Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
jjiayan icon

mcp-server-test

by jjiayan

Sec1

Unable to determine the specific use case due to the complete absence of provided source code. The repository name 'mcp-server-test' suggests it might be a test server related to the Minecraft Protocol (MCP).

Setup Requirements

  • ⚠️Source code is completely missing for analysis, preventing proper understanding and setup guidance.
Review RequiredView Analysis
A critical security audit cannot be performed due to the complete absence of source code. Without the ability to analyze the code for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns, the project is considered high-risk, and its safety cannot be verified. A score of 1 reflects this complete lack of visibility.
Updated: 2025-11-27GitHub
0
0
High Cost
tensorspace-ai icon

refua-mcp

by tensorspace-ai

Sec8

Provides an MCP server for protein folding, affinity prediction, and antibody/peptide design using Refua Boltz2 and BoltzGen.

Setup Requirements

  • ⚠️Requires significant computational resources, especially GPU (CUDA) for optimal performance.
  • ⚠️Requires downloading large model and molecule assets using `refua.download_assets()` prior to first use.
  • ⚠️Requires Python version 3.11, 3.12, or 3.13.
Verified SafeView Analysis
The server uses `Path.expanduser()` for resolving output paths, which could potentially allow writing to arbitrary file system locations if the `output_path` arguments are not sanitized by the calling client. However, this is generally considered acceptable for self-hosted, client-controlled MCP environments. No direct 'eval' or obvious hardcoded secrets were found. Relies on external dependencies ('refua') for core functionality, introducing dependency-related risks.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Fridemn icon
Sec3

A plugin-based FastAPI server implementing the Model Context Protocol (MCP) for dynamic integration and management of AI tools, featuring hot reloading and API key authentication.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) and OPENAI_MODEL if the internal LLMClient functionality is used.
  • ⚠️Server runs unauthenticated by default if AUTOMATA_ACCESS_TOKEN is not configured, which is a major security risk.
  • ⚠️Requires `uv` (recommended in README) or `pip` for dependency installation for plugins.
  • ⚠️Python 3.10+ is required.
  • ⚠️The `ALLOWED_ORIGINS` and `ALLOWED_METHODS` environment variables must be explicitly set for CORS configuration, otherwise server startup will fail.
Review RequiredView Analysis
The real-time log viewer at `/api/logs` and `/api/logs/ws` is publicly accessible without authentication, posing a critical information disclosure risk as server logs can contain sensitive operational details. The API is unauthenticated by default if the `AUTOMATA_ACCESS_TOKEN` environment variable is not set, allowing unauthorized access to server tools. The server dynamically installs Python dependencies specified in tool `config.yaml` files; while package names are validated, this process involves executing external commands and could be a vector for supply chain attacks if tool configurations are compromised. The CORS configuration can be set to allow all origins (`*`), which is explicitly warned against as a security risk, although this is configurable by the user.
Updated: 2025-12-16GitHub
0
0
Low Cost
jonmmease icon

jons-mcp-reminders

by jonmmease

Sec9

Manages macOS Reminders by allowing AI assistants to create, read, update, and delete reminders and lists via EventKit.

Setup Requirements

  • ⚠️Requires macOS 14.0+ (Sonoma or later).
  • ⚠️Requires Python 3.10+.
  • ⚠️Requires explicit Reminders access permission granted by the user in System Settings > Privacy & Security > Reminders.
  • ⚠️Uses 'uv' for dependency management and running, which needs to be installed first.
Verified SafeView Analysis
The server primarily interacts with the macOS EventKit framework, requiring explicit user permission for Reminders access on first run. All operations are local to the machine, with no external network calls or data exfiltration mechanisms identified in the provided source code. No use of 'eval' or other dangerous dynamic code execution patterns. EventKit interactions are serialized for thread-safety. Location data for reminders is handled locally within the OS framework. Considered very safe given its stated purpose and OS-level permission requirements.
Updated: 2025-12-14GitHub
0
0
Low Cost
muness icon
Sec8

Manages Xero accounting tasks including creating invoices, bills, expenses, and expense claims, with file attachments and PKCE authentication.

