Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
111031075jack icon

mcp-server-9091

by 111031075jack

Sec8

This server provides a simulated stock trading service with functionalities to buy, sell, and view a stock portfolio, designed to be integrated as tools for an Artificial Intelligence (AI) model.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 17+ (typical for Spring Boot 3 applications)
  • ⚠️Designed for integration with a Spring AI-enabled Large Language Model (LLM)
Verified SafeView Analysis
The source code appears generally safe. It does not use 'eval' or similar dynamic code execution methods. No direct network risks, hardcoded sensitive secrets (only simulated stock data), or malicious patterns were found. The primary security consideration would be in the integration with the AI model, ensuring inputs to the defined tools are properly validated by the AI system to prevent unintended operations.
Updated: 2025-12-13GitHub
0
0
Low Cost
josephkjk icon

mcp_kali_connector

by josephkjk

Sec1

Connects an AI agent (Claude/ChatGPT) to a remote Kali Linux API server to execute various hacking and security tools remotely.

Setup Requirements

  • ⚠️Requires a separate, self-hosted Kali Linux Flask API server (the code for which is not included in this repository).
  • ⚠️Requires an external AI Agent (e.g., Claude, ChatGPT) to drive the tool execution via the `fastmcp` framework.
  • ⚠️The remote Kali Linux API server must be configured with robust security measures, as this client exposes an arbitrary command execution endpoint that could be exploited by an AI agent.
Review RequiredView Analysis
The `execute_command` tool allows the AI agent to execute arbitrary commands on the remote Kali Linux API server, posing a severe Remote Code Execution (RCE) risk. This is a critical security vulnerability as a malicious or improperly prompted AI could execute dangerous system commands. The overall security relies heavily on the (unseen) remote Kali API server's implementation, which is out of scope of this client.
Updated: 2025-11-28GitHub
0
0
High Cost
DavidOsherdiagnostica icon

israel-drugs-mcp-server-demo

by DavidOsherdiagnostica

Sec3

Provides AI agents with comprehensive access to Israel's Ministry of Health pharmaceutical database for medication guidance, safety assessments, and therapeutic recommendations.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires active internet connection for real-time data access from Israel's Ministry of Health API
  • ⚠️Highly permissive network settings (CORS, allowedHosts, DNS rebinding protection disabled) make it unsafe to run in any exposed network environment, even locally on a non-isolated network.
Review RequiredView Analysis
The server's HTTP configuration (`src/server.ts`) is highly permissive, with CORS enabled for all origins (`*`), `allowedHosts` set to `*`, and DNS rebinding protection explicitly disabled (`enableDnsRebindingProtection: false`). This creates a significant network security risk, potentially allowing arbitrary websites to interact with the server and bypass same-origin policies if the server is exposed beyond a strictly isolated local environment. While environment variables are used for API URLs and other configurations (good practice), this permissive network configuration makes the server unsafe for deployment in any publicly accessible or non-isolated network.
Updated: 2025-11-23GitHub
0
0
High Cost
azide1337 icon
Sec3

Acts as a bridge for AI agents to control and interact with the Unity Engine in real-time, enabling AI-driven game development and scene manipulation.

Setup Requirements

  • ⚠️Requires Unity 2020.3 or later, with manual copying of the `Assets/Scripts/MCP` folder and attaching the `MCPBridge` script to a GameObject.
  • ⚠️Requires Node.js 16+ to run the MCP server.
  • ⚠️The client configuration (e.g., `claude_desktop_config.json`) needs to be manually set up with the exact absolute path to the server's `dist/index.js` file.
Review RequiredView Analysis
The server exposes powerful capabilities that introduce significant security risks. Specifically, the `create_script` tool allows the AI to generate and execute arbitrary C# code within the Unity Editor/Runtime, which is a direct Remote Code Execution (RCE) vulnerability if the AI or its client becomes compromised. The `invoke_method` tool also enables calling any public method on any Unity component, granting broad control that could be misused. While the Node.js server communicates via stdio and connects to Unity via localhost, these functionalities necessitate a highly trusted environment and robust security measures to prevent malicious code injection.
Updated: 2025-12-15GitHub
0
0
Medium Cost
Pedro77339 icon

flet-mcp-server

by Pedro77339

Sec8

Model Context Protocol server providing accurate, version-specific documentation for Flet 0.28.3 to augment LLM capabilities.

