Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
mnemoverse icon

mcp-docs-server

by mnemoverse

Sec3

A universal template for creating Model Context Protocol (MCP) servers that provide AI agents with documentation access.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️The default documentation (`docs/`) needs to be replaced with your own markdown files for custom content.
  • ⚠️CRITICAL SECURITY VULNERABILITY: Path Traversal in `get_document` tool allows arbitrary file reads. Not safe to run without patching input validation for document paths.
Review RequiredView Analysis
CRITICAL Path Traversal Vulnerability: The `getDocument` function in `src/lib/DocumentManager.ts` uses `path.join(this.docsPath, documentPath)` to resolve document paths. If `documentPath` is provided by an AI agent (or other user input) as an absolute path (e.g., `/etc/passwd` or `C:/Windows/System32/drivers/etc/hosts`), `path.join` will resolve to this absolute path, ignoring the intended `docsPath`. This allows arbitrary file reading outside the designated documentation directory. The server also executes shell commands in its build/template scripts but these are not runtime risks.
Updated: 2025-11-24GitHub
0
0
Medium Cost
mem-kit icon

camunda-mcp

by mem-kit

Sec8

Provides Model Context Protocol (MCP) services for interacting with Camunda BPM Platform, a simulated StateStreet Customer Due Diligence (CDD) service, and an OCR service via Tencent Cloud.

Setup Requirements

  • ⚠️Requires a running Camunda BPM Platform instance (e.g., via Docker).
  • ⚠️Requires Tencent Cloud API credentials for the OCR service (may incur costs).
  • ⚠️Environment variables (CAMUNDA_URL, CAMUNDA_USER, CAMUNDA_PASSWORD, TENCENTCLOUD_SECRET_ID, TENCENTCLOUD_SECRET_KEY) must be configured in a .env file.
  • ⚠️Python virtual environment setup and `pip install -r requirements.txt` are required for each service.
Verified SafeView Analysis
Secrets (Camunda credentials, Tencent Cloud API keys) are correctly loaded from environment variables. No 'eval' or malicious obfuscation found. The `deploy_bpmn` tool allows deploying files to Camunda, which is a powerful operation and should only be used by trusted clients. The `invoice_ocr` tool forwards image URLs directly to Tencent Cloud, which might pose SSRF risks if the Tencent API does not validate URLs, but this is an inherent function of the tool. Broad CORS (`allow_origins=["*"]`) is enabled for all services, which might be too permissive for production environments without specific security considerations. Overall, the server's operations are transparent and intended.
Updated: 2025-11-29GitHub
0
0
Medium Cost
agentika icon

mcp-servers

by agentika

Sec3

This project provides a multi-agent AI bot that integrates various specialized 'MCP Servers' (Multi-Agent Communication Protocol) into a unified interface, allowing the main agent to leverage different tools and capabilities provided by sub-agents for tasks like note-taking, planning, and arithmetic.

Setup Requirements

  • ⚠️Requires 'uv' for installation and execution.
  • ⚠️Requires API keys for a large language model provider (OpenAI, Azure, or Gemini), which are paid services.
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️The 'notemcp' server, included in the default configuration, requires the `NOTEMCP_BASE_DIR` environment variable to be set for note storage.
Review RequiredView Analysis
The core application loads MCP server configurations from JSON files (e.g., `config/default.json`), which specify `command` and `args` to execute external processes. This design choice allows for arbitrary command execution on the host system if the configuration file is sourced from an untrusted location or compromised. There is no explicit sandboxing or validation of these commands within the provided code, posing a significant security risk for arbitrary code execution if config integrity is not guaranteed. Hardcoded secrets or obvious 'eval' usage were not found in the main application logic, but the inherent command execution capability is critical.
Updated: 2025-11-20GitHub
0
0
Medium Cost
Beerspitnight icon
Sec9

