Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Abdulmumin1 icon

db-mcp

by Abdulmumin1

Sec6

Provides a secure, read-only interface for AI assistants to execute SQL queries against PostgreSQL or MySQL databases using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Requires an existing PostgreSQL or MySQL database, not self-contained.
  • ⚠️Database connection details (host, user, password, database name, type) must be provided via environment variables (e.g., DB_TYPE, DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE).
Verified SafeView Analysis
The server implements keyword filtering and requires queries to start with 'SELECT' or 'WITH' to enforce read-only operations. It correctly loads database credentials from environment variables and uses connection isolation by connecting and disconnecting for each query. However, the `validateReadOnly` function's deny-list is incomplete; it does not block keywords like `UNION` (which can be used for data exfiltration in a read-only context) or functions that could enable time-based or error-based SQL injection attacks (e.g., `pg_sleep`). Furthermore, the server passes the SQL query as a raw string to the database driver's `query` or `execute` method. While its intent is secure, it does not utilize parameterized queries for values, which is the most robust way to prevent SQL injection. This means if an AI assistant generates a 'SELECT' query with user-controlled input that isn't properly escaped by the AI itself, the server's validation might not catch all read-only injection vectors.
Updated: 2025-11-19GitHub
0
0
High Cost
jaeuk-mrt icon
Sec7

Provides an MCP server to store, retrieve, and manage frontend code review findings as actionable tasks, with a focus on Korean language support and structured feedback based on defined coding standards.

Setup Requirements

  • ⚠️Requires Node.js 18+ and the git command-line tool to be installed on the host system.
  • ⚠️The MCP Host configuration in `.mcp.json` requires absolute paths for the server's command to ensure proper execution.
  • ⚠️The target repository's root path (controlled by `PROJECT_ROOT` environment variable or the `repoPath` tool parameter) is crucial for operations like diff collection and data storage. Incorrect configuration may lead to unintended behavior or data storage locations.
Verified SafeView Analysis
The server uses `execFileAsync` for `git diff` and various file system operations (`fs.mkdir`, `fs.writeFile`, `fs.readFile`, `fs.readdir`, `fs.unlink`). While `execFileAsync` is generally safer than `exec` against shell injection for well-separated arguments, allowing `PROJECT_ROOT`, `DATA_DIR`, or `CUSTOM_RULES_PATH` environment variables (or the `repoPath` tool parameter) to point to arbitrary sensitive paths could potentially lead to unauthorized file access or deletion. This risk is mitigated by assuming the user/host provides trusted environment configurations. No 'eval', hardcoded secrets, or direct network listening (beyond standard I/O for the MCP protocol) were found.
Updated: 2026-01-19GitHub
0
0
Low Cost
waTeim icon

cnpg-mcp

by waTeim

Sec9

Manages PostgreSQL clusters in Kubernetes using the CloudNativePG operator, enabling LLMs to perform database lifecycle operations through natural language commands.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster with the CloudNativePG operator installed.
  • ⚠️Requires appropriate Kubernetes RBAC permissions for the service account to manage CloudNativePG resources and Kubernetes secrets.
  • ⚠️HTTP transport mode (recommended for production) necessitates significant Auth0/OIDC configuration, including API setup, client registration, and environment variables for issuer, audience, client ID/secret, and public URL.
Verified SafeView Analysis
The server employs robust security practices, including comprehensive OIDC/OAuth2 authentication (JWT bearer token validation, JWKS discovery), and careful handling of secrets via Kubernetes Secret mounts. Input validation is enforced using Pydantic models and explicit RFC 1123 checks for resource names. RBAC roles are clearly defined, leveraging CloudNativePG's existing ClusterRoles (e.g., 'edit', 'view') and providing a mechanism for custom roles. Destructive operations (cluster/database deletion) require explicit confirmation. The DCR proxy logic to manage client secrets (capturing, persisting, then stripping from public responses) is designed with security in mind, although inherently complex. No 'eval' or direct shell execution of user input was found. The use of FastAPI and FastMCP provides a secure and well-structured framework.
Updated: 2025-12-09GitHub
0
0
Low Cost
madlinux768 icon

mcp-discovery-server

by madlinux768

Sec6

This server acts as a centralized service discovery registry, allowing microservices to register themselves and discover other services by type.

