Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Czajnikuss icon

MCP-Factory

by Czajnikuss

Sec7

Automated generation and packaging of website-specific interaction servers (MCP Servers) by sampling, compiling, verifying, and packaging website configurations.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to run the services.
  • ⚠️Requires Python 3.9+ for local development (Docker images handle this).
  • ⚠️Requires 2GB of shared memory (SHM) for the browser-service container (configured in compose.yml).
  • ⚠️The browser-service needs outbound internet access to sample target URLs.
Verified SafeView Analysis
The `browser-service` container uses Playwright to interact with arbitrary external URLs provided in job requests. This inherent functionality carries risks, as a malicious target website could potentially exploit browser vulnerabilities within the container. The use of `--no-sandbox` and `--disable-setuid-sandbox` for Chromium (common in Docker) further reduces isolation within the container. If the `factory-backend` or `browser-service` were exposed directly to the internet without robust authentication and authorization, it could be misused as a proxy or for unauthorized web activities. Internal communication between services is unencrypted HTTP over Docker's internal network.
Updated: 2025-12-14GitHub
0
0
Low Cost
andreynamaste icon

msp

by andreynamaste

Sec2

Manages WordPress posts (create, update, retrieve, delete) via the Model Context Protocol (MCP) for integration with AI assistants like ChatGPT.

Setup Requirements

  • ⚠️Requires manual removal of hardcoded WordPress credentials in `mcp_sse_server.py` before deployment.
  • ⚠️Services are configured to run with `root` privileges, which should be downgraded to a less privileged user for security.
  • ⚠️Relies on `python3` which may implicitly require version 3.12+ for the broader project ecosystem.
Review RequiredView Analysis
Critical security risks identified: 1. Hardcoded WordPress application passwords for multiple default sites in `mcp_sse_server.py`, allowing unauthorized access if the server code is compromised. 2. `systemd` services are configured to run as `root` user, which escalates potential impact of any vulnerability. 3. While user-added WordPress credentials are encrypted, the key is stored on disk and could be compromised if the server is breached.
Updated: 2025-12-10GitHub
0
0
Medium Cost
circling-booster icon

MCP_SERVER_STR

by circling-booster

Sec9

This server acts as a Multi-Agent Communication Protocol (MCP) tool provider, offering weather alerts and forecasts by integrating with the National Weather Service (NWS) API.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Relies on the National Weather Service (NWS) API for data (api.weather.gov).
  • ⚠️Configuration relies on a combination of environment variables (.env file) and a `config.json` file; users need to understand the precedence and ensure these files are correctly set up or rely on defaults.
Verified SafeView Analysis
The server uses `httpx` for external API calls to the NWS API. Error handling for network requests is present, but it currently uses `print()` statements for errors in `api_client.py` which should ideally be replaced with a structured logging solution for production environments. No hardcoded secrets, `eval`, or obfuscation techniques were found.
Updated: 2026-01-19GitHub
0
0
Low Cost
Positronikal icon

MCPManager

by Positronikal

Sec8

A cross-platform desktop application for discovering, monitoring, and controlling Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Go 1.21+ to build and run.
  • ⚠️Requires Node.js 16+ and npm for frontend development and build.
  • ⚠️Requires Wails v2 CLI (`go install github.com/wailsapp/wails/v2/cmd/wails@latest`).
  • ⚠️Linux requires `webkit2gtk` package (`libwebkit2gtk-4.0-dev`).
  • ⚠️macOS requires Xcode Command Line Tools for building.
  • ⚠️Windows requires MSYS2/MinGW-w64 for CGO build support.
Verified SafeView Analysis
The core application logic in Go and Svelte does not show obvious security vulnerabilities or dangerous patterns like `eval`. However, generated Doxygen documentation includes `jquery.js` and `search.js` that utilize `eval` for dynamic code execution, which is a common vector for XSS if the input is untrusted. This risk is isolated to the documentation assets and not the core application runtime. The project's `CONTRIBUTING.md` indicates a strong developer security posture (GPG-signed PRs, 2FA, legal release documents). The application manages local processes and relies on the host system's security.
Updated: 2025-11-21GitHub
0
0
Low Cost
joseph0926 icon

plan-loop

by joseph0926

Sec9

Enables an asynchronous plan review loop between Claude-Code (planner) and Codex (reviewer) by sharing session state on disk.

