Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
pyhoon icon
Sec8

To enable HTTP streamable/SSE transport for Claude Desktop, which typically only supports stdio, by using a local proxy/bridge via the mcp-remote utility.

Setup Requirements

  • ⚠️Requires Node.js and npm to execute `npx` commands.
  • ⚠️Relies on the `mcp-remote` npm package, which must be installed or accessible in the execution environment.
  • ⚠️Assumes a separate HTTP-streamable MCP server is already running and accessible at `http://127.0.0.1:8080/mcp` for `mcp-remote` to connect to.
Verified SafeView Analysis
The provided source code consists solely of a README and a configuration file. No direct executable code is present for analysis within this repository. The `claude_desktop_config.json` specifies running `npx mcp-remote`, an external npm package. The security of the overall setup depends heavily on the trustworthiness and implementation of the `mcp-remote` package itself, which is not part of this repository's source code. The server it configures `mcp-remote` to connect to is set to `127.0.0.1:8080`, limiting network exposure to localhost.
Updated: 2025-12-12GitHub
0
0
Low Cost

mcp-fast-server

by fancier21

Sec10

This project is a placeholder for a fast server application, currently only printing a greeting message.

Setup Requirements

  • ⚠️Requires Python 3.13+ as specified in pyproject.toml.
Verified SafeView Analysis
The code is extremely simple and contains no obvious security risks. It does not interact with external systems, process user input, or use any dangerous functions.
Updated: 2025-11-22GitHub
0
0
Low Cost
rajkundalia icon

mcp-toolbox

by rajkundalia

Sec8

Provides a set of utility tools (format conversion, text processing, network checks) exposed via the Model Context Protocol (MCP) for LLMs to consume.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️The primary testing method uses `npx` which requires Node.js to be installed.
  • ⚠️If using the Ollama host (`host/run_ollama.py`), an Ollama server must be installed and running (`ollama serve`) and the desired model pulled (`ollama pull llama3`).
Verified SafeView Analysis
The `is_port_open` tool allows checking TCP port status on arbitrary hosts and ports. While designed for its stated purpose, an unconstrained LLM could potentially misuse this for internal network reconnaissance. However, the tool includes a 3-second timeout and validates port ranges (1-65535), which mitigates rapid or invalid scanning. No `eval`, `exec`, or hardcoded secrets were found.
Updated: 2025-12-06GitHub
0
0
High Cost
WhytcardAI icon

whytcard

by WhytcardAI

Sec4

WhytCard Intelligence Core: A cognitive engine and AI infrastructure MCP server providing triple memory (semantic, episodic, procedural), a knowledge graph, RAG capabilities, and multi-agent orchestration for complex tasks.

Setup Requirements

  • ⚠️Requires Rust 1.75+
  • ⚠️Requires Node.js 20+ for external MCP `npm` servers
  • ⚠️Requires Python 3.10+ for external MCP `pip` servers
  • ⚠️Requires downloading GGUF LLM models (can be large, ~4-7GB+)
  • ⚠️Attempts to use GPU acceleration by default (CUDA/Metal setup may be needed for optimal performance)
  • ⚠️TAVILY_API_KEY environment variable required for Tavily web search integration
  • ⚠️CONTEXT7_API_KEY environment variable required for Context7 documentation integration
Verified SafeView Analysis
The server has capabilities for dynamic execution of external MCP servers and direct shell commands via the `cortex_execute` tool. It also allows local installation of npm and pip packages via `mcp_install`. These features introduce significant supply chain and arbitrary code execution risks if the server is exposed to untrusted clients or if the external packages/commands are malicious. A strict sandboxing environment and robust input validation on the client/agent side are critical. Not safe to run in an untrusted environment without advanced security controls.
Updated: 2025-12-05GitHub
0
0
Low Cost
aiscibe-mcp-deployment icon

mcp-e70738e0-946f1f4b-healiora

by aiscibe-mcp-deployment

Sec9

This MCP server exposes configured APIs as tools that can be used by Claude and other AI models, acting as an API gateway for AI orchestration.

Setup Requirements

  • ⚠️Requires installation of Python dependencies from `requirements.txt`.
  • ⚠️Requires `OPENAI_API_KEY` environment variable for deployment (as stated in README).
  • ⚠️Requires configuration of `API_CONNECTIONS` in `app/mcp_server.py` to define external APIs and register tools, as it's empty by default in the provided code, making it non-functional for API calls without further setup.
Verified SafeView Analysis
The code does not use `eval` or contain obvious obfuscation. Hardcoded secrets are not present; `OPENAI_API_KEY` is expected from environment variables. The `API_CONNECTIONS` dictionary is currently empty, but if populated from an insecure source, the `call_api` function could pose a risk for Server-Side Request Forgery (SSRF) or API key exposure, depending on the configuration source. However, the provided code itself is not inherently malicious.
Updated: 2025-12-02GitHub
0
0
Medium Cost
rfdez icon
Sec9

Fetch daily electricity tariffs (PVPC) from Red Eléctrica for consumers billed under the 2.0 TD tariff.

