Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
alessandropac96 icon
Sec4

A reusable server for agents to interact with and gain context from multiple local code repositories using a hierarchical tool organization.

Setup Requirements

  • ⚠️Requires Node.js (version 18+ recommended by dependencies).
  • ⚠️Requires local code repositories to be configured via a JSON file (`.multi-repo-mcp/repos.json`, `~/.multi-repo-mcp/repos.json`) or environment variables (`MULTI_REPO_MCP_CONFIG`, `MULTI_REPO_MCP_REPOS_PATH`).
Review RequiredView Analysis
The server dynamically loads tool modules using `import()` based on paths specified in its configuration files (e.g., `repo.tools` property). If a malicious actor can compromise or inject into the `.multi-repo-mcp/repos.json` (project-local or user config) or control the `MULTI_REPO_MCP_CONFIG` environment variable, they could specify paths to arbitrary code, leading to Remote Code Execution (RCE). Additionally, the `search_across_repos` tool uses a user-provided `query` in a regular expression, which could be vulnerable to Regular Expression Denial of Service (ReDoS) attacks. File system operations (`fs.readFile`, `fs.readdir`) are used, which, while generally restricted to configured `repoPath`s, could pose a risk if `repoPath` validation is circumvented (e.g., via symlinks, though `RepoValidator` attempts to prevent this).
Updated: 2026-01-16GitHub
0
0
Low Cost
ashera96 icon
Sec4

An MCP server demonstrating dual authentication (API Key and OAuth 2.0 Client Credentials) for tool invocation in a stateless mode.

Setup Requirements

  • ⚠️Requires Node.js and npm for installation and execution.
  • ⚠️For HTTPS mode, self-signed certificates must be generated first (`./generate-certs.sh`), and clients like `curl` need the `-k` flag to bypass certificate validation.
  • ⚠️Uses hardcoded credentials (`API Key`, `OAuth2 Client ID/Secret`) suitable only for POC testing; these are not secure for production environments.
Verified SafeView Analysis
Critical: Hardcoded secrets (API key, JWT secret, OAuth client ID/secret) are present in `src/index.ts`. The OAuth2 token store is in-memory and non-persistent. Broad CORS (`app.use(cors())`) is enabled. These are explicitly noted as POC limitations in the README, requiring significant hardening for production (e.g., using environment variables, persistent storage, and restricted CORS). No 'eval' or malicious patterns were found. The `./generate-certs.sh` script creates self-signed certificates suitable only for development.
Updated: 2026-01-18GitHub
0
0
Medium Cost
pusewicz icon

cf-mcp

by pusewicz

Sec8

Provides an MCP server to generate, search, and retrieve documentation for the Cute Framework (C/C++).

Setup Requirements

  • ⚠️Ruby environment (3.2+) required.
  • ⚠️Requires Cute Framework header files (can be downloaded automatically with internet access using `--download`, or provided via `--root` flag).
Verified SafeView Analysis
The server downloads dependencies from a hardcoded GitHub URL using HTTPS. It operates as an HTTP server, with CORS headers explicitly set to allow all origins ('*'), which is typical for APIs but should be noted for deployment context. No 'eval' or other obvious malicious patterns or hardcoded secrets were found in the provided source code. The code appears well-intentioned and focused on its stated purpose.
Updated: 2026-01-16GitHub
0
0
Medium Cost
shoutout-labs icon

document-sync

by shoutout-labs

Sec8

Enables AI agents to query local project files and documentation using Google's Gemini File Search API, creating an always-up-to-date knowledge base for various organizational roles.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key, which is a paid service (though a free tier is typically available for limited usage).
  • ⚠️Relies on the `document-sync.json` configuration file, which is usually generated by the associated VS Code/Cursor extension, implying the extension needs to be set up and run first.
  • ⚠️The Express server component, if used (`npm run serve`), allows broad CORS access, which should be considered if deploying beyond a local or private network.
Verified SafeView Analysis
The server primarily handles API requests to Google Gemini. It does not appear to execute user-provided code directly. API keys are expected via environment variables and are not hardcoded. The Express server (`mcp-server/src/server.ts`) uses `app.use(cors())`, which enables Cross-Origin Resource Sharing for all origins. While common for local development and integration with a web client/extension, this could be a minor security concern if the server is exposed to a public network without further access restrictions.
Updated: 2025-12-12GitHub
0
0
Medium Cost
j0hanz icon
Sec9

Provides AI assistants with secure read-only filesystem access for exploring, searching, and reading files within approved directories.