Setup Requirements

  • ⚠️Requires Node.js (v16+) runtime.
  • ⚠️Requires `npm install` to install `@modelcontextprotocol/sdk` and other dependencies.
  • ⚠️Requires manual JSON configuration in the LLM client (e.g., Claude Desktop, Cursor, Windsurf) to register the MCP server.
Verified SafeView Analysis
The server operates over standard I/O (stdio) and serves static JSON documentation, limiting direct network exposure. It loads local JSON files, which is safe assuming the 'docs' directory is controlled and not user-configurable. The `ui/videoplayer.py` module, though part of the broader Flet project this MCP documents, is not directly exposed to untrusted user input via the MCP tools, mitigating potential risks associated with media file processing libraries (OpenCV, PIL). There are no obvious hardcoded secrets or malicious patterns in the provided source code.
Updated: 2025-11-26GitHub
0
0
Low Cost
gundatharuntej2006-hue icon

MCP-SERVER-

by gundatharuntej2006-hue

Sec9

This server provides tools to interact with the Aevo decentralized derivatives exchange, enabling operations like transferring funds and canceling orders.

Setup Requirements

  • ⚠️The `fastmcp` library must be installed to run this server.
  • ⚠️For optimal performance and SDK interaction, an `aevo-sdk` or `client.py` module is expected in the environment. The server will fall back to direct REST API calls if it's not found or fails to initialize.
  • ⚠️Requires the `requests` library for fallback REST API calls.
Verified SafeView Analysis
The server securely handles sensitive information by requiring API keys, secrets, and wallet addresses to be set as environment variables, avoiding hardcoded credentials. It does not use 'eval' or other inherently dangerous functions. The network risks are primarily associated with the necessary external API calls to Aevo, which are intrinsic to its functionality. The server attempts to use an Aevo SDK client, falling back to direct REST calls if the SDK is unavailable or fails to initialize, maintaining functionality. Users should ensure their environment variables are managed securely.
Updated: 2026-01-03GitHub
0
0
Medium Cost
srinikraman icon

multi-agent-auto-heal

by srinikraman

Sec9

A multi-agent system prototype for automated IT incident detection, triage, and healing using LLMs and LangGraph.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service).
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The provided source code snippets for agents and MCP tools are largely simulations or return hardcoded strings, which inherently limits direct security vulnerabilities. No usage of `eval` or other notoriously dangerous patterns is observed. Environment variables are loaded from a `.env` file, which is good practice. The main security considerations would arise when integrating with real-world ITSM systems or a robust RAG (as outlined in future enhancements), where LLM output validation and proper access controls for external systems would be critical to prevent prompt injection or unauthorized actions. Based on the current, mostly simulated, codebase, it appears safe.
Updated: 2025-12-14GitHub
0
0
Medium Cost
kzmshx icon
Sec5

An MCP server for querying Markdown frontmatter with DuckDB SQL, with optional semantic search capabilities.

Setup Requirements

  • ⚠️Requires `FRONTMATTER_BASE_DIR` environment variable to be set to a valid directory.
  • ⚠️Semantic search requires large dependencies (~1GB) and a longer installation timeout (`MCP_TIMEOUT`).
  • ⚠️Requires Python 3.11+.
Review RequiredView Analysis
The server exposes powerful file system and database operations. The `query` tool directly passes user-provided SQL to DuckDB, which is susceptible to SQL injection if the input is not sanitized by the calling client or if the MCP client itself is compromised. Batch file modification tools use `glob` patterns, allowing broad access to files within the `FRONTMATTER_BASE_DIR`, although `_resolve_path` prevents operations outside this directory. Semantic search dependencies download large models from the internet; while configured to a default, an attacker might attempt to manipulate the `FRONTMATTER_EMBEDDING_MODEL` environment variable to load a malicious model.
Updated: 2025-12-31GitHub
0
0
Medium Cost
robertlestak icon

docmost-mcp

by robertlestak

Sec7

An MCP (Model Context Protocol) server that translates Docmost REST API calls into MCP tools, enabling external clients (e.g., AI models) to interact with Docmost functionalities.

