Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost

napi

by HoweChen

Sec7

Provides a Model Context Protocol (MCP) server to allow AI assistants to query API documentation stored in the NAPI database.

Setup Requirements

  • ⚠️Requires Bun runtime environment.
  • ⚠️The main Next.js API documentation application must be running separately (e.g., 'bun dev') for the MCP server to function.
  • ⚠️Requires initial database setup and migration ('bun run db:init').
Verified SafeView Analysis
The server component (mcp-server) acts as a proxy to the Next.js API endpoint (/api/mcp-tools). While the API endpoint uses a switch statement to restrict tool names, the arguments (`args`) passed to these tools are not explicitly validated against Zod schemas within the route handler itself. Drizzle ORM is used for database interactions, which generally protects against SQL injection through parameterized queries. No hardcoded secrets or 'eval' calls were found. The older file-based API functionality is not exposed to the MCP server. Overall, the system is reasonably secure due to modern framework and ORM practices, but explicit input validation on `args` at the API boundary would enhance robustness.
Updated: 2025-11-24GitHub
0
0
Low Cost
Jammy2005 icon

remote-mcp-server

by Jammy2005

Sec6

This server provides a remote Model Context Protocol (MCP) endpoint on Cloudflare Workers, demonstrating how to integrate custom tools with AI agents (like Claude) and manage OAuth-based authentication.

Setup Requirements

  • ⚠️Requires Cloudflare Wrangler CLI for deployment and local development setup within the Cloudflare ecosystem.
  • ⚠️Deployment requires creating a Cloudflare KV namespace (`OAUTH_KV`) and manually updating the `wrangler.jsonc` configuration (not provided).
  • ⚠️The OAuth login system is a mock implementation; any email and password will be accepted for authorization purposes, suitable only for development and demonstration.
Verified SafeView Analysis
The server's authentication logic is intentionally simplified for demonstration purposes. Specifically, the `/authorize` endpoint hardcodes `isLoggedIn = true`, and the `/approve` endpoint accepts any email and password combination as valid. This is explicitly stated in the source code as a demo feature. These bypasses make the application highly insecure for production use without replacing the mock authentication with a robust, real-world system. No 'eval' or obvious obfuscation was found. Markdown rendering is used for the homepage, which could pose an XSS risk if the input source was untrusted; however, it loads a local README.md.
Updated: 2025-11-26GitHub
0
0
Low Cost
dagnele icon

victualia-mcp

by dagnele

Sec9

An MCP (Model Context Protocol) server that dynamically exposes Victualia API endpoints as tools for AI assistants to manage home inventory, recipes, meal plans, and more.

Setup Requirements

  • ⚠️Victualia Premium account required for API access (€9.99/month)
  • ⚠️VICTUALIA_API_KEY environment variable is required
Verified SafeView Analysis
The server correctly uses environment variables for API keys, avoiding hardcoded secrets. It dynamically fetches the OpenAPI spec and constructs API requests, with input sanitization handled by the underlying `zod` schema validation for parameters. The code explicitly avoids complex `zod-from-json-schema` usage to prevent issues with converting custom refinements back to JSON Schema for the MCP SDK, indicating a careful approach to data integrity and interoperability. No 'eval' or other obviously dangerous patterns were found. The primary external dependency is the Victualia API itself, and security depends on a valid API key.
Updated: 2025-12-10GitHub
0
0
Medium Cost
bsmeding icon
Sec5

A server component for Nautobot, designed to provide an API or background service for specific 'Master Control Program' or 'Management/Control Plane' functionalities within the Nautobot ecosystem.

Setup Requirements

  • ⚠️Requires Python 3.8+ (common for Nautobot components)
  • ⚠️Requires `pip` and a virtual environment for dependency management
  • ⚠️Assumes an existing Nautobot instance is running and accessible
Review RequiredView Analysis
Full security audit is not possible as source code was not provided in the prompt. A score of 5 is assigned as a neutral baseline. It is CRITICAL to review the actual source code for common vulnerabilities like 'eval' or 'exec' usage, hardcoded secrets, improper input validation, network misconfigurations, or dangerous file operations. Without code, we cannot assess the actual security posture.
Updated: 2025-12-01GitHub
0
0
Medium Cost
longmaba icon

jira-mcp

by longmaba

Sec9

Provides JIRA integration for AI assistants, enabling them to search, view, create, and update JIRA issues using natural language.

