Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost

fvtt-mcp-module

by darkbard81

Sec2

A Foundry VTT module that exposes game data and facilitates real-time communication via a WebSocket relay to external services, enhancing interactivity and enabling features like chat logging and audio playback.

Setup Requirements

  • ⚠️Requires Foundry Virtual Tabletop (VTT) installation.
  • ⚠️Requires an external WebSocket relay server (default: wss://foundryvtt-rest-api-relay.fly.dev/).
  • ⚠️Only functions for a 'full GM' (role 4) user who is also the 'primary GM' (lowest user ID among active full GMs).
Review RequiredView Analysis
CRITICAL: The `execute-js` route allows arbitrary JavaScript execution via `eval(script)`. This is a severe remote code execution vulnerability. Additionally, the API key is transmitted as a query parameter in the WebSocket URL, which can expose it in server logs or network sniffers.
Updated: 2025-11-24GitHub
0
0
Medium Cost
yash-rewalia icon

test-remote-mcpserver

by yash-rewalia

Sec9

Manages personal expense entries, allowing users to add, list, and summarize expenditures.

Setup Requirements

  • ⚠️The `pyproject.toml` specifies `requires-python = ">=3.14"`, which refers to a future Python version not yet released. This is likely a typo and should be adjusted to a currently available version (e.g., `>=3.9` or `>=3.11`) for the project to be installable.
  • ⚠️The `pyproject.toml` lists `aiosqlite` twice and also includes `aisqlite>=1.1.0`. The latter might be a typo for `aiosqlite`, potentially leading to unnecessary dependency installations or conflicts.
Verified SafeView Analysis
The server uses parameterized queries, effectively mitigating SQL injection risks. It explicitly handles database initialization and checks for write access to the temporary database file. No 'eval' or obfuscation is present in the provided code. The server binds to 0.0.0.0, which makes it accessible from external interfaces if deployed without a firewall, but this is a deployment concern rather than a code vulnerability.
Updated: 2025-11-30GitHub
0
0
Low Cost
medonomator icon

claude-rag-mcp

by medonomator

Sec9

Provides RAG capabilities for Claude Code by automatically saving and semantically searching coding sessions, solutions, and general knowledge.

Setup Requirements

  • ⚠️Requires Node.js 20+
  • ⚠️Requires Docker for Qdrant (local vector database)
  • ⚠️Requires an OpenAI API Key (paid) or a locally running Ollama instance with `nomic-embed-text` model (free, local)
Verified SafeView Analysis
The server uses robust input validation with Zod schemas and parameterized SQL queries for SQLite, significantly mitigating injection risks. Secrets (API keys) are handled via environment variables, not hardcoded. Communication with Claude Code is via stdio (JSON-RPC), reducing network attack surface for the server itself. Reliance on external services (Qdrant, OpenAI/Ollama) means their security must also be considered, though defaults generally point to local instances. The chunking process could potentially be a resource exhaustion vector for extremely large, unchunkable inputs, but this is a DoS risk rather than a data breach.
Updated: 2025-12-12GitHub
0
0
Low Cost
gennaio-winger icon

mcp-gemini-tool

by gennaio-winger

Sec9

This server extends Claude Code's capabilities by providing access to external AI models (Groq, OpenRouter, Gemini, LiteAPI) as tools, enabling Claude to consult various LLMs for specific tasks and cost optimization.

Setup Requirements

  • ⚠️Requires API Keys for Groq, OpenRouter, Gemini, and LiteAPI, which must be obtained and set as environment variables.
  • ⚠️Designed specifically for integration with 'Claude Code' (using the MCP SDK) and does not function as a standalone general-purpose AI tool.
  • ⚠️Requires a Node.js runtime (version 18+ is indicated by dependencies and common practices).
Verified SafeView Analysis
The project follows good practices for API key management, requiring keys to be set as environment variables and explicitly checking for their presence. Test files contain placeholder API keys, but the main server scripts correctly load them from environment variables. No 'eval' or obvious obfuscation/malicious patterns were found. Network calls are made to reputable AI API endpoints. Provided API keys are managed securely, the server is safe.
Updated: 2025-11-25GitHub
0
0
Low Cost
masaki39 icon

prompts-mcp

by masaki39

Sec8

Serves Markdown files as Model Context Protocol (MCP) tools or slash commands (prompts) for AI models by parsing them once at startup.

