Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
markusleucht icon

perplexity-mcp

by markusleucht

Sec9

An MCP server leveraging Perplexity AI for deep and social-focused search, designed for Claude Code integration, with specialized capabilities for German pharmaceutical market research.

Setup Requirements

  • ⚠️Requires Perplexity API Key (Paid)
  • ⚠️Perplexity Pro tier required for API access
  • ⚠️Requires Python 3.10+ (despite outdated setup scripts suggesting 3.8+)
Verified SafeView Analysis
The server correctly loads the PERPLEXITY_API_KEY from an environment variable. The `save_report` function, used for saving research reports, constructs file paths safely within a dedicated `docs/reports/{date}_{name}/` directory, preventing path traversal vulnerabilities. No obvious malicious code patterns or obfuscation were found.
Updated: 2025-12-11GitHub
0
0
Low Cost
fifthseason-ai icon

time-mcp

by fifthseason-ai

Sec9

Provides timezone-aware time operations, including natural language parsing, calculations, and conversions, as a Model Context Protocol server.

Setup Requirements

  • ⚠️Requires Node.js (>=14.0.0)
  • ⚠️Server runs via HTTP if `PORT` env var is set, otherwise as a Stdio server, which might require specific client integration.
Verified SafeView Analysis
The server uses `express` and `cors`, standard for HTTP services. It does not appear to use `eval` or dynamic code execution. Dependencies are commonly used and generally secure. Input parsing is handled by `chrono-node` and `moment-timezone`, which are focused on date/time logic and not general code execution. Error handling is present, preventing unhandled exceptions. Default environment variables are provided, reducing the risk of misconfiguration. No hardcoded secrets are visible. Overall, it appears robust for its stated purpose.
Updated: 2025-11-24GitHub
0
0
Medium Cost
Digital-Defiance icon

ai-capability-suite

by Digital-Defiance

Sec9

Provides a comprehensive debugging interface and system control capabilities for AI agents to interact with the development environment.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0+ and NPM 8.0.0+ (for NPM installation)
  • ⚠️Requires Docker 20.10+ (for Docker installation)
  • ⚠️Platform-specific build tools might be required for native dependencies (e.g., Python3-setuptools and build-essential for Linux, Xcode Command Line Tools for macOS, Visual Studio Build Tools for Windows).
  • ⚠️The 'mcp-process' server currently requires a configuration file (`mcp-process-config.json`) specifying allowed executables for security, which needs manual creation and management.
Verified SafeView Analysis
The suite demonstrates a strong focus on security, especially for the 'Process' and 'Filesystem' modules, with features like executable allowlists, argument validation, environment sanitization, resource limits, privilege prevention, PII masking, 10-layer path validation, and comprehensive audit logging. The core 'MCP ACS Debugger' is also described with 'Enterprise security (authentication, rate limiting, PII masking, audit logging)'. While some installation methods involve direct execution of remote scripts (curl | bash), this is typical for convenience, and the server itself includes robust security layers for its runtime operations.
Updated: 2026-01-17GitHub
0
0
Medium Cost
ishumilin icon

schwaizer-I14Y-mcp

by ishumilin

Sec9

Provides AI assistants with tools to search, retrieve, and export metadata from the Swiss I14Y Interoperability Platform regarding concepts, datasets, data services, and public services.

Setup Requirements

  • ⚠️Requires Node.js and npm for installation and execution.
  • ⚠️Requires `I14Y_API_BASE_URL` environment variable to be set, pointing to the I14Y API endpoint.
  • ⚠️`I14Y_API_TOKEN` environment variable is optional but necessary for accessing protected endpoints on the I14Y platform.
Verified SafeView Analysis
The server uses Zod for robust input validation, and 'ky' for secure HTTP client interactions, including retry logic and comprehensive error handling. Configuration, including API tokens, is managed via environment variables, preventing hardcoded secrets. There is no usage of 'eval' or other dangerous dynamic code execution patterns. Logging is correctly routed to STDERR to keep STDOUT clean for MCP JSON-RPC, which is a good practice for standard I/O based servers. Overall, the code structure and practices suggest a strong focus on security and reliability.
Updated: 2025-11-20GitHub
0
0
Medium Cost
TillMatthis icon

