Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
aaron-howard icon

MCP-Learning

by aaron-howard

Sec10

Provides practical guidance for end-users on configuring and managing Model Context Protocol (MCP) servers with LLM clients, focusing on best practices and avoiding common pitfalls like context/tool overload.

Setup Requirements

  • ⚠️Requires a separate executable MCP server implementation (this repository is only documentation for configuring them).
  • ⚠️External MCP server runtime (e.g., Node.js or Python) must be available in PATH.
  • ⚠️MCP client capabilities and configuration file locations vary significantly by client and version.
  • ⚠️GUI applications may not inherit environment variables (like GITHUB_TOKEN) from the shell, requiring specific client-side configuration.
  • ⚠️Requires careful management of API tokens with least privilege, as specified in external MCP server documentation.
Verified SafeView Analysis
The provided source code consists solely of Markdown documentation files; it contains no executable code. Therefore, there are no inherent security risks such as 'eval', obfuscation, hardcoded secrets, or malicious patterns within this repository's code. The documentation, however, offers strong guidance on security best practices for external MCP servers, including using least privilege tokens, environment variables for secrets, and treating tool outputs as untrusted.
Updated: 2025-12-14GitHub
0
0
Medium Cost
rishitha-max icon

MCP-Servers-with-Tools

by rishitha-max

Sec8

Integrates external APIs (National Weather Service, Rick and Morty GraphQL) into an MCP-compatible server to expose them as tools for AI agents and interactive clients.

Setup Requirements

  • ⚠️Requires `GROQ_API_KEY`, which might involve costs depending on usage.
  • ⚠️The MCP client configuration files (`server/weather.json`, `graphqlserver/graphql.json`) contain hardcoded absolute paths for the server scripts (`/Users/rishitha.appikonda/...`), which need to be updated to match the local repository path.
  • ⚠️Requires Python 3.11+ and `uv` (or `pip`) for dependency management.
Verified SafeView Analysis
The server uses `httpx` for external API requests, which are wrapped with `try...except` blocks and `response.raise_for_status()` for basic error handling. Sensitive API keys like `GROQ_API_KEY` are correctly sourced from environment variables. No 'eval' or obvious obfuscation. External API calls inherently carry risk, but the implementation adheres to good practices.
Updated: 2025-12-15GitHub
0
0
Low Cost
iamhamidrezaee icon

MightyAI-Coding-Challenge

by iamhamidrezaee

Sec5

Tests and monitors the performance and reliability of external Model Context Protocol (MCP) servers.

Review RequiredView Analysis
The application is vulnerable to Server-Side Request Forgery (SSRF) as it directly uses a user-provided `server_url` in `requests.post` without validation or sanitization. An attacker could potentially use this to make the tester server initiate requests to internal network resources or arbitrary external IPs. No `eval` or `exec` functions are used, and database interactions use parameterized queries, mitigating SQL injection.
Updated: 2025-12-10GitHub
0
0
Low Cost
BlockSecCA icon

ubuntu-shell-mcp

by BlockSecCA

Sec8

Execute bash commands on a remote Ubuntu server from Claude Desktop via a persistent SSH connection.

Setup Requirements

  • ⚠️This repository is DEPRECATED and superseded by `generic-ssh-mcp`, meaning it will not receive further updates.
  • ⚠️Requires manual SSH key setup (generation and placement of public key on the Ubuntu server and explicit private key path on Windows).
  • ⚠️Does not support interactive commands, which are automatically detected and rejected.
  • ⚠️No persistent shell state; each command runs in a fresh bash environment.
Verified SafeView Analysis
The server (`server/index.js`) uses the well-vetted `ssh2` Node.js library for persistent SSH connections. Sensitive configuration (host, user, private key path) is provided by the user via arguments, not hardcoded. It includes a robust mechanism to detect and reject common interactive commands (e.g., `sudo` without arguments, `vim`, `top`, `python` without script files), which helps prevent hanging sessions and potential misuse. Direct command execution is its core function, and while this always carries inherent risk, the tool's design mitigates common pitfalls. The SSH client configuration in `server/index.js` does not disable host key checking, relying on standard SSH security practices. A significant vulnerability (`-o StrictHostKeyChecking=no`) was identified in an older, non-primary entry point (`ubuntu_server_js.js`), but this is not used by the current `2.0.0` version based on `package.json` and `manifest.json` configuration. Therefore, the security score reflects the active `server/index.js` implementation.
Updated: 2025-11-21GitHub
0
0
Medium Cost
ht-fujimoto icon

estat-aws-mcp-server

by ht-fujimoto

Sec8

This server acts as a client for the e-Stat data portal, enabling natural language search, fetching, transformation, and analysis of Japanese government statistics, optimized for AWS environments.

