Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
seanshin0214 icon

polymath-mcp

by seanshin0214

Sec8

A Polymath MCP server designed as a 'second brain' to support interdisciplinary knowledge fusion and new concept creation through semantic search, socratic dialogue, and application of fusion thinking patterns across 30+ academic domains.

Setup Requirements

  • ⚠️Requires Claude Desktop for full integration, as it's designed as an MCP server.
  • ⚠️Optional Neo4j instance required if 'USE_NEO4J' environment variable is set to 'true'.
  • ⚠️OpenAI API key ('OPENAI_API_KEY') required if 'USE_LOCAL_EMBEDDINGS' is set to 'false' (defaults to true).
Verified SafeView Analysis
The server primarily interacts via the Claude Desktop MCP protocol or FastAPI endpoints. Input data (queries, content, statements) is generally passed to internal engines (RAG, Socratic) or database operations (ChromaDB, Neo4j) using parameterized queries, mitigating direct injection risks. There are no obvious 'eval' or direct arbitrary command execution from user input in the provided code. Default Neo4j credentials ('neo4j', 'password') are hardcoded but can be overridden by environment variables, which is a common practice for development defaults; users should change these for production. The `add_knowledge` tool allows users to add arbitrary markdown content; if a client application renders this content without proper sanitization, it could pose a Cross-Site Scripting (XSS) risk to the client, but the server itself does not execute the content.
Updated: 2025-12-07GitHub
0
0
Medium Cost
ashucoek icon
Sec8

This server connects to Azure Kusto (Azure Data Explorer) to provide tools for querying ICM data warehouses using KQL, listing tables, and describing table schemas.

Setup Requirements

  • ⚠️Requires 'mcp' Python package, which is not a standard library and needs to be installed or available in the environment.
  • ⚠️Requires Azure credentials configured for Kusto access (e.g., via Azure CLI login or interactive browser authentication).
  • ⚠️The authenticated user must have appropriate permissions on 'icmcluster.kusto.windows.net' for the 'IcmDataWarehouse' or 'IcmDataWarehouseRestricted' databases.
Verified SafeView Analysis
Allows execution of arbitrary KQL queries against the configured Azure Kusto database. Authentication uses secure Azure Identity methods (DefaultAzureCredential, InteractiveBrowserCredential) without hardcoded secrets. The primary security consideration is the permissions granted to the authenticated user on the Kusto cluster.
Updated: 2025-12-03GitHub
0
0
High Cost
Prasann3 icon

MCP-Server

by Prasann3

Sec8

An AI-powered system for analyzing financial documents for risk assessment, providing conversational insights and document intelligence.

Setup Requirements

  • ⚠️Requires Node.js and npm for frontend development and build.
  • ⚠️Requires running instances of MongoDB and Redis.
  • ⚠️The C++ parsing worker (`worker.cpp`) needs to be compiled and requires Poppler-cpp libraries. The `parsing_worker.py` script attempts to run it via `wsl` (Windows Subsystem for Linux), implying a specific development environment setup.
  • ⚠️Requires paid API keys for Groq (LLM calls).
  • ⚠️Requires a Hugging Face API key, although the embeddings model is specified to run on CPU locally.
Verified SafeView Analysis
The backend uses environment variables for sensitive data like API keys and database connection strings. User authentication involves password hashing and JWTs via cookies, with `httponly`, `secure=True`, and `samesite='none'` set, indicating an assumption of cross-origin interaction which should be properly managed in production. CORS origins are broadly allowed for local development. Input validation on file uploads limits to PDF/DOC/TXT. No `eval` or obvious code obfuscation. The inter-process communication with the C++ worker uses a length-prefixed binary JSON protocol, which is generally robust.
Updated: 2026-01-19GitHub
0
0
Medium Cost
lokv010 icon

crm_mcp_server

by lokv010

Sec7

Automates customer relationship management, appointment scheduling, and email notifications by integrating Google Sheets, Calendly, and SendGrid via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires extensive manual setup in Google Cloud Console to create a service account, enable the Google Sheets API, generate JSON credentials, and share the target spreadsheet.
  • ⚠️Requires API keys and specific URIs for Calendly and SendGrid, which must be obtained from their respective services.
  • ⚠️Relies heavily on environment variables (`.env` file) for configuration, which need to be correctly populated and kept secure.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive credentials and includes security headers (helmet) and rate limiting for the REST API. It implements origin validation for the MCP endpoint to mitigate DNS rebinding, which is good. However, the `cors()` middleware used for the REST API endpoints has a broad `origin: '*'`, which is a security risk in production for these endpoints and should be restricted to known client origins. Additionally, the Google Service Account is advised to have an 'Editor' role which is broad; a more granular custom role limited to Sheets API permissions would enhance security.
Updated: 2025-12-13GitHub
0
0
Low Cost
aigentic-net icon

