Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
ShreyashPatil530 icon

crypto-mcp-server

by ShreyashPatil530

Sec9

Provides real-time and historical cryptocurrency market data from public exchange APIs, ideal for building trading bots, portfolio trackers, and market analysis tools.

Verified SafeView Analysis
The server leverages public CCXT endpoints, eliminating the need for API keys and hardcoded secrets. It operates as a local script and does not appear to expose any network interfaces or APIs itself, significantly reducing external attack surface. Broad 'except' blocks are present in non-critical file I/O operations (logging and cache loading), which handle errors gracefully by falling back or silently failing rather than crashing, without introducing direct vulnerabilities. No 'eval' or obfuscation found.
Updated: 2025-12-24GitHub
0
0
High Cost
super12v icon
Sec3

Provides an MCP server that enables AI agents to read and list security policy documents from various sources and formats for infrastructure security policy creation.

Setup Requirements

  • ⚠️Requires a HashiCorp Vault instance for secure remote document access, and credentials must be manually populated within Vault.
  • ⚠️Requires manual configuration of the `.env` file for server, Vault, and document source settings to enable full functionality.
  • ⚠️Critical security features (Vault integration for fetching credentials, JWT-based agent authentication) are currently placeholders ('TODO's) and not fully implemented, making the system insecure for production deployment with remote sources or multiple agents.
Review RequiredView Analysis
The server has critical security 'TODO's that make it unsafe for production deployment as-is. Specifically, the 'read_document' and 'list_documents' tools contain 'TODO: Integrate with Vault' and currently use `credentials = {}`, meaning remote access credentials are not actually fetched from Vault, rendering credential paths ineffective. Agent authentication from JWT is also a 'TODO' and defaults to a hardcoded 'agent_id'. CORS `allow_origins=["*"]` is configured, which is a risk in production environments if not restricted. While positive features like PII redaction, input validation, audit logging, and size limits are present, the incomplete critical integrations are a severe vulnerability.
Updated: 2026-01-19GitHub
0
0
Low Cost
namphuongtran icon

claude-mcp-outline

by namphuongtran

Sec8

Integrates Claude Desktop with Outline knowledge bases, enabling Claude to search, read, and manipulate Outline documents using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Claude Desktop (latest version).
  • ⚠️Requires an Outline API token.
  • ⚠️Requires Outline Base URL configuration after installation.
  • ⚠️Requires access to your Outline workspace.
Verified SafeView Analysis
The server acts as a Node.js bridge to a Python MCP server, executing an external Python script via `child_process.spawn`. This relies on the integrity of the bundled Python script. The README explicitly states that the Outline API token is stored locally by Claude Desktop, no data is sent to third-party services, and all requests go directly to the Outline instance, which are strong security positives. No 'eval' or hardcoded secrets were found in the provided Node.js code. The `ALLOWED_DIRECTORIES` environment variable implies potential file system interaction by the Python server, whose security depends on its implementation.
Updated: 2025-12-13GitHub
0
0
Medium Cost
StarSpark-AI icon
Sec9

This repository provides a workshop guide for building custom Model Context Protocol (MCP) servers to extend AI coding assistants with specific tools like date/time functions, database interaction, and image generation.

Setup Requirements

  • ⚠️Requires Python 3.11+ and Conda for environment management.
  • ⚠️Requires PostgreSQL 15+ running locally with specific user/database setup.
  • ⚠️Requires a Claude Pro subscription (or higher) for the Claude Code CLI.
  • ⚠️Requires a Google AI API Key for image generation via NanoBanana.
Verified SafeView Analysis
The custom MCP servers (DateTime, Task Tracker, Image Generation) demonstrate good security practices. Secrets are loaded from `.env` files, not hardcoded. Database interactions use parameterized queries to prevent SQL injection. File system interactions are limited to a designated output directory. No `eval` or `exec` functions are used on untrusted input.
Updated: 2025-12-06GitHub
0
0
Medium Cost
wenzhuo4657 icon

NotifierBot

by wenzhuo4657

Sec6

This microservice provides dynamic real-time notifications to third-party platforms (e.g., Telegram Bot, Gmail) based on remote text, notification type, and verification parameters.