Setup Requirements

  • ⚠️Requires an e-Stat API Key (free registration required).
  • ⚠️Requires AWS credentials (Access Key ID, Secret Access Key) with permissions for S3, Athena, and Glue services, or an IAM role for Fargate tasks.
  • ⚠️Python 3.11+ is the base image used in Dockerfiles, implying compatibility is primarily for this version or newer.
Verified SafeView Analysis
The project follows good security practices by retrieving sensitive information (e-Stat API key, AWS credentials) from environment variables rather than hardcoding them in the core application logic. Error handling explicitly redacts API keys and AWS secrets from logs and responses. IAM roles are defined with specific, least-privilege permissions for AWS services (S3, Athena, Glue). Network security relies on VPC and security groups. A minor potential risk could be path traversal if the 'local_path' parameter in 'download_csv_from_s3' is directly controlled by an untrusted user without further sanitization, although this is a server-side tool and typically used within a controlled environment. The `universal_dataset_metadata_extractor.py` standalone script hardcodes an API key, but this appears to be a separate utility and not part of the main MCP server's deployed logic.
Updated: 2026-01-19GitHub
0
0
Low Cost
gleachkr icon

aristotle-mcp

by gleachkr

Sec6

Enables LLMs to prove theorems in Lean and formalize mathematical problems via the Aristotle API.

Setup Requirements

  • ⚠️Requires Aristotle API Key (likely a paid service)
  • ⚠️Requires 'uv' for dependency management and running the server
  • ⚠️Requires Python 3.13 or newer
Review RequiredView Analysis
The server directly uses user-provided file paths for reading and writing operations (e.g., `file_path`, `save_solution_to`, `save_to`). This creates a significant risk of path traversal if an untrusted LLM or external actor can control these arguments, potentially allowing read/write access to arbitrary files on the system. The server should implement robust input validation and sanitization for all file-related arguments or operate within a highly restricted sandbox environment.
Updated: 2025-12-11GitHub
0
0
Medium Cost
hilitb icon

project-mcp

by hilitb

Sec2

Provides an AI-native interface for managing project documentation, tasks, and architectural decisions through intent-based search and structured workflow tools.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Relies on an MCP client (e.g., Cursor, Claude Desktop) for interaction, as it runs via the Model Context Protocol.
  • ⚠️No authentication or authorization is performed; the server implicitly trusts the connecting MCP client, posing a significant security risk if exposed to an untrusted environment beyond a local, trusted development setup.
Review RequiredView Analysis
The server explicitly states that 'No authentication is performed - the server trusts the MCP client' and 'File paths are resolved relative to the current working directory'. Tools like `get_doc` and `readResource` take user-provided paths (`path` and `uri` arguments respectively). Although paths are resolved against predefined project directories (e.g., `PROJECT_ROOT`, `DOCS_DIR`), a malicious MCP client could craft path traversal sequences (e.g., `../../../../etc/passwd`) to read arbitrary files on the host system where the server is running. This is a severe vulnerability without proper sandboxing or authentication at the MCP client layer or server deployment environment, as it allows unauthorized data exfiltration.
Updated: 2026-01-19GitHub
0
0
Medium Cost
sasharm8-te icon

am-mcp-server

by sasharm8-te

Sec5

Provides a Model Context Protocol (MCP) interface for AI assistants to manage user accounts, organizations, synchronization, and monitor system health.

