Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost

ssh-mcp-streamable

by Xxx00xxX33

Sec3

Establishes a multi-channel, streamable communication server over SSH, enabling secure and multiplexed data transfer.

Setup Requirements

  • ⚠️Requires SSH host key pair generation and configuration.
  • ⚠️Requires a specific network port (e.g., 22, 2222) to be open and accessible.
  • ⚠️Likely depends on specific Node.js modules for SSH handling (e.g., 'ssh2').
Review RequiredView Analysis
Without the actual source code, a definitive security audit is impossible. However, the project name 'ssh-mcp-streamable' indicates it likely implements or wraps an SSH server. SSH servers, by their nature, handle external, untrusted input and often involve executing commands or managing file descriptors. This makes them inherently high-risk components if not implemented with extreme care, requiring robust input validation and sanitization. Common vulnerabilities include command injection, improper authentication/authorization, denial-of-service, and mishandling of data streams. The absence of a README further increases the risk as no best practices or security considerations are documented. The potential for 'eval' or similar dangerous patterns is high in custom server implementations if not carefully managed. Given these inherent risks and the lack of inspectable code, a low security score is assigned.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Varnan-Tech icon

Meta-Ads-MCP_PixelPay

by Varnan-Tech

Sec9

Enables AI assistants to interact with the Meta Ads (Facebook/Instagram) Marketing API programmatically through natural language conversations for ad account, campaign, ad set, and ad management, analytics, and targeting.

Setup Requirements

  • ⚠️Requires manual setup of a Facebook App with Marketing API access, including configuring OAuth redirect URIs and obtaining App ID/Secret.
  • ⚠️Specific Facebook App permissions are needed (e.g., `ads_management`, `business_management`, `read_insights`), which may require App Review for broader use cases or specific roles for internal testing.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The server operates locally, significantly reducing external attack surface. It employs encryption (Fernet) for storing access tokens in a local SQLite database, and the README clearly advises setting a strong `TOKEN_ENCRYPTION_KEY`. Input validation is present for API parameters (e.g., object IDs, campaign data). OAuth token revocation on Meta's servers is explicitly implemented. The CORS configuration uses `allow_origins='*'` in development, which is a minor risk but is properly conditioned on `is_production` for production deployments. No obvious 'eval', 'exec', or 'os.system' calls are used with untrusted input.
Updated: 2025-11-24GitHub
0
0
High Cost
Pond500 icon

rag-mcp-server

by Pond500

Sec1

This server implements a Multi-Knowledge Base RAG system, allowing AI agents to upload, manage, and semantically search documents across multiple knowledge bases through a FastAPI-based MCP (Model Context Protocol) API.

Setup Requirements

  • ⚠️Requires Docker for the Qdrant vector database.
  • ⚠️Requires an OpenAI-compatible LLM endpoint (e.g., Tokenmind) with an API key, which incurs usage costs.
  • ⚠️Hardcodes a dependency on a specific external 'Typhoon OCR API' (`http://3.113.24.61/...`) for PDF processing, which must be accessible and may incur separate costs.
  • ⚠️Requires Python 3.10+.
Review RequiredView Analysis
CRITICAL: The `LLM_API_KEY` in `app/config.py` has a hardcoded default value, which is a severe security vulnerability as it can lead to API key leakage if the `.env` file is not properly configured or if the server is run in an exposed environment. The `OCR_API_ENDPOINT` is hardcoded to an external IP, creating a single point of failure and potential data privacy concerns. The server is configured to listen on `0.0.0.0`, making it accessible from any network interface without any explicit authentication or authorization layer at the API level, relying solely on the integrating AI agent (e.g., Dify) for access control. This makes it highly vulnerable if exposed directly to the internet.
Updated: 2025-11-27GitHub
0
0
Medium Cost
lianekai icon

