Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
rios0rios0 icon
Sec9

Manages Home Assistant automations by exposing them as tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an existing Home Assistant instance with its REST API enabled.
  • ⚠️Requires a long-lived access token from Home Assistant for authentication.
  • ⚠️Requires an MCP-compatible client (e.g., Cursor IDE) to interact with the server's exposed tools.
  • ⚠️Standalone setup requires Python 3.10+ and PDM for dependency management.
Verified SafeView Analysis
The server uses `yaml.safe_load` for parsing YAML, which mitigates YAML deserialization vulnerabilities. Secrets (HA_TOKEN) are expected via environment variables, which is a good practice. The primary security consideration is ensuring the configured `HA_URL` is trusted and the `HA_TOKEN` has appropriate permissions, as the server acts as an interface to Home Assistant.
Updated: 2025-12-17GitHub
0
0
Low Cost
Traia-IO icon
Sec8

An MCP server for the Nikola TEST MCP API, enabling AI agents and LLMs to interact with its functionalities through standardized tools.

Setup Requirements

  • ⚠️Docker required for recommended setup (or uv for manual)
  • ⚠️Python 3.12+ required
  • ⚠️Requires specific environment variables for D402 payment protocol (SERVER_ADDRESS, MCP_OPERATOR_PRIVATE_KEY, D402_FACILITATOR_URL or D402_TESTING_MODE=true)
  • ⚠️Custom 'traia-iatp' dependency, complex local handling in dev setup script
Verified SafeView Analysis
The server uses standard practices and well-known libraries like FastMCP and Starlette. The `run_local_docker.sh` script performs complex environment setup for local development, including temporary file modifications and generating Ethereum accounts (SERVER_ADDRESS, MCP_OPERATOR_PRIVATE_KEY) using `web3` if not already set. While this is a convenience for local dev, the management of these sensitive keys is critical for production deployments and is explicitly flagged as a workaround. No `eval` or direct malicious patterns were found. Network risks are inherent to any server, but the implementation itself does not introduce obvious vulnerabilities beyond general server hardening best practices.
Updated: 2025-11-28GitHub
0
0
Low Cost
consigcody94 icon

metasploit-mcp-server

by consigcody94

Sec9

Provides AI agents with secure, controlled access to Metasploit Framework for authorized penetration testing, security research, and CTF challenges.

Setup Requirements

  • ⚠️Requires Metasploit Framework with RPC enabled (msfrpcd) to be running.
  • ⚠️Python 3.10 or higher is required.
  • ⚠️Metasploit RPC password must be provided via environment variable or CLI prompt.
  • ⚠️SSL certificate verification for Metasploit RPC is disabled by default (msf_ssl_verify=False), which might require careful consideration in production environments.
Verified SafeView Analysis
The server is built with a strong emphasis on security. It uses pydantic's SecretStr for sensitive credentials, includes dry-run mode, module whitelisting/blacklisting, rate limiting, and comprehensive audit logging. SSL/TLS is supported for RPC communication. The default setting for `msf_ssl_verify=False` is noted as a potential risk for MITM if not explicitly set to `True` with trusted CAs, though it's typical for lab environments with self-signed certificates.
Updated: 2025-12-01GitHub
0
0
High Cost
Gafoor2005 icon

LAM-mcp

by Gafoor2005

Sec6

Browser automation and intelligent web interaction for AI agents using a Model Context Protocol (MCP) server with session-based context analysis.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires `uv` (recommended) or `pip` for dependency management.
  • ⚠️Requires a locally installed browser (Chrome, Firefox, or Edge) for Selenium to control.
Review RequiredView Analysis
The server exposes powerful tools like `execute_javascript` and `set_cookie` which allow arbitrary code execution in the browser and cookie manipulation respectively. If the MCP client (AI agent) is compromised or misconfigured, these tools could be used for malicious purposes. The `BROWSER_DOWNLOAD_DIR` is configurable but defaults to `/tmp/downloads`, which needs careful management in a production environment to prevent uncontrolled file system writes. While the server itself doesn't contain obvious hardcoded secrets or malicious patterns, the inherent capabilities provided require the calling agent and the execution environment to be highly secure and sandboxed.
Updated: 2025-12-31GitHub
0
0
Medium Cost
Nabin68 icon
Sec5

Demonstrates building a conversational AI agent using LangGraph that integrates external Model Context Protocol (MCP) servers for specialized functionalities like expense tracking and arithmetic calculations, featuring multi-turn conversations and persistent memory.

