Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
kkdatta icon

mcp-test-repo

by kkdatta

Sec10

Serves as a test repository for GitHub MCP Server verification.

Verified SafeView Analysis
The provided source code only contains a README.md file. No executable code was found to analyze for security vulnerabilities or patterns like 'eval', obfuscation, hardcoded secrets, or network risks. Thus, it is inherently safe from code-based security flaws.
Updated: 2026-01-19GitHub
0
0
Low Cost
aliyev12 icon

mcp

by aliyev12

Sec9

Provides an MCP server for an AI agent to manage reminders by integrating with an external reminders application API.

Setup Requirements

  • ⚠️Requires 'API_KEY' environment variable for authentication with the external reminders application.
  • ⚠️Requires 'REMINDERS_APP_BASE_URL' environment variable, or defaults to 'http://localhost:8080' implying a local backend.
  • ⚠️Requires 'DEFAULT_EMAIL' environment variable for creating reminders with default email alerts.
  • ⚠️Requires a TypeScript build step (tsc) before execution.
Verified SafeView Analysis
The server uses environment variables for sensitive data like API keys and base URLs, which is good practice. Input validation is performed using Zod schemas for all tool inputs, reducing the risk of injection attacks. Error handling captures and structures error messages, preventing raw backend error exposure. No direct 'eval' or arbitrary command execution patterns were found.
Updated: 2025-11-30GitHub
0
0
High Cost
NilavoBoral icon

AgentManager

by NilavoBoral

Sec8

Manages and orchestrates a unified ecosystem of LLM providers, AI agents, and external tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires API keys for chosen LLM providers (e.g., Google, OpenAI, Ollama, Mistral, Groq).
  • ⚠️Requires Python 3.11+.
  • ⚠️Advanced tool integration requires an externally running MCP server.
Verified SafeView Analysis
The system correctly uses environment variables for API keys and doesn't hardcode secrets. It handles arbitrary MCP server URLs and headers, which means the user must ensure they are connecting to trusted external services. No obvious malicious patterns or critical vulnerabilities observed in the provided source code.
Updated: 2025-12-06GitHub
0
0
Low Cost
ebhawana icon
Sec9

This server provides an MCP (Multi-Agent Communication Protocol) interface for managing personal or small-scale expenses, allowing agents to add, list, and summarize financial transactions.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️The database (`expenses.db`) is created in a temporary directory (`tempfile.gettempdir()`), meaning data is not persistent across system reboots or temporary file purges unless explicitly managed.
Verified SafeView Analysis
The application uses parameterized SQL queries throughout, effectively preventing SQL injection vulnerabilities. No 'eval' or similar dangerous patterns are present. The database is stored in a temporary directory, which is common for isolated applications. No hardcoded sensitive credentials were found. Binding to '0.0.0.0' makes it accessible from all network interfaces, which is typical for servers but requires external firewalling if exposed to untrusted networks.
Updated: 2025-11-30GitHub
0
0
Medium Cost
rem5357 icon
Sec9

Provides an MCP server for AI agents to store, retrieve, and organize files in a project-based structure.

Setup Requirements

  • ⚠️Requires Rust toolchain to build.
  • ⚠️Destructive operations (delete_project, delete_folder) require explicit 'confirm' or 'confirm_recursive' flags set to true.
  • ⚠️Default file storage location is `/var/lib/mcp-filemanager` (Linux-centric), configurable via the `FILE_MANAGER_ROOT` environment variable.
Verified SafeView Analysis
The server implements robust path traversal protection and uses parameterized queries to prevent SQL injection. File deletion operations (project, folder, file) require explicit confirmation flags, enhancing safety. Input validation is performed for filenames and folder paths, including length limits and forbidden characters. The default HTTP transport uses permissive CORS, which is acceptable for local/internal development or agent interaction but would require stricter configuration for public-facing deployments. Overall, good security practices are evident for its intended file management functionality.
Updated: 2025-12-07GitHub
0
0
High Cost
fveracoechea icon

playwright-a11y-mcp

by fveracoechea

Sec6

Automated web accessibility auditing and reporting against WCAG 2.1 A/AA criteria using Playwright and axe-core.