mcp-cursor-profiles

by aigentic-net

Sec8

Manages multiple Cursor IDE profiles across different platforms, allowing users to switch, create, rename, and list profiles.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Cursor IDE to be installed.
  • ⚠️Requires manual configuration in an MCP client (e.g., Cursor, Claude Desktop), with path specificity highlighted as a potential friction point.
Verified SafeView Analysis
The server performs file system operations (copy, move, symlink) and executes system commands (pgrep, tasklist, open, start) to manage Cursor profiles. These operations are confined to Cursor's application directories within the user's home folder. It includes safety checks like preventing operations when Cursor is running and validating profile existence. While direct code injection vulnerabilities are not apparent, any system that modifies user files and runs external commands carries inherent risk if the system itself or user input is compromised. No hardcoded secrets or network exposure beyond MCP stdio are present.
Updated: 2025-11-26GitHub
0
0
High Cost
jainsleyrod icon
Sec1

Provides file system access, web content fetching, Git repository interaction, time utilities, memory management via a knowledge graph, and sequential thinking capabilities for LLMs.

Setup Requirements

  • ⚠️Filesystem server requires at least one allowed directory path as a command-line argument or via MCP roots protocol for initialization.
  • ⚠️Fetch server can access local/internal IP addresses, posing an SSRF security risk if exposed.
  • ⚠️Memory server's Docker configuration warns about potential overwrite of existing `index.js` files in named volumes, requiring manual deletion.
  • ⚠️Python 3.10+ required for Python-based servers (Fetch, Git, Time).
Review RequiredView Analysis
The `everything` server (part of this repository) includes a `printEnv` tool that exposes *all* environment variables, posing a critical information disclosure vulnerability. The `fetch` server explicitly warns about the ability to access local/internal IP addresses, creating a high-risk Server-Side Request Forgery (SSRF) vector. While the `filesystem` server (the primary focus of the provided README) implements robust path validation and atomic file operations to mitigate path traversal and symlink attacks, the presence of these other components in the same repository, often deployed together, severely compromises the overall security posture. The `git` server also takes `repo_path` as an argument without explicit validation against a server-side allowed roots list, which could allow access to arbitrary repositories. The `memory` server's persistence path can be overridden by an environment variable, which if misconfigured, could lead to arbitrary file creation/overwrite.
Updated: 2025-11-25GitHub
0
0
Low Cost
AyanKamila icon

upgates-com-mcp

by AyanKamila

Sec9

Provides client-side UI components and interactivity for a web application, leveraging Bootstrap for styling and layout, and custom jQuery plugins for progress bars.

Setup Requirements

  • ⚠️Requires jQuery to be loaded before other Bootstrap components and plugins.
  • ⚠️Bootstrap's dropdowns, tooltips, and popovers (when using `bootstrap.js` instead of `bootstrap.bundle.js`) require Popper.js for dynamic positioning.
Verified SafeView Analysis
The provided code consists of widely used and well-audited open-source JavaScript libraries (Bootstrap 4.6.2, jQuery 3.7.0) and small jQuery plugins for progress bars. No direct 'eval' or other clearly malicious patterns, hardcoded secrets, or explicit network risks are visible within these client-side assets. The overall security posture depends on how these assets are served and integrated into a larger web application.
Updated: 2026-01-19GitHub
0
0
High Cost
kallgit-codex icon

uni-mcp-claude-desktop

by kallgit-codex

Sec3

A universal MCP server providing a unified interface for an AI agent to interact with a wide array of external services for automation tasks.

