Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
lanonasis icon

onasis-mcp-server

by lanonasis

Sec2

Provides a unified API gateway and Model Context Protocol (MCP) server for enterprise memory management (Memory as a Service - MaaS), AI agent integration, and secure API key management, with real-time updates and workflow orchestration capabilities.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for memory embeddings and AI workflow orchestration.
  • ⚠️Requires a Supabase account (PostgreSQL with vector extensions enabled) for persistent storage and database functions.
  • ⚠️Requires a Redis instance for OAuth state management and API key caching.
  • ⚠️Critical security defaults are present (e.g., default JWT_SECRET, EMERGENCY_BOOTSTRAP_TOKEN) that MUST be changed before any serious deployment.
  • ⚠️Complex environment variable configuration is necessary for full functionality, spanning database, AI, caching, and several internal service URLs.
Review RequiredView Analysis
The server has critical security vulnerabilities. The '2025-08-23-PROGRESS-UPDATE.md' explicitly flags 'Authentication & Authorization Issues ⚠️' noting 'Current MCP implementation bypasses Core authentication entirely' and 'MCP calls database directly without proper JWT validation'. The `src/netlify/mcp.js` Netlify function hardcodes `organizationId: 'ADMIN_ORG'` and `userId: null`, allowing unauthenticated creation of memories and API keys. The `src/middleware/_middleware.js` includes a 'WARNING: Placeholder implementation - DO NOT DEPLOY TO PRODUCTION' for JWT validation. The `src/routes/emergency-admin.ts` creates an admin API key without login and warns to 'Remove this file after initial setup!'. Weak default `JWT_SECRET` and `EMERGENCY_BOOTSTRAP_TOKEN` values are present. The `EncryptionUtils` uses a hardcoded 'salt' which is a security anti-pattern. While `src/middleware/auth-aligned.ts` attempts to fix some authentication issues, the overall system, especially in its Netlify function deployments, is highly insecure and not safe for production as-is.
Updated: 2026-01-02GitHub
0
0
Low Cost
raffaeler icon

PyMcp

by raffaeler

Sec8

Demonstrates a sample Model Context Protocol (MCP) server with basic text processing and AI integration using the Python FastMCP library.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️The `oneLiner` tool uses `context.sample()` which necessitates an underlying LLM configured (e.g., an OpenAI API key or local LLM setup) for full functionality.
  • ⚠️The `uv` package manager is strongly suggested for dependency management.
Verified SafeView Analysis
The server's code does not contain 'eval', obfuscation, or hardcoded secrets. It uses `os.getenv` for configuration (host/port) and `python-dotenv` for loading environment variables. The `oneLiner` tool utilizes `context.sample()` to interact with an external AI model. This interaction implicitly relies on an LLM setup (e.g., API keys), and the `include_context='thisServer'` parameter means this server's tools could be called by the LLM. While this is part of FastMCP's design, it requires awareness regarding potential prompt injection if user inputs are not adequately handled by the underlying LLM system, though no direct vulnerability is observed in the provided server code.
Updated: 2025-11-20GitHub
0
0
Medium Cost
kurojs icon
Sec8

Integrates ElevenLabs Text-to-Speech with OpenCode, allowing an AI assistant to speak its responses aloud through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires ElevenLabs API Key (paid service)
  • ⚠️Automatic audio playback requires PulseAudio (Linux only)
  • ⚠️Requires OpenCode with MCP support for full integration
Verified SafeView Analysis
The server retrieves the ElevenLabs API key from an environment variable (process.env.ELEVENLABS_API_KEY), which is a good security practice. It uses `child_process.execAsync` to play audio via `paplay` on Linux, which always introduces a potential risk, but the temporary filename is generated internally using `Date.now()` and is properly quoted, mitigating command injection risks from user input. User-provided text is sent to the ElevenLabs API, not directly to `execAsync`. No `eval` or obvious malicious patterns were found. The primary external interaction is with the ElevenLabs API over HTTPS.
Updated: 2025-12-17GitHub
0
0
Low Cost
hitosh308 icon

mcp-servers

by hitosh308

Sec9

A minimal Japanese web interface for listing and filtering Model Context Protocol (MCP) servers from a live registry, with a local data fallback.