Setup Requirements

  • ⚠️Requires Cohere API Key (Paid) for the ChatCohere LLM.
  • ⚠️The Alpha Vantage API key is hardcoded in the source code; it should be moved to an environment variable for security.
  • ⚠️Relies on local Python processes for MCP servers (calculator_mcp_server.py and expenses_tracker_MCP_server.py), which are automatically launched by the LangGraph backend.
Verified SafeView Analysis
The `get_stock_price` tool within `langgraph_mcp_backend.py` contains a hardcoded Alpha Vantage API key (`apikey=19W1GEHJXPPUTKR2`). This is a critical security vulnerability as it exposes a sensitive credential directly in the source code. For production use, this key must be moved to an environment variable. SQL queries in `expenses_tracker_MCP_server.py` use parameterized inputs, which correctly mitigates SQL injection risks. Communication with MCP servers uses standard I/O ('stdio' transport), which is generally safe for local process interaction.
Updated: 2025-12-14GitHub
0
0
Medium Cost
riyadhami icon

mcp-server

by riyadhami

Sec1

Implements a server for the Minecraft Protocol (MCP), likely for custom game servers or related network services.

Review RequiredView Analysis
Cannot perform a security audit as the source code for the 'mcp-server' was not provided beyond the repository name and README title. It is impossible to check for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns without the code itself. Therefore, a very low score is assigned, and 'is_safe_to_run' is set to false, as safety cannot be assessed.
Updated: 2026-01-17GitHub
0
0
Low Cost
yescay icon

EmailMCP

by yescay

Sec9

Allows LLMs to draft personalized emails using a local browser and Gmail by reading recipient data from an Excel file.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires an Excel file with 'Name' and 'Email' columns for input.
  • ⚠️The tool expects an absolute path to the Excel file.
  • ⚠️Relies on a default web browser being configured and available to open Gmail compose tabs.
Verified SafeView Analysis
The code uses `webbrowser.open` which could be a risk if URLs were constructed unsafely, but `urllib.parse.urlencode` is used to properly encode parameters for the hardcoded `mail.google.com` base URL, mitigating URL injection risks. The `excel_path` argument takes an absolute path which, if provided by an LLM pointing to a malicious local file, could theoretically be an issue, but `pd.read_excel` expects a valid Excel file, and `os.path.exists` is a basic check. No direct `eval`, `exec`, or hardcoded secrets found.
Updated: 2025-11-19GitHub
0
0
Low Cost
andflett icon

tokens

by andflett

Sec8

A design token generator with a web UI and an MCP server, primarily for generating accessible, perceptually uniform OKLCH color scales and other design tokens for AI-powered UI development.

Setup Requirements

  • ⚠️Node.js 18+ is required.
  • ⚠️npm or pnpm package manager is required.
  • ⚠️The `REDIS_URL` environment variable is required if running the web-based MCP server for Server-Sent Events (SSE) support.
Verified SafeView Analysis
The `tokenSystem` input in `generate_component` and `export_tokens` tools uses `z.any()` in its schema definition. While the current implementation processes `tokenSystem` as data for string generation or prompt formatting without direct code execution, which is safe, it means the internal structure of the `tokenSystem` object isn't strictly validated by the Zod schema. If this object were to contain malicious code and be passed to a different function capable of `eval` or arbitrary code execution, it could pose a risk. However, within this project's defined tools, its usage is limited to safe data manipulation and string output. No hardcoded secrets or direct network risks were identified.
Updated: 2026-01-17GitHub
0
0
Medium Cost
cloudbuilders-jp icon

mcp-wordpress-server

by cloudbuilders-jp

Sec8

Enables AI-driven content creation and management for WordPress blogs, automating posting of Markdown articles and AI-generated featured images.