mcp-dm8-server

by lianekai

Sec92

This server provides Model Context Protocol (MCP) tools for interacting with a DM8 database, enabling client applications (like AI agents) to browse table schemas and execute read-only SQL queries.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be run with `--openssl-legacy-provider` due to the DM8 database driver's dependency on older OpenSSL algorithms.
  • ⚠️Requires a running DM8 database instance and a user account with appropriate permissions (read-only recommended).
  • ⚠️The 'dmdb' Node.js native driver may require specific system libraries to be installed as per DM8 official documentation.
Verified SafeView Analysis
The server includes comprehensive security fixes (version 1.1.0) addressing critical vulnerabilities found in prior versions. Key mitigations include: 1. Enhanced SQL injection protection with parameterization, robust identifier normalization, multi-statement detection, and blacklisting of dangerous functions/keywords/patterns (e.g., file operations, subquery writes, NULL bytes, excessive nesting). 2. Implementation of a connection pool to prevent resource exhaustion and improve performance. 3. Addition of query timeouts to prevent long-running queries. 4. Integration of a token-bucket based rate limiting mechanism. 5. Structured logging with sensitive data redaction. 6. Input length limits for queries and identifiers. The project explicitly states a security score of 92/100 post-fixes and is 'recommended for production use'.
Updated: 2025-11-27GitHub
0
0
Low Cost
jpg486-ual icon

papercut-mcp

by jpg486-ual

Sec8

Provides a Model Context Protocol (MCP) server exposing tools to interact with PaperCut NG/MF via its XML Web Services API for tasks like user management and printer information retrieval.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires a running and configured PaperCut NG/MF instance with XML Web Services enabled. Specific settings (auth-token, allowed caller IPs) must be configured in PaperCut.
  • ⚠️Requires manual creation and configuration of a .env file with PAPERCUT_XMLRPC_URL and PAPERCUT_AUTH_TOKEN.
Verified SafeView Analysis
The server retrieves sensitive PaperCut API credentials (URL, auth token, timeout) from environment variables, which is a good practice for configuration. Input validation for tool arguments is performed using Zod schemas, reducing the risk of malformed inputs. The server communicates over standard I/O (stdio) and does not open network ports, thereby limiting its direct network attack surface. The primary security considerations involve the underlying PaperCut NG/MF XML Web Services configuration, such as securing the endpoint, using strong authentication tokens, and restricting allowed caller IPs. Error messages from tools might expose internal error details, but this is a minor risk that can be handled client-side.
Updated: 2025-12-01GitHub
0
0
Low Cost
0xvm icon
Sec1

Provides a conversational MCP server for host-side job automation and offensive security experimentation, executing shell commands and managing their state.

Setup Requirements

  • ⚠️Directly executes arbitrary shell commands provided by clients, making it a critical security risk if not strictly access-controlled and run in a controlled environment.
  • ⚠️Requires Python 3.8+ (due to typing features) and `zeromcp`, `rich` dependencies.
  • ⚠️Exposes an unauthenticated HTTP API on port 12983, which may require firewall configuration or specific network access control.
Review RequiredView Analysis
CRITICAL RISK: The `start_shell_job` tool, exposed via an unauthenticated API, defaults to `use_shell=True` and directly executes arbitrary commands provided by the client. This allows for trivial remote code execution and shell injection if the server is accessible to untrusted parties. The server is explicitly designed for 'Offensive Security What-Can-Go-Wrong-Experimentation' and described as an 'ignorant, possibly naive, assistant', meaning its inherent danger is a feature, not a bug, for its intended use case. However, from a general security standpoint, it is extremely unsafe for general-purpose deployment or in untrusted environments. No hardcoded secrets were found, and dependencies are standard.
Updated: 2025-12-14GitHub
0
0
Medium Cost
JosephAwuku33 icon

wave-gmail-mcp

by JosephAwuku33

Sec9

Enables AI agents to securely manage Gmail, including reading, sending, searching emails, and executing personalized bulk email campaigns using uploaded customer data.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with the Gmail API enabled and OAuth 2.0 credentials configured, including setting `http://localhost:3000/oauth2callback` as an Authorized Redirect URI.
  • ⚠️Node.js (v16 or higher) must be installed locally on the machine running the server.
  • ⚠️Environment variables (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REDIRECT_URI, OAUTH_PORT) must be explicitly configured, with absolute paths recommended when integrating with Claude Desktop.
Verified SafeView Analysis
The server employs secure OAuth2 for Google authentication, storing tokens locally. It uses established libraries for email handling (googleapis, nodemailer) and data parsing (xlsx), reducing common vulnerabilities. String interpolation for bulk emails is simple replacement, not code execution. Local web servers for OAuth callback and data upload are intended for local interaction; the upload server's `Access-Control-Allow-Origin: *` is a minor relaxation for local convenience but is acceptable for a non-public service. No 'eval' or other dynamic code execution patterns were found, and sensitive credentials are handled via environment variables.
Updated: 2025-11-24GitHub
0
0
Low Cost
JZ1101 icon

web3-mcp

by JZ1101

Sec1

Converts EVM smart contracts into MCP (Minecraft Protocol) servers, bridging Web3 functionality with a gaming server environment.

