Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
HrskiEsa icon

Kali-mcp

by HrskiEsa

Sec1

Exposes a Linux shell, specifically Kali Linux penetration testing tools, as an MCP-accessible API for AI assistants and automation workflows.

Setup Requirements

  • ⚠️Requires a Linux machine (ideally Kali Linux) with penetration testing tools installed.
  • ⚠️The example Docker configuration uses `--privileged` and `--network host`, which eliminates container isolation and grants the server full access to the host system, significantly escalating security risks.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) to interact with the exposed API.
Review RequiredView Analysis
The server uses `subprocess.run(cmd, shell=True)` and exposes an `execute_command` tool that allows an MCP client to execute *any* raw shell command. This is a critical security vulnerability, enabling arbitrary code execution on the host machine. While helper functions attempt to wrap specific tools, the underlying `shell=True` mechanism, especially coupled with `--privileged` and `--network host` in the example Docker setup, creates a severe attack surface. Command injection is highly probable if input parameters are not rigorously sanitized.
Updated: 2025-12-05GitHub
0
0
Low Cost
ntrajic icon

yvrdevfest2025

by ntrajic

Sec9

Demonstrates building an interactive Model Context Protocol (MCP) server using Python, featuring elicitation to dynamically gather user input for tools like a calculator and a haiku generator.

Setup Requirements

  • ⚠️Requires 'uv' package manager for dependency management and running the server.
  • ⚠️Requires a Claude.ai account (MCP support is available for all account types) and the Claude Desktop app for testing local server integration.
  • ⚠️Python 3.10+ is required as per 'pyproject.toml'.
  • ⚠️Manual configuration of Claude Desktop's 'mcp.json' and 'claude_desktop_config.json' files with absolute paths is needed for local server integration.
Verified SafeView Analysis
The server's Python code (simple-elicitation-server/server.py) uses the 'operator' module for arithmetic operations, which is a safe practice. It interacts with an LLM for haiku generation and uses the 'elicit' feature to gather structured user input safely. No direct external API calls are made from this specific server example, and no 'eval' or other high-risk functions are used. There are no hardcoded secrets identified.
Updated: 2025-11-22GitHub
0
0
Low Cost
suissa icon
Sec9

A web dashboard for managing Mercado Livre accounts by interacting with a local MCP Server via a REST API.

Setup Requirements

  • ⚠️Requires a separate 'MCP Server' application to be running locally on http://localhost:3300.
  • ⚠️The MCP Server must be configured to run in 'rest' mode.
  • ⚠️Node.js and npm are required for installation and execution.
Verified SafeView Analysis
The dashboard is a frontend application that interacts with a local backend (MCP Server) via a proxy, mitigating direct exposure of Mercado Livre API credentials on the client-side. No obvious client-side vulnerabilities (e.g., XSS from unsanitized user input) or hardcoded secrets are present in the provided code. Security largely depends on the backend MCP Server's implementation.
Updated: 2025-11-22GitHub
0
0
Medium Cost
lmsamarawickrama icon

local-github-mcpserver

by lmsamarawickrama

Sec8

Enables the Claude AI agent to interact with GitHub through a local Model Context Protocol (MCP) server for repository, issue, pull request, and file management.

Setup Requirements

  • ⚠️Requires Python 3.11.9 specifically, which might necessitate the use of `pyenv` or similar version management tools for many users.
  • ⚠️A GitHub Personal Access Token (PAT) with broad scopes, including 'repo' for full control of private repositories, is mandatory, which is a critical security consideration.
  • ⚠️Integration with Claude Desktop requires manual editing of a JSON configuration file with absolute paths and proper syntax, which can be prone to user error.
Verified SafeView Analysis
The server requires a GitHub Personal Access Token (PAT) with potentially broad permissions (e.g., 'repo' for full control of private repositories). While the token is read securely from an environment variable and not hardcoded, users must be aware of the significant power granted to the server via this token. The code itself does not contain 'eval', obfuscation, or apparent malicious patterns, focusing solely on well-defined GitHub API interactions via the httpx library. Error handling is present for HTTP issues and general exceptions, which is a good practice.
Updated: 2025-12-13GitHub
0
0
Low Cost
felnarg icon

MCP_Projects

by felnarg

Sec2

This repository demonstrates the creation and publishing of Model Context Protocol (MCP) servers using C#, including examples for mathematical operations (random numbers) and integration with external APIs and databases for user management, designed to extend AI agent capabilities.