Setup Requirements

  • ⚠️Requires Node.js 24.0.0 or higher.
  • ⚠️Requires configuration in `.mcp.json` (project) or `~/.claude.json` (user) for Claude-Code, and `~/.codex/config.toml` for Codex, or use the automated `setup` command to configure the MCP clients.
Verified SafeView Analysis
The server operates primarily through standard I/O (stdio) and manages session state on the local file system (`~/.plan-loop/sessions/`). There is no direct network exposure by the server itself. No usage of `eval` or obvious code obfuscation. No hardcoded sensitive credentials were found. Transitive dependencies for authentication (e.g., `jsonwebtoken` via `@azure/msal-node`) are part of standard SDK usage for the VSCode extension and not directly handled by the core MCP server logic in a risky way. The session files are user-specific, reducing broader system risk.
Updated: 2026-01-19GitHub
0
0
Low Cost
bioanywhere icon
Sec9

Dockerized deployment and orchestration for a custom MCP server application.

Setup Requirements

  • ⚠️Docker Desktop or engine required for local development and deployment.
  • ⚠️Requires explicit configuration of environment variables in a .env file or docker-compose.yml for the underlying application (specific variable names not provided in snippets).
  • ⚠️GCP Credentials and Project ID are required for the CI/CD workflow to Google Artifact Registry.
Verified SafeView Analysis
The provided configuration files (`docker-compose.yml`, `run.sh`, `README.md`) show no immediate security vulnerabilities like hardcoded secrets within the application's runtime configuration, use of `eval`, or malicious patterns. Secrets for CI/CD (`GCP_CREDENTIALS`, `GCP_PROJECT_ID`) are mentioned as repository secrets, which is a good practice. The server exposes port 3000, which is standard for web services. Health checks are configured.
Updated: 2025-12-02GitHub
0
0
Low Cost
sbtobb icon
Sec9

Provides an Ethereum Trading MCP server that offers tools for querying ETH/ERC20 balances, fetching token prices via Uniswap V2/V3, and simulating Uniswap V2/V3 token swaps.

Setup Requirements

  • ⚠️Requires Rust toolchain (version 1.80+) to build and run.
  • ⚠️Requires network access to an Ethereum RPC endpoint, specified via the `ETH_RPC_URL` environment variable, for any live data interaction.
  • ⚠️For accurate swap simulations and gas estimates, the `CALLER_ADDRESS` (used as `msg.sender` in `eth_call`) must have sufficient simulated allowances and balances; otherwise, simulations may fail or lack gas estimates.
Verified SafeView Analysis
The server is built with Rust, leveraging its strong memory safety guarantees. A critical security feature is that all swap operations are simulations (using `eth_call`) and do not involve private keys, transaction signing, or actual on-chain broadcasts from the server. This design choice inherently mitigates risks associated with hot wallets or compromised keys. Configuration for RPC endpoints and contract addresses relies on environment variables, promoting secure deployment practices. The primary external security consideration is the trustworthiness and availability of the configured Ethereum RPC endpoint.
Updated: 2025-11-26GitHub
0
0
Low Cost
tomoharu-hayashi icon

mcp-server-skills

by tomoharu-hayashi

Sec9

Provides a persistent, searchable, and version-controlled knowledge base for AI agents to learn from and refer to, simulating human learning processes.

Setup Requirements

  • ⚠️Requires Python 3.13, which is a very recent version and might not be readily available.
  • ⚠️The configured knowledge directory (`MCP_BRAIN_DIR`) must be an initialized Git repository with a remote ('origin') for version control and synchronization to function.
  • ⚠️Interactive UI features (confirmation dialogs, text editor launch, sound effects) are macOS-specific and rely on `osascript`, `afplay`, and `code` (VS Code CLI). Functionality may be limited or unavailable on other operating systems.
Verified SafeView Analysis
The server uses `pickle.load` for its embedding cache, which can be a security risk if the cache file is compromised by an attacker. However, the cache is self-generated and validated with a hash, mitigating the risk under normal operation. Platform-specific `osascript` calls are sanitized to prevent injection. `subprocess` calls do not use `shell=True`.
Updated: 2025-12-11GitHub
0
0
High Cost
nickweedon icon

partsbox_mcp

by nickweedon

Sec9

Manages electronic component inventory within the PartsBox system for AI assistants.

