Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
janak-dev2002 icon
Sec9

This project demonstrates various transport configurations (STDIO, HTTP, SSE) for FastMCP servers, enabling integration with AI agents like GitHub Copilot by exposing specific tools.

Setup Requirements

  • ⚠️Requires Python 3.14 or higher.
  • ⚠️Requires 'uv' for dependency management and running the servers.
  • ⚠️For HTTP/SSE transports, the server must be manually started and kept running in a separate terminal.
  • ⚠️For STDIO transport, the server must be started by VS Code, not manually; the 'cwd' path in VS Code configuration is critical.
  • ⚠️HTTP and SSE endpoints require specific URL paths (/mcp and /sse respectively), not just the root URL.
Verified SafeView Analysis
The server code itself (`stdio_mcp.py`, `http_mcp.py`, `sse_mcp.py`) is simple and does not contain obvious direct vulnerabilities like 'eval', 'exec', or hardcoded secrets. Input types are basic (int, str), and string formatting uses f-strings, which are generally safe in this context. The primary security considerations would stem from the 'fastmcp' library itself (which is out of scope for this code analysis) and the risks associated with exposing tool access to an AI agent, where malicious or unintended inputs could potentially be crafted. Network-exposed transports (HTTP, SSE) would require standard network security practices (firewall, authentication) if deployed beyond local developer use, but the example implicitly targets local Copilot integration.
Updated: 2025-11-23GitHub
0
0
Medium Cost
CasperGN icon

dapr-mcp

by CasperGN

Sec6

The dapr-mcp server enables AI agents to interact with Dapr building blocks (state, pubsub, secrets, bindings, etc.) through a structured Model Context Protocol (MCP) tool interface.

Setup Requirements

  • ⚠️Requires Dapr to be initialized locally ('dapr init').
  • ⚠️The test agent requires Python 3.13 for its virtual environment.
  • ⚠️Requires a local Redis instance running on localhost:6379 (usually provided by 'dapr init').
  • ⚠️The 'converse_with_llm' tool requires a local Ollama server running on http://localhost:11434 with 'llama3.2:latest' model downloaded.
  • ⚠️A simple Python HTTP server must be running on port 8000 for the 'external-webhook' binding example.
Verified SafeView Analysis
The server leverages standard Dapr SDKs and does not contain obvious 'eval' or obfuscation. However, several security considerations exist for a production environment: mock secrets are stored in 'components/secrets.json' within the repository (bad practice for actual secrets); Redis components across `components/` and `test/components/` use empty passwords, indicating unsecure local Redis instances; and cryptography operations in 'pkg/crypto/tools.go' use a hardcoded key name 'rsa-private-key.pem' pointing to a local file system path that would require careful securing in production. The system's robustness relies heavily on the AI agent's adherence to tool annotations and instructions, as tools like 'invoke_service' and 'invoke_output_binding' can perform powerful, potentially destructive, operations on external systems.
Updated: 2026-01-08GitHub
0
0
Medium Cost
Ifrazahoor icon

GeminiMcpServer.

by Ifrazahoor

Sec3

Acts as a server or proxy for a protocol, likely related to Minecraft (MCP).

Review RequiredView Analysis
Source code was not provided beyond the README file, making a comprehensive security audit impossible. Cannot check for common vulnerabilities like 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns.
Updated: 2025-12-05GitHub
0
0
Medium Cost
FYTJ icon
Sec3

A server that exposes GDB debugging capabilities (session, target, breakpoint, execution, memory, and event control) via a TCP-based JSON-RPC interface using MCP tools.

Setup Requirements

  • ⚠️Requires Ubuntu Linux with GDB (>= 9.0) installed.
  • ⚠️Requires Python 3.10+.
  • ⚠️Potential 'ptrace permission denied' issues in containerized or restricted environments, requiring specific kernel parameter changes or Docker `--cap-add=SYS_PTRACE`.
Review RequiredView Analysis
The `gdb.command` method allows clients to execute arbitrary GDB console commands via the `-interpreter-exec console "{command}"` interface. This creates a severe command injection vulnerability, potentially allowing a malicious or compromised client to execute arbitrary commands on the host system where GDB is running (e.g., `shell rm -rf /`). While `GDB_MCP_ALLOWED_ROOT` restricts target file paths for `createTarget`, it does not restrict commands passed to `gdb.command`. The server is only safe if access is strictly limited to highly trusted, sandboxed clients or environments.
Updated: 2025-12-03GitHub
0
0
Medium Cost
s2mgtvodois2 icon

postgresql-mcp-js

by s2mgtvodois2

Sec9

Simplifies PostgreSQL database interactions for AI models or applications using the Model Context Protocol (MCP) by exposing schema, data, and query execution as tools and resources.

