Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
dzunhowz icon

wizelit-mcp

by dzunhowz

Sec6

An AI-powered platform for Python code analysis (symbol scanning, impact analysis, dependency graphing, grep, git blame) and refactoring, integrated with a Chainlit chat interface.

Setup Requirements

  • ⚠️Python 3.12+ required.
  • ⚠️AWS Credentials (Access Key, Secret Key, Region, Bedrock Model ID) required for Bedrock LLM access.
  • ⚠️Requires `wizelit-sdk` from a private GitHub repository via SSH, necessitating SSH key configuration for installation.
Review RequiredView Analysis
The server uses `subprocess.run` for `git clone`, `grep`, and `git blame`. While `shell=True` is not explicitly used, user-controlled arguments (`grep` patterns, `git blame` file paths) are passed directly. This introduces potential risks for command injection (e.g., crafted regex patterns could lead to resource exhaustion) or path traversal (e.g., `git blame` on paths outside the intended scope when `root_directory` is a local path) if inputs are not properly sanitized. Hardcoded secrets are avoided by using environment variables.
Updated: 2026-01-19GitHub
0
0
High Cost
OppaAI icon

CV_Robot_MCP

by OppaAI

Sec8

Enables a robot to visually interpret its environment in real-time by sending camera feeds to an external VLM and receiving object descriptions for enhanced situational awareness.

Setup Requirements

  • ⚠️Requires a HuggingFace token (HF_CV_ROBOT_TOKEN) to be generated and placed in a .env file.
  • ⚠️Relies on the external CV_MCP_Server HuggingFace Space being active and accessible.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The project uses `ast.literal_eval` to parse responses from the HuggingFace VLM server. While generally safer than `eval`, parsing external data always carries a minuscule risk if the external service were compromised. The HuggingFace token (`HF_CV_ROBOT_TOKEN`) is loaded from `.env`, which is good practice, but this token grants access to the specified HuggingFace Space and should be protected. Camera data is sent to a third-party server.
Updated: 2025-12-08GitHub
0
0
Low Cost
Pulse-Programmer icon

mcp-server-weather

by Pulse-Programmer

Sec9

Provides real-time weather alerts and forecasts for specified US locations and states.

Setup Requirements

  • ⚠️Python 3.13+ required
Verified SafeView Analysis
The server interacts with a reputable public API (National Weather Service) using the httpx library. It includes basic error handling for network requests and no hardcoded secrets or 'eval' statements. Data formatting appears safe. The primary risk would be issues with the NWS API itself or potential abuse of the tool by providing excessive inputs, though the NWS API likely has rate limits.
Updated: 2025-11-20GitHub
0
0
Medium Cost
Kakuritsu95 icon

smart-pointment

by Kakuritsu95

Sec6

Manages appointments and provides personal information (Thodoris's schedule and details) via a Model Context Protocol (MCP) server, integrated with an AI model.

Setup Requirements

  • ⚠️Requires a running Ollama server accessible at `OLLAMA_URL` with the `OLLAMA_MODEL` (e.g., `qwen3:1.7b`) loaded, as the `mcp-client` depends on it.
  • ⚠️The `MCP_SERVER_URL` environment variable must be configured for the `mcp-client` to connect to the `mcp-server` (Java application).
  • ⚠️The `mcp-server` (Java Spring Boot application) expects `static/schedule.csv` and `static/information.json` files to be present in its `src/main/resources/static` directory within the classpath for successful startup and operation.
Review RequiredView Analysis
CSV Injection Vulnerability: The `CSVScheduleService` directly writes user-provided 'reason' into a CSV file without sanitization. If this CSV is subsequently consumed by a vulnerable client (e.g., a spreadsheet application), a malicious 'reason' (e.g., starting with '=', '+', '-', or '@') could trigger formula injection, potentially leading to arbitrary command execution on the client's machine. Prompt Injection Risk: The `mcp-client` utilizes an LLM (Ollama) to interpret user queries and invoke tools (`ScheduleInfoTools.doAppointment`). This introduces a risk where a sophisticated attacker could craft inputs to manipulate the LLM into making unintended tool calls or extracting sensitive information. Open CORS Policy: The `mcp-client` enables CORS for all origins (`app.use(cors())`), which is overly permissive for production and could expose the API to unwanted cross-origin requests. No `eval` or blatant obfuscation was found. No obvious hardcoded secrets in the provided code.
Updated: 2025-11-28GitHub
0
0
Medium Cost
tausifbadu icon

ops-autopilot

by tausifbadu

Sec9

An AI-powered agentic control plane for AWS operations and DataOps, designed to automatically detect, investigate, and respond to production issues.

