Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
kennes1026 icon

mcp-test-repo

by kennes1026

Sec1

This server facilitates programmatic management of GitHub repositories, including file operations and commit automation, primarily for embedded systems development (like Arduino) using AI integration via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) with appropriate repository permissions (e.g., `repo` scope) for managing repositories.
  • ⚠️Relies on a running Model Context Protocol (MCP) client (e.g., Claude Desktop) to issue commands, which in turn may require an Anthropic Claude API key or subscription.
  • ⚠️Requires a Node.js environment to run the `@modelcontextprotocol/server-github` package if deploying locally.
Review RequiredView Analysis
The provided 'source code' is a README file describing the MCP server and its capabilities, not the actual executable code of the server itself. Therefore, a security audit of the server's implementation (e.g., handling of secrets, network interactions, dependencies) cannot be performed. Without access to the server's source code, its security cannot be guaranteed, especially regarding how GitHub tokens or other credentials are handled.
Updated: 2025-11-26GitHub
0
0
Low Cost
nobita5609 icon

mcp.zig

by nobita5609

Sec3

Provides a Model Context Protocol (MCP) library in Zig, enabling AI applications to connect to external systems by exposing tools, resources, and prompts through a standardized protocol.

Setup Requirements

  • ⚠️Requires Zig version 0.15.0 or later to be installed.
  • ⚠️The project needs to be built via `zig build` to produce the executable before it can be run.
Review RequiredView Analysis
The example code for handling resources and tools (`processFileHandler` in `docs/guide/error-handling.md`) directly uses an unsanitized `path` argument from client input with `std.fs.cwd().readFileAlloc`. This is a critical path traversal vulnerability, allowing a malicious client to read arbitrary files outside the intended working directory (e.g., `../../../../etc/passwd`). While there's an `accessAbsolute` check, it's insufficient to prevent this specific `readFileAlloc` vulnerability. This indicates a significant security risk in how tool/resource handlers might be implemented based on the provided guidance, or a lack of built-in sanitization within the library itself for such common operations. No other immediate malicious patterns, hardcoded secrets, or `eval` usage were found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
SahilIjaz icon

twitter-mcp-server

by SahilIjaz

Sec7

An AI-powered chat application that connects to a Model Context Protocol (MCP) server to execute external tools, demonstrating integration with Google GenAI and the Twitter API.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (which may incur costs) set as GEMINI_API_KEY.
  • ⚠️Requires Twitter API v2 credentials (appKey, appSecret, accessToken, accessSecret) set as TWITTER_API_KEY, TWITTER_API_SECRET, TWITTER_ACCESS_TOKEN, and TWITTER_ACCESS_TOKEN_SECRET.
  • ⚠️The server component must be running locally on port 3001 before the client can connect.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
API keys for Google GenAI and Twitter are correctly managed using environment variables via dotenv. Server-side input validation for tool arguments is implemented with Zod. The primary security risk is the potential for the AI model to generate undesirable or malicious tool calls, especially for actions with external side effects like posting to Twitter. Session management for SSE connections, while likely relying on UUIDs from the SDK, could benefit from explicit authentication mechanisms for production environments.
Updated: 2025-12-03GitHub
0
0
Medium Cost
asami icon

rag-system

by asami

Sec6

A hybrid semantic-vector retrieval engine that integrates structured knowledge graphs and embedding models for advanced RAG (Retrieval Augmented Generation) capabilities for AI agents.

Setup Requirements

  • ⚠️Requires Docker for external dependencies (Fuseki, embedding server) even in local development mode.
  • ⚠️The Python `sie-embedding` service and `init-chroma.sh` script require Python and specific `pip` packages (chromadb, requests, openai, sentence-transformers).
  • ⚠️Using OpenAI embedding models requires an `OPENAI_API_KEY`, which is a paid service. The system can auto-detect or be configured for OSS models.
Verified SafeView Analysis
The system downloads and initializes external ontology files (`site.jsonld`, `.ttl` files) from `www.simplemodeling.org` during `init-fuseki.sh` execution, which introduces a supply chain risk. The Python `chroma_server.py` loads embedding models based on `EMBEDDING_MODEL` environment variable, also presenting a supply chain risk if models are sourced from untrusted locations. The custom `SimpleHttpClient` in Scala, while functional, might not be as thoroughly vetted as widely used HTTP client libraries, potentially leading to unforeseen HTTP-related vulnerabilities. Input to SPARQL queries is URL-encoded, which mitigates direct injection, but the overall reliance on external content for initialization merits caution.
Updated: 2026-01-05GitHub
0
0
Medium Cost
dimitrov-d icon

xPay

by dimitrov-d

Sec8

Monetize existing HTTP endpoints into paid microservices and expose them as AI-native Model Context Protocol (MCP) tools on Solana.

