Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
zhigang1992 icon

happy-server-mcp

by zhigang1992

Sec8

Manages Happy AI sessions programmatically, enabling AI agents to interact with, control, and automate Happy sessions for development tasks.

Setup Requirements

  • ⚠️Requires prior authentication with Happy CLI (`happy auth`) to create `~/.happy/access.key` credentials.
  • ⚠️Relies on an external Happy API server (`https://happy-server.reily.app` by default) for all operations, requiring outbound network access.
  • ⚠️The `happy_send_message` tool operates in 'bypass permissions mode', granting the AI agent broad execution capabilities within the Happy session.
Verified SafeView Analysis
The server employs robust cryptographic methods (AES-256-GCM, TweetNaCl) for encrypting session metadata and message content, and uses authenticated WebSocket/HTTP connections with a bearer token. It loads credentials from a standard, user-specific location (~/.happy/access.key). Input parameters are validated with Zod. The `happy_send_message` tool explicitly operates in 'bypass permissions mode', which grants the AI agent significant control over the Happy session's actions, and `happy_start_session` can spawn sessions in arbitrary directories. These are powerful capabilities requiring trust in the AI agent's reasoning, but are by design and not a vulnerability in the server's implementation.
Updated: 2026-01-15GitHub
0
0
Low Cost
NanthagopalEswaran icon

Gemini-MCP-Integration

by NanthagopalEswaran

Sec2

A simple MCP server exposing calculator, file read, and file write tools for interaction with the Gemini CLI agent.

Setup Requirements

  • ⚠️Requires Python 3.14+ (as per pyproject.toml), which is an unreleased version and likely a typo; a compatible Python version (e.g., 3.10-3.12) might work, but the specified dependency will cause setup issues.
  • ⚠️Requires Poetry for dependency management and running the server.
  • ⚠️Gemini CLI is needed to fully integrate and utilize the MCP server as intended.
Review RequiredView Analysis
The `handle_calculator` function uses `eval()`, which is an inherent security risk. While an empty `__builtins__` dictionary is passed to `eval`, it does not fully mitigate all potential code injection vectors, especially if the input expression is crafted maliciously. The `handle_file_read` and `handle_file_write` functions directly use the `path` parameter provided by the agent. This introduces a critical path traversal vulnerability, allowing an attacker to read from or write to arbitrary files on the system that the server process has permissions for. This could lead to information disclosure, data corruption, or arbitrary code execution by overwriting critical system files or injecting malicious scripts.
Updated: 2025-11-23GitHub
0
0
Medium Cost
conradprogrammer icon

AzureDevOpsMCP

by conradprogrammer

Sec8

Enables an AI LLM (like Claude Code) to directly interact with an on-premises or cloud Azure DevOps environment for work item, Git, and pipeline management.

Setup Requirements

  • ⚠️Requires .NET 10 Runtime installed on the host machine.
  • ⚠️Requires an existing Azure DevOps Server (on-premises) or Azure DevOps Services instance.
  • ⚠️Requires Claude Desktop with Model Context Protocol (MCP) support configured to run the server.
  • ⚠️Correct configuration of Azure DevOps connection details (ServerUrl, ProjectName, authentication method) in appsettings.json or via environment variables is crucial.
Verified SafeView Analysis
The server uses standard .NET 10 and official Microsoft Azure DevOps libraries, which reduces the risk of arbitrary code execution or low-level vulnerabilities. Authentication is handled via Windows Authentication or Personal Access Tokens (PATs), with PATs explicitly recommended to be managed via environment variables to avoid hardcoding. The primary security consideration for deployment is ensuring the Azure DevOps credentials (PAT or Windows user) granted to the server have the minimum necessary permissions to perform its functions, as misuse by the LLM (e.g., unintended deletion, modification of critical items, or triggering unwanted builds) could occur if permissions are overly broad. No 'eval' or obfuscation patterns were observed in the provided context.
Updated: 2025-12-10GitHub
0
0
Medium Cost
anirbanbasu icon

opus-mcp

by anirbanbasu

Sec8

An MCP server providing research pre-print context information from arXiv for language models.

Setup Requirements

  • ⚠️Requires Go 1.25.5 or later.
  • ⚠️Requires `just` command runner for simplified task execution.
  • ⚠️OPUS_MCP_S3_ENDPOINT, OPUS_MCP_S3_ACCESS_KEY, and OPUS_MCP_S3_SECRET_KEY environment variables are REQUIRED to enable the arXiv PDF download functionality.
Verified SafeView Analysis
The server utilizes environment variables for sensitive configurations (S3 credentials, proxy settings), which is good practice and avoids hardcoded secrets. It explicitly warns about and provides flags (`OPUS_MCP_INSECURE_SKIP_VERIFY`, `OPUS_MCP_S3_INSECURE_SKIP_VERIFY`) to disable TLS/SSL certificate verification, clearly labeling them as insecure for production use. Input arguments for MCP tools are validated against JSON schemas using `jsonschema-go`, enhancing robustness against malformed inputs. A rate limiter is implemented for arXiv API calls to comply with their terms of use. Proxy URLs are sanitized before logging to prevent credential exposure. However, CORS is set to allow `*` (`Access-Control-Allow-Origin: *`), which is permissive and should ideally be restricted to specific origins in a production environment for better security.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ken-wiebke icon

MCP-SIGMET

by ken-wiebke

Sec9

An MCP server for retrieving domestic and international SIGMET (Significant Meteorological Information) aviation weather data from the AviationWeather.gov API.

