Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
DevSkillsIT icon

Skills-MCP-GLPI

by DevSkillsIT

Sec8

An AI-powered system designed to automate IT incident management in GLPI by generating pre-analysis reports, possible solutions, and streamlining repetitive tasks for support agents.

Setup Requirements

  • ⚠️Requires GLPI version 10.x or higher with API access.
  • ⚠️Requires GLPI_URL, GLPI_API_URL, GLPI_APP_TOKEN, and GLPI_USER_TOKEN configured as environment variables.
  • ⚠️Requires Python >= 3.11.
  • ⚠️Optionally requires a local or remote LLM (Ollama, Cerebras, Groq) if CrewAI orchestration uses local models.
  • ⚠️The PHP GLPI plugin part needs to be manually moved to GLPI's plugin folder and installed.
Verified SafeView Analysis
The project demonstrates a strong focus on security, implementing HMAC-SHA256 for webhook authentication with timestamp validation (BUG-CRIT-02), robust input sanitization (`InputSanitizer`), and a `SafetyGuard` for destructive operations. Sensitive information like GLPI API tokens are loaded from environment variables, preventing hardcoding. Rate limiting is implemented per user, mitigating abuse. Session management for user tokens ensures least privilege. However, the `_calculate_single_similarity` function in `src/services/similarity_service.py` is executed via `ProcessPoolExecutor` which is generally safe, but should always be watched for deserialization attacks if inputs could be controlled by an attacker. The fallback to local `.env` user tokens in `session_manager` is noted as a development convenience and should be disabled in production.
Updated: 2025-12-20GitHub
0
0
Medium Cost
jasonwilbur icon

oci-pricing-mcp

by jasonwilbur

Sec9

This server provides comprehensive Oracle Cloud Infrastructure (OCI) pricing data, cost calculation, and comparison tools to AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 18+ to run
  • ⚠️Requires internet access for real-time pricing data
Verified SafeView Analysis
The server processes input via the @modelcontextprotocol/sdk, which includes schema validation for tool arguments. It fetches public pricing data from a specific Oracle API endpoint and from bundled JSON, without handling sensitive user data or requiring private credentials. No 'eval', child_process, or arbitrary file system access from user input is apparent in the provided source code. The primary risks are limited to potential abuse of the external Oracle API or very specific, undiscovered vulnerabilities within the MCP SDK or the server's data processing logic.
Updated: 2026-01-19GitHub
0
0
Low Cost
info-rbp icon
Sec9

Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers, providing publicly accessible calculator tools without requiring authentication.

Setup Requirements

  • ⚠️Requires Node.js and npm installed.
  • ⚠️Cloudflare Wrangler CLI is necessary for local development and deployment.
  • ⚠️A TypeScript development environment is expected.
Verified SafeView Analysis
Input validation is handled by 'zod' for all tool arguments, significantly mitigating common injection vulnerabilities. The server operates within the Cloudflare Workers sandboxed environment, enhancing runtime security. The 'authless' nature is an explicit design choice for this example, meaning the calculator tools are publicly accessible without any authentication layer; users should be aware of this for production deployments of custom tools.
Updated: 2025-12-15GitHub
0
0
Low Cost
dmarsters icon
Sec9

Transform image prompts into various cereal box design aesthetics using a structured, cost-optimized approach.

Setup Requirements

  • ⚠️Requires `uv` for package installation.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server primarily uses regex for prompt parsing and internal JSON configuration for transformations. No 'eval' or 'exec' calls. All data is loaded locally from trusted JSON files. The primary theoretical risk would be if the FastMCP server is exposed publicly without proper input sanitization, as complex, malicious regex input could potentially cause ReDoS. However, within an LLM tool context, the risk is mitigated by the LLM's invocation logic. No hardcoded secrets or external network calls to untrusted sources were found.
Updated: 2025-11-29GitHub
0
0
Low Cost
siduman268-debug icon

RMS-MCP-Server

by siduman268-debug

Sec9

Comprehensive freight rate management server providing an MCP protocol for Claude Desktop, an HTTP REST API for n8n workflow automation and external integrations, all backed by Supabase for real-time data access. It supports FCL and LCL pricing, schedules, inland haulage, and CRM integration.

