Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
menezis-ai icon

seshat-mcp

by menezis-ai

Sec7

Provides immutable, timestamped proofs of intellectual property by hashing Git repository states and Obsidian research notes, anchoring them on a blockchain, and generating legal deposit bundles.

Setup Requirements

  • ⚠️Requires Node.js 20+.
  • ⚠️Blockchain features (attestations) require ETH on Base L2 (Ethereum Layer 2) for transaction fees, estimated at ~$0.05 per proof.
  • ⚠️Requires API tokens for Git hosting services (GitHub, GitLab, Forgejo) to seal PRs and releases, and optionally an NFT.Storage API token for IPFS integration.
  • ⚠️Obsidian vault integration requires specifying the local vault path.
Verified SafeView Analysis
The system employs strong hashing (SHA-512), input validation (Zod), prepared SQL statements, and path traversal prevention for local file operations. Optional features include post-quantum cryptography, RFC 3161 timestamps, and encrypted IPFS storage. The primary security consideration is the local storage of the `ETH_PRIVATE_KEY` in `~/.seshat/config.json`, which, while secured with `0o600` file permissions, could be vulnerable if the host machine is compromised. The system's reliance on external services like Git hosting APIs, Base L2, FreeTSA, and NFT.Storage introduces inherent external attack surface and availability risks. API tokens are managed via environment variables.
Updated: 2026-01-17GitHub
0
0
Low Cost
klysdale icon
Sec8

Provides a containerized Alpaca Market-Compatible Protocol (MCP) server for downstream services, enabling centralized API access to Alpaca without requiring callers to provide API keys on each request.

Setup Requirements

  • ⚠️Requires Docker 24+ and Docker Compose v2 (optional for multi-service).
  • ⚠️Mandatory Alpaca API Key and Secret must be provided at build or runtime; the server will refuse to start otherwise.
  • ⚠️Built Docker images containing credentials are sensitive and should not be publicly shared.
Verified SafeView Analysis
Credentials (`ALPACA_API_KEY`, `ALPACA_SECRET_KEY`) are designed to be injected at build time via arguments and baked into the Docker image as environment variables. The entrypoint script includes strong validation to prevent the server from starting with default 'changeme' values or empty credentials. However, this approach means any built image containing real credentials must be treated as highly sensitive and should never be pushed to public registries, as anyone with the image can extract the keys. While this risk is explicitly documented and mitigated with runtime validation, baking secrets into images is generally less secure than runtime injection (e.g., via Docker secrets or a secrets manager) as it increases the risk of credential compromise if the image itself is compromised.
Updated: 2025-12-11GitHub
0
0
Medium Cost

mcp-bundle-factory

by descentit

Sec7

A proxy server that dynamically downloads and runs third-party Model Context Protocol (MCP) servers from npm or GitHub releases at runtime, enabling distribution via Claude Teams without bundling proprietary code and providing automatic updates.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Building requires the `@anthropic-ai/mcpb` CLI tool (`npm install -g @anthropic-ai/mcpb`).
  • ⚠️Requires active internet access to download target MCP packages from npm or binaries from GitHub releases.
  • ⚠️Specific target MCP servers (e.g., PAX-8, GitHub) will require their own API keys or authentication tokens via user configuration.
Verified SafeView Analysis
The `ProcessManager` utilizes `shell: true` when spawning child processes, which is a known security risk if the `command` or `args` are user-controlled without strict sanitization. While the base `command` and `args` are embedded in the bundle's `server-config.json`, user-provided configuration values (e.g., API keys, endpoints) are substituted directly into these `args` as environment variables. If these user inputs are not properly validated or sanitized by the Claude Desktop environment before being passed to the proxy, a malicious user could potentially inject shell commands. The `downloader.js` also uses `spawn` for `powershell`, `unzip`, and `tar` for archive extraction; however, the paths and commands for these are constructed internally based on trusted configuration. No `eval` is found. Credentials are passed via environment variables and marked sensitive, suggesting secure handling by Claude Desktop.
Updated: 2025-11-26GitHub
0
0
Medium Cost
Sec8

Exposes the Google Jules API as an MCP server, allowing coding agents to programmatically create and manage Jules sessions for tasks like code generation and project management.