Setup Requirements

  • ⚠️Requires `NEXT_PUBLIC_CDP_PROJECT_ID` from the Coinbase CDP portal for frontend wallet integration.
  • ⚠️Requires `DATABASE_URL` (Postgres) connection string for backend operations.
  • ⚠️Endpoint creators need a non-zero SOL balance in their wallet to register new endpoints.
  • ⚠️Testing paid endpoints requires a non-zero USDC balance in the connected wallet for x402 payments.
Verified SafeView Analysis
The server employs robust practices including Zod for input validation, JWTs for authentication, and Solana signature verification. It integrates Faremeter for x402 payment enforcement and uses `@modelcontextprotocol/sdk` for MCP server functionality with DNS rebinding protection. Dynamic MCP tool schemas infer types from sample data, which is generally safe. Local image storage for AI-generated content (served publicly) introduces a potential risk if `BASE_URL` is misconfigured or if malicious content could be generated and served. Overall, good security hygiene is demonstrated, but thorough configuration and monitoring are essential for production.
Updated: 2025-11-23GitHub
0
0
Low Cost
srbsingh3 icon

relay

by srbsingh3

Sec9

Relay is a macOS-only Electron application designed to orchestrate and manage offline-first MCP (Model Context Protocol) servers for AI coding agents like Cursor, Claude Code, and Codex.

Setup Requirements

  • ⚠️Requires macOS to run (macOS-only application).
  • ⚠️Relies on macOS Keychain for secure secret storage.
  • ⚠️Development requires Node.js (>=18.17.0), TypeScript, and npm workspaces.
Verified SafeView Analysis
The project demonstrates a strong commitment to security, explicitly outlining and enforcing best practices. Key Electron security flags (`contextIsolation=true`, `nodeIntegration=false`, `sandbox=true`) are mandated and implemented. A strict Content Security Policy (`default-src 'self'`) is applied to prevent remote code execution. Secrets are securely stored exclusively in the macOS Keychain using `keytar`, with in-memory purging after use. File operations utilize atomic writes with `.tmp` and `.bak` files for data integrity and recovery. Network activity is strictly limited to transparent, read-only update checks, with no telemetry or user data transmitted. No 'eval' or other inherently dangerous patterns without clear justification were found.
Updated: 2026-01-16GitHub
0
0
Medium Cost
techmad220 icon
Sec9

Orchestrates multi-AI coordination, task management, and collaboration across configurable local and cloud LLM providers.

Setup Requirements

  • ⚠️Requires Rust toolchain for building the executable (`cargo build --release`).
  • ⚠️Requires a local Ollama instance running on `http://localhost:11434` by default for local-only mode or to use Ollama models.
  • ⚠️Cloud providers (Claude, OpenAI) require API keys, which are typically associated with paid services.
Verified SafeView Analysis
The server uses standard Rust security practices. API keys are managed via configuration files or environment variables, not hardcoded directly into the application logic. Network communication for AI providers uses the `reqwest` crate, a common and reputable HTTP client. There are no direct `eval`-like functions for arbitrary code execution from user input in the provided Rust code. Potential risks are inherent to LLM interactions (e.g., handling of generated code or malicious prompts leading to unwanted LLM behavior) rather than direct server compromise. The `run-mcp.sh` script logs to a user-specific directory and handles environment variables correctly.
Updated: 2025-12-14GitHub
0
0
Medium Cost
sunny1561 icon