Setup Requirements

  • ⚠️Requires .NET SDK to build and run.
  • ⚠️Requires a SQL Server instance (potentially running on host.docker.internal:14330) with specific credentials to function fully.
  • ⚠️Requires explicit configuration in an IDE-specific JSON file (`.vscode/mcp.json` or `.mcp.json`) for development or consumption from NuGet.org.
Review RequiredView Analysis
CRITICAL: Multiple `appsettings.json` files contain hardcoded database connection strings (User ID, Password, Data Source, Initial Catalog) and API base URLs. This is a severe security vulnerability, as sensitive credentials are directly exposed in configuration files. These values should always be loaded from secure environment variables or a secret management system, not hardcoded. There are no other obvious 'eval' or malicious patterns, but this flaw is significant.
Updated: 2025-12-11GitHub
0
0
Low Cost
aaronnuevo icon

Socratic

by aaronnuevo

Sec9

This repository serves as a GitHub Learning Lab course environment, utilizing Jekyll and Reveal.js to generate interactive slideshows for teaching Git and GitHub.

Setup Requirements

  • ⚠️Requires Ruby and Bundler to install and manage Jekyll dependencies.
  • ⚠️Requires familiarity with Jekyll commands for serving or building the site.
Verified SafeView Analysis
The project consists primarily of Jekyll configuration and markdown content for generating a static website. There is no server-side executable code, `eval` usage, obfuscation, or hardcoded secrets. The `reveal.js` dependency is a standard client-side library. The `README.md` links to a `.zip` file as the 'original project repo' which is unusual, but this is an external reference and does not impact the security of the provided source code itself.
Updated: 2026-01-19GitHub
0
0
Medium Cost
deya2021 icon
Sec9

A read-only debugging server for the WawApp Firebase/Flutter ecosystem, providing diagnostic tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 20+.
  • ⚠️Requires a Firebase service account with 'datastore.viewer' and 'logging.viewer' roles, configured via a local JSON file.
  • ⚠️Claude Desktop client setup needs an absolute path to the server's executable and requires a restart of Claude Desktop to take effect.
Verified SafeView Analysis
The server explicitly enforces a 'strictly read-only' guarantee across all tools. It implements robust security features including token bucket rate limiting (per-tool and global), PII masking for sensitive data (phone numbers, names, GPS coordinates), and comprehensive audit logging for all tool executions with sanitized parameters. Input validation uses Zod schemas, and errors are normalized to prevent exposing internal details. It runs as a StdioServer, meaning it communicates via standard input/output rather than exposing network ports, reducing direct attack surface. The documentation explicitly recommends using read-only Firebase roles ('datastore.viewer', 'logging.viewer'). No 'eval' or similar dangerous patterns were found.
Updated: 2025-12-13GitHub
0
0
Low Cost
Christoph-D icon

pebbles

by Christoph-D

Sec8

Pebbles is a lightweight, agent-first command-line task tracking tool optimized for coding AI agents to manage tasks, bugs, features, and epics.