Setup Requirements

  • ⚠️Requires Node.js 20+.
  • ⚠️Requires a Jules API key with access to v1alpha endpoints, which may be a paid Google service or require specific access.
  • ⚠️Requires manual client integration by configuring JSON files or CLI commands in supported IDEs (Claude Code, OpenAI Codex, GitHub Copilot, Cursor).
Verified SafeView Analysis
The server uses `process.env` for API keys and base URLs, avoiding hardcoded secrets. HTTP requests are made using `fetch`, and JSON parsing is handled safely. A minor concern is the API key being included in the URL query parameters (in addition to the `x-goog-api-key` header), which could be logged by some systems, though it's a common pattern for certain Google APIs.
Updated: 2025-11-27GitHub
0
0
Medium Cost
davidculver icon

jtr-mcp-server

by davidculver

Sec8

An MCP server that wraps John the Ripper for password cracking, enabling agent interaction for security auditing and pentesting.

Setup Requirements

  • ⚠️Requires John the Ripper to be installed (e.g., via snap for local use)
  • ⚠️Requires Docker for containerized deployment (image needs to be built first)
  • ⚠️Requires Python 3.10+
Verified SafeView Analysis
The server correctly uses `subprocess.run` with a list of arguments for executing John the Ripper, mitigating most direct command injection risks from user input for binary execution. Input file contents are written to temporary files before John processes them. Session names are sanitized to prevent path traversal. The `unshadow` function is implemented in Python, avoiding an external binary call and its associated risks. No hardcoded secrets or 'eval' patterns were found. The primary security consideration is the inherent capability of John the Ripper itself, which is a powerful password cracking tool intended for authorized use only, as clearly stated in the README.
Updated: 2025-12-10GitHub
0
0
Low Cost
cordlesssteve icon
Sec9

Provides tools for searching, organizing, and retrieving Claude Code conversation history.

Setup Requirements

  • ⚠️Requires a local ChromaDB instance running (e.g., via Docker) for semantic search. Default host: http://localhost:8000.
  • ⚠️Requires a local Ollama instance with the `nomic-embed-text` model pulled for semantic search. Default host: http://localhost:11434.
  • ⚠️Initial import of Claude Code JSONL conversation files is necessary to populate the SQLite database.
  • ⚠️If historical JSONL files are lost, migration scripts (`migrate-v1.ts`, `migrate-v1-september.ts`) might be needed to recover data from an old v1 SQLite database.
Verified SafeView Analysis
The server uses parameterized SQL queries via `better-sqlite3` to prevent SQL injection. No `eval` or direct unsanitized `child_process` execution observed in the main server logic. Network connections to ChromaDB and Ollama (for semantic search) are configurable via environment variables (`CHROMA_HOST`, `OLLAMA_HOST`), defaulting to `localhost`. Users should ensure these endpoints are trusted as data could be exfiltrated or manipulated if misconfigured. Data storage is primarily local SQLite. File path handling in scripts is generally robust.
Updated: 2025-12-11GitHub
0
0
Low Cost
kiliczsh icon
Sec10

A minimal Bun application template or starting point, demonstrating basic Bun runtime usage.

Setup Requirements

  • ⚠️Requires Bun runtime (v1.3.0 or higher)
Verified SafeView Analysis
The provided `index.ts` is extremely minimal and performs only a console log, posing no direct security risks. The `CLAUDE.md` file describes features of Bun, including network capabilities like `Bun.serve()` and database integrations, but these are not implemented in the current active server code. Therefore, no vulnerabilities are present in the provided source.
Updated: 2025-12-02GitHub
0
0
High Cost
AlexandrosMelis icon

mcp_server

by AlexandrosMelis

Sec6

An AI chatbot that uses the Multi-Agent Communication Protocol (MCP) to interact with specialized servers, particularly for searching and summarizing academic papers from arXiv.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for the gpt-4o model.
  • ⚠️Relies on external arXiv service for paper searches.
Review RequiredView Analysis
The system uses LLM-generated input (e.g., 'topic' and 'paper_id') to construct file paths for directory creation (`os.makedirs`) and file operations (`os.path.join`). Without robust sanitization against path traversal (e.g., 'topic=../../../../etc'), a malicious or compromised LLM could potentially cause files to be written or read outside the intended 'papers' directory, leading to data integrity issues or information disclosure. There is no direct use of 'eval' or arbitrary command execution detected from user input.
Updated: 2025-12-01GitHub
0
0
Low Cost
cormac-dorrat icon

Figma-MCP-Demo

by cormac-dorrat

Sec10

This repository demonstrates how to integrate Figma designs with GitHub Copilot via the Figma MCP Server to generate web pages and CSS tokens.