Setup Requirements

  • ⚠️Requires Node.js >= 22.17.0 to run.
  • ⚠️Requires explicit configuration of accessible directories via CLI arguments (e.g., --allow-cwd) or the MCP Roots protocol; otherwise, the server starts with no accessible files.
  • ⚠️Requires specific client-side configuration (e.g., .vscode/mcp.json for VS Code) for integration.
Verified SafeView Analysis
The server implements robust security measures including explicit read-only operations, comprehensive path validation to prevent traversal and symlink escapes, RE2-based regex engine to prevent ReDoS attacks, and configurable resource limits. A dedicated test (`filesystem-boundary.test.ts`) enforces strict boundaries for `node:fs` imports, indicating a strong security-first architectural approach. No 'eval', obfuscation, or hardcoded secrets were found. Uses stdio for communication, reducing external network attack surface.
Updated: 2026-01-18GitHub
0
0
Medium Cost
vizsphere icon

MCP_using_csharp

by vizsphere

Sec3

This project implements Model Context Protocol (MCP) servers and clients in C# for building AI agent tools, including an echo server and services for CRM and support integration.

Setup Requirements

  • ⚠️Requires .NET SDK to build and run.
  • ⚠️External API keys (e.g., Freshdesk, Pipedrive) are required for specific services and must be obtained/configured.
  • ⚠️Hardcoded secrets in development configuration files must be replaced with secure environment variables or a configuration management solution for production use.
Review RequiredView Analysis
CRITICAL: Hardcoded API keys and connection strings (e.g., FreshdeskApiKey, ApplicationInsightConnectionString) are present in 'appsettings.Development.json'. This is a severe security vulnerability as these credentials can be exposed if committed to public repositories or deployed without proper configuration management. The 'AllowedHosts: *' setting, while common in development, should be restricted in production environments.
Updated: 2025-12-02GitHub
0
0
Low Cost
chaniji icon
Sec7

Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers, providing an unauthenticated calculator agent for AI tools.

Setup Requirements

  • ⚠️Requires a Cloudflare Workers account for deployment.
  • ⚠️No authentication is implemented by default, making the exposed tools publicly accessible.
  • ⚠️Relies on Cloudflare's specific AI ecosystem dependencies (`@modelcontextprotocol/sdk`, `agents`).
Verified SafeView Analysis
The server is explicitly designed to operate without authentication, as indicated by its name and documentation. This means anyone with access to the deployed URL can invoke its calculator tools. While input validation is performed using Zod to prevent malformed requests to the tools, the lack of authentication presents a significant operational security risk if deployed publicly without additional access controls or proxies (e.g., Cloudflare Access). No other obvious malicious patterns, 'eval' usage, or hardcoded secrets were found in the provided source code.
Updated: 2025-12-01GitHub
0
0
Medium Cost
Etude-Labs icon
Sec8

Exposes project rules and workflows as Model Context Protocol (MCP) resources for AI coding tools and IDEs.

Setup Requirements

  • ⚠️Requires .NET 9 SDK
  • ⚠️HTTP transport lacks built-in authentication, requires external API gateway/service mesh for secure production use.
Verified SafeView Analysis
The server implements path traversal prevention, input validation, runs as a non-root user in Docker, and avoids logging PII or secrets. It explicitly defers HTTP authentication and authorization to upstream infrastructure (e.g., API gateway, service mesh) for production deployments, meaning it's designed to run securely behind another layer.
Updated: 2025-12-02GitHub
0
0
High Cost
wplaunchify icon