Setup Requirements

  • ⚠️Requires a running Redis or Valkey instance for non-local caching and QPS limiting.
  • ⚠️Telegram Bot Token (for TgBotNotifier) and Gmail App Password (for EmailNotifier) must be provided, ideally via environment variables, to configure notifiers.
  • ⚠️The `HOST1` environment variable must be set for the Redis host configuration.
Review RequiredView Analysis
The `/api/v1/notifier/register` endpoint accepts sensitive configuration (e.g., bot tokens, email passwords) via JSON payload. The provided code lacks explicit HTTPS enforcement and application-level authentication/authorization for this critical endpoint. The CORS policy is highly permissive (`allowedOrigins("*")`). These factors make the service unsafe to expose to the public internet without additional security measures. Justified use of Redis `EVALSHA` for Lua scripts (rate limiting) is observed.
Updated: 2025-12-09GitHub
0
0
Medium Cost
jackybeez icon

synked-mcp-server

by jackybeez

Sec9

Serves as a Model Context Protocol (MCP) server to expose Synked's engineering insights tools (Jira, GitHub, Slack) to AI assistants.

Setup Requirements

  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Requires `SUPABASE_URL` and `SUPABASE_SERVICE_ROLE_KEY` environment variables to be set.
  • ⚠️Requires a build step (`npm run build`) before running in production mode.
Verified SafeView Analysis
The server securely handles environment variables for Supabase URL and service role key, exiting if critical variables are missing. Input validation is strictly enforced using Zod schemas, preventing malformed requests. Outbound network calls use the service role key for authentication, keeping secrets server-side. Error responses may include raw text from upstream Supabase functions which, while useful for debugging, could potentially expose more verbose internal error details in a production scenario, though this is mitigated by the trusted backend interaction.
Updated: 2025-11-29GitHub
0
0
Low Cost
thealphacubicle icon

boston-core-mcp

by thealphacubicle

Sec9

This server provides safe, conversational, read-only access to Boston's open data portal, enabling AI assistants and agentic tools to explore civic information through natural conversation.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Docker Desktop installed and running (for local `mcpengine proxy` connection)
  • ⚠️MCPEngine CLI must be installed (`pipx install 'mcpengine[cli]'`)
Verified SafeView Analysis
The server demonstrates strong security practices, including explicit input validation using Pydantic, sanitization of string inputs, rate limiting, and circuit breakers. It enforces read-only access and limits response/request sizes to prevent abuse. There are no obvious hardcoded secrets in the application code, with configuration managed via environment variables. Admin scripts for Terraform handle AWS credentials securely via environment variables. Filter validation explicitly rejects unsupported complex operators, enhancing robustness against injection attempts. Overall, the design prioritizes safety for AI agent interaction.
Updated: 2025-12-02GitHub
0
0
Medium Cost
dull-quay940 icon

mcp-supervisor

by dull-quay940

Sec4

The MCP Supervisor manages, orchestrates, and monitors autonomous agent workers, providing a RESTful API for tasks like system health checks, file operations, data transformation, and API calls.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or later.
  • ⚠️Docker is recommended for agent sandboxing; otherwise, agents run as child processes on the host.
  • ⚠️Setting `ALLOW_AUTONOMY=true` in `.env` enables agents to perform potentially destructive operations (file system modifications, network requests, executing whitelisted system commands) and should only be done with full awareness of the security implications.
  • ⚠️Requires Ubuntu 18.04 or later for direct installation using provided scripts.
Review RequiredView Analysis
The server includes several critical security risks: 1) The Docker Compose setup mounts `/var/run/docker.sock` into the supervisor container, granting it full root access to the host's Docker daemon. A compromise of the supervisor could lead to host system compromise. 2) When `ALLOW_AUTONOMY` is set to `true`, agents are permitted to perform file modifications, network requests, and system commands. While `manifest.json` defines allowed directories and blocked commands, and `monitor.js` includes path validation, agents like `backup-manager` and `health-checker` utilize `child_process.exec` (promisified as `execPromise`). Passing user-controlled input to these shell commands, even if paths are resolved, can be vulnerable to command injection if arguments are not rigorously escaped or sanitized for shell metacharacters. 3) The `api-caller` agent can make requests to arbitrary URLs when `ALLOW_AUTONOMY` is enabled, posing a risk for SSRF or other network-based attacks.
Updated: 2026-01-19GitHub
0
0
High Cost
scottshapiro142 icon