Setup Requirements

  • ⚠️Requires Node.js runtime environment.
  • ⚠️Requires 'npm install' to set up dependencies.
  • ⚠️No built-in authentication/authorization: requires external security measures if not deployed in a trusted, isolated network.
Verified SafeView Analysis
The server lacks any form of authentication or authorization for registering, updating, or querying services. This means any client capable of reaching the server can interact with the service registry. While it avoids common vulnerabilities like 'eval' or hardcoded secrets, its design assumes deployment within a fully trusted and isolated network, or requires external security measures (e.g., API Gateway, IP whitelisting) to prevent misuse.
Updated: 2026-01-17GitHub
0
0
Medium Cost
trust-delta icon
Sec8

Facilitates seamless transfer of conversation context between different AI chats or projects by providing a local, memory-based MCP server.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Clients need specific configuration file modifications to integrate the MCP server, with varied file paths per client (e.g., Claude Desktop, Codex CLI).
  • ⚠️In 'standalone' mode (no HTTP server), conversation context sharing is limited to applications that run in a single process (e.g., Claude Desktop projects), not across independent CLI tools or tabs.
Verified SafeView Analysis
The server is explicitly designed for local use on trusted machines and binds to localhost by default. It implements input validation for sizes and formats, and has mechanisms to prevent large request bodies (DoS). CORS headers are set to '*' but are mitigated by the localhost binding. No obvious hardcoded secrets, 'eval', or obfuscation were found. However, if 'HANDOFF_SERVER' environment variable is manually configured to a public IP without external security measures, the broad CORS policy and lack of authentication could pose risks.
Updated: 2025-12-13GitHub
0
0
Medium Cost
Darkstar326 icon

duckduckgo-mcp-server

by Darkstar326

Sec8

Provides web search and content fetching capabilities using DuckDuckGo, with results formatted for consumption by large language models.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Designed for Claude Desktop/MCP CLI environment
Verified SafeView Analysis
The server fetches content from arbitrary URLs provided by the LLM via the `fetch_content` tool. While this is its intended functionality, it could be misused by a malicious LLM or user to target internal network resources if the server is deployed in a sensitive environment, or to contribute to DDoSing if abused at scale. No obvious code vulnerabilities (e.g., 'eval', hardcoded secrets) were found.
Updated: 2025-11-27GitHub
0
0
Medium Cost
Hariharan-bit-star icon

MCP_Server

by Hariharan-bit-star

Sec9

Configures Model Context Protocol (MCP) integrations for Jira and GitHub, enabling structured interactions and agent-based automation with these development platforms.

Setup Requirements

  • ⚠️Requires Node.js and npm to execute the `npx` commands for the underlying MCP servers.
  • ⚠️Requires a JIRA_API_TOKEN, which typically involves setting up an API token within a Jira Cloud account.
  • ⚠️Requires a GITHUB_PERSONAL_ACCESS_TOKEN with appropriate permissions for GitHub interactions.
Verified SafeView Analysis
The provided source code is a configuration file that utilizes environment variables for sensitive tokens (JIRA_API_TOKEN, GITHUB_PERSONAL_ACCESS_TOKEN), which is a good security practice. There are no direct instances of 'eval', obfuscation, or hardcoded secrets within this configuration file itself. The overall security posture will heavily depend on the invoked `npx` packages (`mcp-jira-stdio` and `@modelcontextprotocol/server-github`), which are external dependencies and not part of the analyzed source code.
Updated: 2025-12-12GitHub
0
0
Low Cost
Maha234Zaidi icon

mcp-server-practice

by Maha234Zaidi

Sec10

Serves as a developer's profile link within a repository, with no server-specific functionality present in the provided source code snippet.

Verified SafeView Analysis
The provided source code is a static Markdown file (`mahazaidi.md`) containing only text and a URL. It does not contain any executable server code, 'eval', obfuscation, hardcoded secrets (other than a public GitHub URL), or network-related functionality. Therefore, this specific file itself poses no direct security risks. A comprehensive security audit for an 'MCP Server' cannot be performed as no actual server code was provided.
Updated: 2025-11-23GitHub
0
0
Medium Cost
franks42 icon

bb-mcp-server

by franks42

Sec3

A modular platform for hosting AI coding agents and tools, enabling dynamic module loading and diverse communication transports (Stdio, HTTP, REST).