Setup Requirements

  • ⚠️Requires an existing MySQL-compatible database (e.g., AWS RDS) with specific schema (`te_admin`), not bundled in Docker Compose. The default configuration points to an internal ThousandEyes AWS RDS instance.
  • ⚠️Requires a running gRPC server for Account Management Service to use the `get_user_regions` tool. Default endpoint points to an internal ThousandEyes service.
  • ⚠️External API clients (CUI Integration Service, IDP Proxy) are configured with internal ThousandEyes staging URLs by default, requiring overrides for external or local development environments.
Review RequiredView Analysis
Hardcoded database credentials (username and password) are present in `src/main/resources/application.yml` which is a critical security flaw if checked into version control or deployed without overriding. The default CORS policy (`ALLOWED_ORIGINS: '*'`) is overly permissive for production. API key authentication (`MCP_API_KEY`) is configurable but not explicitly enforced in the provided controller code, potentially leaving endpoints unprotected. Direct parsing of user input (e.g., `uid`, `org_id`) to numeric types without robust upstream validation could be susceptible to malformed input, though `NamedParameterJdbcTemplate` helps mitigate SQL injection.
Updated: 2025-11-24GitHub
0
0
Medium Cost
MauManto icon
Sec8

Fetches and analyzes Jenkins console logs from multiple instances to extract error snippets, git information, and build metadata for simplified build failure diagnosis.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Jenkins API Token(s) for authentication, configured via environment variables (e.g., JENKINS_API_TOKEN).
  • ⚠️Requires network access to the configured Jenkins instance(s).
Verified SafeView Analysis
The application loads sensitive Jenkins credentials (username, API token) from environment variables, which is a good practice. It uses `httpx` for network requests. A potential risk lies in the `JENKINS_VERIFY_SSL` environment variable, which, if set to 'false', would disable SSL/TLS certificate verification, making the connections to Jenkins servers vulnerable to Man-in-the-Middle (MITM) attacks. This setting should be carefully managed in production environments. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
bipproduction icon
Sec8

Provides an n8n community node that acts as an MCP (Machine-readable Capability Protocol) server, dynamically generating and exposing tools from an OpenAPI specification URL via a webhook for API integration.

Setup Requirements

  • ⚠️Requires an n8n instance (self-hosted or cloud) for installation and execution.
  • ⚠️Requires a publicly accessible OpenAPI 3.x JSON specification URL to generate tools.
  • ⚠️Requires API credentials (Base URL and Bearer Token) for the target API accessed by the generated tools.
Verified SafeView Analysis
The server's core functionality involves fetching external OpenAPI specifications from a user-provided `openapiUrl` and making requests to external APIs defined by a user-provided `baseUrl` and the OpenAPI spec. While crucial for its operation, this introduces potential for SSRF (Server-Side Request Forgery) if the n8n instance is configured by an untrusted user and its network egress is not restricted. Input parameters for API calls are generally sanitized (e.g., `encodeURIComponent` for URL parts, `JSON.stringify` for bodies), mitigating common injection risks within the HTTP requests themselves. No `eval` or code obfuscation is present. The code appears well-structured and focuses on its stated purpose.
Updated: 2025-11-20GitHub
0
0
Low Cost
lady-logic icon

mmi-analyzer

by lady-logic

Sec7

Analyzes C# project architecture quality based on Carola Lilienthal's MMI framework, providing reports and visualizations for layering, encapsulation, abstraction levels, and circular dependencies.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher
  • ⚠️Requires Cursor IDE for usage and configuration
  • ⚠️Manual configuration of absolute path in Cursor MCP settings
Verified SafeView Analysis
The server performs extensive file system operations (reading C# source files, writing cache/history) based on a `projectPath` provided by the user via the Cursor IDE. While `validateProjectPath` checks if the path exists and the analysis functions explicitly ignore `bin`, `obj`, `node_modules` directories, there's an inherent risk if the `projectPath` were to come from an untrusted source or if path traversal (e.g., `../../../`) were exploited to access files outside the intended project directory. However, given its intended use as a local MCP server integrated with Cursor IDE, the `projectPath` is presumed to be provided by a trusted UI, mitigating direct user injection risks. No `eval` or obvious command injection vulnerabilities were found. History and cache files (`.mmi-cache.json`, `monitoring-history.json`) are stored locally, requiring write access to the server's working directory, which could be a concern if the server environment were compromised.
Updated: 2025-12-27GitHub
0
0
Low Cost
varun-dev-tech icon

mcp_client

by varun-dev-tech

Sec3

To connect to an MCP server.

Setup Requirements

  • ⚠️Requires an MCP server to connect to.
Review RequiredView Analysis
No executable source code was provided for security analysis; only the `README.md` file was available. Therefore, a comprehensive security audit could not be performed, and the safety of running any client code cannot be guaranteed.
Updated: 2025-12-05GitHub
PreviousPage 269 of 713Next