Setup Requirements

  • ⚠️Requires a Supabase backend with a pre-configured database schema (migrations are implied for full functionality).
  • ⚠️Mandatory environment variables: SUPABASE_URL, SUPABASE_SERVICE_KEY, JWT_SECRET (must be strong in production), API_KEY.
  • ⚠️Optional but recommended environment variables for external integrations: MAERSK_CONSUMER_KEY, MAERSK_API_BASE_URL, WEBHOOK_SECRET.
  • ⚠️Docker is the recommended deployment method, requiring Docker and Docker Compose installed on the host VM.
  • ⚠️n8n integration requires specific internal Docker network URLs (e.g., `http://rms-mcp-server:3000`) when deployed alongside the server in Docker Compose.
Verified SafeView Analysis
The server demonstrates strong security practices including the use of environment variables for sensitive credentials (Supabase URL/Service Key, JWT Secret, API keys, Webhook Secret). It enforces JWT authentication for its HTTP API, and leverages Supabase's Row Level Security (RLS) by setting tenant context for every request. Specific endpoints are further protected by API key or webhook secret pre-handlers. SQL queries are constructed using the Supabase client's parameterized methods, effectively mitigating direct SQL injection risks. A default fallback JWT_SECRET is hardcoded for development purposes, which is clearly a point for mandatory replacement in production environments. Extensive console logging is used for debugging and might require careful management in production to prevent exposure of sensitive operational details. No `eval` or `child_process` (beyond its own startup) are observed for malicious patterns.
Updated: 2025-11-24GitHub
0
0
Low Cost
Akungapaul icon

wp-mcp-shared

by Akungapaul

Sec2

Provides shared utilities and client abstractions for building WordPress Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires a running WordPress instance with REST API enabled and Application Passwords configured for authentication.
  • ⚠️If WP-CLI functionality is enabled, WP-CLI must be installed and accessible on the server (locally or via SSH).
  • ⚠️Secure usage of `WPCLIClient` methods by an MCP server requires extremely strict input validation (e.g., with Zod schemas) to prevent command injection vulnerabilities, as the library itself offers limited protection.
Review RequiredView Analysis
The `WPCLIClient` heavily relies on `child_process.exec` to run shell commands. Many methods (e.g., `dbQuery`, `searchReplace`, `installPlugin`, `createUser`, `setOption`) construct these commands by directly interpolating argument strings. This creates significant command injection vulnerabilities if the inputs to these methods are not meticulously validated and sanitized by the consuming MCP server. While `dbQuery` has basic escaping for double quotes, it is insufficient against all forms of injection. The library provides dangerous primitives without robust internal sanitization, placing a high burden on consumers for secure implementation. WordPress REST API client (`WordPressRestClient`) authentication with app passwords is standard, and its logging does not appear to expose credentials directly.
Updated: 2025-11-28GitHub
0
0
Medium Cost
GISBlox icon

mcp-server

by GISBlox

Sec4

A C# implementation of the Model Context Protocol (MCP) for integrating AI applications with GISBlox geospatial APIs to access Dutch postal code data, perform geospatial conversions, projections, and map analytics.

Setup Requirements

  • ⚠️Requires a personal GISBlox service key (free subscription available) for API access.
  • ⚠️Requires .NET runtime (built on .NET) for local execution.
  • ⚠️Debugging specifically requires Visual Studio 2022 (17.14.9 or later).
  • ⚠️Integrating with Claude Desktop requires `npx mcp-remote` middleware to connect to the hosted endpoint.
Verified SafeView Analysis
The test launchSettings.json contains a hardcoded GISBLOX_SERVICE_KEY (CB7E92BD91B3512F52995E6018FE74DB73975B9F). While likely for testing, hardcoding secrets in the repository is a significant security vulnerability as it can lead to exposure if the repository becomes public or is accessed by unauthorized individuals. The Azure deployment templates configure HTTPS enforcement, which is good for network security.
Updated: 2025-12-19GitHub
0
0
Medium Cost
Juniper icon

yams

by Juniper

Sec3

YAMS is a Model Context Protocol (MCP) server for comprehensive analysis and management of Kubernetes clusters, especially Juniper Cloud-Native Router (JCNR) deployments, providing deep visibility and troubleshooting capabilities through an AI-compatible interface.

Setup Requirements

  • ⚠️Requires access to one or more Kubernetes clusters (local or remote)
  • ⚠️Requires manual creation and population of configuration files (clusters.json, pod-command-list.json, jcnr-command-list.json)
  • ⚠️For remote clusters, SSH credentials (keys with 600 permissions or passwords) for jump hosts are mandatory
Review RequiredView Analysis
The server explicitly disables SSH host key verification (AutoAddPolicy) and Kubernetes API SSL certificate verification ('insecure-skip-tls-verify: true') for SSH tunneled clusters, which are critical security risks for Man-in-the-Middle (MiTM) attacks. While the README acknowledges these risks and advises trust in the network path, these defaults are highly insecure for general deployment. The system also supports storing SSH passwords directly in configuration files. Crucially, the server lacks built-in authentication/authorization for its MCP endpoints, meaning any client that can reach the server can execute arbitrary commands on connected Kubernetes pods, posing a significant risk if exposed publicly.
Updated: 2025-11-21GitHub
0
0
High Cost
keboka07 icon

agentic-workflow

by keboka07

Sec5

A methodology and set of tools designed to enforce cognitive discipline, persistent memory, and rigorous protocols for AI assistants in development workflows.