Setup Requirements

  • ⚠️Requires Babashka to be installed.
  • ⚠️The `clojure-lsp` module requires the `clojure-lsp` executable to be present on the system's PATH or a specific executable path to be configured.
  • ⚠️For browser-based REPLs (`sente-browser` module), users must manually open a browser tab to `http://localhost:8091` (default) to establish a WebSocket connection.
  • ⚠️The Code Browser v2 currently has known issues with slow namespace queries and browser click events, making manual browser testing challenging. Unit tests are recommended for server-side logic in v2 development.
Review RequiredView Analysis
The `local-eval` and `nrepl` modules provide full server-side code execution capabilities with no sandbox restrictions. This is a powerful feature for development and dynamic loading but poses a significant security risk if the server is exposed to untrusted users or agents without robust authentication and authorization. While the `streamable-http` module offers optional middleware for CORS, rate limiting, and basic/API key authentication, these are not universally enforced by default across all transports or modules, and `sente-browser` explicitly notes no authentication for local development. Hardcoded secrets are discouraged, with recommendations for environment variables.
Updated: 2026-01-19GitHub
0
0
Low Cost
giantswarm icon

search-mcp

by giantswarm

Sec9

Provides AI assistants with search access to Giant Swarm's public documentation, handbook, and authenticated intranet resources via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Go 1.23+ or Docker to build/run.
  • ⚠️Intranet tools (`read_intranet_url`, `search_runbook`, `search_ops_recipe`) require `OAUTH_ISSUER_URL`, `OAUTH_CLIENT_ID`, and `OAUTH_CLIENT_SECRET` environment variables to be set for authentication.
  • ⚠️In stdio mode, a background HTTP server starts on port 8080 for device authorization, which may conflict with other services or multiple server instances.
Verified SafeView Analysis
The server demonstrates a strong focus on security, particularly for authentication and token management. OAuth 2.1 with PKCE is implemented for intranet access, supporting both HTTP and Device Authorization Grant flows. Tokens are encrypted at rest using AES-256-GCM with a machine-derived key and stored with restrictive 0600 file permissions. All OAuth communication uses HTTPS, and tokens are explicitly prevented from being logged. Critical domain replacement for intranet requests is implemented to align with JWT authentication. No `eval` or dynamic code execution patterns were found. A minor potential friction point is the background HTTP server for device flow, which defaults to port 8080 in stdio mode, potentially leading to port conflicts.
Updated: 2026-01-16GitHub
0
0
Low Cost
newerton icon

mcp-investidor10

by newerton

Sec8

This MCP server provides tools to query stock market data, such as stock prices and financial indicators, from the Investidor10 API.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Functionality is dependent on the external Investidor10 website's structure (for HTML scraping) and API endpoints, which could change and break the tool.
Verified SafeView Analysis
The server uses `fetch` to interact with the external Investidor10 API and `cheerio` for HTML parsing, which is common for web scraping. Input validation is implemented using Zod. No instances of `eval` or code obfuscation were found. There are no hardcoded API keys or sensitive credentials. The main risk relies on the stability of the external website's HTML structure for data extraction.
Updated: 2026-01-15GitHub
0
0
Medium Cost
ismaeldosil icon
Sec8

The BeneFisio Coordination MCP Server provides a centralized system for multi-agent coordination, managing tasks, communication, and system state using a SQLite database and exposing tools via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js v20.0.0 or higher.
  • ⚠️Hardcoded paths for `finashopping-docs` (e.g., `/Users/admin/Projects/Precisa/finashopping/finashopping-docs`) exist in `src/tools/agents.ts` and `src/generators/markdown-generator.ts` and will need adjustment to match deployment environment unless the relative paths resolve correctly.
  • ⚠️Requires specific Claude Desktop configuration (`claude_desktop_config.json`) for full integration as outlined in the README.
Verified SafeView Analysis
The server appears well-designed with strong internal security practices, including explicit fixes for TOCTOU race conditions (BUG-001) using SQLite transactions and proper parameterization to prevent SQL injection. It utilizes environment variables for sensitive paths and webhook URLs, which is good practice. The HTTP health endpoint has broad CORS ('Access-Control-Allow-Origin: *'), which is acceptable for monitoring but should be noted. The primary external risk would be if environment variables for webhooks (`BACKUP_ALERT_WEBHOOK`, `MONITOR_ALERT_WEBHOOK`) are misconfigured or controlled by untrusted entities, potentially leading to data exfiltration or SSRF, though this assumes an compromised environment setup.
Updated: 2026-01-19GitHub
PreviousPage 267 of 713Next