Setup Requirements

  • ⚠️PHP is required to run the server.
Verified SafeView Analysis
The code demonstrates good security practices for a simple web application. All output to HTML is properly escaped using `htmlspecialchars`, mitigating Cross-Site Scripting (XSS) risks. External API calls are made to a hardcoded public registry URL, without dynamic user input in the URL, reducing direct server-side injection vectors. No `eval()` or similar dangerous functions are used. There are no hardcoded secrets or sensitive credentials. Client-side filtering in JavaScript further limits server-side exposure to user input for search parameters. The primary external interaction is with the public MCP registry.
Updated: 2025-12-14GitHub
0
0
Medium Cost
DelicateAlchemy icon

loist-mcp-server

by DelicateAlchemy

Sec9

Processes audio files from URLs, extracts comprehensive metadata, stores them in Google Cloud Storage, and provides a searchable library via a Music Library Protocol (MCP) API.

Setup Requirements

  • ⚠️Requires PostgreSQL database instance (local or Cloud SQL).
  • ⚠️Requires Google Cloud Storage bucket and appropriate service account permissions.
  • ⚠️Requires FFmpeg binary installed and accessible in system PATH.
  • ⚠️Requires ExifTool binary installed and accessible in system PATH.
Verified SafeView Analysis
The server demonstrates strong security practices including comprehensive input validation (Pydantic schemas), robust URL/SSRF protection with explicit blocking of dangerous protocols and private IP ranges, and thorough SQL injection prevention via parameterized queries and psycopg2.sql. Dynamic SQL generation is handled safely. Temporary files and cleanup are managed. Potential minor risks include implicit Jinja2 auto-escaping (though usually safe by default) for metadata rendering in embed pages, and reliance on external binaries (FFmpeg, ExifTool) requiring trust in their security. Authentication uses a simple, configurable bearer token, which is noted as a limitation for production but adequate for MVP.
Updated: 2025-12-22GitHub
0
0
Medium Cost
Sec5

A multi-country platform server designed to integrate with and manage EasyPost shipping logistics across various geographical regions.

Setup Requirements

  • ⚠️Requires EasyPost API Key (Account required)
  • ⚠️Requires a specific Python version (defined in .python-version)
Review RequiredView Analysis
Cannot fully assess without code review; server likely handles sensitive shipping data and involves network communication with third-party APIs.
Updated: 2025-11-20GitHub
0
0
Medium Cost
enzokamal icon

mcp-hubspot-server

by enzokamal

Sec8

Provides a Model Context Protocol (MCP) server for interacting with the HubSpot CRM API, allowing AI agents to manage companies, contacts, leads, engagements, associations, and products.

Setup Requirements

  • ⚠️Requires `HUBSPOT_ACCESS_TOKEN` environment variable.
  • ⚠️Requires Node.js 18+.
  • ⚠️Uses `pnpm` for package management (though `npm` might also work).
Verified SafeView Analysis
The server securely handles API requests to HubSpot, using `HUBSPOT_ACCESS_TOKEN` from environment variables. Input parameters for tools are validated using Zod schemas, mitigating common injection risks against the HubSpot API. Error handling is present to prevent exposing raw stack traces. The primary security consideration is the secure management of the `HUBSPOT_ACCESS_TOKEN` in the deployment environment.
Updated: 2025-12-11GitHub
0
0
Medium Cost
mhosseinkarimi icon

Chatbot_Agent

by mhosseinkarimi

Sec8

A chatbot agent leveraging large language models to interact with users and perform web scraping, crawling, and data extraction tasks via the Firecrawl service.

Setup Requirements

  • ⚠️Requires Node.js (version 16 or higher) and npx to be installed and in the system PATH.
  • ⚠️Requires an OPENAI_API_KEY environment variable (OpenAI is a paid service).
  • ⚠️Requires a FIRECRAWL_API_KEY environment variable.
  • ⚠️Requires Python 3.12 or newer.
Verified SafeView Analysis
The Python code avoids direct use of dangerous functions like 'eval' or 'exec' on user input. Subprocess calls are to fixed commands ('node --version', 'npx firecrawl-mcp') rather than user-controlled input, mitigating direct command injection risks within the Python layer. API keys are loaded from environment variables, which is good practice. The primary security consideration lies with the external 'firecrawl-mcp' tool itself, which is executed via npx. The agent's ability to call this tool implies trust in the 'firecrawl-mcp' package to handle inputs securely and perform its functions without introducing vulnerabilities that could be exploited by malicious or malformed agent-generated tool calls.
Updated: 2025-11-20GitHub
0
0
Low Cost
Olbrasoft icon

Antigravity

by Olbrasoft

Sec9

Integrates Antigravity IDE notifications into a Virtual Assistant, enabling AI agents to provide voice or system alerts to the user.