Setup Requirements

  • ⚠️Requires a running Docmost instance (URL, username, and password are mandatory configuration).
  • ⚠️To build from source, a Go development environment is required.
Verified SafeView Analysis
The server retrieves credentials (username and password) from environment variables or command-line arguments. While environment variables are a standard secure practice, passing sensitive information directly via command-line flags (e.g., `-docmost-pass`) can expose it to other processes on the same system (e.g., via `ps aux`). The internal client handles authentication and uses `Bearer` tokens for subsequent requests. Input parameters are handled via `url.Values` encoding, which prevents direct injection issues at the gateway level. Overall security largely depends on the underlying Docmost API's robustness.
Updated: 2025-11-27GitHub
0
0
Medium Cost
limaCoder icon
Sec9

The server provides a Model Context Protocol (MCP) interface to query and retrieve information from the Star Wars API (SWAPI), offering tools for searching characters, planets, films, and fetching detailed character data, as well as a resource to list all films.

Setup Requirements

  • ⚠️Requires a Node.js environment (v18 or higher recommended by dependencies) to install and run.
  • ⚠️Requires TypeScript to be installed and the project to be built (`npm run build`) before it can be executed.
  • ⚠️As an MCP server, it is designed to be interacted with via a compatible Model Context Protocol client or framework.
Verified SafeView Analysis
The code does not use `eval` or similar dangerous functions. There is no obfuscation. Network requests are made to a public, well-known API (SWAPI) via `axios`. No hardcoded secrets (API keys, sensitive URLs, credentials) are found; the SWAPI base URL is public. Input schemas for tools are validated using `zod`. Error handling appears robust, returning text content and marking errors without exposing raw stack traces directly, reducing information leakage. Overall, it follows good security practices for its stated purpose.
Updated: 2025-11-27GitHub
0
0
Low Cost

PhiSHRI_MCP

by Stryk91

Sec4

Provides persistent context 'doors' (JSON bundles) to AI models, allowing them to resume work across sessions, maintain state, and access a structured knowledge base without re-explaining everything.

Setup Requirements

  • ⚠️The `PHISHRI_PATH` environment variable must be correctly set to the root directory of the knowledge base. If not found, the server will attempt to prompt the user via stderr, which can cause the server to hang or behave unpredictably in non-interactive (e.g., automated MCP) environments.
  • ⚠️The recommended installation method explicitly uses `Invoke-Expression` (iex) in PowerShell, which carries a severe security risk and should be approached with extreme caution, ideally by manually inspecting the script or avoiding this installation method entirely.
  • ⚠️The server is written in Rust, requiring the Rust toolchain if building from source, though pre-compiled binaries are available via the installer.
Review RequiredView Analysis
The Rust server code itself (`phishri-mcp`) appears to be a robust stdio-based application with no direct network listening, dynamic code execution (like `eval`), or hardcoded secrets. It primarily handles file I/O for its knowledge base and session data. However, the project's recommended 'Quick Install' command in the `README.md` uses PowerShell's `Invoke-Expression` (`iex`) on an external script (`install.ps1`). Executing `iex` on a remote script is a critical security vulnerability, allowing arbitrary code execution on the user's machine. This significantly lowers the overall safety rating for users following the recommended setup instructions.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Stig-Johnny icon
Sec9

Allows an AI agent to monitor Xcode Cloud build statuses and interact with Slack channels programmatically.

Setup Requirements

  • ⚠️Requires manual creation and configuration of a Slack App, including setting specific bot token scopes (e.g., `channels:history`, `chat:write`, `search:read`).
  • ⚠️The `SLACK_BOT_TOKEN` and `SLACK_BUILD_CHANNEL_ID` environment variables are mandatory for full functionality and must be obtained manually from Slack.
  • ⚠️The Slack bot needs to be explicitly invited to any private channels it intends to access or monitor messages from.
Verified SafeView Analysis
The server requires sensitive credentials (SLACK_BOT_TOKEN) to be provided via environment variables, which is good practice. It utilizes the official `@slack/web-api` library, reducing custom API interaction risks. Input validation for tool arguments is handled by Zod schemas through the MCP SDK. There is no evidence of `eval` or direct arbitrary command execution from user input. Error handling for missing Slack scopes is explicit, promoting secure configuration. Output message truncation (e.g., to 500 characters for text) helps prevent excessively large responses and implicitly limits potential data exposure, though this could be a minor data loss point for very long messages.
Updated: 2025-12-06GitHub
PreviousPage 327 of 713Next