Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
youwenshao icon

filopastry

by youwenshao

Sec3

AI-powered live coding music generation using Strudel.cc, enabling agents to compose, manipulate, and analyze algorithmic music across various genres.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0+ and npm 9.0.0+.
  • ⚠️Requires local installation of Chromium browser (automatically installed by Playwright, but manual `npx playwright install chromium` might be needed if issues arise).
  • ⚠️Full AI functionality relies on a DeepSeek API Key (paid service) which must be set as a `DEEPSEEK_API_KEY` environment variable. Without it, AI features fall back to static pattern generation.
  • ⚠️The default configuration runs the browser in non-headless mode (`"headless": false` in `config.json`), which will open a browser window on server startup. For server deployments, `headless: true` is recommended.
Review RequiredView Analysis
Critical vulnerability: The `write` tool directly writes user-provided pattern code (which is JavaScript) to the Strudel.cc editor in the browser without enforcing validation. Although a `PatternValidator` exists to check for 'eval()' and other dangerous functions, it is not utilized by default when using the `write` tool, allowing arbitrary code execution within the browser context. This poses a severe risk if a malicious client or compromised AI provides harmful code. The `executeInStrudelContext` method also uses `eval()` internally but is not exposed as a direct MCP tool. Hardcoded API keys are avoided by relying on environment variables, which is a good practice.
Updated: 2025-12-13GitHub
0
0
High Cost
puntorigen icon

deskcloud-mcp

by puntorigen

Sec7

An open-source Model Context Protocol (MCP) server that provides AI-controlled virtual desktops with real-time streaming and VNC access.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (Paid) for agent functionality.
  • ⚠️Docker and Docker Compose are required for easy setup and full functionality (X11, VNC, OverlayFS).
  • ⚠️Docker containers must be run with `cap_add: [SYS_ADMIN]` and `security_opt: [apparmor:unconfined]` to enable OverlayFS-based filesystem isolation.
Verified SafeView Analysis
The project's core functionality involves allowing AI agents to execute commands on an isolated virtual desktop. Security measures focus on robust isolation: each session receives an isolated X11 display (Xvfb), a dedicated VNC server with token-based routing, and a separate filesystem via OverlayFS (requiring `CAP_SYS_ADMIN` and `apparmor:unconfined` Docker capabilities). Anthropic API keys are handled using a 'Bring Your Own Key' (BYOK) model via HTTP headers (`X-Anthropic-API-Key`) and stored in request-scoped memory (`ContextVar`), not persisted or directly exposed to the LLM. All tool subprocess calls are configured with session-specific environments, preventing unintended access to the host's global environment. However, a default `CORS_ORIGINS: "*"` setting, as seen in the `render.yaml` for cloud deployment, is a security risk in production and should be restricted. The inherent nature of allowing arbitrary command execution by an AI means that any compromise of the API or a failure in the isolation mechanisms could lead to control over the isolated desktop, and potentially the host system. The project's `entrypoint.sh` includes a critical check for OverlayFS permissions.
Updated: 2025-12-14GitHub
0
0
Low Cost
BjornMelin icon
Sec9

A TypeScript-based Model Context Protocol (MCP) server designed to orchestrate and expose multi-provider AI models and composable workflows as lean, token-efficient tools for AI clients and agent frameworks.

Setup Requirements

  • ⚠️Requires Node.js version 22 or higher.
  • ⚠️API keys (e.g., OPENAI_API_KEY) must be provided as environment variables if corresponding providers are enabled in contextive.config.json.
  • ⚠️Configuring "server.mode": "http" will result in an error as HTTP mode is not yet implemented.
Verified SafeView Analysis
The server employs robust configuration validation using Zod and enforces secure defaults (e.g., filesystem tools are read-only, HTTP tools are disabled by default). Environment variables referenced in configuration are explicitly checked for existence. No use of 'eval', obfuscation, or hardcoded secrets was found. The 'http' server mode is explicitly marked as 'not yet implemented', which prevents unexpected network exposure. Future implementations of specific tool packs (e.g., 'fs', 'http') will require careful security review for their operational logic.
Updated: 2026-01-01GitHub
0
0
High Cost
openpharma-org icon

healthcare-mcp

by openpharma-org

Sec8

A Model Context Protocol (MCP) server providing comprehensive access to CMS Medicare data for AI assistants and applications to search and analyze Medicare payment, utilization, and coverage information.