Setup Requirements

  • ⚠️Requires Bun runtime (Linux/macOS).
  • ⚠️Requires Playwright Chromium browser to be installed (`bunx playwright install chromium`).
  • ⚠️Mandatory environment variables `AUTH_COOKIE_NAME` and `AUTH_COOKIE_VALUE` are required for the server to start, even for basic functionality.
  • ⚠️The server launches Playwright in non-headless mode, requiring a display environment (e.g., Xvfb) to run correctly in a server context, contrary to typical headless server deployments.
Review RequiredView Analysis
The source code explicitly launches Playwright in non-headless mode (`headless: false`) in all browser automation tools (`analizeURL`, `testPageTool`). This contradicts the README's claim of 'Runs in headless Chromium'. Running non-headless browsers on a server introduces significant operational complexities (requires a display environment) and security risks (increased attack surface if a browser exploit were to escape the sandbox, potential for unexpected UI interactions). Sensitive credentials (`AUTH_COOKIE_NAME`, `AUTH_COOKIE_VALUE`, S3 keys) are correctly loaded from environment variables and validated with Zod. Uploaded screenshots to S3 are marked `public-read`, which is expected but means any sensitive data captured in screenshots will be publicly accessible. Inputs are validated with Zod, mitigating some injection risks.
Updated: 2025-11-20GitHub
0
0
Medium Cost
discomedia icon

alpaca-mcp-server

by discomedia

Sec9

This MCP server enables natural language trading operations through AI assistants for Alpaca's Trading API, covering stocks, options, crypto, portfolio management, and real-time market data.

Setup Requirements

  • ⚠️Requires `uv` for installation, or Docker.
  • ⚠️Alpaca API keys (ALPACA_API_KEY, ALPACA_SECRET_KEY) are required and must be configured in either the `.env` file or directly in the MCP client's JSON configuration (client config overrides .env).
  • ⚠️Free-plan Alpaca REST SIP data is delayed by 15 minutes; real-time SIP data requires a premium subscription.
  • ⚠️Certain advanced options strategies (e.g., short straddles, strangles, uncovered options) require Level 4 options trading permission on your Alpaca account.
Verified SafeView Analysis
The server demonstrates good security practices by: (1) explicitly warning against hardcoding secrets and command-line key passing, instead favoring .env files and interactive prompts; (2) defaulting HTTP transport to localhost (127.0.0.1) for local connections, requiring explicit configuration for remote exposure; (3) using Kubernetes Secrets for sensitive variables in Helm deployments; (4) implementing an `AuthHeaderMiddleware` for secure OAuth bearer token passthrough in multi-tenant HTTP environments. Specific options trading error handling guides users on required permissions for high-risk strategies like short straddles/strangles, reducing accidental exposure to uncovered positions. No `eval` or obfuscation found.
Updated: 2025-12-14GitHub
0
0
Medium Cost
lubaina1904 icon
Sec8

Automatically analyzes Python codebases to generate various forms of documentation, including READMEs, API documentation, and setup guides.

Setup Requirements

  • ⚠️Requires Python 3.8+ to run.
  • ⚠️Requires manual configuration in Claude Desktop's JSON configuration file, specifying an absolute path to the `doc_assistant_mcp.py` script.
  • ⚠️Relies on standard Python virtual environment setup and `pip install -r requirements.txt` to install dependencies, including the MCP SDK.
Verified SafeView Analysis
The server primarily reads and parses Python source code files from a user-specified path using the `ast` module. It does not execute arbitrary code, use `eval`, or involve direct network requests beyond the MCP protocol. The main security consideration is granting the server access to a filesystem path. While the tool only reads `.py` files, providing an untrusted or overly broad path could potentially expose sensitive code if the client application does not enforce proper access controls. No hardcoded secrets or overtly malicious patterns were identified.
Updated: 2025-11-20GitHub
0
0
Low Cost
OrbitalFlow icon

atlassian-mcp-local

by OrbitalFlow

Sec3

Integrates AI assistants with Atlassian Jira and Confluence to perform automated tasks and retrieve information from these platforms.