Setup Requirements

  • ⚠️Requires Bun runtime (v1.0.0 or higher)
  • ⚠️Requires a running PostgreSQL database instance
  • ⚠️Requires configuration of PostgreSQL connection details via environment variables
Verified SafeView Analysis
The server uses parameterized queries (`Bun.sql`) to prevent SQL injection. It explicitly restricts the `execute-query` tool to read-only operations (SELECT, EXPLAIN, WITH), preventing accidental or malicious data modification. Secrets are handled via environment variables. Communication happens over standard I/O (StdioServerTransport), reducing direct network attack surface. Row limits are applied to data retrieval. The `SECURITY.md` file outlines robust security practices and considerations. The primary risk would be misconfiguring the PostgreSQL database itself or its network access, which is external to this server's code.
Updated: 2026-01-19GitHub
0
0
Low Cost
CooleyMcCoolson icon

mcp-server

by CooleyMcCoolson

Sec7

Provides centralized AI context services like web search and content retrieval to multiple client machines on a local network.

Setup Requirements

  • ⚠️Requires an Unraid server with Docker.
  • ⚠️A Brave Search API key is mandatory for the Brave Search MCP service.
  • ⚠️The client machines require Python 3 and the `mcp-bridge.py` script copied locally.
Verified SafeView Analysis
The project intends to run services on an internal network only, with no ports exposed to the internet, which is a good security posture assuming proper network configuration by the user. API keys are managed via environment variables from a `.env` file, which is acceptable, but the project notes a 'TODO' to implement Docker secrets for enhanced security. Some services (Fetch, Obsidian, Sequential Thinking) install npm packages at runtime within generic Node.js containers, which can introduce supply chain risks if the packages or their dependencies are compromised. The Brave Search service uses a custom Docker image, requiring trust in its source. The `mcp-bridge.py` script itself appears to be a straightforward proxy without obvious vulnerabilities like 'eval' or malicious patterns, but its security depends on the integrity of the remote MCP server it connects to.
Updated: 2026-01-16GitHub
0
0
Low Cost
jaikishpai icon

mcp-server-nodejs

by jaikishpai

Sec9

An HTTP-based Model Context Protocol (MCP) server for integrating AI agents with Oracle databases via exposed SQL and schema tools.

Setup Requirements

  • ⚠️Requires an accessible Oracle Database with credentials.
  • ⚠️Docker deployments face challenges with Oracle Instant Client downloads due to license acceptance, potentially requiring manual download or alternative Dockerfile configurations.
  • ⚠️The `nl2sql` tool requires an external NL2SQL service (a placeholder Python service is provided but needs replacement for actual functionality).
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in preventing SQL injection. The `runQuery` tool explicitly requires an `approved: true` flag, mandating prior semantic mapping and schema validation to ensure LLM-generated SQL is safe. Identifier validation is used for table and schema names in `getSchema` to prevent injection. The `executeQuery` function rejects SQL containing semicolons by default. The `/mcp` endpoint is protected by an API key (`MCP_API_KEY`), which is enforced in production. Sensitive configurations are handled via environment variables, with no apparent hardcoded secrets. The server uses `helmet` for security headers and limits request size. A minor point for improvement is the default `CORS_ORIGIN: '*'`, though a TODO is present to restrict it in production. TLS/HTTPS is expected to be handled by a reverse proxy.
Updated: 2025-12-10GitHub
0
0
Medium Cost
jollygood1980 icon

openshift-mcp-server

by jollygood1980

Sec5

Manages and exposes APIs for configuring OpenShift Machine Config Pools (MCPs), facilitating automated infrastructure management and node consistency.

