Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
antonsokolskyy icon

SSMCP

by antonsokolskyy

Sec7

Model Context Protocol (MCP) server providing web search with content extraction and YouTube subtitle retrieval for AI models lacking built-in browsing capabilities.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for deployment.
  • ⚠️Requires manual configuration of SearXNG (editing `deploy/docker/searxng_data/settings.yml` to add `json` format) after initial setup, before building the main image.
  • ⚠️Optional: Providing YouTube cookies (in Netscape format) for restricted content requires placing a `cookies.txt` file in a specific directory (`deploy/docker/ssmcp/cookies.txt`) and setting appropriate file permissions (`chmod 600`).
  • ⚠️If OAuth is enabled (`OAUTH_ENABLED=true`), specific environment variables (`OAUTH_JWKS_URL`, `OAUTH_CLIENT_ID`, `OAUTH_ISSUER`) must be configured correctly for an OIDC-compliant identity provider, including the OpenWebUI client ID for audience verification.
Verified SafeView Analysis
The server uses `httpx` for external requests and `pydantic-settings` for configuration, reducing risks of hardcoded secrets. OAuth authentication is implemented using standard JWT validation (JWKS, issuer, audience, expiration, subject), which is generally secure when configured with trusted identity providers. However, the reliance on external tools like `Crawl4AI` (headless Chromium) and `yt-dlp` for arbitrary web content introduces a significant attack surface. Specifically, `Crawl4AI`'s `ignore_https_errors=True` setting weakens HTTPS certificate validation, making connections vulnerable to Man-in-the-Middle (MITM) attacks. While explicit warnings are provided for `cookies.txt` permissions, the inherent risk of processing untrusted web content via browser automation remains.
Updated: 2026-01-19GitHub
0
0
Medium Cost
leftmike icon

filemcp

by leftmike

Sec10

Provides an MCP interface for an AI agent to interact with a local filesystem, offering operations like reading files, listing directories, searching, and retrieving file metadata.

Setup Requirements

  • ⚠️Requires a Go runtime environment to build and execute from source.
  • ⚠️Communication is exclusively via standard I/O (stdin/stdout), requiring a parent process capable of interacting through this interface.
  • ⚠️The server operates strictly within a specified root directory, limiting its filesystem access.
Verified SafeView Analysis
The server uses `os.DirFS` to create a sandboxed filesystem, restricting all file operations to a specified root directory. This effectively prevents path traversal attacks (e.g., `../`, absolute paths) as confirmed by the provided test cases. There are no dynamic code execution features (like 'eval'), no apparent network attack surface (it uses StdioTransport for communication), and no hardcoded sensitive information.
Updated: 2026-01-19GitHub
0
0
Medium Cost
cosmocoder icon

mcp-web-docs

by cosmocoder

Sec9

A self-hosted MCP server that crawls, indexes, and enables private, local search of documentation from any website to provide context to AI assistants.

Setup Requirements

  • ⚠️Requires Node.js >= 22.19.0.
  • ⚠️Initial setup requires downloading Playwright browsers (Chromium, Firefox, WebKit) which consumes disk space and time.
  • ⚠️Indexing large documentation sites consumes significant local CPU, RAM, and disk space for vector database and crawl cache.
  • ⚠️Requires manual configuration in your MCP client (e.g., Cursor, Claude Desktop, VS Code) to connect to the server.
  • ⚠️For private documentation, an interactive browser login is required to capture the session.
Verified SafeView Analysis
Comprehensive security measures implemented: SSRF protection (blocks private IPs, localhost, cloud metadata), ReDoS protection for user-provided regex, robust Zod schema validation for all inputs, AES-256-GCM encryption for stored authentication sessions, sensitive data redaction in logs/errors, and proactive prompt injection detection in crawled content (high-severity patterns blocked, others warned). No discernible hardcoded secrets or arbitrary `eval` usage.
Updated: 2026-01-19GitHub
0
0
Medium Cost
abhinav20sep icon

gmail-mcp-server-rust

by abhinav20sep

Sec4

Integrate AI models (e.g., Claude) with Gmail for email management and automation via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Rust 1.70+ installed via rustup.
  • ⚠️Requires a Google Cloud Project with Gmail API enabled and OAuth 2.0 Desktop app credentials.
  • ⚠️Requires an interactive, browser-based authentication step ('./gmail-mcp-server auth') before the server can be used.
Review RequiredView Analysis
The `download_attachment` tool allows the AI (and thus potentially an attacker through a crafted prompt) to specify an arbitrary `save_path` and `filename`. While the `Path::join` method correctly handles path segments to prevent simple path traversal within the filename, it does not validate or restrict the base `save_path` argument. This means an attachment could be downloaded to sensitive system directories (e.g., `/etc`, `~/.ssh`) if the AI is prompted to do so, posing a significant risk for arbitrary file writes.
Updated: 2025-11-26GitHub
0
0
Medium Cost
dizzlkheinz icon

ynab-mcpb

by dizzlkheinz

Sec9

Connects a YNAB budget to an MCP client (e.g., Claude Desktop) to manage finances using natural language, including receipt itemization and bank reconciliation.