Setup Requirements

  • ⚠️Requires Python 3.10+ and the `uv` package manager for installation.
  • ⚠️Mandates creating an Atlassian API Token for authentication, which needs to be securely configured in a `.env` file.
  • ⚠️The `install-ngrok.sh` script hardcodes an ngrok authtoken, which is a significant security risk and should be replaced with a user's own token or removed.
Review RequiredView Analysis
The `install-ngrok.sh` script contains a hardcoded ngrok authtoken (`NGROK_AUTHTOKEN="38NAiUQUMfg1ctYf2kYCmU8P6ZN_2crHaSAHqP4px58yyfRVF"`). This is a critical security vulnerability as it means anyone using this script will configure ngrok with this specific, public token, potentially exposing their tunnel traffic through an account not controlled by them, or allowing others to use this token for their own purposes, leading to abuse or tracking. Additionally, the server binds to `--host 0.0.0.0` by default even for local usage, making it accessible from the local network unless explicitly configured otherwise.
Updated: 2026-01-17GitHub
0
0
Low Cost
GHjiejie icon
Sec8

This is a Model Context Protocol (MCP) server designed to integrate with Git, enabling other tools or agents to interact with Git repositories via the MCP.

Setup Requirements

  • ⚠️Node.js (version 18 or higher is required based on dependency tree)
  • ⚠️TypeScript must be installed globally or locally for the 'build' script to work.
Verified SafeView Analysis
The provided source code (src/index.ts) is minimal, primarily focusing on initializing an McpServer and connecting it via StdioServerTransport. There are no explicit uses of 'eval', code obfuscation, or hardcoded secrets within this application logic. The security largely depends on the underlying @modelcontextprotocol/sdk and StdioServerTransport implementations, which are external dependencies. Communication via standard I/O (StdioServerTransport) reduces direct network attack surface for this specific application, but the protocol itself might define remote interactions. Overall, no obvious malicious patterns or critical vulnerabilities are present in the provided application code snippet.
Updated: 2025-12-03GitHub
0
0
High Cost
evgenygurin icon
Sec9

FastMCP server for R2R API, facilitating advanced RAG, document management, knowledge graph interactions, and AI-powered conversational agents.

Setup Requirements

  • ⚠️R2R_API_KEY and R2R_BASE_URL environment variables are required.
  • ⚠️R2R_API_KEY must be provided without quotes or 'Bearer ' prefix in the .env file.
  • ⚠️Requires Python 3.10+.
  • ⚠️Certain R2R search strategies (e.g., 'hyde', 'rag_fusion') may not function due to backend R2R configuration issues.
Verified SafeView Analysis
The server implements `DynamicBearerAuth` to read API keys at request time, crucial for serverless environments where environment variables may be injected after module import. This prevents hardcoding secrets and enhances security. No `eval` or other overtly dangerous patterns without clear justification are observed. The project's documentation also emphasizes security best practices for configuration and deployment.
Updated: 2025-11-27GitHub
0
0
Medium Cost
OrionPotter icon
Sec8

Enables AI assistants to interact with a Meilisearch instance for various search, indexing, and data management operations.

Setup Requirements

  • ⚠️Requires a running Meilisearch instance to connect to.
  • ⚠️MEILISEARCH_API_KEY` must be configured in a `.env` file or environment variables, as the default empty string or `masterKey` (in Docker Compose example) are insecure for production use.
  • ⚠️Requires Node.js (v18+) and npm to be installed for manual setup or development.
Verified SafeView Analysis
The server utilizes environment variables (MEILISEARCH_HOST, MEILISEARCH_API_KEY) for Meilisearch connection details, which is good practice for managing secrets. It does not appear to use eval or other dangerous dynamic code execution methods. The `docker-compose.yml` provides a default `MEILI_MASTER_KEY` (`masterKey`) which is insecure for production and must be changed by the user. Error responses can stringify Meilisearch API error data, potentially exposing details if Meilisearch returns sensitive information in its error payloads.
Updated: 2025-11-20GitHub
PreviousPage 334 of 713Next