MCP_SERVER

by sunny1561

Sec7

An AI-powered agent for searching and booking flight tickets, exposed via a FastAPI web API.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with Generative AI API enabled to obtain `GOOGLE_API_KEY` (paid usage).
  • ⚠️Requires a configured Gmail account and an app-specific password for `EMAIL_SENDER` and `EMAIL_APP_PASSWORD` to enable sending booking confirmation emails.
  • ⚠️CORS is set to allow all origins (`*`) for the FastAPI server, which is not recommended for production deployments due to security implications.
Verified SafeView Analysis
The application uses `os.getenv` for sensitive credentials (API keys, email config), which is good practice. No obvious malicious patterns or `eval` usage. However, `allow_origins=["*"]` for CORS is configured in `api/main.py`, which is acceptable for development but a significant security risk in a production environment as it allows cross-origin requests from any domain. PDF generation and email sending seem to handle data safely.
Updated: 2025-12-01GitHub
0
0
Medium Cost
stevehorn icon

telegram-mcp

by stevehorn

Sec8

Searches for messages within a specified Telegram group or channel using keywords, date filters, and extended metadata.

Setup Requirements

  • ⚠️Requires Telegram API credentials (API ID, API Hash) obtained from https://my.telegram.org.
  • ⚠️Requires a Telegram phone number for initial authentication to generate a session string.
  • ⚠️Requires running `npm run auth` once to authenticate and persist the session in the `.env` file.
  • ⚠️Requires a specific `TELEGRAM_GROUP_ID` which can be a public group username or a private group invite hash.
Verified SafeView Analysis
The server handles Telegram API credentials and a session string, which are critical secrets. It correctly uses environment variables for these. The core functionality involves calling the Telegram API's search endpoint with user-provided queries. While no direct 'eval' or arbitrary command injection vulnerabilities are immediately apparent from user input within the provided source code, the reliance on third-party libraries (`telegram`, `chrono-node`) introduces external dependencies whose security is paramount. The `includeExtendedMetadata` option triggers additional API calls (e.g., for reply context, sender info per message), potentially increasing the attack surface or leading to rate-limiting issues if abused. Overall, the approach to secrets management and tool invocation appears standard and reasonably secure.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Saheli-deb icon

MCP_SERVER

by Saheli-deb

Sec1

Hosts a server for a specific protocol or application.

Review RequiredView Analysis
Insufficient source code provided to perform a meaningful security audit. No 'eval', obfuscation, hardcoded secrets, or malicious patterns could be identified due to the lack of code beyond the README. Without server implementation details, potential network risks, vulnerabilities, or supply chain issues cannot be assessed, making it unsafe to run without further inspection.
Updated: 2025-12-06GitHub
0
0
Medium Cost
mkornreich icon

mcp

by mkornreich

Sec8

A client-server application demonstrating how Claude can use external tools via the MCP protocol, specifically showcasing a job fetching tool.

Setup Requirements

  • ⚠️Requires Anthropic API Key (e.g., ANTHROPIC_API_KEY in .env)
  • ⚠️Requires Python 3.10 or higher
  • ⚠️Client requires the server script path as a command-line argument
Verified SafeView Analysis
The `server.py` code itself is relatively secure, using standard libraries (`httpx`) for controlled external requests and operating over `stdio` which limits direct network exposure. It does not contain `eval`, obfuscation, or hardcoded secrets. The primary security consideration for the *overall system* lies in the client's ability to execute arbitrary server scripts (Python/Node.js) specified via command-line arguments. This means that if the client is used with an untrusted `server_script_path`, it could lead to arbitrary code execution. This is a design characteristic of how the MCP client launches a server, rather than a vulnerability in `server.py` itself.
Updated: 2025-11-23GitHub
0
0
Medium Cost
dmshikoff icon

FancyMCP

by dmshikoff

Sec8

A demonstration of the Model Context Protocol (MCP) for building AI-powered Magic: The Gathering card search servers and clients using Azure OpenAI.

Setup Requirements

  • ⚠️Requires Azure OpenAI API Key, Endpoint, and Deployment Name (Paid Service)
  • ⚠️Requires .NET 10 SDK
Verified SafeView Analysis
Relies on external Azure OpenAI API. The `ApiKey` in `appsettings.json` is provided as an empty placeholder, requiring the user to fill in their own. It is critical to manage this API key securely and avoid hardcoding it in source control for production deployments, leveraging environment variables or a secrets manager. The server uses stdio transport for local communication, which is generally secure.
Updated: 2025-12-17GitHub
PreviousPage 309 of 713Next