Setup Requirements

  • ⚠️Requires local data files (data/formulary/* and data/asp/*) to be downloaded and kept up-to-date for formulary and ASP pricing methods. These files are typically updated via GitHub Actions.
  • ⚠️Requires Node.js version 16 or higher.
  • ⚠️Requires a TypeScript build step (tsc) to compile the source code into JavaScript before execution.
Verified SafeView Analysis
The server primarily acts as a proxy to public CMS and RxNorm APIs, and reads local data files. Input parameters for API calls are processed using URLSearchParams and explicit filter keys, which helps prevent URL injection. Local file paths are constructed securely with 'path.join' to mitigate path traversal risks. There are no obvious hardcoded secrets or use of 'eval' or other highly dangerous patterns. The main security considerations are robust input validation by the underlying CMS APIs and the integrity of the local data files.
Updated: 2025-12-19GitHub
0
0
Medium Cost
ryddle icon

any-api-mcp

by ryddle

Sec8

Enables AI assistants to interact with any API described by an OpenAPI v3 specification by dynamically converting API endpoints into MCP tools.

Setup Requirements

  • ⚠️Requires Node.js v16 or higher.
  • ⚠️Requires a network-accessible target API for integration.
  • ⚠️Requires a valid OpenAPI v3 specification file (JSON or YAML) for the target API.
  • ⚠️Proper configuration of the target API's authentication method (via config file or environment variables) is critical for functionality.
Verified SafeView Analysis
The server correctly avoids hardcoding sensitive information by encouraging environment variables and configuration files, with explicit support for placeholder resolution in request bodies. It uses standard libraries (axios, JSON.parse) for network and data handling. The modular authentication system is well-designed. The primary security considerations for deployment involve securely configuring the API keys/secrets, ensuring the upstream API is trusted, and managing access control to the MCP server itself. The server logs authentication status and errors to console.error, which could expose sensitive details if logs are not adequately secured.
Updated: 2025-12-02GitHub
0
0
Medium Cost
parfaitBashombe icon

mcp-server

by parfaitBashombe

Sec9

Enables AI assistants to read, understand, and modify codebases safely and efficiently via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️The WORKSPACE_PATH environment variable is optional but critical for defining the AI's access scope; it defaults to the current working directory if not set.
  • ⚠️When integrating with tools like Claude Desktop, absolute paths are required for the server command and WORKSPACE_PATH configuration.
Verified SafeView Analysis
The server includes explicit path traversal prevention and strictly enforces workspace boundaries to prevent access outside the configured directory. It communicates over standard I/O (stdio), which limits network attack surface. No obvious hardcoded secrets or 'eval' usage were found. Security is robust for its intended use, assuming the host environment is secure.
Updated: 2025-11-19GitHub
0
0
Low Cost
aplaceforallmystuff icon

aplaceforallmystuff.github.io

by aplaceforallmystuff

Sec10

Hosts a simple static GitHub Pages site for redirection or as a landing page.

Verified SafeView Analysis
The provided source code is a markdown file describing a static GitHub Pages site. There is no executable code, server-side logic, or client-side JavaScript provided for security analysis. Thus, no dynamic risks like 'eval', obfuscation, network vulnerabilities, or hardcoded secrets can be identified from this description. It is inherently safe as a static content description.
Updated: 2026-01-14GitHub
0
0
Medium Cost
profitelligence icon

profitelligence-mcp-server

by profitelligence

Sec9

Provides financial intelligence for AI agents, including insider trading, SEC filings, economic indicators, and multi-signal analysis.