gemini-design-mcp

by scottshapiro142

Sec8

Integrates Google Gemini AI as a design agent with Claude Code, providing specialized UI/UX design tools and support for various design tasks.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (available via Google AI Studio, may incur costs beyond free tier).
  • ⚠️Requires Node.js runtime environment (version 18+ recommended by dependencies).
  • ⚠️For local integration with Claude Code, the path to 'index.js' in 'mcp_settings.json' must be exact and configured correctly.
Verified SafeView Analysis
The server correctly handles the Gemini API Key by requiring it as an environment variable, preventing hardcoded secrets. There is no usage of 'eval' or other directly dangerous functions. The HTTP/SSE server (server.js) uses 'cors()' without specific origin restrictions, which defaults to allowing all origins. While common for development or internal services, for a publicly exposed production environment handling sensitive data, restricting CORS origins would be a stronger security practice. However, as an MCP agent, this is often used by a trusted client, making the default acceptable for its intended purpose.
Updated: 2025-11-23GitHub
0
0
Medium Cost
netflyapp icon
Sec8

Serves as a Model Context Protocol (MCP) server, enabling AI agents within an IDE to interact with and manage a Fluent Community platform via natural language commands.

Setup Requirements

  • ⚠️Requires a running WordPress instance with the Fluent Community plugin and an Application Password configured for the specified user.
  • ⚠️Requires Node.js (version 18 or newer recommended due to SDK dependencies).
  • ⚠️Initial setup involves `npm install` and `npm run build` to compile TypeScript.
Verified SafeView Analysis
The server securely loads API credentials (WordPress URL, username, application password) from environment variables, preventing hardcoding of secrets. Communication with the MCP client occurs over stdio, limiting direct network exposure for the server itself. API requests to the WordPress backend use basic authentication and Axios, ensuring standard HTTP security practices are followed. Error logging to console.error might expose API response details if not handled in a production logging system. Arguments passed to tools are cast as 'any', relying on prior schema validation from the MCP SDK, which is a common but noteworthy pattern in TypeScript for dynamic inputs.
Updated: 2025-11-27GitHub
0
0
Medium Cost
HarshJainCodes icon

TravelMemories.McpServer

by HarshJainCodes

Sec4

This is a backend API server designed for a 'Travel Memories' application, likely handling data storage, authentication, and integrating with AI services for processing or generating content related to travel experiences.

Setup Requirements

  • ⚠️Requires replacing placeholder secrets in `appsettings.json` (e.g., `IssuerSigningKeySecretText`, `AzureOpenAIKey`).
  • ⚠️Requires .NET runtime (likely .NET 6+ or 7+).
  • ⚠️Requires configuration of external services: Azure OpenAI, Application Insights, a MCP Server URL, and a Backend URL.
Review RequiredView Analysis
Several critical configuration values are hardcoded as placeholders (e.g., 'YOUR_SECRET_KEY_HERE', 'YOUR_KEY_HERE') in `appsettings.json`. While marked as placeholders, running the server without replacing these with actual secrets makes it either non-functional or highly insecure. The `AllowedHosts: "*"` setting is overly permissive and should be restricted in a production environment. No 'eval' or obvious malicious code patterns were found in the provided snippets.
Updated: 2025-11-19GitHub
0
0
Medium Cost
RITVIKKAMASETTY icon

mcp_servers_clients

by RITVIKKAMASETTY

Sec4

A React frontend interacts with a FastAPI backend, which acts as an AI agent (powered by Groq) to route mathematical queries to a local FastMCP microservice.

Setup Requirements

  • ⚠️Requires Groq API Key (paid service)
  • ⚠️Requires Python dependencies (FastAPI, uvicorn, groq, fastmcp)
  • ⚠️Requires Node.js/npm for the React frontend development server
Review RequiredView Analysis
The backend server uses CORSMiddleware with `allow_origins=["*"]`, which permits requests from any origin, posing a security risk if deployed publicly. Additionally, `uvicorn.run` binds to `host="0.0.0.0"`, making it accessible on all network interfaces, which is dangerous without proper network segmentation or firewall rules in a production environment. The Groq API key is a required, sensitive credential that should be loaded from an environment variable for security, rather than being a blank placeholder in the source code.
Updated: 2025-11-22GitHub
PreviousPage 338 of 713Next