Setup Requirements

  • ⚠️Requires Xero App Setup: Must create a 'Mobile or desktop app' in the Xero Developer Portal with a specific redirect URI (`http://localhost:3000/callback`).
  • ⚠️Requires `XERO_CLIENT_ID` environment variable to be set.
  • ⚠️Initial use requires interactive browser authentication to Xero.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server correctly uses PKCE for OAuth, avoiding client secret exposure for desktop apps. Tokens are stored locally in the user's home directory (`~/.xero-mcp/token.json`), which relies on host file system security. File attachment functions (e.g., `readFileSync(filePath)`) take a user-provided `filePath`. While common for local tools, in a less trusted environment, this could pose a risk if malicious file paths (e.g., directory traversal) are injected without proper sanitization. No 'eval' or obvious malicious code patterns were found. Dependencies are reputable.
Updated: 2026-01-05GitHub
0
0
Medium Cost
refself icon
Sec8

A Model Context Protocol (MCP) server providing access to Yahoo Finance data via 9 distinct tools, designed for deployment on Cloudflare Workers.

Setup Requirements

  • ⚠️Requires a Cloudflare Workers account for deployment to production.
  • ⚠️Relies on Yahoo Finance's unofficial (cookie+crumb) API which can be unstable or change without notice.
  • ⚠️Usage requires an MCP-compatible client like Claude Desktop or MCP Inspector.
Verified SafeView Analysis
The server primarily acts as an API proxy for Yahoo Finance, implementing a cookie and crumb authentication mechanism to access potentially unofficial APIs. Input is validated using Zod schemas for tool arguments, mitigating common injection risks. No 'eval' or other direct arbitrary code execution vectors are apparent in the provided source. The reliance on undocumented Yahoo Finance APIs, while common for this type of service, inherently carries risks of API changes or unexpected behavior, but this is a fragility risk rather than a direct code security vulnerability.
Updated: 2025-12-03GitHub
0
0
Low Cost
jacewalker icon
Sec8

Remote Model Context Protocol (MCP) server for deploying calculator tools on Cloudflare Workers without authentication, intended for demonstration and easy integration with MCP clients like Cloudflare AI Playground.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires Node.js and npm for local development and deployment.
  • ⚠️The server is 'authless' by design, making its tools publicly accessible. This should be considered for any non-demo deployments.
Verified SafeView Analysis
The server is explicitly designed to be "authless" as per its name and README, making its MCP endpoints publicly accessible without authentication. This is suitable for a demo/example, but would require adding authentication for production use cases involving sensitive operations. The code itself for the calculator tools performs simple arithmetic and uses Zod for input schema validation, minimizing injection or logic manipulation risks within the tool functions.
Updated: 2025-11-28GitHub
0
0
High Cost
alejandro-ao icon

simple-mcp-rag

by alejandro-ao

Sec8

An MCP server for Retrieval Augmented Generation (RAG) that ingests documents into a vector database and retrieves relevant information based on queries.

Setup Requirements

  • ⚠️Requires LLAMA_CLOUD_API_KEY, which is for a paid service (LlamaParse).
  • ⚠️The data directory (`LLAMA_RAG_DATA_DIR`) must be explicitly configured for document ingestion to occur automatically.
  • ⚠️Dependencies (`fastmcp`, `chromadb`, `sentence-transformers`, `llama-index`, `llama-parse`, `python-dotenv`) must be installed.
Verified SafeView Analysis
The server performs extensive file system operations, including reading from a data directory (`SimpleDirectoryReader`) and managing a database directory (`shutil.rmtree` for resets). While these are core to its RAG functionality, a misconfigured `LLAMA_RAG_DATA_DIR` or `LLAMA_RAG_DB_DIR` environment variable could lead to reading sensitive files or deleting unintended directories. There are no obvious `eval` or arbitrary code execution vulnerabilities in the provided code snippets. External API calls are made to `LlamaParse`, which requires `LLAMA_CLOUD_API_KEY` (handled via environment variables). The primary risk is with environment variable configuration and the contents of the data directory if the server is exposed to untrusted inputs or runs in an untrusted environment.
Updated: 2025-11-20GitHub
0
0
Medium Cost
lascam-UFU icon

lc-mcp-server

by lascam-UFU

Sec8

Provides a Model Context Protocol (MCP) server to programmatically interact with LeetCode problems, contests, and solution submissions.