Setup Requirements

  • ⚠️Requires JIRA_URL, JIRA_EMAIL, and JIRA_API_TOKEN environment variables.
  • ⚠️Obtaining a JIRA API token requires specific steps in Atlassian account settings.
  • ⚠️Requires Node.js version 20 or higher due to 'jira.js' dependency requirements.
Verified SafeView Analysis
The server correctly uses environment variables for JIRA credentials, avoiding hardcoded secrets. It employs input schemas for tool calls provided by the MCP SDK, which helps mitigate basic injection risks. In SSE (HTTP) mode, CORS is configured to allow all origins (`*`), which is acceptable for a locally run development tool but could pose a risk if the server is exposed publicly without additional authentication or network restrictions.
Updated: 2025-12-09GitHub
0
0
Low Cost
AdrielC icon

Wayfaerer

by AdrielC

Sec8

An OTP-first MCP server for car-buying tools, providing robust job orchestration, retries, rate limiting, and idempotency for external integrations.

Setup Requirements

  • ⚠️Elixir runtime and `mix` build tool required.
  • ⚠️Relies on standard input/output (stdio) for communication, which might require specific client integration.
Verified SafeView Analysis
The server explicitly uses environment variables for configuration (e.g., `LISTINGS_PROVIDER`, `VIN_PROVIDER`), avoiding hardcoded secrets. Future email sending features are designed with safety principles including domain allowlists, rate limits, and a default draft-only mode. External API calls (NHTSA vPIC for VIN decoding) introduce standard network risks, but no immediate malicious patterns are identified. The `stdio` transport for v1 is relatively contained for local usage, and the Elixir/OTP architecture promotes fault tolerance and isolation.
Updated: 2025-12-27GitHub
0
0
High Cost
sackio icon

phony

by sackio

Sec4

Enables AI assistants to initiate and manage real-time voice calls and SMS messaging using Twilio and OpenAI.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid service, charged per second of audio and per token for tools)
  • ⚠️Requires Twilio account (Paid service, charged per minute for calls and per message for SMS)
  • ⚠️Requires a Public URL with Nginx (or similar) reverse proxy for Twilio webhooks, which adds setup complexity and security considerations.
  • ⚠️MongoDB is required for persistent storage of call transcripts and SMS messages.
Review RequiredView Analysis
The default MongoDB connection string in `docker-compose.yml` contains a hardcoded application user password. While `MONGODB_USERNAME` and `MONGODB_PASSWORD` can be set for the root user via environment variables, the hardcoded password for the `voicecalls_admin` user within the `MONGODB_URI` is a significant vulnerability. Additionally, the MCP endpoints (`/mcp/*`) on port 3004 lack explicit API secret authentication, making them vulnerable if exposed publicly, despite documentation recommending internal-only access. Some other API endpoints do utilize a dynamic API secret, which is a good practice, but not universally applied.
Updated: 2025-12-10GitHub
0
0
Low Cost
sugiruu icon
Sec3

Provides a simple MCP server with tools to execute queries and retrieve metadata from an MSSQL database.

Setup Requirements

  • ⚠️Requires platform-specific database drivers: Microsoft ODBC Driver for SQL Server (Windows) or FreeTDS (macOS/Linux) in addition to Python packages.
  • ⚠️Requires network access to a Microsoft SQL Server instance, which must be externally provided and configured.
  • ⚠️Requires configuration of database connection details (server, user, password, or authentication mode) via environment variables or a '.env' file.
Review RequiredView Analysis
The `run_query` tool directly executes the provided `sql` string using `cur.execute(sql)` without any parameterization or sanitization. This is a critical SQL injection vulnerability, allowing an attacker to execute arbitrary SQL commands on the connected database if they can send requests to the MCP server. Although database credentials are read from environment variables or a .env file (a standard and generally acceptable practice for configuration), the direct SQL execution poses a severe risk.
Updated: 2025-11-26GitHub
0
0
Low Cost
takanoriyanagitani icon

go-docker-images-mcp

by takanoriyanagitani

Sec8

Provides a Micro-Context Protocol (MCP) server to list and filter Docker images.