Setup Requirements

  • ⚠️Python 3.11+ required
  • ⚠️Docker and docker-compose required
  • ⚠️AWS credentials (optional for local, critical for full functionality)
Verified SafeView Analysis
The architecture emphasizes safety with read-only defaults, policy-gated write actions, idempotency, verification, and auditing. IAM roles with least privilege are planned for production. No 'eval' or obfuscation is visible in the provided README. Requires careful configuration of allowlists for state machines and log groups to limit scope. The security of the underlying 'AI Agent Host' implementation and specific LLM integrations would need further review beyond this overview.
Updated: 2026-01-19GitHub
0
0
High Cost
tomofuminijo icon

HealthManagerMCP

by tomofuminijo

Sec8

Healthmateエコシステムの中核となる健康情報管理MCPサーバーとして、AI健康コーチや外部AIクライアント(ChatGPT、Claude等)との連携を可能にします。

Setup Requirements

  • ⚠️Requires Python 3.12+ and Node.js 18+ for development.
  • ⚠️Requires configured AWS CLI v2 and AWS CDK Bootstrap in the target region.
  • ⚠️M2M authentication setup involves multiple steps, including CDK deployment and running shell scripts to create AgentCore Identity and OAuth2 Credential Providers.
  • ⚠️The server offers 40 distinct MCP tools. Providing all schemas and tool descriptions to an AI model can consume a substantial portion of the context window (estimated ~7000 tokens for schema descriptions alone), potentially leading to higher inference costs for AI clients.
Verified SafeView Analysis
The server leverages AWS serverless architecture (Lambda, DynamoDB) with robust security features. Authentication is handled via Cognito M2M (Client Credentials Flow) and JWT validation by AgentCore Gateway. DynamoDB table permissions are scoped to specific Lambda functions. Input validation is implemented in Lambda handlers for various data types (dates, scores, ranges, formats). Ownership checks are in place for data modification. The use of `RemovalPolicy.DESTROY` for development environments is noted, with a recommendation for `RETAIN` in production. No direct use of `eval` or `exec` is observed. A minor concern is the `print` of a truncated client secret in test code, which while for testing, is generally a practice to avoid even in non-production contexts.
Updated: 2025-12-29GitHub
0
0
High Cost
gavlooth icon

reasoning-tools

by gavlooth

Sec4

An MCP (Model Context Protocol) server that provides advanced reasoning tools (sequential, graph-of-thoughts, reflexion, dialectic) using configurable LLM backends.

Setup Requirements

  • ⚠️Requires a paid LLM API key (e.g., OpenAI, Anthropic) or a local Ollama instance running. Automatic provider detection occurs based on environment variables.
  • ⚠️Requires Python 3 installed and in PATH if the `code_exec` tool is enabled. This is also used for the AST-based security validation of Python code.
  • ⚠️Requires manual compilation from Go source code (`go build`) before execution.
Review RequiredView Analysis
The server includes a `code_exec` tool that executes Python code on the host system. While extensive validation (`validatePythonCode` using string pattern matching and AST analysis via Python subprocess) is implemented to block many dangerous operations (e.g., file system access, process execution, dynamic imports, dunder method manipulation, common obfuscation), running arbitrary user-supplied code, even with these restrictions, carries inherent residual risks of bypass or unforeseen vulnerabilities. The README explicitly warns: 'This tool executes code on the host system without full sandboxing. Only use in trusted environments.' Without dedicated containerization or a more isolated sandbox, it is not fully secure and should not be run in environments where untrusted input is processed or on critical systems.
Updated: 2026-01-19GitHub
0
0
Low Cost
banday00 icon
Sec8

A remote, unauthenticated Model Context Protocol (MCP) server deployed on Cloudflare Workers, providing simple calculator tools for integration with AI clients like Cloudflare AI Playground or Claude Desktop.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires Node.js and `npm`/`wrangler` CLI for local development and deployment.
  • ⚠️The server is intentionally unauthenticated and publicly accessible by design; users should be aware of this for any modifications.
Verified SafeView Analysis
The server is explicitly designed to be "authless," allowing unrestricted access to its calculator tools. While this is intentional for demonstration purposes, deploying sensitive tools without authentication would be a critical security vulnerability. No direct code injection vulnerabilities or hardcoded secrets were identified within the provided source code.
Updated: 2026-01-16GitHub
0
0
Medium Cost
akash8190 icon