Setup Requirements

  • ⚠️Requires Chrome/Chromium browser installed for the `auth.go` helper.
  • ⚠️Initial authentication (`auth.go`) requires manual user interaction to log into LeetCode in a browser window.
  • ⚠️Requires `LEETCODE_SESSION` and `LEETCODE_CSRF_TOKEN` environment variables to be set, typically obtained via the `auth.go` helper.
Verified SafeView Analysis
The server primarily uses environment variables for sensitive session and CSRF tokens, a good practice. The `auth.go` helper uses `chromedp` to open a browser for manual login and cookie extraction. While `chromedp.Evaluate` is used to inject JavaScript, this is a standard and necessary pattern for browser automation, and the scripts are hardcoded, not derived from user input, mitigating `eval`-like risks. The extracted tokens are stored in a local file (`~/.leetcode_auth.json`) with restrictive permissions (0600), which is appropriate. Overall, the direct server logic in `main.go` does not show obvious RCE vulnerabilities or unsafe `eval` patterns. The primary security concern lies in the careful management of the `LEETCODE_SESSION` and `CSRF_TOKEN` by the user.
Updated: 2025-11-24GitHub
0
0
Medium Cost
tkutsch77 icon
Sec8

Provides an enterprise-grade Model Context Protocol (MCP) server for RecallBricks memory management, enhancing AI agent capabilities through robust context, memory, and identity management.

Setup Requirements

  • ⚠️Requires a valid "RECALLBRICKS_API_KEY" for authentication with the external RecallBricks API (likely a paid service).
  • ⚠️Primarily designed for integration with Claude Desktop, often requiring specific configuration in 'claude_desktop_config.json'.
  • ⚠️Requires Node.js and a 'npm run build' compilation step before execution.
Verified SafeView Analysis
The server uses environment variables for sensitive configurations like "RECALLBRICKS_API_KEY" and performs a startup validation to ensure the API key is present and of sufficient length. While a default API key is present in the source code, it is clearly intended as a placeholder, and documentation instructs users to override it. Input validation is applied to all tool parameters to prevent common injection vulnerabilities. No 'eval' or obvious obfuscation detected. Network requests are made securely over HTTPS to the configured API.
Updated: 2025-11-22GitHub
0
0
Low Cost

pu-mcp-server

by leing2021

Sec9

Serves as an API backend for managing and delivering AI prompt templates and related configurations via an EdgeOne KV store, optimized for eventual consistency.

Setup Requirements

  • ⚠️Requires an EdgeOne KV namespace (e.g., 'MCP_CONFIG') to be created and bound to the project as the environment variable 'MCP_CONFIG'.
  • ⚠️Requires a 'SYNC_TOKEN' environment variable for authentication on the internal sync-kv endpoint.
  • ⚠️Designed for a two-repository workflow, where configuration is managed by 'pu-mcp-config' and synced to this server via GitHub Actions.
Verified SafeView Analysis
The internal sync-kv endpoint is protected by a `SYNC_TOKEN` environment variable. Proper configuration of this token and KV namespace permissions on EdgeOne is critical to maintaining security. KV operations are robustly handled with try-catch blocks and logging. No 'eval' or other directly dangerous functions are used.
Updated: 2025-11-29GitHub
0
0
Medium Cost
Sec9

Integrates SuperProductivity task management with Claude Code by providing read-only access to local tasks, projects, and tags.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires SuperProductivity application with its '__meta_' sync file available locally (e.g., in Google Drive).
  • ⚠️The SP_META_PATH environment variable must be correctly configured to point to the SuperProductivity '__meta_' file.
Verified SafeView Analysis
The server operates locally, reading a designated SuperProductivity sync file via a path provided by an environment variable. Communication with Claude Code is via standard input/output (stdio), not over a network, significantly reducing the attack surface. There are no explicit uses of dangerous functions like 'eval', no hardcoded secrets, and Pydantic models are used for structured data parsing. The `model_config = {"extra": "allow"}` in Pydantic models is for parsing existing data and does not introduce direct security vulnerabilities in this read-only context. The primary theoretical risk would be if a local attacker could manipulate the `SP_META_PATH` environment variable to point to a maliciously crafted file on the local filesystem, potentially leading to a denial of service through malformed JSON. However, this requires pre-existing local system access.
Updated: 2025-11-24GitHub
PreviousPage 290 of 713Next