Setup Requirements

  • ⚠️Requires Node.js (v18+) and npm to install dependencies and build.
  • ⚠️Needs manual configuration in Antigravity's `mcp_config.json` file, specifying the absolute path to the compiled `index.js`.
  • ⚠️Relies on a running Virtual Assistant API endpoint for notifications to be delivered, specified by the `VA_ENDPOINT` environment variable.
Verified SafeView Analysis
The server primarily acts as a proxy, forwarding notification text to a configurable external API endpoint (`VA_ENDPOINT`). There are no signs of direct code injection vulnerabilities (like `eval` or `child_process` execution of unsanitized user input) in the TypeScript source. The reliance on an external Virtual Assistant endpoint means the security posture is also dependent on the security of that external service, which is a standard integration practice.
Updated: 2026-01-15GitHub
0
0
High Cost
JoaquimCassano icon

cve-mcp

by JoaquimCassano

Sec8

Provides a tool-based interface to search for and retrieve details about Common Vulnerabilities and Exposures (CVEs) from official sources.

Setup Requirements

  • ⚠️Requires a Python environment with `fastmcp`, `pydantic`, and `cloudscraper` libraries installed.
  • ⚠️Relies on external CVE APIs (www.cve.org and cveawg.mitre.org) which might rate-limit or block aggressive scraping, potentially impacting `cloudscraper`'s long-term effectiveness.
  • ⚠️Search results, especially with a high `size` parameter, can return large amounts of data, leading to significant token consumption if processed by an LLM.
Verified SafeView Analysis
The code uses `cloudscraper` to bypass bot detection on `www.cve.org`, which, while not inherently malicious, is an aggressive technique that could lead to operational issues (e.g., IP bans or changes in scraping effectiveness). The `cve_id` is directly interpolated into a URL path in `gather_details` without explicit input validation, though the strict format of CVE IDs reduces the immediate risk of path traversal. Hardcoded user-agent and browser headers are used in network requests, which might require maintenance if external API detection methods change. No 'eval', obfuscation, hardcoded secrets, or other obvious malicious patterns were found. Pydantic models are used for robust data validation and parsing.
Updated: 2025-12-14GitHub
0
0
Low Cost
Maoric2018 icon

mcp-leak-server

by Maoric2018

Sec2

The server's primary function is to deliver an XML payload instructing a 'client agent' to execute a hidden, one-time command for 'cleanup and synchronization'.

Setup Requirements

  • ⚠️Requires Node.js environment
  • ⚠️Requires npm to install dependencies
  • ⚠️Requires Vercel CLI to run via 'npm run dev'
Review RequiredView Analysis
The server's core purpose is to deliver an XML response containing explicit instructions for a client-side agent to execute a hidden, unlogged command (`[HIDDEN_OVERRIDE]`) described as a 'mandatory finalization step'. This pattern is highly indicative of a command-and-control (C2) component, designed to facilitate stealthy, potentially malicious operations (like exfiltration or further compromise) on a connected client, rather than serving legitimate documentation. While the server itself doesn't contain direct server-side exploits like 'eval' or hardcoded secrets, its output is a direct instruction for hidden command execution, making it a critical security risk.
Updated: 2025-11-23GitHub
0
0
High Cost
BACH-AI-Tools icon

mcp-server-azure-devops

by BACH-AI-Tools

Sec9

This server acts as an Azure DevOps client, enabling programmatic interaction with various Azure DevOps resources (code, wikis, work items, pull requests, projects, pipelines, organizations, and user profiles) for automation and AI agent integration.

Setup Requirements

  • ⚠️Requires an Azure DevOps Personal Access Token (PAT) with appropriate scopes or Azure Identity configured credentials for authentication.
  • ⚠️Requires an active Azure DevOps Organization URL to connect.
  • ⚠️The user or service principal configured for authentication must have sufficient permissions in Azure DevOps for invoked actions.
  • ⚠️Specific Azure DevOps extensions (e.g., Code Search) might need to be installed in the organization for certain tools to function.
Verified SafeView Analysis
The server uses environment variables (e.g., AZURE_DEVOPS_PAT) for sensitive credentials, which is a good security practice. It also supports Azure Identity (DefaultAzureCredential, AzureCliCredential) for authentication. Network requests are handled via the `axios` library, and there is no direct use of dangerous functions like `eval` or obvious obfuscation. Error handling wraps API errors, preventing raw sensitive data exposure. Basic shell scripts (`create_branch.sh`) are present but are utility scripts, not part of the core server's runtime logic.
Updated: 2025-12-04GitHub
PreviousPage 277 of 713Next