Setup Requirements

  • ⚠️The `PROMPTS_DIR` environment variable is required and must be set to an absolute path pointing to the directory containing your Markdown prompt files.
  • ⚠️Generated prompt names (derived from file paths) must be between 1 and 64 characters long and can only contain alphanumeric characters, underscores, hyphens, periods, or forward slashes.
Verified SafeView Analysis
The server reads Markdown files from a directory specified by `PROMPTS_DIR`. While the parsing logic itself is robust, includes name validation, and does not execute arbitrary code, ensuring that `PROMPTS_DIR` points to a trusted location is crucial to prevent the server from processing or exposing unexpected content. No 'eval' or direct arbitrary code execution from prompt content was identified.
Updated: 2026-01-14GitHub
0
0
High Cost
Devongio22 icon
Sec3

This server acts as a Model Context Protocol (MCP) orchestrator, simplifying the management of multiple AI agent wrappers and tool servers by providing a unified, OpenAI-compatible API interface.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for easy setup and orchestration of all components.
  • ⚠️Requires Ollama or another OpenAI-compatible LLM endpoint to be running and accessible for model inference.
  • ⚠️Relies on mDNS for service discovery, which might require specific network configurations or may not function reliably in all containerized or restricted network environments.
Review RequiredView Analysis
The `mcp-http-tools` component, acting as an MCP tool server, is designed to perform HTTP requests (GET, POST, PUT, PATCH, DELETE) to arbitrary URLs provided in its arguments. This functionality, if exposed to untrusted input via the orchestrator or other agents, constitutes a severe Server-Side Request Forgery (SSRF) and open proxy vulnerability. An attacker could leverage this to access internal network resources, exfiltrate data, or perform port scanning. While there's basic URL format validation, there's no evident mechanism for whitelisting target URLs or restricting access to this highly sensitive tool. The system's reliance on mDNS for service discovery also introduces risks in untrusted network environments, where malicious mDNS advertisements could lead to interaction with rogue services. A default hardcoded API key for 'ollama' is present, which could pose a minor risk in specific deployment scenarios.
Updated: 2025-12-15GitHub
0
0
High Cost
shaharco99 icon

MCP

by shaharco99

Sec9

An AI-powered DevOps assistant that offers interactive chat, file analysis, RAG capabilities, and safe natural language querying of databases, while also acting as an MCP server for various DevOps tools.

Setup Requirements

  • ⚠️Requires Ollama, OpenAI, Google, or Anthropic LLM provider: If using local Ollama, requires Ollama server running. If using a cloud provider, requires a corresponding API key.
  • ⚠️Specifically designed for Windows 10/11 environments, requiring Docker Desktop, Minikube, and Node.js with npm for full functionality of the MCP server.
  • ⚠️Database functionality requires additional configuration via `db_config.json` or environment variables, and specific Python database drivers (e.g., `psycopg2-binary`, `mysql-connector-python`, `pyodbc`) for non-SQLite databases.
Verified SafeView Analysis
The `run_shell` tool in `MCP/server.py` is strictly whitelisted for `kubectl`, `docker`, `helm` commands and explicitly blocks shell injection characters (`;`, `|`, `>`, `<`). The database query feature (`LLM_CI/database_tools.py`) strictly enforces read-only (SELECT/PRAGMA) operations and prevents DDL/DML, along with SQL injection prevention and schema-aware auto-correction. LLM API keys are handled securely via environment variables or `getpass`. No `eval` or direct code execution from arbitrary user input is observed.
Updated: 2026-01-10GitHub
0
0
Medium Cost
KomuDhara icon

nocturne_memory

by KomuDhara

Sec8

Provides AI agents with a persistent, structured, and rollback-capable long-term memory system based on a Neo4j knowledge graph.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance (local or cloud).
  • ⚠️Python 3.10+ and Node.js 18+ are required for the backend and frontend components.
  • ⚠️AI client configuration (e.g., Claude Desktop, Antigravity) needs manual updating with the absolute path to `mcp_server.py` (or `mcp_wrapper.py` for Antigravity's specific bug workaround).
Verified SafeView Analysis
The project uses environment variables for sensitive Neo4j credentials, preventing hardcoding. Neo4j queries use parameterized statements (`$variable`), mitigating Cypher injection risks. Input sanitization is applied for resource IDs used in file paths for snapshots. The `mcp_wrapper.py` uses `subprocess.Popen` but targets an internal script, not arbitrary user commands. The overall design prioritizes a human-in-the-loop review process, which acts as a safeguard against AI-induced malicious or erroneous modifications.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Sakamoto-media icon

KiCAD-MCP-Server

by Sakamoto-media

Sec8

Enable AI assistants to automate PCB design workflows in KiCAD, including project management, component placement, routing, design rule checks, and export operations.