Setup Requirements

  • ⚠️Requires access to an OpenShift cluster with appropriate administrative permissions for Machine Config Pools.
  • ⚠️Requires specific environment variables for OpenShift API access and server configuration (e.g., Kubeconfig path, bearer token, listen port).
  • ⚠️Likely intended to be run within an OpenShift cluster or similar containerized environment.
Review RequiredView Analysis
Source code was not provided for analysis. As a server component interacting with OpenShift Machine Config Pools, it would handle critical infrastructure configuration and potentially sensitive credentials. Without code, it's impossible to verify secure coding practices like input validation, authentication/authorization, secure communication (TLS), protection against common web vulnerabilities (e.g., injection, XSS), proper secret management, and absence of malicious patterns or hardcoded credentials. Therefore, safety cannot be guaranteed.
Updated: 2026-01-19GitHub
0
0
Low Cost
happylinks icon

arc-mcp

by happylinks

Sec8

Programmatically manage Arc browser spaces, tabs, and open URLs.

Setup Requirements

  • ⚠️Requires macOS (Arc browser is macOS-only)
  • ⚠️Arc browser installed
  • ⚠️Arc Sync must be disabled for space/tab modifications to persist
  • ⚠️Most modifications (create/delete space, add/delete tab) require restarting Arc to take effect
Verified SafeView Analysis
The server directly modifies Arc browser's local configuration file (`StorableSidebar.json`) and uses AppleScript (`osascript`) for certain operations like focusing spaces or opening URLs. While direct file modification and `execSync` with `osascript` inherently carry some risk, the code includes sanitization for AppleScript inputs (escaping single quotes) and creates backups before modifying the sidebar file. No 'eval' or other highly dangerous patterns were found. The tool's purpose is to manipulate a specific application's data, which it does as intended.
Updated: 2026-01-19GitHub
0
0
Low Cost
Ayeshaaaqil icon
Sec9

A personal chatbot with memory that persists user data across sessions using Chainlit and the OpenAI Agents SDK configured for Google Gemini.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (GEMINI_API_KEY) configured in the .env file, which may incur costs depending on usage.
  • ⚠️Requires Python 3.12 or higher.
Verified SafeView Analysis
No direct use of 'eval' or obvious malicious patterns. API key loaded from environment variables. Local JSON file is used for user profiles; while this is a common pattern for memory, it implies the agent writes to this file based on user input, which assumes the agent's actions are trusted.
Updated: 2025-11-25GitHub
0
0
Medium Cost
sahilpate3345 icon

mcp_custom_server

by sahilpate3345

Sec8

A Streamlit-based chatbot that uses MCP and LangGraph to perform general math tasks.

Setup Requirements

  • ⚠️Requires GOOGLE_API_KEY (Paid) to interact with the Gemini LLM.
  • ⚠️The MCP Server (custom_mcp_server.py) must be running locally on http://127.0.0.1:8000 before the client/web interface can connect.
  • ⚠️Requires Python environment setup with specific dependencies (e.g., mcp, langchain-mcp-adapters, langchain-google-genai, langgraph, streamlit, python-dotenv).
Verified SafeView Analysis
The server defines specific math tools (add, multiply, divide, square_root, factorial) which are inherently safe and do not allow for arbitrary code execution. Secrets (GOOGLE_API_KEY) are loaded from environment variables using `dotenv` rather than being hardcoded. The `FastMCP` server binds to a local address (127.0.0.1), limiting direct external exposure. No explicit use of dangerous functions like `eval` or `exec` is present in the provided code snippets for user input processing.
Updated: 2026-01-17GitHub
0
0
High Cost
SAP-samples icon
Sec9

This repository provides a hands-on tutorial for agentic app development with AI clients (Cline) and SAP's MCP servers to create and modify SAP Fiori applications.

Setup Requirements

  • ⚠️Requires access to SAP Business Application Studio (SBAS).
  • ⚠️Requires API keys for AI providers (e.g., Anthropic Claude, Google Gemini) which may incur costs and need to be obtained and configured.
  • ⚠️Relies on `npx` to download and run MCP server packages, requiring a Node.js environment and network access.
Verified SafeView Analysis
The source code primarily consists of documentation (README files) and configuration for an AI client (Cline) to interact with SAP's Managed Code Project (MCP) servers. It guides users to run official SAP packages (`@sap-ux/fiori-mcp-server`, `@cap-js/mcp-server`) via `npx`. There are no 'eval' statements, obfuscation, or overtly malicious patterns in the provided snippets. The tutorial specifies using 'dummy' credentials for local application previews, which is acceptable for a development hands-on but would be a critical risk in production. The overall security depends on the user's secure handling of API keys for AI models and the security posture of the SAP Business Application Studio environment itself.
Updated: 2025-12-09GitHub
PreviousPage 276 of 713Next