ml-mcp-server

by wplaunchify

Sec3

Universal Model Context Protocol (MCP) Server for WordPress, Fluent Suite, and MinuteLaunch plugins. Connects AI assistants directly to WordPress for comprehensive management of content, e-commerce, CRM, community, and advanced site operations.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️A WordPress site with the `ml-mcp` or `fluent-mcp` plugin installed is mandatory.
  • ⚠️Requires a WordPress Application Password with administrative privileges.
  • ⚠️Mandatory environment variables: `WORDPRESS_API_URL`, `WORDPRESS_USERNAME`, `WORDPRESS_APP_PASSWORD`.
  • ⚠️Optional API keys/credentials for specific advanced tools (e.g., SERP API for Google Images, Noun Project API for icons) if MinuteLaunch Media Hub is utilized.
Review RequiredView Analysis
The server exposes highly privileged operations through its 'FluentMCP Pro' tools (e.g., `pro_db_query` for arbitrary SQL, `pro_fs_write` for file system manipulation, `pro_wp_cli_execute` for WP-CLI commands). While these require specific WordPress plugin activation and admin credentials, they represent significant security risks if the AI agent is compromised, misinterprets requests, or operates without stringent external guardrails. Direct access to file systems and database queries can lead to data loss, unauthorized code execution, or full site compromise. All WordPress API requests and responses, including potentially sensitive data, are logged locally to `wordpress-api.log`, which could be a target for attackers if the server's file system is breached. Running this server requires extreme caution and robust AI safety protocols.
Updated: 2026-01-06GitHub
0
0
Low Cost
aster-void icon

climcp

by aster-void

Sec1

Provides a command-line interface for interacting with Model Context Protocol (MCP) servers, allowing users to list and call tools either interactively or for one-shot execution.

Setup Requirements

  • ⚠️Requires the Bun runtime environment.
Review RequiredView Analysis
The primary security risk lies in the `stdio` transport method, where the `target` argument (a user-provided string) is directly used as a command to be executed. This allows for arbitrary command execution. For example, `climcp run "rm -rf /" some_tool` would attempt to execute `rm -rf /` as the MCP server. This is a critical vulnerability if the input `target` is not trusted or properly sanitized by the caller. Other input parsing (JSON5, query-style) seems robust, but the initial command execution is a severe flaw.
Updated: 2025-12-17GitHub
0
0
Medium Cost
JustinJmnz icon

mediawiki-mcp

by JustinJmnz

Sec3

Facilitates LLM integration with MediaWiki by providing a set of read-only and draft management tools for wiki interaction.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the MediaWiki and MariaDB instances.
  • ⚠️Requires .NET 8.0 SDK or later for the MCP server application.
  • ⚠️The provided setup uses hardcoded, weak passwords for database and MediaWiki admin accounts, which must be changed for any non-local or production environment.
Review RequiredView Analysis
The provided docker-compose.yml and LocalSettings.php contain multiple hardcoded, weak passwords for MariaDB root, MariaDB user, and MediaWiki admin accounts (e.g., 'rootpass123', 'MediaWikiPass123!', 'Password123!'). Additionally, a hardcoded 'MEDIAWIKI_SECRET_KEY' is present in docker-compose.yml, which is marked as needing change. This configuration is highly insecure for anything beyond isolated local development and presents a critical risk of unauthorized access if deployed publicly without modification. No 'eval' or similar dangerous patterns were identified in the summarized C# source code for the MCP server itself.
Updated: 2025-12-15GitHub
0
0
Medium Cost
devleo10 icon
Sec9

A Model Context Protocol (MCP) server providing a `search_file` tool for efficient keyword and regex searching within files, designed to integrate with AI clients like Cursor and Claude Desktop.

Setup Requirements

  • ⚠️Requires Bun runtime to be installed.
  • ⚠️Manual configuration of MCP client (`mcp.json`) is needed for integration with Cursor/Claude Desktop, requiring specific paths.
  • ⚠️The `WORKSPACE_ROOT` environment variable should be set for enhanced security and access control, or the server will default to `process.cwd()`.
Verified SafeView Analysis
The server implements robust security measures including path normalization, validation against an optional `WORKSPACE_ROOT` to prevent directory traversal, automatic keyword escaping for non-regex searches to prevent regex injection, detection and rejection of binary files, and file size limits to mitigate DoS attacks. Input validation is enforced using Zod. No hardcoded secrets or 'eval' statements were found. The use of an official MCP SDK and Express framework also contributes to its security posture.
Updated: 2025-11-26GitHub
PreviousPage 297 of 713Next