Review RequiredView Analysis
No executable source code was provided for analysis beyond the README.md. Therefore, a comprehensive security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could not be performed. The score reflects the inability to assess safety rather than an inherent insecurity of the (unseen) code.
Updated: 2025-12-05GitHub
0
0
Low Cost
enzobjmendonca icon

mcp-it

by enzobjmendonca

Sec6

Transforms any FastAPI server or external API into an MCP (Model Context Protocol) server, exposing its endpoints as MCP tools.

Setup Requirements

  • ⚠️Requires an existing or new FastAPI application to integrate with.
  • ⚠️If using `bind_openapi`, network access to the OpenAPI specification URL is required.
  • ⚠️Interaction with the generated MCP server requires an MCP-compatible client.
Verified SafeView Analysis
The `bind_openapi` feature fetches and parses OpenAPI specifications from arbitrary URLs, introducing a potential risk if pointed to untrusted or malicious sources that could craft malformed schemas leading to parsing errors or resource exhaustion. The `_external_proxy_call` function forwards incoming MCP request headers to external APIs without explicit filtering beyond common hop-by-hop headers. This means sensitive headers (e.g., internal authentication tokens) could be inadvertently forwarded to untrusted external services if not carefully managed by the user configuring `mcp-it`.
Updated: 2025-12-09GitHub
0
0
Medium Cost
gorizond icon
Sec6

An MCP server that provides an API for interacting with multiple Rancher Manager backends, offering cluster, node, project, and Fleet GitOps management capabilities.

Setup Requirements

  • ⚠️Requires access to at least one Rancher Manager instance.
  • ⚠️Rancher API tokens with appropriate permissions are mandatory for authentication.
  • ⚠️Configuration is primarily managed through environment variables or `.env` files, which need careful management for sensitive data.
Verified SafeView Analysis
The `k8s_raw` tool explicitly allows arbitrary HTTP requests to the Kubernetes API via the Rancher proxy, which is powerful and marked as 'DANGEROUS' in its description. If an attacker gains control over the MCP server's input, this tool could be exploited for privilege escalation or unauthorized access to Kubernetes resources. The server also supports `insecureSkipTlsVerify`, which bypasses TLS certificate validation and should be used with extreme caution. Configuration loaded from `RANCHER_SERVERS` environment variable is parsed as JSON, which could be a vector for injection if the environment variable itself is untrusted. Tokens are obfuscated in logs, which is a good practice.
Updated: 2025-11-26GitHub
0
0
Medium Cost
dmgrok icon
Sec9

Provides a searchable catalog of agent skills to AI agents and developer tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires 'mcp' Python library.
  • ⚠️Requires 'aiohttp' Python library.
  • ⚠️Requires internet connectivity to fetch the 'catalog.json' from CDN.
Verified SafeView Analysis
The server primarily fetches and serves read-only data from a hardcoded CDN URL (`https://cdn.jsdelivr.net/gh/dmgrok/agent_skills_directory@main/catalog.json`). There is no user input used in `eval` or `subprocess` calls. The `search_skills` function uses safe string matching. The main security consideration is the trust in the external CDN source for the skill catalog itself.
Updated: 2026-01-19GitHub
0
0
Medium Cost

mcp-python-server

by 20R25A0515

Sec7

Provides a server implementation using Python, likely for a specific protocol or game environment (e.g., Minecraft Coder Pack) based on the 'MCP' naming convention.

Setup Requirements

  • ⚠️Requires installation of Python dependencies from `requirements.txt`.
  • ⚠️Specific Python version may be required; check `pyproject.toml` or `main.py` for details.
  • ⚠️Network port configuration might be needed for server operation.
Verified SafeView Analysis
Cannot thoroughly audit for 'eval' or obfuscation without file contents. Inherent network risks exist as with any server application, requiring proper configuration and security practices.
Updated: 2025-11-23GitHub
PreviousPage 331 of 713Next