Enables Claude Code CLI or Desktop to interact with Spotify for advanced playlist curation, management, and audio feature analysis.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires a Spotify Developer App for API credentials (Client ID, Client Secret, Redirect URI).
  • ⚠️Requires a one-time browser authentication step to generate a `.spotify_cache` token.
  • ⚠️GetSongBPM API Key is optional but recommended for enhanced audio feature coverage.
Verified SafeView Analysis
The project uses environment variables for API credentials and explicitly warns against committing `.env` and `.spotify_cache` (which contains tokens) to version control. API calls include retry logic and timeouts, which are good practices. No obvious malicious patterns or unsafe code execution (`eval`) were found in the provided source.
Updated: 2025-11-28GitHub
0
0
Medium Cost
pritamp-cmyk icon

mcp-server

by pritamp-cmyk

Sec4

This server serves as an endpoint for the Model Context Protocol, likely exposing AI models or services for interaction.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Relies on the @modelcontextprotocol/sdk, which likely entails external API keys, configuration, or integration with the Model Context Protocol ecosystem.
  • ⚠️The full application logic in `src/index.ts` is not provided, making it impossible to ascertain all configuration requirements.
Review RequiredView Analysis
The main application logic file, `src/index.ts`, is truncated, making a comprehensive security audit impossible. Without this code, it's impossible to check for direct vulnerabilities such as `eval` usage, hardcoded secrets, improper input validation, or other malicious patterns. The project relies on `@modelcontextprotocol/sdk` and its transitive dependencies, which include web server frameworks (`express`, `hono`) and security features like `express-rate-limit` and `jose`. However, the security of the server ultimately depends on the unprovided application logic.
Updated: 2026-01-19GitHub
0
0
Low Cost
Nordicvitamin icon

docling-mcp-server

by Nordicvitamin

Sec3

A central server potentially for managing or processing documents, acting as a core backend component.

Review RequiredView Analysis
A detailed security audit is impossible as no source code was provided for analysis. Therefore, no checks for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could be performed. Running unvetted code carries inherent risks, and its safety cannot be confirmed.
Updated: 2025-11-19GitHub
0
0
Low Cost
Knuckles-Team icon

tunnel-manager

by Knuckles-Team

Sec7

This project provides a FastMCP server exposing SSH connection and file transfer capabilities, enabling AI agents to programmatically perform remote server management and automation.

Setup Requirements

  • ⚠️Requires existing SSH configuration (e.g., ~/.ssh/config, private keys) on the host running the server or explicit credentials.
  • ⚠️Remote hosts must be network-accessible via SSH from the server machine (firewall rules, routing, etc.).
  • ⚠️For inventory-based operations, an Ansible-style YAML inventory file is required, specifying host connection details.
Verified SafeView Analysis
The server uses `paramiko.AutoAddPolicy()` which automatically adds unknown host keys, increasing susceptibility to man-in-the-middle attacks if not in a controlled environment. Direct calls to `os.system` for `ssh-keygen` are made, though arguments appear controlled. The Docker setup mounts `~/.ssh` as read-only into the container, granting access to host SSH keys, which is a necessary but high-privilege operation. Password-based authentication can be used for initial setup, which typically involves passing passwords directly.
Updated: 2026-01-19GitHub
0
0
Medium Cost
jarosser06 icon

mosaic

by jarosser06

Sec8

Personal work memory and time tracking MCP server for managing work sessions, meetings, projects, notes, tasks, and reminders with natural language queries and privacy controls.

Setup Requirements

  • ⚠️Requires PostgreSQL 16.
  • ⚠️Requires the 'uv' package manager for local development.
  • ⚠️The DATABASE_URL environment variable must be configured in a .env file or directly.
  • ⚠️macOS users must sign their Python executable for desktop notifications to function correctly (e.g., `codesign -s - $(which python3)`).
Verified SafeView Analysis
Uses SQLAlchemy ORM to mitigate SQL injection risks. Database credentials are externalized via environment variables. The server is designed as a single-user system, simplifying access control but meaning a compromise exposes all user data. Desktop notification delivery on macOS requires Python executable signing, which can cause silent failures if not configured, but does not pose a direct code vulnerability. The default PostgreSQL password 'changeme' in the Docker Compose example should be updated for any deployment beyond local development.
Updated: 2026-01-17GitHub
0
0
Medium Cost
mjordi icon
Sec9

Enables AI assistants to search, retrieve, and manage photos, collections, and user profiles from the Unsplash API.