Setup Requirements

  • ⚠️Requires a YNAB Personal Access Token (YNAB_ACCESS_TOKEN) for full functionality.
  • ⚠️Requires a Node.js environment to run (via npx).
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, VS Code's Cline, Codex) to interact with as an AI tool.
Verified SafeView Analysis
The server follows good security practices by requiring a YNAB access token via environment variables and not hardcoding secrets. It implements input validation using Zod schemas, rate limiting, and request logging with sensitive parameter sanitization. File system access for CSV import and JSON export is appropriately constrained to prevent path traversal. Tool annotations provide security hints (e.g., 'readOnlyHint', 'destructiveHint') to the LLM. No 'eval' or similar dangerous patterns were identified in the provided code snippets.
Updated: 2025-12-31GitHub
0
0
High Cost
Ash-Blanc icon

kia-mcp-server

by Ash-Blanc

Sec9

Transforms Claude into an ultra-efficient, production-grade AI pair programmer by orchestrating best-in-class code APIs for iterative code evolution, semantic search within local repositories and public packages, and pattern learning.

Setup Requirements

  • ⚠️Requires Morph API Key (paid service)
  • ⚠️Requires Chroma Package Search API Key (paid tier available)
  • ⚠️Requires OpenRouter API Key (paid service, for GEPA/DSPy LLM backend)
  • ⚠️Requires Python 3.13+ and Git
Verified SafeView Analysis
The server leverages environment variables (os.getenv) for all API keys (Morph, Chroma, OpenRouter), which is a secure practice. Its core `evolve_code` functionality aims to improve code quality, explicitly checking for and reducing security vulnerabilities like SQL injection, `eval`/`exec`, and insecure password handling within the code it generates or modifies. The reliance on external LLMs (GEPA/OpenRouter and Morph) for code generation means that the security of the *output code* is dependent on the LLM's capabilities and training, although the server's own analysis and iterative refinement process are designed to mitigate these risks. No direct malicious patterns or obfuscation were found in the server's own codebase.
Updated: 2025-12-10GitHub
0
0
Medium Cost
hajnalben icon

web3-tools-mcp

by hajnalben

Sec8

Facilitates multi-chain blockchain interactions, smart contract analysis, transaction signing, and real-time data retrieval for AI agents and developers.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0.
  • ⚠️Full functionality (e.g., contract ABI/source retrieval, fast event queries, enhanced RPC) requires optional API keys (Etherscan, Hypersync, Alchemy, Infura).
  • ⚠️Transaction signing (write operations) requires a browser wallet (MetaMask, Rabby, Coinbase Wallet) and the server will automatically open a browser window for approval on a local port (e.g., http://localhost:3456).
Verified SafeView Analysis
The server includes a local web server (http://localhost:3456) and WebSocket server for browser wallet integration, which automatically opens a browser window for transaction approval. This design keeps private keys off the server but relies on local system security and user vigilance for transaction signing in the browser. API keys are loaded from environment variables or CLI, preventing hardcoding. No 'eval' or obfuscation found.
Updated: 2025-12-05GitHub
0
0
Medium Cost
sorinirimies icon
Sec7

A comprehensive Model Context Protocol (MCP) server for mobile device automation. It controls Android and iOS devices programmatically through a standardized interface, ideal for testing, automation, and AI-assisted mobile app development.