Setup Requirements

  • ⚠️Requires a running Docker daemon accessible via its Unix socket or specified host.
  • ⚠️Requires appropriate permissions to access the Docker daemon socket (e.g., user in 'docker' group or root).
  • ⚠️Requires a Go development environment to build and run from source.
Verified SafeView Analysis
The server connects to the Docker daemon via its Unix socket (default: /var/run/docker.sock), which provides root-level access to the Docker host. If this server is exposed to untrusted networks without proper authentication and authorization, it poses a significant security risk by allowing full control over the Docker host. The code itself does not contain obvious vulnerabilities like 'eval', obfuscation, or hardcoded secrets, and uses standard Docker client library functions. The risk is primarily inherent to its operational functionality and deployment context.
Updated: 2025-12-05GitHub
0
0
Medium Cost
t3ta icon

coduck

by t3ta

Sec8

Orchestrates Codex jobs in isolated Git worktrees, integrated with Claude Code via the Model Context Protocol (MCP) server for automated code generation, review, and deployment.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires Codex CLI (`codex`) to be installed and accessible on PATH (or configured via `CODEX_CLI_PATH`)
  • ⚠️Requires Git to be installed and accessible on PATH (or configured via `GIT_PATH`)
  • ⚠️Manual configuration required in `~/.claude.json` with absolute paths for MCP server integration
  • ⚠️No Docker or containerization setup provided; manual Node.js/Git environment management is needed
Verified SafeView Analysis
The system uses `execFile`/`spawn` for Git and Codex CLI commands, which is inherently safer against shell injection than `exec`. A critical security measure, `validateRepoUrl`, mitigates SSRF by restricting external Git repository URLs to a configurable whitelist (GitHub and GitLab by default) and enforcing absolute local paths for 'no-worktree' mode. This protects the worker from fetching from malicious external URLs or making unintended requests to internal network services. No obvious hardcoded secrets, 'eval' calls, or code obfuscation were found. The 'no-worktree' mode, while intentional, allows the worker to operate directly on a specified absolute path (often `process.cwd()`), meaning a compromised orchestrator or an untrusted job creator could potentially cause unintended file system modifications outside of isolated worktrees. However, this is mitigated by validation on the `repo_url` for 'no-worktree' jobs (must be absolute path) and the design choice to not automatically clean up these directories.
Updated: 2025-12-12GitHub
0
0
Low Cost
joecwales-outlawmindai icon

mcp-servers

by joecwales-outlawmindai

Sec1

Provides server implementations primarily for Minecraft-related development and modding activities.

Review RequiredView Analysis
Source code was not provided for analysis beyond the README title. Therefore, a comprehensive security audit could not be performed for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. The score reflects an inability to verify safety due to missing information.
Updated: 2025-12-03GitHub
0
0
Medium Cost
cfahlgren1 icon

hf-dataset-mcp

by cfahlgren1

Sec9

Access and query Hugging Face datasets programmatically for AI and machine learning workflows.

Setup Requirements

  • ⚠️Requires Node.js runtime environment.
  • ⚠️Hugging Face API token (HF_TOKEN) is required for private or gated datasets.
Verified SafeView Analysis
The server acts as a proxy to the Hugging Face Hub and Dataset Viewer APIs. It uses environment variables (`HF_TOKEN`) for authentication, which is a secure practice. Input validation is performed using Zod schemas for all tool arguments. There are no direct usages of `eval` or `child_process.exec` (or similar dangerous functions) in the provided source code that would indicate arbitrary code execution vulnerabilities. The 'SQL-like' WHERE conditions for filtering are passed to an upstream Hugging Face API, relying on that service for secure interpretation rather than executing SQL directly within this server.
Updated: 2026-01-19GitHub
PreviousPage 298 of 713Next