Setup Requirements

  • ⚠️Requires KiCAD 9.0+ with Python scripting support (pcbnew module) installed and accessible via the `PYTHONPATH` environment variable.
  • ⚠️Manual UI reload in KiCAD is currently required to visualize changes made by the AI (true real-time IPC updates are planned for a future release).
  • ⚠️Windows users are highly recommended to use the `setup-windows.ps1` PowerShell script for automated setup and dependency installation.
Verified SafeView Analysis
The server executes Python scripts that interact with the local KiCAD application, which in turn performs design operations and extensive file I/O (e.g., creating projects, placing components, generating Gerber files). This involves spawning child processes for Python and `kicad-cli`. While this is the intended functionality and standard for integrating with design tools, it relies on the integrity of the KiCAD installation and the local system environment. Future integrations (e.g., JLCPCB) will involve external API calls, with API keys recommended to be managed via environment variables. No 'eval' or obvious malicious code patterns were found. Comprehensive logging is implemented.
Updated: 2025-11-26GitHub
0
0
Low Cost
tosin2013 icon
Sec9

Serves as a Model Context Protocol (MCP) server providing OpenShift cluster health monitoring and AI Operations integration to AI assistants like OpenShift Lightspeed.

Setup Requirements

  • ⚠️Requires OpenShift 4.18+ and a specific branch/container image matching the OpenShift version for full compatibility.
  • ⚠️Optional integrations with external services (Coordination Engine, KServe, Prometheus) require those services to be separately deployed and configured via environment variables/Helm values.
  • ⚠️Kubernetes RBAC permissions (ClusterRole for read-only K8s resources, Role for KServe-specific resources) are critical for successful operation and are managed by Helm charts.
Verified SafeView Analysis
The project demonstrates a strong commitment to security: it uses Go (ADR-001) for performance and Kubernetes-native integration, builds distroless container images (ADR-008) to minimize attack surface, enforces an RBAC-based security model (ADR-007) with least privilege (read-only access to most cluster resources), and integrates NetworkPolicies. Hardcoded secrets are avoided, with explicit instructions for using ServiceAccount tokens and GitHub Secrets. Debugging in production is handled via separate debug images or ephemeral containers, rather than including a shell in the main image. The stdio transport was deprecated (ADR-004) to reduce complexity and focus on the more secure HTTP/SSE transport.
Updated: 2026-01-17GitHub
0
0
High Cost
vinayhospete icon
Sec9

Provides hands-on exercises for developing SAP Fiori and CAP applications using AI coding assistants (Cline) and SAP's Model-Centric Programming (MCP) servers.

Setup Requirements

  • ⚠️Requires access to SAP Business Application Studio (SBAS) landscape
  • ⚠️Requires a SAP AI Core API Key (user-provided)
  • ⚠️Requires manual installation of the Cline VS Code Extension (claude-dev VSIX)
Verified SafeView Analysis
The source code primarily consists of instructional markdown for setting up a development environment and using AI tools. It does not contain direct vulnerabilities like 'eval' or hardcoded secrets. The core 'MCP server' functionality relies on external, officially provided SAP npm packages (@sap-ux/fiori-mcp-server, @cap-js/mcp-server) which are invoked via npx. The overall security depends on the trustworthiness of these external packages and the configured AI service (SAP AI Core).
Updated: 2025-12-05GitHub
0
0
Low Cost
nstamoul icon

ssh-mcp

by nstamoul

Sec9

Manages SSH connections, executes remote commands, and transfers files through an AI-compatible Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires `ssh` and `scp` commands to be installed and available in the system's PATH.
  • ⚠️SSH keys used for authentication must NOT have passphrases for non-interactive use with the agent.
Verified SafeView Analysis
The project explicitly addressed and fixed a critical command injection vulnerability by replacing `child_process.exec()` with `child_process.execFile()` using proper argument arrays. For HTTP mode, extensive security considerations and best practices are documented, including recommendations for TLS, authentication layers, firewalls, and binding to `127.0.0.1` for local-only access. It relies on native SSH tools, leveraging existing, well-vetted system security.
Updated: 2025-11-22GitHub
PreviousPage 272 of 713Next