MCP-Server-project

by akash8190

Sec8

A client-server system for remote execution of math operations and mock weather data retrieval using LangChain/LangGraph and an MCP adapter.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher (as per pyproject.toml, overriding README's 3.8+).
  • ⚠️Requires a GROQ_API_KEY environment variable to be set for LLM interactions.
  • ⚠️The weather server (weather.py) must be running explicitly on http://localhost:8000 for the client to communicate with it via HTTP.
Verified SafeView Analysis
The project avoids obvious hardcoded secrets by using environment variables for the GROQ_API_KEY. Math operations are simple arithmetic, limiting injection risks. The weather server currently returns a hardcoded string, mitigating external API security concerns. Primary risks would stem from potential vulnerabilities in the LangChain/LangGraph or MCP libraries themselves, or if the server components were exposed publicly without proper authentication.
Updated: 2025-11-30GitHub
0
0
Medium Cost
CaullenOmdahl icon

duffel-mcp-server

by CaullenOmdahl

Sec9

Enables LLMs to search for flights, analyze offers, and create bookings through the Duffel API with intelligent optimization strategies.

Setup Requirements

  • ⚠️Requires a Duffel API Key with specific permissions (air.offer_requests.create, air.offers.read, air.orders.create, air.airlines.read, payments.payment_intents.create).
  • ⚠️Duffel Payments must be enabled on your Duffel account for the self-hosted checkout flow (`duffel_create_checkout` tool).
  • ⚠️For persistent checkout sessions in a hosted environment, a Redis instance is required (falls back to in-memory store otherwise).
  • ⚠️Python 3.10 or higher is required.
Verified SafeView Analysis
The server uses Pydantic for robust input validation, `os.getenv` for API key management, and `httpx` for secure external API calls with error handling. Basic path traversal prevention is implemented for static file serving. It uses a trusted third-party payment component (Duffel Payments JS). No `eval` or obvious obfuscation detected. Session storage can fall back to in-memory if Redis is not configured, which might not be production-ready for session persistence.
Updated: 2026-01-03GitHub
0
0
Medium Cost
kcofoni icon

pmwiki-mcp

by kcofoni

Sec9

Provides a Model Context Protocol (MCP) server for LLMs to read and search PmWiki content.

Setup Requirements

  • ⚠️Requires Docker to run.
  • ⚠️Requires an existing PmWiki 'wiki.d' directory on the host machine to be mounted as a read-only volume.
  • ⚠️Client (e.g., Claude Desktop) requires the 'mcp-proxy' tool for connection.
Verified SafeView Analysis
The server design is secure by default due to read-only mounting of the PmWiki 'wiki.d' directory, preventing any write operations to the wiki files. There are no 'eval' statements or other direct code injection vulnerabilities. Path traversal within 'read_page' is mitigated by replacing '/' with '.' and 'os.path.join' appending to a controlled directory, making it highly unlikely for an attacker to access files outside the mounted volume.
Updated: 2025-12-23GitHub
0
0
Medium Cost
rncz icon
Sec6

Allows a Large Language Model (LLM) to perform CRUD operations, run raw SQL, and introspect SQLite databases stored locally.

Setup Requirements

  • ⚠️Requires 'uv' for Python environment management and package installation.
  • ⚠️LLM software must support MCP server integration and tool calling.
  • ⚠️Databases are stored locally in a 'databases/' folder relative to the server installation, requiring careful management of this directory.
Verified SafeView Analysis
The `execute_sql` tool allows the LLM to run arbitrary SQL queries, posing a significant risk if the LLM generates malicious or destructive commands (e.g., `DROP TABLE`). While the CRUD tools use parameterized queries for data values, the `sql` string itself is directly from the LLM, requiring careful LLM prompting. The `describe_table` function uses an f-string for the table name in a `PRAGMA` statement, which could be a minor SQL injection risk if not strictly validated. Additionally, the `get_db_path` function might be susceptible to path traversal if `db_name` is manipulated to include `../` sequences, potentially allowing access to files outside the intended `databases` directory.
Updated: 2025-12-13GitHub
PreviousPage 278 of 713Next