Setup Requirements

  • ⚠️Requires a Profitelligence API key (or OAuth authentication) which can be obtained by signing up at profitelligence.com.
  • ⚠️Requires Python 3.11+ for local development and execution.
  • ⚠️For Claude Desktop OAuth, specific callback URLs must be added to the Google OAuth console for the integration to function correctly. Self-hosting with OAuth requires additional Firebase and Google OAuth client configuration.
Verified SafeView Analysis
The server explicitly states it is a 'thin, stateless, read-only layer' and tools are annotated with `readOnlyHint: True, destructiveHint: False`. Secrets like API keys and OAuth credentials are loaded from environment variables or S3, not hardcoded. A `SECURITY.md` outlines responsible disclosure and security best practices. OAuth flows are implemented with PKCE and token exchange. The use of in-memory dictionaries for PKCE state (`_pkce_state_store`, `_auth_code_store`) is noted in the code as a production scalability limitation (suggesting Redis), but not a direct security vulnerability given TTLs.
Updated: 2026-01-04GitHub
0
0
Medium Cost
gtonic icon

pptx-mcp

by gtonic

Sec9

The PowerPoint MCP Server provides a professional, AI-friendly API for programmatically creating, manipulating, and styling Microsoft PowerPoint presentations, supporting advanced features like charts, tables, text auto-fit, and vector diagram rendering from text-based DSLs.

Setup Requirements

  • ⚠️Docker is implicitly required for the intended, containerized setup defined in `mcp.json`.
  • ⚠️File paths for opening/saving presentations and adding images are expected to reside within a `/data` directory (either a mounted volume in Docker or a local subdirectory when running natively), restricting access to arbitrary host paths.
Verified SafeView Analysis
The project includes a dedicated `input_validator.py` module that performs crucial checks such as sanitizing file paths to prevent directory traversal (`os.path.normpath` and `..` checks), restricting allowed file extensions, and validating input dimensions and data structures. Diagram parsing converts text-based DSLs into structured data, not executable code, mitigating risks associated with code injection. No obvious hardcoded secrets or arbitrary code execution vulnerabilities were found.
Updated: 2025-12-01GitHub
0
0
High Cost
michellepellon icon

claude-marketplace

by michellepellon

Sec1

Enables coding agents to perform safe, codebase-wide refactoring and understand code semantically through symbol-level operations.

Setup Requirements

  • ⚠️Requires an external Serena MCP server to be installed and configured separately from this plugin.
  • ⚠️The installation process and specific dependencies for the Serena server are not detailed in the provided documentation.
Review RequiredView Analysis
The actual source code for the Serena MCP server is not provided in the repository truncation. Without access to its implementation, it is impossible to perform a security audit for common risks like 'eval', network vulnerabilities, hardcoded secrets, or malicious patterns. Its safety cannot be verified from the given information.
Updated: 2026-01-04GitHub
0
0
Medium Cost
rahgadda icon
Sec4

Enable LLMs to perform REST API calls by providing a Model Context Protocol (MCP) server that orchestrates HTTP requests and manages session/environment variables.

Setup Requirements

  • ⚠️Requires Docker to run the server as per the official installation method (`start.sh`).
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Persistence for environment variables and transactions uses local CSV files, which is not suitable for high-availability or multi-instance deployments.
Review RequiredView Analysis
The `createRestAPICall` tool allows an LLM to specify an arbitrary URL (via the `url` parameter) for an HTTP request without any explicit URL validation, allow-listing, or sanitization. This is a significant Server-Side Request Forgery (SSRF) vulnerability. If the server is deployed in an environment with access to internal networks, a malicious or confused LLM prompt could lead to unauthorized access to internal services. Additionally, data is persisted to local CSV files (`environment.csv`, `transaction.csv`), which is not robust against concurrent access, data corruption, or secure storage requirements. No hardcoded secrets were found in the application source code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
michaelgruczel icon
Sec3

An MCP server example for cooking recipe search and retrieval using a vector database (ChromaDB) and a relational database (PostgreSQL).

Setup Requirements

  • ⚠️Requires manual download and placement of 'RAW_recipes.csv' from Kaggle.
  • ⚠️Requires Python 3.13 or newer due to `pyproject.toml` specification.
  • ⚠️Requires Docker to run the PostgreSQL and ChromaDB containers.
Review RequiredView Analysis
The application uses hardcoded database credentials (username, password, database name) in `load_data_db.py` and `mcp_tutorial_server.py`. Additionally, `load_data_db.py` contains a clear SQL injection vulnerability in its `INSERT` statement construction using string concatenation, and `mcp_tutorial_server.py` has a similar vulnerability in its `SELECT` statement if the `recipe_id` parameter can be manipulated.
Updated: 2025-11-28GitHub
PreviousPage 285 of 713Next