Setup Requirements

  • ⚠️Initial setup involves piping `curl` output directly to `bash`, which is unsafe without prior review of the script.
  • ⚠️Requires Python 3.8+ and `pip` for memory persistence functionality.
  • ⚠️PostgreSQL 12+ or SQLite 3 is required for persistent memory, with PostgreSQL potentially requiring `sudo` for installation/configuration.
  • ⚠️The methodology involves sending verbose, structured instructions (`CLAUDE.md`, `SKILL.md`s) and memory context to the AI, leading to high token usage per interaction.
Review RequiredView Analysis
The initial setup script (`init.sh`) uses `curl -sSL ... | bash`, which is a significant security risk as it executes code directly from the internet without explicit user review. While the script itself appears to perform benign setup (cloning the repo, configuring memory), this execution pattern is generally unsafe. The `auto-build.sh` script for memory persistence may require `sudo` privileges to install and configure PostgreSQL, which grants elevated permissions. However, the project demonstrates good internal security practices by explicitly prohibiting hardcoded secrets in `CLAUDE.md` and `epistemic-cognitive-guardrails/SKILL.md`, and by storing database credentials in a chmod 600 `.env` file for the memory system.
Updated: 2026-01-19GitHub
0
0
Medium Cost
krisrowe icon

monarch-access

by krisrowe

Sec9

Provides AI assistants and agentic tools with secure access to Monarch Money financial data for querying and taking actions.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires a Monarch Money account and manual extraction of a browser session token via DevTools.
  • ⚠️Requires Docker to run the server in a containerized environment.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, Gemini CLI) to utilize the server.
Verified SafeView Analysis
The server uses standard `aiohttp` for GraphQL API calls and `json` for data handling, with no use of `eval` or similar dangerous functions. Authentication relies on a Monarch Money browser session token, which users must manually extract; the server stores this token in `~/.config/monarch/token` by default or can receive it via an environment variable. Explicit warnings are provided to not commit tokens to version control. The Docker setup for HTTP transport maps port 8000, and the `uvicorn` server inside typically binds to `0.0.0.0`, making it accessible on the host machine. While the `MCP-SERVER.md` mentions 'Local only' by default, binding to `0.0.0.0` in Docker could technically allow external access if not properly firewalled, though its primary use is local AI agent integration.
Updated: 2025-12-22GitHub
0
0
Medium Cost
Dhana009 icon

graphiti

by Dhana009

Sec8

A Micro-Agent Coordination Protocol (MCP) server for managing and querying a Neo4j-based knowledge graph, featuring LLM-powered entity/relationship extraction and semantic search.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires a running Neo4j database (Docker recommended for local setup)
  • ⚠️Requires Python 3.10 or higher
  • ⚠️Uses 'uv' package manager in example run command (can be replaced with 'python')
Verified SafeView Analysis
The project demonstrates strong input validation via `src/validation.py` for all entity and relationship fields, significantly mitigating common injection risks. Neo4j queries use parameterized statements (`$param`), preventing Cypher injection. LLM output (JSON) is parsed and its structure is validated before further processing, avoiding direct code execution. The `OPENAI_API_KEY` is correctly handled as an environment variable, not hardcoded. Default Neo4j credentials are for a local development setup, not production. Potential risks largely stem from LLM vulnerabilities (e.g., advanced prompt injection) or misconfiguration in a production environment, rather than direct code-level flaws.
Updated: 2025-11-24GitHub
0
0
Medium Cost
RetroFury07 icon

My-Digital-Twin

by RetroFury07

Sec7

A comprehensive digital twin platform leveraging Retrieval-Augmented Generation (RAG) with LLM-enhanced queries and responses for professional profile querying and interview preparation, featuring a web-based chat interface and monitoring.

Setup Requirements

  • ⚠️Requires Groq API Key, which has a generous free tier but can incur costs if usage exceeds limits.
  • ⚠️Requires an Upstash Vector index with 1536 dimensions, and embeddings must be generated (via `embed_digitaltwin.py`) using an OpenAI API key or a local `sentence-transformers` model, which is then padded to match the 1536 dimension.
  • ⚠️The TypeScript `lib/vector-db.ts` implementations for Upstash and Pinecone search are commented out and currently fall back to mock data, requiring further implementation for live vector database integration for search queries.
Verified SafeView Analysis
The Python FastAPI servers and the raw Python BaseHTTPRequestHandler serverless function (`api/rag.py` and `mydigitaltwin/api/rag.py`) explicitly set `Access-Control-Allow-Origin: *`. While suitable for development, this broad CORS policy could be a security risk in a production environment if the API were to handle or expose more sensitive user data beyond the public-facing profile or be integrated into a larger system without proper origin restrictions. API keys are loaded from environment variables, which is good practice. No 'eval' or obvious malicious patterns were found in the provided code snippets.
Updated: 2025-11-29GitHub
PreviousPage 312 of 713Next