Setup Requirements

  • ⚠️Requires `peb` Go binary to be installed and in PATH.
  • ⚠️The Opencode plugin (`pebbles.ts`) requires the Bun Runtime to execute `peb` commands.
  • ⚠️Requires `peb init` to be run in the project directory to set up the `.pebbles` configuration.
Verified SafeView Analysis
The system is a CLI tool that operates on local markdown files. Input parsing for commands (JSON for `new`/`update`, filter strings for `query`) and filename slugification for titles appear robust, mitigating common injection and path traversal risks. The `pebbles.ts` plugin uses `bun spawn` to execute `peb` commands, passing arguments as separate strings rather than a single shell command, which is generally safer than direct `eval` or unsanitized shell execution. No direct network risks or hardcoded secrets are apparent. The primary risk would be malicious input crafted by an agent leading to unintended file system operations within the `.pebbles` directory or the designated plugin directory, though current sanitization and structured input parsing limits this.
Updated: 2026-01-18GitHub
0
0
Medium Cost
consigcody94 icon

infra-sage

by consigcody94

Sec1

AI-powered management of Terraform infrastructure, automating tasks like module generation, configuration validation, change planning, resource listing, and drift detection.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Requires Terraform CLI installed and accessible in the system PATH.
  • ⚠️Requires an initialized Terraform workspace (`terraform init`) for most operations.
  • ⚠️Intended for use with Claude Desktop.
Review RequiredView Analysis
The server executes `terraform` commands using `child_process.exec`, which runs commands via a shell. The `plan_changes` tool directly interpolates user-provided `varFile` and `target` parameters into the shell command string without sanitization or proper escaping. This creates a critical shell injection vulnerability where a malicious user could craft an argument (e.g., in `target`) to execute arbitrary shell commands on the host system. The `execAsync` function should ideally use `child_process.spawn` with arguments passed as an array to prevent shell interpretation, or meticulously sanitize inputs if `exec` is necessary.
Updated: 2025-11-25GitHub
0
0
Medium Cost
am-space icon

own-planner

by am-space

Sec9

An AI-powered personal planning assistant that allows users to manage tasks and notes through conversational commands using a chat interface.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key, which may incur costs based on usage.
  • ⚠️Requires .NET 9 SDK for the backend server and Node.js (v18+) with npm/yarn for the React frontend development server.
  • ⚠️Windows paths in JSON configuration for MCP arguments require escaping backslashes (`\\`), which can be a common point of friction.
Verified SafeView Analysis
The application demonstrates robust security practices including per-login session isolation using unique GUIDs in authentication cookies, per-user data isolation with dedicated SQLite databases (`ownplanner-user-{userId}.db`), and secure handling of API keys by strongly recommending environment variables or user secrets and explicitly warning against committing `appsettings.Development.json`. Global exception handling differentiates between development and production environments to prevent sensitive information leakage. Authentication is required for all sensitive chat operations, and there are no obvious `eval` or obfuscation patterns in the provided source code.
Updated: 2026-01-10GitHub
0
0
Medium Cost
pabloveintimilla icon

archimate-validator-mcp

by pabloveintimilla

Sec1

This server validates ArchiMate enterprise architecture models against a set of predefined rules and specifications.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 11+ to build and run.
  • ⚠️Requires Maven to build the project from source.
Review RequiredView Analysis
Cannot perform a security audit as no source code was provided for analysis. Therefore, it is unsafe to run without a thorough manual review, as potential risks like 'eval', obfuscation, network vulnerabilities, or hardcoded secrets cannot be identified.
Updated: 2025-12-13GitHub
0
0
Medium Cost
balexander85 icon

mcp-server

by balexander85

Sec9

Provides a Model Context Protocol (MCP) server with tools for managing GitHub repositories and fetching current time.

Setup Requirements

  • ⚠️Requires Python 3.14+
  • ⚠️Requires 'uv' runtime for direct execution (as per config.json)
  • ⚠️Requires GITHUB_TOKEN environment variable for GitHub tools
Verified SafeView Analysis
The server uses a GITHUB_TOKEN loaded from environment variables, which is standard practice for sensitive credentials. There are no obvious hardcoded secrets, obfuscation, or use of dangerous functions like 'eval'. Security relies on proper management of the GITHUB_TOKEN and the permissions granted to it on GitHub.
Updated: 2025-12-13GitHub
PreviousPage 325 of 713Next