Setup Requirements

  • ⚠️Requires a PartsBox API Key, which provides full access to your PartsBox database.
  • ⚠️Requires Python 3.10+ and the `uv` package manager.
  • ⚠️Deployment often requires Docker for containerization and shared blob storage.
  • ⚠️JMESPath queries for filtering require careful use of double quotes for field identifiers (e.g., `"part/name"`) and backticks for literal values (e.g., `` `[]` ``), especially with `nvl()` for null safety.
Verified SafeView Analysis
The server uses environment variables for the PartsBox API key, and deployment configurations (e.g., Docker volumes) emphasize read-only mounts for `.env` files to prevent accidental leakage. Direct file and image downloads are handled with caching and optional resizing, and resource methods exist to store larger files in shared blob storage, reducing direct data transfer over the MCP channel. There are no obvious signs of 'eval' or other highly dangerous functions, and API requests are made over HTTPS. The `mask_error_details` environment variable allows hiding internal error specifics from clients, which is good practice for production.
Updated: 2025-12-13GitHub
0
0
Low Cost
keevaspeyer10x icon

ai-tool-bridge

by keevaspeyer10x

Sec9

Enables AI platforms to discover and invoke CLI tools and HTTP APIs using natural language commands, acting as a bridge between AI assistants and local tooling.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️For Claude Code integration, requires specific configuration in `~/.claude/mcp.json`.
  • ⚠️`typer` and `mcp` are optional dependencies, requiring installation with `pip install ai-tool-bridge[typer]` or `pip install ai-tool-bridge[mcp]` for full functionality (especially `mcp` for the MCP server).
Verified SafeView Analysis
The codebase demonstrates strong security awareness with explicit fixes for previously identified vulnerabilities. It uses `subprocess.run(shell=False)` with list arguments, `Path.resolve(strict=True)` for directory validation (preventing symlink and traversal attacks), and `yaml.safe_load` for parsing manifests (preventing arbitrary code execution). Parameter names are validated via regex to prevent injection. Dynamic module loading via `AI_TOOL_BRIDGE_TRUSTED_MODULES` environment variable is explicitly allowed but requires user responsibility to trust the specified modules. Hardcoded secrets are not present in the application's runtime logic, though `SOPS_KEY_PASSWORD` is used externally for `sops` decryption.
Updated: 2026-01-17GitHub
0
0
Medium Cost
david-t-martel icon

serial-mcp-server

by david-t-martel

Sec9

Provides a robust, panic-free Machine Control Protocol (MCP) server for serial port communication, enabling LLM/autonomous agent integration with session analytics and real-time streaming.

Setup Requirements

  • ⚠️Cross-compilation requires Docker to be running.
  • ⚠️Serial port access requires appropriate OS permissions (e.g., user in 'dialout' group on Linux, Visual Studio Build Tools with C++ workload on Windows).
  • ⚠️Hardware tests require a real serial port (and optionally a loopback connection) configured via the `TEST_PORT` environment variable.
Verified SafeView Analysis
The project demonstrates high security awareness with an explicitly panic-free runtime, structured error handling, and strict limitation of arbitrary file/process access to only serial ports. It leverages the `serialport` and `sqlx` crates for hardware and database interactions, which handle underlying OS permissions and use prepared statements (reducing SQL injection risk). Input from network interfaces (REST, WebSocket) is parsed and validated, with data intended for the serial port being passed as a conduit without server-side execution. Main risks would depend on the security of the connected serial device and the deployment environment, rather than direct vulnerabilities in the server's core logic.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ArtemFilin1990 icon

bitrix24-mcp-server1

by ArtemFilin1990

Sec8

This server provides a Model Context Protocol (MCP) interface for Bitrix24 CRM, enabling AI agents to seamlessly interact with Bitrix24 for complete CRM management, including contacts, deals, leads, companies, and tasks, along with advanced search and diagnostics.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires a Bitrix24 incoming webhook URL (BITRIX24_WEBHOOK_URL) which must be configured as an environment variable.
  • ⚠️The Bitrix24 webhook needs specific permissions (CRM, Tasks, User) to function correctly, which requires manual setup in Bitrix24.
  • ⚠️For large datasets (e.g., 1000+ leads), retrieval of 'latest' items involves client-side pagination and sorting, leading to potential latencies of 10-15 seconds per call due to Bitrix24 API rate limiting.
Verified SafeView Analysis
The codebase generally follows good security practices, using environment variables for sensitive data like the Bitrix24 webhook URL and `zod` for input validation. Dangerous functions like `eval` are not used. Child process spawning (`child_process.spawn`) is used for running the core MCP server from an HTTP wrapper, but the commands are fixed to internal scripts, minimizing injection risks. However, the HTTP wrapper (`server.js`) sets `Access-Control-Allow-Origin: *`, which could be a security concern in a production environment if not intentionally broad. Error logging might expose sensitive API error messages if not carefully managed.
Updated: 2026-01-15GitHub
PreviousPage 337 of 713Next