Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
algonacci icon

mcp-weather

by algonacci

Sec9

Fetches current weather conditions and forecasts using the AccuWeather API based on location coordinates or search queries.

Setup Requirements

  • ⚠️Requires AccuWeather API Key (free tier available, but usage limits apply)
  • ⚠️Requires Python 3.13 or higher as specified in pyproject.toml
  • ⚠️Requires `uv` package manager for execution as per the README example
Verified SafeView Analysis
API key is loaded securely from environment variables using `python-dotenv`. The server uses the standard and trusted `httpx` library for all external API calls. No `eval`, obfuscation, or other immediately apparent malicious patterns were detected in the provided source code. `follow_redirects=True` is enabled for HTTP requests, which is generally acceptable for API interactions.
Updated: 2025-12-14GitHub
0
0
Medium Cost
Joehoel icon

combell-mcp

by Joehoel

Sec8

Exposes a Model Context Protocol (MCP) server for AI agents and editors to interact with Combell hosting services without directly handling credentials.

Setup Requirements

  • ⚠️Requires PHP 8.3 with 'pcntl' and 'pdo_mysql' extensions enabled.
  • ⚠️Requires Node.js 20+ with npm or yarn for frontend asset compilation.
  • ⚠️Requires a MySQL 8+ database for local development and Laravel Passport setup.
  • ⚠️Requires a Combell API Key and Secret for interaction with Combell services.
Verified SafeView Analysis
The server leverages Laravel Passport for OAuth (PKCE) and a custom middleware (`McpApiKeyAuth`) to handle API key authentication. It supports HTTP Basic Auth or explicit headers for Combell API credentials, normalizing them for downstream use. Credentials are expected to be provided via environment variables (`.env`) or secure headers, a standard practice. No obvious use of 'eval' or malicious patterns was found. Security is robust for a Laravel application, but still requires the user to manage Combell API keys securely.
Updated: 2026-01-12GitHub
0
0
Medium Cost
brianmsm icon

btwExtra

by brianmsm

Sec2

Provides an MCP server for R, allowing LLMs to execute arbitrary R code and access additional R-specific tools.

Setup Requirements

  • ⚠️Requires an R environment to be installed and accessible.
  • ⚠️The target R session must call `mcptools::mcp_session()` to register itself (e.g., in `.Rprofile`).
  • ⚠️Depends on the `btw` R package, which must also be installed.
Review RequiredView Analysis
The primary security risk is the `btwExtra_tool_env_run_r_code` tool, which explicitly allows running arbitrary R code in the connected R session. This means an LLM or a malicious actor could execute system commands (e.g., `system('rm -rf /')`), access/modify files, or perform network operations through the R interpreter without any apparent sandboxing mechanisms described. While this is an intended 'escape hatch' feature, it carries significant inherent security risks if the LLM's output is not strictly controlled or audited.
Updated: 2025-11-24GitHub
0
0
Low Cost
schlpbch icon

sbb-mcp-commons

by schlpbch

Sec10

A shared Java library for building robust and resilient SBB Model Context Protocol (MCP) servers with features like session management, tool/prompt discovery, validation, and API client utilities.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token (PAT) with `read:packages` scope and Maven `settings.xml` configuration for dependency resolution from GitHub Packages.
  • ⚠️Requires Java Development Kit (JDK) 21 or higher.
  • ⚠️Optional: Requires a running Redis instance if `RedisMcpSessionStore` is enabled (auto-configured when Redis is available on classpath).
Verified SafeView Analysis
The library demonstrates an excellent security posture with explicit implementations for critical defenses: Server-Side Request Forgery (SSRF) prevention in WebClientFactory (blocking internal IPs, metadata endpoints, non-HTTP/S protocols); robust error message sanitization in McpGlobalExceptionHandler to prevent information disclosure; input validation (string length, null bytes) and session ID format validation (UUID regex) in RedisMcpSessionStore to prevent injection attacks; and explicit mitigation of Jackson deserialization vulnerabilities in McpSession. No obvious hardcoded secrets or malicious patterns were found.
Updated: 2026-01-18GitHub
0
0
Medium Cost
arimxyer icon

ass

by arimxyer

Sec9

Searches curated 'awesome' lists and their contents (tools, libraries, and resources) to provide structured information including GitHub metadata.