Setup Requirements

  • ⚠️Requires a running MongoDB instance for caching (local or remote), configured via MONGODB_URI and MONGODB_DB_NAME.
  • ⚠️Relies on network connectivity to the external AviationWeather.gov API for data retrieval.
  • ⚠️Requires Node.js v18.0.0 or higher.
Verified SafeView Analysis
The server employs robust parameter validation using Zod schemas, mitigating injection risks. It utilizes a circuit breaker pattern for external API calls to enhance resilience. Credentials for MongoDB are handled via environment variables and are redacted in logs, preventing accidental exposure. No direct 'eval' or malicious dynamic code execution patterns were identified. The core security relies on proper configuration of the MongoDB URI and secure network access to external services.
Updated: 2025-11-20GitHub
0
0
Medium Cost
samgwd icon

dish-mcp

by samgwd

Sec9

An MCP server to allow AI assistants to check room availability, book, and cancel bookings on the DiSH room booking site.

Setup Requirements

  • ⚠️Python 3.12+ is required (per `pyproject.toml`).
  • ⚠️Requires `uv` for dependency management and execution.
  • ⚠️Requires Playwright browser (`chromium`) to be installed for automatic credential retrieval (`uv run playwright install chromium`).
  • ⚠️The authentication cookie (`DISH_COOKIE`) expires periodically, requiring re-running the credential retrieval script (`uv run src/get_credentials.py`).
Verified SafeView Analysis
The server design explicitly handles credentials via environment variables and provides an interactive script for secure retrieval using Playwright, avoiding hardcoded secrets. It warns users not to commit sensitive files. API interactions use the 'requests' library, passing data as JSON payloads or parameters, which reduces common injection risks. API calls include a timeout. No 'eval' or malicious patterns were found.
Updated: 2025-12-03GitHub
0
0
Medium Cost
epicpast icon

nsip-api-client

by epicpast

Sec8

This server acts as an API gateway using the Model Context Protocol (MCP) to expose NSIP sheep breeding data API capabilities to Large Language Model (LLM) applications in a context-efficient manner, providing decision support tools for sheep genetics.

Setup Requirements

  • ⚠️Requires `MCP_PORT` environment variable for 'streamable-http' or 'websocket' transports.
  • ⚠️`pandas` and `openpyxl` are required for Excel spreadsheet support.
  • ⚠️`gspread` library and Google Cloud credentials (e.g., `GOOGLE_APPLICATION_CREDENTIALS` pointing to a service account JSON key file) are required for Google Sheets support.
Verified SafeView Analysis
The server binds to '0.0.0.0' by default, which means it listens on all network interfaces. While noted as intentional for Docker/remote access, this requires external firewalling and TLS termination for production. The `gspread` integration for Google Sheets relies on Google Cloud credentials (e.g., `GOOGLE_APPLICATION_CREDENTIALS` environment variable), which is a common pattern but requires secure management of the service account key file. User input to `validate_lpn_id` is sanitized for error messages, which is good practice.
Updated: 2026-01-12GitHub
0
0
Medium Cost
s-p-a-r-r-o-w-ai icon

mcp_server_kibana

by s-p-a-r-r-o-w-ai

Sec8

Provides a FastMCP server to programmatically manage Kibana data views, saved objects (dashboards, visualizations), and spaces, enabling automated creation and modification of Kibana content.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires a running Kibana instance accessible from the server
  • ⚠️Requires a Kibana API key with appropriate permissions configured via KIBANA_API_KEY
Verified SafeView Analysis
The server uses environment variables for sensitive configurations like KIBANA_URL, KIBANA_API_KEY, and MCP_API_KEY, which is good practice. MCP_API_KEY is securely auto-generated if not provided. HTTP requests to Kibana include 'kbn-xsrf: true' for CSRF protection and use httpx.AsyncClient with 'response.raise_for_status()'. There are no apparent uses of 'eval', 'exec', or other direct code injection vulnerabilities. Listening on 0.0.0.0 is standard for Docker, but external access is protected by the bearer token authentication. The `DebugTokenVerifier` is used for authentication, performing a direct string comparison for the bearer token, which is adequate for single-token authentication.
Updated: 2025-12-14GitHub
0
0
Medium Cost
youhavethepower2025 icon

enterprise-mcp-server

by youhavethepower2025

Sec1

A production-ready FastAPI-based MCP server template designed to orchestrate multiple cloud ecosystems through a single API surface for AI agents, featuring multi-platform integration, authentication, and audit logging.