Setup Requirements

  • ⚠️Requires Rust 1.70+ toolchain installed.
  • ⚠️iOS support (simulators/physical devices) is exclusively available on macOS.
  • ⚠️iOS Simulators require Xcode Command Line Tools (`xcode-select --install`).
  • ⚠️iOS Physical Devices require `libimobiledevice` (`brew install libimobiledevice`) for extended functionality on macOS.
Verified SafeView Analysis
The server uses `adb_client` and `xcrun simctl` for device control, which inherently involves executing shell commands. While arguments are generally passed as separate strings to `Command::new`, minimizing direct shell injection, the `send_keys` function in `src/devices/android.rs` performs manual string escaping for `input text` commands. Manual escaping is error-prone and could potentially lead to vulnerabilities if not perfectly robust against all possible inputs. The use of an unspecified `com.mobilenext.devicekit` for non-ASCII text on Android also introduces an un-audited component. No hardcoded secrets or obvious malicious patterns were found. The server primarily communicates via stdin/stdout and local ADB/USB connections.
Updated: 2026-01-12GitHub
0
0
Low Cost
Grifex-0 icon

poly-git-mcp

by Grifex-0

Sec6

A unified Model Context Protocol (MCP) server that enables AI assistants and other MCP clients to manage Git repositories, issues, pull requests, and CI/CD across GitHub, GitLab, Gitea, and Bitbucket.

Setup Requirements

  • ⚠️Requires Deno runtime (v2.0+) to be installed.
  • ⚠️Requires respective Git CLI tools (gh, glab, tea) to be installed and configured in the execution environment for GitHub, GitLab, and Gitea functionality.
  • ⚠️Bitbucket functionality requires `BITBUCKET_USERNAME` and `BITBUCKET_APP_PASSWORD` environment variables to be set for authentication.
Verified SafeView Analysis
The server requires extensive Deno permissions (`--allow-run`, `--allow-net`, `--allow-read`, `--allow-env`, `--allow-write`) to execute external CLI tools (`gh`, `glab`, `tea`) and make direct API calls (Bitbucket). While these permissions are necessary for its functionality and clearly documented, they expose the system to significant risk if the server is compromised or given overly broad credentials. User credentials (GitHub/GitLab/Gitea tokens, Bitbucket username/app password) are directly used, making the security boundary dependent on the scope of these credentials. The code does not use `eval` or show obvious command injection vulnerabilities in its argument parsing for CLI calls (arguments are passed as distinct strings to Deno.Command). Users must carefully manage the scope of authentication tokens.
Updated: 2026-01-19GitHub
0
0
Medium Cost
YOUHAD08 icon

WhatsApp-AI-Bot

by YOUHAD08

Sec8

An intelligent WhatsApp chatbot that leverages a dedicated MCP server for dynamic tool management, enabling employee data queries via Spring AI and OpenAI's GPT-4.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service)
  • ⚠️Requires a Meta Business Account and WhatsApp Business API access (complex setup)
  • ⚠️Requires ngrok for exposing local server to Meta's webhooks during development
Verified SafeView Analysis
The application employs environment variables for sensitive data like API keys and verification tokens, which is a good practice. User input (message text) is escaped before being included in JSON payloads, mitigating potential JSON injection risks when communicating with the Meta WhatsApp API. Webhook verification ensures authenticity of incoming requests. The architecture's separation into a main bot service and a distinct MCP server for tools enhances modularity and potentially reduces the attack surface. No direct 'eval' or easily exploitable code injection vulnerabilities are apparent in the provided source code. Primary security considerations would revolve around prompt injection for the LLM and the secure management of API keys and server exposure during deployment.
Updated: 2025-11-27GitHub
0
0
Low Cost
WiiliamsLiu icon
Sec1

A server component likely designed for demonstration or educational purposes within a Google DevFest workshop.

Review RequiredView Analysis
No source code was provided for analysis. Therefore, a comprehensive security audit cannot be performed, and the safety of running this server cannot be verified. The low score reflects the inability to assess actual code.
Updated: 2025-11-23GitHub
0
0
Medium Cost
jianlins icon

whoosh_rag_mcp

by jianlins

Sec8

Provides full-text search for documentation to AI assistants using Whoosh, enabling RAG over up-to-date information.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Requires `DOCS_ROOT` and `INDEX_DIR` environment variables to be configured for documentation and index paths.
  • ⚠️Requires an initial index build via the `build_documentation_index` tool or CLI command before search functionality is available.
Verified SafeView Analysis
The core Python MCP server (mcp_server.py, doc_retriever.py) does not contain direct `eval`, hardcoded secrets, or network listeners (uses stdio). File operations are limited to configured `DOCS_ROOT` and `INDEX_DIR`. The primary risk lies in the configuration of `DOCS_ROOT` and `INDEX_DIR` environment variables by the host system or AI assistant client; if these point to untrusted or sensitive locations, it could lead to unintended file access or resource exhaustion. The associated VS Code extension uses `child_process.exec` to run the Python script, which is a potential vulnerability if the `pythonPath` configuration is maliciously set by the user, though the script path itself is fixed and arguments for search queries are quoted to mitigate injection.
Updated: 2025-11-22GitHub
PreviousPage 303 of 713Next