly set to 'sqlite' or 'memory'.
  • ⚠️For local development with Claude Desktop, specific configuration in `~/.config/claude/claude_desktop_config.json` is required to integrate the server.
Verified SafeView Analysis
The server uses `mcp-refcache` for robust access control (e.g., `EXECUTE` permission for blind computation with secrets), preventing AI agents from directly reading sensitive cached values. No direct `eval` or `exec` calls were found. Environment variables are used for sensitive configurations like Redis connection URLs, and the default host `0.0.0.0` for HTTP modes is explicitly noted as intentional for container deployments. External API calls to Yahoo Finance and CoinGecko are made using standard libraries and include basic error handling.
Updated: 2025-12-15GitHub
8
1
Medium Cost
Technisanct icon

falconfeeds-mcp

by Technisanct

Sec9

This server provides real-time cybersecurity threat intelligence, including CVEs, IOCs, threat actors, and threat feeds, through the Model Context Protocol to enhance AI-driven threat analysis and reporting.

Setup Requirements

  • ⚠️Requires a FalconFeeds.io API Key, which must be obtained from their dashboard and may require a paid plan with sufficient credits.
  • ⚠️Requires Node.js version 18.0.0 or higher to run.
Verified SafeView Analysis
The server uses `zod` for robust input validation on all tool parameters, which is excellent for preventing injection attacks. API keys are handled securely via environment variables (`FALCONFEEDS_API_KEY`) and explicitly marked as sensitive in the manifest. All external network communication is directed to a specific, trusted API endpoint (FalconFeeds.io) over HTTPS. Error handling for API calls is specific and well-defined using `FalconFeedsApiError`. No 'eval' or other directly dangerous functions are used on untrusted input. The reliance on an external API (FalconFeeds.io) introduces an inherent, albeit managed, third-party dependency risk.
Updated: 2025-12-16GitHub
8
1
Low Cost
stephaneberle9 icon

authful-mcp-proxy

by stephaneberle9

Sec9

A Model Context Protocol (MCP) proxy server that performs OIDC authentication to obtain access tokens for remote MCP servers protected by token validation, and bridges HTTP transport to local stdio for MCP clients.

Setup Requirements

  • ⚠️Requires `uvx` (part of the `uv` package manager) to be installed.
  • ⚠️Requires an OIDC provider with a pre-configured client ID and issuer URL.
  • ⚠️The OIDC client must have `http://localhost:8080/auth/callback` (or a custom redirect URL) registered as an allowed redirect URI.
Verified SafeView Analysis
The server implements OAuth 2.0 Authorization Code Flow with PKCE, which is a secure method for public clients. It uses `secrets.compare_digest` for state validation to prevent CSRF, and securely stores tokens using a local `DiskStore`. Configuration (client ID, secret) is expected via environment variables or CLI arguments, preventing hardcoded secrets. The proxy opens a local HTTP server for OIDC redirects, which is a standard and expected behavior for desktop applications. While local token storage always carries an inherent risk if the user's machine is compromised, the implementation adheres to OIDC best practices to minimize common vulnerabilities.
Updated: 2025-12-16GitHub
8
1
Low Cost
craigsloggett icon

personal-mcp-server

by craigsloggett

Sec10

This project implements a command-line utility for searching text within files, supporting both case-sensitive and case-insensitive queries.

Setup Requirements

  • ⚠️Requires Rust toolchain installed (specific version 1.92.0 is recommended as per project configuration).
Verified SafeView Analysis
The source code is simple, performing basic file reading and string matching operations. There are no 'eval' calls, dynamic code execution, network operations, or hardcoded secrets. It poses minimal security risks based on the provided logic.
Updated: 2025-12-15GitHub
8
1
High Cost
marmyx77 icon

gemini-mcp-pro

by marmyx77

Sec9

A full-featured Model Context Protocol (MCP) server for Google Gemini AI, enabling multimodal capabilities, web search, RAG, advanced reasoning, and comprehensive code analysis within MCP-compatible clients like Claude Code.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key, which must be set as a `GEMINI_API_KEY` environment variable.
  • ⚠️Requires Python 3.9 or higher to run.
  • ⚠️Interaction with the server is typically done via the Claude Code CLI, which needs to be installed separately.
Verified SafeView Analysis
The project demonstrates a very strong focus on security, incorporating extensive measures such as path sandboxing (`validate_path`, `secure_read_file`, `secure_write_file`) to prevent directory traversal and TOCTOU race conditions. It uses `SafeFileWriter` for atomic, backed-up, and permission-preserving file operations with cross-platform file locking. The `SecretsSanitizer` effectively masks sensitive data in logs and outputs, utilizing ReDoS-safe regex patterns with timeout protection. LLM output for code generation is securely parsed with `defusedxml` and includes validation for actions and generated paths to prevent injection attacks. DoS protection is implemented via file size limits (5MB total for codebase analysis, 1MB for sanitization inputs). Pydantic schemas enforce robust input validation, and the Docker deployment employs hardening techniques like a read-only filesystem and non-root user execution. SQLite conversation storage has restrictive file permissions. The `ToolRegistry` prevents loading plugins from world-writable directories.
Updated: 2025-12-15GitHub
8
1
Medium Cost
FallDownTheSystem icon

converse

by FallDownTheSystem

Sec3

Orchestrates and exposes various AI tools (chat, multi-model consensus, job management) over the Model Context Protocol, enabling local, persistent, and potentially asynchronous AI interactions across multiple Large Language Model (LLM) providers.

Setup Requirements

  • ⚠️Requires API keys for various Large Language Models (LLMs) (e.g., OpenAI, Google, Anthropic), most of which are paid services and need individual setup.
  • ⚠️Specific LLM providers (Gemini CLI, Claude SDK, Codex) require additional software installations (e.g., `@google/gemini-cli`, `@anthropic-ai/claude-agent-sdk`, `@openai/codex-sdk`) and unique authentication steps beyond just API keys (e.g., OAuth login, CLI authentication).
  • ⚠️The server, when processing file inputs, can read any file on the host system where the Node.js process has permissions, posing a significant security risk if not run in a secured and isolated environment.
Review RequiredView Analysis
The `processUnifiedContext` function, used by `chatTool` and `consensusTool`, explicitly disables file path security checks (`enforceSecurityCheck: false, skipSecurityCheck: true`). This allows the AI model to request and read any file on the server's filesystem that the Node.js process has read access to. This bypasses fundamental path validation and could lead to unauthorized information disclosure if the server is exposed or compromised. While file export operations correctly sanitize output paths, input file reading is vulnerable.
Updated: 2025-12-15GitHub
PreviousPage 265 of 713Next