Setup Requirements

  • ⚠️Requires Docker Desktop for containerized deployment.
  • ⚠️Requires Python 3.11+ for local development.
  • ⚠️Requires numerous API credentials (e.g., GoHighLevel, QuickBooks, Cloudflare, GoDaddy, DigitalOcean) configured in the .env file for full functionality.
  • ⚠️Specific Cloudflare WAF rules may be needed to prevent blocking of Claude Desktop's user agent.
Review RequiredView Analysis
CRITICAL SECURITY RISKS: 1. The `deploy_to_do.sh` script hardcodes a production `MCP_API_KEY` (`y4lEXubCO9-0Fjs4kVFg4A-NIseySW9piTerGBoNw_A`) directly into the `.env` file on deployment. 2. The `app/api/routes.py` file contains a hardcoded default `OAUTH_CLIENT_SECRET` (`medtainer-mcp-secret-2024`) for OAuth if the environment variable is not set. 3. MOST SEVERELY, several markdown documentation files (`docs/sops/CLOUD_DEPLOYMENT_OAUTH.md`, `POLISH_PLAN.md`, `SECURITY.md`) contain what appear to be *real, sensitive API keys and tokens* (e.g., GoHighLevel, DigitalOcean, Cloudflare API tokens, GoDaddy API key/secret, and JWT examples) in plain text, which are part of the repository's source code. 4. OAuth tokens stored in Redis via `app/api/routes.py` are not encrypted, contradicting claims in `SECURITY.md` about encryption at rest. 5. The deployment script uses `root` user for SSH (`root@24.199.118.227`), which is generally discouraged.
Updated: 2025-11-22GitHub
0
0
Low Cost
rabqatab icon
Sec8

The MCP Server provides tools for hybrid search on Korean financial legal documents, enabling AI agent integration for advanced legal information retrieval.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires Docker & Docker Compose for full stack deployment
  • ⚠️Requires a Gemini API key (`GEMINI_API_KEY` or `GOOGLE_API_KEYS`)
  • ⚠️Requires Qdrant vector database server running (default: http://localhost:6333)
  • ⚠️Requires the Qdrant 'legal_cases' collection to be pre-indexed with documents
Verified SafeView Analysis
The server uses `os.getenv` for API keys, which is good practice. Input parameters for `search_cases` and `get_chunks` tools are validated (e.g., non-empty query, valid modes, chunk index ranges). Direct shell execution or `eval` with untrusted input is not evident in the MCP server logic. The `AttachmentHandler` (used by crawlers, not directly by MCP server tools) downloads and parses various file types (HWP, PDF, ZIP), which is an inherent attack surface for parser vulnerabilities; however, it includes file signature validation and uses temporary files for processing. One crawler (`moleg_interpret`) explicitly disables SSL verification (`session.verify = False`), posing a security risk during the crawling phase for that specific source, but this does not directly impact the security of the MCP server's query tools.
Updated: 2026-01-19GitHub
0
0
Medium Cost
jcmecham icon
Sec4

This server allows Claude Code to analyze and interact with .cddx circuit diagram files, extracting component information, connections, and metadata, as well as routing wires and rendering diagrams.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires installation of the `circuit-diagram-cli` binary and component files via `python setup.py`, which involves downloading from GitHub and an active internet connection.
  • ⚠️On Linux, the `libfontconfig1` package may be a prerequisite.
  • ⚠️Paths in the Claude Code configuration file (`claude_desktop_config.json`) for Windows must use double backslashes (`\\`).
Review RequiredView Analysis
The `render_circuit` tool uses `subprocess.run` to execute an external CLI tool and, by default (`open_image: true`), automatically opens the rendered image using the system's default viewer. This creates a significant security risk when processing untrusted `.cddx` files, as it can lead to arbitrary code execution if the external `circuit-diagram-cli` or the image viewer has vulnerabilities, or if a crafted filename could inject commands. The `setup.py` also downloads binaries and components from GitHub, relying on the integrity of those sources. The `zipfile.ZipFile.extractall` is used when unpacking `.cddx` files into a temporary directory, mitigating direct Zip Slip vulnerability but still processing untrusted archive contents. No hardcoded secrets or direct `eval` calls are found.
Updated: 2025-12-11GitHub
0
0
Medium Cost
AppGram icon

logdump

by AppGram

Sec7

Provides real-time log aggregation with a Terminal UI and exposes logs to AI agents via the Model Context Protocol.

Setup Requirements

  • ⚠️Go 1.21+ is required for building from source.
  • ⚠️Relies on a Model Context Protocol (MCP) compatible AI agent runtime (e.g., Claude Code) for its primary AI integration features.
  • ⚠️Applications need to write logs to `~/.local/share/logdump/logs/` or other configured paths for auto-discovery and agent access.
Verified SafeView Analysis
The MCP server's WebSocket transport (`-mcp-transport websocket`) uses a lax `CheckOrigin: true` setting, which is a potential cross-site WebSocket hijacking risk if the server is exposed publicly. User-provided regex patterns for search and group creation (`logdump_grep`, `logdump_create_group`) could theoretically be exploited for Regex Denial of Service (ReDoS) if crafted maliciously, though Go's regex engine is generally robust. All log access by agents is logged.
Updated: 2026-01-19GitHub
PreviousPage 286 of 713Next