Setup Requirements

  • ⚠️Requires VS Code with GitHub Copilot Agent mode enabled (paid subscription for Copilot).
  • ⚠️Requires a Figma account with a full or dev seat (free tiers have limited access).
  • ⚠️Requires an existing Figma design file with appropriate permissions.
Verified SafeView Analysis
The provided source code is solely a `README.md` file. There is no executable code (e.g., JavaScript, Python) to audit for security risks such as 'eval', obfuscation, hardcoded secrets, or network vulnerabilities. The repository itself, as a documentation guide, poses no direct security threats. The security of the described workflow relies on the external Figma MCP Server (https://mcp.figma.com/mcp), the Figma account, and GitHub Copilot, which are not part of this repository's source code.
Updated: 2025-12-16GitHub
0
0
Low Cost
metalossAI icon

catastro-esp-mcp

by metalossAI

Sec9

An MCP server that provides tools to query property information from the Spanish Cadastre (Catastro) using reference numbers, geographic coordinates, or parcel codes.

Setup Requirements

  • ⚠️Requires a Smithery API key for deployment and potentially for local interactive testing via the playground.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Relies on the availability and responsiveness of the external Spanish Catastro API.
Verified SafeView Analysis
The server uses `os.getenv` for all configurations, avoiding hardcoded secrets within the source code. Network requests are made via `httpx.AsyncClient` to a specific, trusted government API endpoint (`ovc.catastro.meh.es`). JSON and XML parsing is performed on responses from this API, which is generally safe given the trusted source. No 'eval', obfuscation, or directly malicious patterns were identified. Rate limiting configurations are present, which is a good practice for external API interaction. The XML parsing fallback, while functional, could be a minor concern if the input source were untrusted, but in this context, it's acceptable.
Updated: 2025-11-27GitHub
0
0
Low Cost
NaziurRahman1312 icon

mcp-server-101

by NaziurRahman1312

Sec9

An HTTP-friendly Model Context Protocol (MCP) server providing a JSON-RPC interface for clients and a REST API for managing prompts, resources, and tools, with FAISS-powered semantic search.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires running `scripts/seed_data.py` after installation to populate the database and FAISS index.
  • ⚠️The SentenceTransformer embedding model (`sentence-transformers/all-MiniLM-L6-v2`) will be downloaded on first use, requiring internet access and local disk space.
Verified SafeView Analysis
The server demonstrates good security practices by using Pydantic for input validation on both REST and MCP endpoints, and SQLAlchemy for database interactions, mitigating common injection risks. Crucially, user-provided tool code (stored in the database) is not executed by the server; it is merely returned as text. Configuration is externalized via environment variables. The broad CORS policy (allow_origins=['*']) is noted, which is common for development but should be restricted in production environments.
Updated: 2025-11-25GitHub
0
0
Medium Cost
lydgate icon

intend-mcp

by lydgate

Sec9

Provides AI assistants programmatic access to Intend.do for managing tasks, intentions, and timers.

Setup Requirements

  • ⚠️Requires an Intend.do personal auth token or OAuth2 access token.
  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Authentication to the MCP server itself via `MCP_API_KEY` is optional but highly recommended for public deployments; if not set, it runs unauthenticated.
Verified SafeView Analysis
The server is explicitly designed to be safe, only exposing read-only and non-destructive write operations (add, complete, mark as not today, reorder, start timer). It leverages environment variables for all sensitive API tokens (Intend.do auth and its own MCP_API_KEY) and logs are directed to stderr with sensitive data redacted. The audit confirms no 'eval', obfuscation, hardcoded secrets, or malicious patterns. All API calls are hardcoded to the Intend.do domain, preventing redirection to malicious endpoints. Input validation is handled at the API level. Authentication to the MCP server itself is optional but highly recommended via `MCP_API_KEY`.
Updated: 2025-11-19GitHub
PreviousPage 273 of 713Next