Setup Requirements

  • ⚠️Requires an API key from Esios Red Eléctrica de España (external registration required, potential usage costs/limits).
  • ⚠️Requires Node.js >= 24 and npm >= 10.9.2.
Verified SafeView Analysis
The server uses `helmet` for HTTP security headers and `cors` for cross-origin resource sharing. API keys are handled via CLI arguments for stdio transport or request headers (e.g., 'X-API-Key', 'Authorization: Bearer') for HTTP transport, preventing hardcoding in source. External network requests are made to a specific, well-known API (`api.esios.ree.es`). No 'eval' or other obvious malicious patterns were found. Error handling for API calls is implemented. The HTTP server correctly restricts HTTP methods for the `/mcp` endpoint.
Updated: 2026-01-15GitHub
0
0
Low Cost
bhingarekiran29-aiQA icon

MCP_Server

by bhingarekiran29-aiQA

Sec8

Provides a microservice for basic arithmetic operations (addition, subtraction, multiplication, division), intended to be consumed by other systems or agents via the Microservice Communication Protocol (MCP).

Setup Requirements

  • ⚠️Requires the 'mcp.server.fastmcp' Python package, which is an external dependency not provided in the source code.
  • ⚠️Requires a Python interpreter to execute the script.
Verified SafeView Analysis
The core server logic in `simple-calculator.py` is robust against common injection attacks due to explicit integer type casting for all inputs. The overall security largely depends on the `mcp.server.fastmcp` framework, whose source is not provided in this excerpt. No obvious hardcoded secrets or direct malicious patterns were found in the provided server application code.
Updated: 2025-11-30GitHub
0
0
Low Cost
imohweb icon
Sec9

Enable Microsoft Foundry Agents to securely trigger enterprise machine learning workflows in Azure ML through a standardized Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Python 3.9+
  • ⚠️Requires an Azure subscription with Azure AI Foundry project and Azure Machine Learning workspace (including a compute cluster like 'mcp-compute').
  • ⚠️Requires Azure CLI installed and authenticated (via 'az login').
  • ⚠️Requires manual configuration of Azure and MCP server credentials in a .env file.
Verified SafeView Analysis
The architecture is designed with security in mind, separating agent intelligence (Layer 1) from enterprise system execution (Layer 3) via a secure middleware (Layer 2 - MCP Server). The MCP server explicitly routes to known functions, preventing arbitrary code execution based on agent input. Azure authentication uses `DefaultAzureCredential`, supporting secure methods like Managed Identity and Azure CLI. No hardcoded secrets were found; all credentials are externalized to `.env` which is `.gitignore`-ed. The FastAPI server binds to `0.0.0.0`, which is standard for containerized apps but requires proper network security (firewalls, VNETs) in production. `ngrok` is mentioned for local public exposure, which is an external service and introduces its own security considerations.
Updated: 2025-11-29GitHub
0
0
Medium Cost

mcp-onenote

by Dylan78Lange

Sec1

A server component designed to interact with or manage Microsoft OneNote content, potentially exposing an API.

Setup Requirements

  • ⚠️Likely requires Microsoft OneNote API access or authentication credentials
Review RequiredView Analysis
No source code available for analysis. Cannot perform a security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Running this project without code inspection is highly risky due to the inability to verify its safety and intent.
Updated: 2025-11-24GitHub
0
0
Low Cost
peterdewit icon
Sec9

Provides a structured, persistent PostgreSQL database backend for AI agents performing genealogical research.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for convenient deployment.
  • ⚠️Requires a PostgreSQL database instance to operate.
  • ⚠️Database connection environment variables (e.g., DATABASE_URL, PGDATABASE, PGUSER, PGPASSWORD) must be configured.
Verified SafeView Analysis
The server explicitly avoids dynamic SQL table names and uses parameterized queries (e.g., `%s`) throughout `server.py`, which effectively prevents SQL injection vulnerabilities. Database connection details are correctly sourced from environment variables, avoiding hardcoded secrets. No `eval` or similar dangerous patterns are present. The design is robust for its stated purpose.
Updated: 2025-12-14GitHub
0
0
Medium Cost
samihalawa icon
Sec7

Manages Google Ads campaigns programmatically through the Model Context Protocol, offering features for campaign performance data, budget updates, and reporting.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Requires comprehensive Google Ads API credentials (client_id, client_secret, developer_token, refresh_token, login_customer_id) which involve setting up a Google Cloud project and OAuth consent screen.
  • ⚠️Requires a specific Google Ads Customer ID to query data from.
Verified SafeView Analysis
The `test-direct.js` file contains hardcoded Google Ads API credentials (client_id, client_secret, developer_token, refresh_token, login_customer_id), which is a significant security risk if this file were to be used in a production environment or exposed. While the main `server.js` and documentation correctly instruct users to configure via environment variables and caution against committing `.env` files, the presence of these credentials even in a test script is poor practice. No 'eval' or obvious malicious patterns were found in the provided source.
Updated: 2025-11-24GitHub
0
0
Low Cost
alexderkrieger icon

mcp-server

by alexderkrieger

Sec5

Provides a custom server environment for Minecraft development, modding, or running a specific Minecraft game instance.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) or Java Runtime Environment (JRE) installed.
  • ⚠️May require specific Minecraft client or server files depending on the intended use.
  • ⚠️Requires available network ports (e.g., 25565 for default Minecraft server).
Review RequiredView Analysis
Unable to perform a full security audit due to missing source code. A score of 5 reflects an unknown state; assume potential risks like unpatched vulnerabilities, misconfigurations, or network exposure until a thorough code review is conducted. No 'eval' or similar dangerous patterns could be checked.
Updated: 2026-01-17GitHub
PreviousPage 332 of 713Next