Setup Requirements

  • ⚠️Requires an Unsplash API Access Key (requires account creation and application setup on Unsplash Developers).
  • ⚠️Demo Unsplash API accounts are limited to 50 requests per hour, necessitating application for production access for higher limits.
  • ⚠️Requires Node.js 18 or higher.
Verified SafeView Analysis
The server uses environment variables for the API key (UNSPLASH_ACCESS_KEY), which is good practice. Input validation is handled robustly using Zod schemas, mitigating common injection risks by ensuring parameters conform to expected types and formats. The `unsplash_track_download` tool fetches a download location URL from the trusted Unsplash API response, rather than using arbitrary user input, thereby reducing the risk of Server-Side Request Forgery (SSRF). No usage of `eval`, obfuscation, or other immediately apparent malicious patterns were identified. Error handling for API requests is implemented to catch and propagate Unsplash-specific errors.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ry-ops icon
Sec9

Integrates Claude AI with Pulseway PSA to automate management of service desk tickets, finance, CRM, and time tracking operations.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires `uv` package manager for dependency installation.
  • ⚠️Requires a Pulseway PSA account with API access and specific API credentials (Gateway URL, Username, Password, Company Name).
  • ⚠️Manual configuration of Claude Desktop's `claude_desktop_config.json` file, including specifying an absolute path to the server directory.
Verified SafeView Analysis
The project strongly emphasizes secure handling of credentials, using environment variables via `secrets.env` (which is git-ignored) and recommending restricted file permissions. It uses standard HTTP(S) communication with basic authentication. There are no signs of `eval`, obfuscation, or malicious patterns. Error handling is present, but a broad `try-except` in `call_tool` could be more specific, though it returns the error to the LLM.
Updated: 2025-12-03GitHub
0
0
High Cost
shjanjua icon

pptx-mcp-server

by shjanjua

Sec6

A Model Context Protocol (MCP) server that enables AI assistants to create, edit, and manipulate PowerPoint presentations programmatically.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️LibreOffice must be installed for thumbnail generation and document validation (e.g., `brew install --cask libreoffice` on macOS, `sudo apt-get install libreoffice` on Linux)
  • ⚠️Poppler-utils (pdftoppm) or ImageMagick (convert) must be installed for thumbnail generation (e.g., `brew install poppler` on macOS, `sudo apt-get install poppler-utils` on Linux)
Verified SafeView Analysis
The server uses `subprocess.run` to invoke external binaries (LibreOffice, poppler-utils/ImageMagick) for thumbnail generation and document validation. While `shell=False` is the default for `subprocess.run` with list arguments, passing user-controlled file paths (`pptx_path`, `office_file`) to these external tools can introduce a risk of command injection if the filenames themselves are crafted with shell metacharacters and the external tools fail to properly sanitize their arguments. Processing untrusted `.pptx` files is a potential vector for this. However, the project wisely uses `defusedxml` for XML parsing, mitigating common XML-related vulnerabilities.
Updated: 2025-12-12GitHub
0
0
Low Cost
ongzhixian icon
Sec9

Provides an example implementation of an MCP server written in C#.

Setup Requirements

  • ⚠️.NET SDK required
Verified SafeView Analysis
The provided source code consists only of configuration files. No critical vulnerabilities, hardcoded secrets, 'eval' equivalents, or malicious patterns were found in these files. 'AllowedHosts: "*"' is set, which is common for development but should be restricted in a production environment. A full security audit would require the application logic files.
Updated: 2025-12-10GitHub
PreviousPage 271 of 713Next