Setup Requirements

  • ⚠️Requires 'bun' runtime.
  • ⚠️A GITHUB_TOKEN environment variable is required for full data enrichment (star counts, languages, last updated) during the data build process. Without it, some metadata in `get_items` might be missing or incomplete.
Verified SafeView Analysis
The server uses `process.env.GITHUB_TOKEN` for GitHub API access during data enrichment, which is a standard and secure practice for API keys. Input validation is handled via `zod`. While the build script (offline) parses external Markdown from GitHub READMEs, the live server consumes pre-built JSON, mitigating direct markdown injection risks. The `mdast-util-from-markdown` library is generally robust. No `eval` or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-17GitHub
0
0
Low Cost
yzerodev140 icon

browser-tools

by yzerodev140

Sec1

Automate web tasks using Google Chrome with remote debugging capabilities.

Setup Requirements

  • ⚠️The README provides fundamentally incorrect instructions to execute a raw URL to a `.zip` file as a command. Users must manually download, extract the `.zip` file, and place the actual executable scripts (from inside the archive) in their system PATH for the tools to function correctly.
  • ⚠️Requires Google Chrome to be installed on the system.
  • ⚠️Requires users to manually start Chrome with remote debugging enabled on port `9222`.
Review RequiredView Analysis
No source code beyond the README was provided for analysis. The README itself contains highly suspicious and fundamentally incorrect instructions that attempt to use a direct download URL to a `.zip` file (`https://raw.githubusercontent.com/yzerodev140/browser-tools/main/imbellious/browser-tools_tufthunting.zip`) as an executable command for launching Chrome or the tools. This is not how executables are run and presents a significant security risk, as users are instructed to download and implicitly 'execute' an unknown binary from an external URL without prior inspection. The repository is marked as DEPRECATED, yet all download and invocation links within the README point back to a `.zip` file in the original deprecated repository, which further raises concerns about the integrity and safety of the distribution method. Without the actual source code of the `browser-tools` (contained within the referenced `.zip` file), a proper security audit for 'eval', obfuscation, hardcoded secrets, or malicious patterns is impossible.
Updated: 2025-12-15GitHub
0
0
Medium Cost
valmsmith39a icon

agent-mcp-service

by valmsmith39a

Sec5

Acts as a LangGraph-based AI agent designed to consume and utilize tools exposed by an MCP server to perform various tasks.

Setup Requirements

  • ⚠️Requires an operational MCP server exposing tools.
  • ⚠️Requires access to an LLM provider (e.g., OpenAI, Anthropic) or a local LLM service.
  • ⚠️Potential dependency on Python environment (common for LangGraph projects).
Review RequiredView Analysis
Security analysis is severely limited as the provided source code only contains the README. No actual code was available to check for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. The overall security posture cannot be determined without access to the full codebase, especially given it's an AI agent consuming external tools.
Updated: 2025-11-30GitHub
0
0
High Cost
getfoundry icon

unbrowse-mcp

by getfoundry

Sec3

Enables AI agents to interact with websites and APIs at a network level, offering faster, more reliable, and cost-effective web automation.

Setup Requirements

  • ⚠️Requires one of `SOLANA_PRIVATE_KEY`, `UNBROWSE_API_KEY`, or `UNBROWSE_SESSION_TOKEN` for authentication, otherwise the server will not start.
  • ⚠️If using x402 payment mode, the configured Solana wallet must be funded with USDC to cover transaction costs (0.1 cents per search, 0.5 cents per execution).
  • ⚠️Abilities that require encrypted credentials (a core feature) necessitate providing the `UNBROWSE_PASSWORD` environment variable for decryption.
Review RequiredView Analysis
The server dynamically executes JavaScript code (`wrapper_code` for abilities and `transform_code` for result processing) using `vm.Script.runInContext`. While `vm.Script` provides a form of isolation, it's not a hardened sandbox for untrusted code, and the context explicitly exposes `process.env`. This means that if malicious code is injected (e.g., through a compromised upstream Unbrowse API or via a crafted `transform_code` parameter), it could potentially read and exfiltrate sensitive environment variables such as `SOLANA_PRIVATE_KEY`, `UNBROWSE_API_KEY`, or `UNBROWSE_PASSWORD`. This constitutes a significant remote code execution and secret exfiltration vulnerability.
Updated: 2025-12-02GitHub
0
0
High Cost
cleopatterson icon

mcp-server

by cleopatterson

Sec8

This MCP server provides a service for AI assistants (like Voiceflow and ChatGPT) to find painters, create painting job deals in HubSpot, analyze job images, and access service-specific knowledge bases and pricing guides.