Setup Requirements

  • ⚠️Requires WordPress 5.6+ and HTTPS for Application Passwords.
  • ⚠️Code blocks are formatted for the 'Highlighting Code Block' WordPress plugin; it must be installed for proper rendering.
  • ⚠️Gemini API Key (GEMINI_API_KEY or GOOGLE_API_KEY) is required for AI-driven featured image generation, which may incur costs.
Verified SafeView Analysis
The server accesses local files for Markdown processing and image uploads. While this is inherent to its intended functionality as a local developer tool, it means the server can read user-specified file paths from the local filesystem. It relies on environment variables for WordPress and Gemini API credentials, which should be managed securely by the user. No 'eval' or direct network exposure (beyond API calls to WordPress/Gemini) found. Requires HTTPS for WordPress Application Passwords.
Updated: 2025-12-13GitHub
0
0
High Cost
HelixDevelopment icon

HelixCode

by HelixDevelopment

Sec3

The `event` package provides a core event-driven architecture for the HelixCode platform, enabling loose coupling between components through a publish-subscribe pattern. HelixCode is a comprehensive distributed AI development platform designed for building, testing, and deploying AI-powered applications, particularly focused on code generation, refactoring, and project management with multi-LLM provider support.

Setup Requirements

  • ⚠️Project is in a critical unfinished state with compilation errors and broken tests, preventing full functionality.
  • ⚠️Requires Ollama to be running locally with models (e.g., `llama3:8b`, `codellama:13b`) for local LLM functionality.
  • ⚠️Requires API keys for various cloud LLM providers (e.g., `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, `GEMINI_API_KEY`) for cloud AI features.
  • ⚠️Requires PostgreSQL (14+) and Redis (7+) database services to be running.
  • ⚠️Critical security vulnerabilities are acknowledged and still under active development, making the system unsafe for sensitive data or production use.
Review RequiredView Analysis
The HelixCode platform, which this event package serves, explicitly identifies and has not yet resolved numerous critical security vulnerabilities, including SSH security issues (e.g., `InsecureIgnoreHostKey()`), incomplete worker isolation, authentication system vulnerabilities (JWT review, token expiration, MFA, password storage), lack of data encryption in transit/at rest, and unimplemented RBAC. Input validation is also incomplete. While the `event` package itself implements thread-safety and basic error logging (last 100 errors), its operations occur within an overall insecure context, making the entire platform highly unsafe to run in its current state.
Updated: 2026-01-14GitHub
0
0
Medium Cost
drivenrajat icon

f1

by drivenrajat

Sec9

Provides comprehensive Formula 1 data and analytics for Claude Desktop integration, offering detailed insights into race data, telemetry, lap times, standings, and strategies.

Setup Requirements

  • ⚠️Python 3.10 or higher required.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json`.
  • ⚠️The local path to the cloned repository must be correctly specified in the Claude Desktop configuration.
  • ⚠️Requires the FastF1, Ergast, and OpenF1 APIs to be accessible (no API keys needed for public data).
Verified SafeView Analysis
The server makes outgoing HTTP requests to legitimate F1 data APIs (FastF1, Ergast, OpenF1). Inputs for these requests are derived from tool arguments (e.g., year, GP name, driver code), which limits direct arbitrary URL injection. No 'eval' or obvious command injection vulnerabilities were found. No hardcoded secrets are present in the provided code. Error handling wraps most operations, returning a string or error image on failure.
Updated: 2026-01-18GitHub
0
0
Medium Cost
davidculver icon

cve-mcp-server

by davidculver

Sec9

Provides conversational access to a local, containerized CVE (Common Vulnerabilities and Exposures) database via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Docker is required for containerized deployment.
  • ⚠️Python 3.11+ is required for local development.
  • ⚠️Node.js 18+ is required for the MCP Inspector client.
  • ⚠️Initial CVE data loading can take 1-7 minutes depending on dataset size.
Verified SafeView Analysis
The server is designed for local-only use with stdio transport, minimizing network attack surface. It uses parameterized queries for SQLite operations to prevent SQL injection. Configuration (e.g., repository URLs) is loaded from environment variables, preventing hardcoded secrets. The data ingestion process uses `subprocess.run` for `git clone` from a trusted public repository (CVEProject/cvelistV5) for bulk data loading, which is a controlled external execution. The project is explicitly marked as a 'PROTOTYPE' and mentions future network access (SSE transport) would introduce new security considerations, but currently, it operates locally via stdio.
Updated: 2025-12-30GitHub
PreviousPage 294 of 713Next