kura-notes-mcp

by TillMatthis

Sec8

This MCP client allows Claude Desktop to interact with the KURA Notes API, providing capabilities for semantic search, note creation, retrieval, and management within Claude's native interface.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0
  • ⚠️Requires a valid KURA Notes API Key
  • ⚠️Requires specific configuration in Claude Desktop's `claude_desktop_config.json` with an absolute path to the compiled script.
Verified SafeView Analysis
The server correctly handles environment variables for sensitive data (API_KEY) and API endpoint (KURA_API_URL), avoiding hardcoded secrets. There are no obvious signs of 'eval' or malicious patterns. Error handling for API calls is robust, returning detailed messages without crashing the server. The primary security consideration is ensuring the user trusts the KURA Notes API and correctly configures the API_KEY and KURA_API_URL within their local Claude Desktop environment, as a malicious configuration could redirect API calls. Logging of partial API_KEY for debugging is a minor info leak, common in such clients.
Updated: 2025-11-28GitHub
0
0
Medium Cost
GlacierEQ icon
Sec7

An advanced Master Control Program (MCP) server that orchestrates GitHub automation, AI-driven research execution in isolated sandboxes, and comprehensive monitoring across the GlacierEQ ecosystem.

Setup Requirements

  • ⚠️Requires a GitHub App setup (App ID, private key, webhook secret)
  • ⚠️Requires an E2B API Key for sandbox execution (E2B is a paid service)
  • ⚠️The monitoring stack requires Docker and Docker Compose
  • ⚠️The Grafana monitoring dashboard uses a hardcoded default admin password ('apex2025') that MUST be changed for production deployment.
Review RequiredView Analysis
The GitHub App component correctly uses environment variables for sensitive keys (PRIVATE_KEY_PATH, WEBHOOK_SECRET) and implements robust webhook signature verification. The E2B Sandbox Manager is designed to execute arbitrary code (e.g., Python, PowerShell) in isolated, secure environments, which is a justified pattern for safely running 'research queries' or AI-generated code, relying on the E2B platform's security. However, the `docker-compose.monitoring.yml` configuration includes a hardcoded default password for Grafana (GF_SECURITY_ADMIN_PASSWORD=apex2025). This poses a significant security risk if the monitoring stack is exposed publicly, as it allows unauthorized access to critical operational metrics and logs.
Updated: 2025-12-02GitHub
0
0
Low Cost
seanshin0214 icon

gpt-mcp-launcher

by seanshin0214

Sec5

Connects ChatGPT Desktop to multiple local MCP (Modular Chat Protocol) servers via a single ngrok tunnel and an API Gateway for external access.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires an ngrok account and manual authtoken setup
  • ⚠️Requires ChatGPT Desktop with developer mode enabled and manual connector setup for each MCP service
  • ⚠️Assumes external MCP server projects (e.g., `gpt-mcp-server`) are separately installed and running locally.
Review RequiredView Analysis
The system exposes local MCP servers via ngrok without any explicit authentication on the API Gateway or the MCP servers themselves. The README explicitly warns against sharing the ngrok URL due to the lack of authentication. The provided `ngrok.yml` contains a hardcoded `authtoken`, which is a security risk if the repository is made public without modification. While `gateway.py` itself doesn't show obvious vulnerabilities like `eval`, the architecture's reliance on public tunneling without access control is a significant concern. Running this system could lead to unauthorized access to local resources if the ngrok URL is compromised.
Updated: 2025-12-11GitHub
0
0
Medium Cost
bermingham85 icon

chatgpt-mcp-server

by bermingham85

Sec1

Provides ChatGPT with extensive local machine control for Windows, including filesystem, arbitrary command execution, and n8n workflow management.