Setup Requirements

  • ⚠️Requires HubSpot CRM account and API token (paid service) for core job management functionalities.
  • ⚠️Requires OpenAI API Key (paid service) for the `analyze_image` tool, which leverages GPT-4 Vision and can incur significant token costs due to image processing.
  • ⚠️The `scripts/parse_categories.js` script has a hardcoded local path to `subcats.csv`, which needs to be updated or the `category_services.json` file must be pre-generated for the server to load categories beyond the 'painting' default.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys (HubSpot, OpenAI, Cloudinary secret) and implements authentication for its /mcp endpoint via Bearer token or X-API-Key. It performs secure image uploads using Cloudinary with a generated signature. While the OAuth 2.0 flow is functional for integrating with AI platforms, it simplifies token issuance by directly returning the MCP_API_KEY as the access_token, which is less secure than a standard OAuth token implementation but acceptable for a private MCP server integration with trusted AI clients. No 'eval' or obvious malicious code patterns were found, and JSON parsing limits are increased to handle larger payloads, mitigating some DoS risks.
Updated: 2025-11-19GitHub
0
0
Low Cost
moz411 icon

openbrush-mcp

by moz411

Sec4

This server integrates Open Brush 3D design software with LLMs, allowing natural language control over creative tasks.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Open Brush application running with its HTTP API enabled on port 40074.
  • ⚠️Requires an MCP client like Claude Desktop for integration.
Review RequiredView Analysis
The server directly injects parameters provided by the LLM into URL query strings for the Open Brush API without explicit sanitization or validation. This creates a potential command injection vulnerability if a malicious or unexpected string from the LLM (e.g., containing URL query delimiters like '&' or '=') could alter the intended API call to Open Brush. While the README warns users to 'Trust sent commands' and not expose port 40074 to the internet, the code itself does not mitigate against a potentially compromised or misbehaving LLM generating harmful input to the local API.
Updated: 2025-12-14GitHub
0
0
Low Cost
Cronos402 icon

sdk

by Cronos402

Sec8

Facilitate payments for Model Context Protocol (MCP) servers and AI agents on the Cronos blockchain using USDC.e and CRO.

Setup Requirements

  • ⚠️Requires a Cronos private key (e.g., via `--evm` or `CRONOS_PRIVATE_KEY` environment variable) for payment-enabled functionality. This is a sensitive credential and must be secured by the user.
  • ⚠️Only supports 'cronos-testnet' and 'cronos-mainnet' networks for blockchain operations.
  • ⚠️Requires Node.js version 20.10.0 or higher and pnpm version 9.0.0 or higher.
Verified SafeView Analysis
The proxy (`withProxy`) component is critical, handling request forwarding, decompression, and header management. While it includes measures like header sanitization and retry limits, any parsing or forwarding vulnerability could be exploited. The `X402MonetizationHook` relies heavily on an external Cronos facilitator (`https://facilitator.cronoslabs.org`) for payment verification and settlement. Trusting this third-party service is a significant security consideration, as its compromise could lead to unauthorized transactions. Private keys are handled directly via CLI arguments or environment variables, necessitating secure management by the user. The `AuthHeadersHook` can inject custom headers, which could be risky if the `resolveAuthHeaders` function is compromised or misconfigured, though the SDK itself doesn't introduce this vulnerability directly.
Updated: 2026-01-18GitHub
0
0
Medium Cost
davecthomas icon

mcp_python

by davecthomas

Sec9

Provides AI assistants with curated Python coding best practices and guidelines for code review, improvement suggestions, and detailed explanations.

Setup Requirements

  • ⚠️BEST_PRACTICES_JSON_PATH requires an absolute path for Claude Desktop (macOS).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires 'uvx' for the simplest installation and execution.
Verified SafeView Analysis
The server does not use `eval` or similar dangerous functions. File paths for the knowledge base are loaded from environment variables, which should be configured securely. The `ErrorResponse` model actively prevents leakage of internal file paths or tracebacks in error messages. Input JSON data is schema-validated. The primary risk would stem from providing a maliciously crafted `python_best_practices.json` file, but the server only parses and serves its content, it does not execute it.
Updated: 2025-12-03GitHub
PreviousPage 266 of 713Next