Setup Requirements

  • ⚠️Requires numerous API keys for various integrated services (Twilio, Resend, OpenAI, Anthropic, Stripe, Facebook, GitHub, Railway), many of which are paid services.
  • ⚠️For web mode, OAuth client ID and secret must be generated and configured via environment variables.
  • ⚠️OAuth authorization codes and access tokens are stored in-memory and will not persist across server restarts, which can be problematic for production environments.
  • ⚠️The hardcoded `RESEND_API_KEY` in `test-email.js` must be removed or replaced with an environment variable for security reasons before deployment or use.
Review RequiredView Analysis
CRITICAL: The file `test-email.js` contains a hardcoded `RESEND_API_KEY`. This is a severe security vulnerability as it exposes a live API key in the source code, making it accessible to anyone with repository access. For web mode, authentication uses Bearer tokens and an OAuth 2.0 flow. OAuth authorization codes and access tokens are stored in-memory (`src/oauth.ts`), which means they will be lost on server restarts and is not suitable for robust production use. The server explicitly requires `MCP_AUTH_TOKEN` to be set for web mode, preventing a dangerous empty JWT secret fallback. Rate limiting is implemented, which is good.
Updated: 2025-12-13GitHub
0
0
Medium Cost
CodeIA-Tech icon

codeia-mcp-servers

by CodeIA-Tech

Sec9

This project provides a collection of Model Context Protocol (MCP) server configurations and specialized agent rules for the Cursor IDE, enabling integration with various DevOps, SRE, monitoring, and automation tools like Datadog, Azure DevOps, Kubernetes, Git, and local filesystem.

Setup Requirements

  • ⚠️Requires API Keys/Personal Access Tokens for various external services (Datadog, GitHub, Azure DevOps, AWS, Brave Search, Rundeck).
  • ⚠️Requires Node.js version >= 18.0.0.
  • ⚠️Some setup scripts require GitHub CLI (`gh`) to be installed and authenticated.
  • ⚠️Specific SSH key (`ec2-workflow-datadog.pem`) is assumed for remote EC2 operations, requiring secure key management.
Verified SafeView Analysis
The project explicitly addresses security by recommending the use of environment variables or GitHub Secrets for sensitive information, with dedicated scripts for secret management. Server execution relies on `npx` to launch external `@modelcontextprotocol/server-*` packages, which is generally secure if the underlying packages are trusted. Custom scripts use standard shell commands and `ssh` for remote execution, which requires careful management of SSH keys. No `eval` or blatant malicious patterns were found.
Updated: 2025-12-02GitHub
0
0
Low Cost
successbyfailure icon

docmost-mcp

by successbyfailure

Sec8

A lightweight HTTP MCP server acting as an API gateway to interact with a Docmost instance, exposing its functionalities as discoverable tools.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️A running Docmost instance URL (`DOCMOST_BASE_URL`) must be provided.
  • ⚠️Requires authentication to Docmost: either `DOCMOST_API_TOKEN` or a combination of `DOCMOST_EMAIL` and `DOCMOST_PASSWORD`.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (API token or email/password), which is a good practice. It explicitly requires Node.js v18+ for native `fetch`, avoiding external dependencies. Input parsing (`parseJsonBody`) includes a size limit (5MB) to mitigate large body attacks. CORS is set to `*`, which is common for API gateways but means clients should implement their own origin restrictions if necessary. Tool parameters are validated for presence by the `DocmostClient`, but not extensively against the `inputSchema` definitions in `src/server.js` before execution, relying on the underlying Docmost API for full validation.
Updated: 2025-12-03GitHub
0
0
Low Cost
BlockRunAI icon

awesome-sales-mcp

by BlockRunAI

Sec10

A curated list of Model Context Protocol (MCP) servers for sales, CRM, and revenue operations.

Verified SafeView Analysis
The repository consists of static Markdown files (README, CONTRIBUTING.md) and images. There is no executable code provided within this repository to analyze for dynamic security vulnerabilities like 'eval', obfuscation, or network risks. No hardcoded secrets or malicious patterns are present in the provided source files.
Updated: 2026-01-17GitHub
0
0
Medium Cost
scopweb icon
Sec9

Compiles gettext .po catalogs into .mo binaries, validates catalogs, and summarizes translation progress for localization workflows, designed for local execution with MCP clients.

Setup Requirements

  • ⚠️Requires Go (Golang) runtime/SDK to build and compile the server binary.
  • ⚠️Requires an MCP-aware client (e.g., Claude Desktop) to connect to and utilize the server's exposed tools.
Verified SafeView Analysis
The server primarily processes text input (PO content) and generates binary output (MO content). It uses os.CreateTemp for temporary file creation, which is a secure method. There are no obvious 'eval' or command injection vulnerabilities. The 'return=path' option creates a temporary file, which is a controlled operation. The server does not appear to open network ports directly, relying on an external MCP client for communication. Potential risks are related to resource exhaustion from parsing extremely large or malformed PO files, but this is acknowledged in the README, suggesting external OS-level limits.
Updated: 2026-01-17GitHub
PreviousPage 275 of 713Next