Setup Requirements

  • ⚠️Requires a Windows operating system for full PowerShell command execution functionality.
  • ⚠️Utilizes self-signed HTTPS certificates, necessitating manual trust in the browser/OS or acceptance of security warnings during setup.
  • ⚠️Requires Node.js (v18+) and npm to be installed.
  • ⚠️The default n8n instance URL (`http://192.168.50.246:5678`) is hardcoded and requires manual source code modification to change.
Review RequiredView Analysis
The server is explicitly designed to grant ChatGPT 'full access' to the host machine. This includes arbitrary filesystem operations (read, write, delete recursively) and direct execution of unvalidated PowerShell commands (`execute_command`). These capabilities allow for full system compromise, data destruction, or exfiltration if the ChatGPT model acts maliciously, is misled, or if the server itself is compromised. There is no built-in authentication or authorization beyond the initial connection to ChatGPT. A hardcoded passphrase 'chatgpt-mcp' is used for the PFX certificate in `https-server.ts`, which is a minor vulnerability, but the major risk is the fundamental design of providing unrestricted access to an AI agent.
Updated: 2025-12-18GitHub
0
0
Medium Cost
AIckathon-2025-08 icon

blackout-tracker-mcp

by AIckathon-2025-08

Sec9

Monitors electricity outage schedules from DTEK Dnipro Electric Networks, provides timely notifications, and calculates optimal charging times for MacBooks.

Setup Requirements

  • ⚠️Docker is recommended for quick setup and full functionality.
  • ⚠️Full macOS functionality (native notifications, battery auto-detection) requires installing 'terminal-notifier' via Homebrew and running companion bridge scripts (`./watch_notifications.sh`, `./battery_info.sh`).
  • ⚠️Requires Playwright browser engine (Chromium) installation: `playwright install chromium`.
  • ⚠️Functionality is dependent on the availability and consistent HTML structure of the DTEK website, which may break parsing if changed.
Verified SafeView Analysis
The server relies on web scraping the DTEK website, making it vulnerable to changes in the website's HTML structure. It utilizes system automation (cron jobs/LaunchAgents on macOS) for background monitoring and notification forwarding scripts, which require trust in the integrity of the local scripts. No hardcoded secrets or malicious patterns were identified in the provided code, and external commands used (pmset, ioreg, terminal-notifier) are standard system utilities for their intended purpose.
Updated: 2025-11-29GitHub
0
0
Low Cost
rexroyl icon

MCP_Server

by rexroyl

Sec6

This project provides a server and client implementation for a custom binary network protocol, enabling low-level communication and packet handling.

Setup Requirements

  • ⚠️Requires a free network port to operate as a server.
  • ⚠️Requires Node.js runtime environment.
Review RequiredView Analysis
The server implements a custom binary protocol, which introduces inherent security risks related to robust parsing and handling of byte streams. While MAX_PACKET_SIZE is defined, the full implementation of readBytes and writeBytes is critical for preventing vulnerabilities like buffer overflows or incorrect data deserialization. No 'eval' or hardcoded secrets were identified in the truncated code.
Updated: 2025-11-20GitHub
0
0
Low Cost
iamgovindthakur icon

leetcode_mcp_server

by iamgovindthakur

Sec9

Minimal HTTP server to fetch and expose the LeetCode daily problem for editor integrations.

Setup Requirements

  • ⚠️Python 3.10+ required.
  • ⚠️Requires installing Python dependencies via `pip install -r requirements.txt`.
  • ⚠️Requires manual configuration of editor's MCP file (e.g., `.vscode/mcp.json`) for client discovery.
Verified SafeView Analysis
The server makes outbound requests to `leetcode.com`. HTML parsing uses regex, which is generally safe given the trusted source (LeetCode homepage), but might be fragile against unexpected format changes. No 'eval' or hardcoded secrets found. Deployment on a network interface requires appropriate security measures as noted in the README.
Updated: 2025-11-22GitHub
0
0
Low Cost
Navaprabhas icon

local-mcp-server

by Navaprabhas

Sec1

Provides server functionality for a specific protocol or platform, focusing on ongoing development and maintenance.

Review RequiredView Analysis
CRITICAL: No source code was provided for analysis beyond the README. It is impossible to assess any security risks, vulnerabilities (like 'eval', obfuscation, network risks, hardcoded secrets), or malicious patterns without the actual code. The score of 1 reflects the inability to verify safety due to the complete lack of auditable source code.
Updated: 2026-01-17GitHub
PreviousPage 283 of 713Next