Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
koonwen icon

dev-mcp-server

by koonwen

Sec8

Provides OCaml Language Server Protocol (LSP) and ocp-index tools for AI assistants to analyze and interact with OCaml codebases.

Setup Requirements

  • ⚠️Requires `ocamllsp` binary to be installed and available in PATH.
  • ⚠️Requires `ocp-index` and `ocp-grep` binaries for full functionality (ocp-index tool group).
  • ⚠️Python 3.10+ and `uv` package manager must be installed for installation and execution.
Verified SafeView Analysis
The server executes external OCaml tools (ocamllsp, ocp-index, ocp-grep) via subprocesses. While arguments are passed as lists to mitigate shell injection, the security relies on the trustworthiness and robustness of these external binaries against crafted inputs. No 'eval' or hardcoded secrets found within the Python code.
Updated: 2025-12-29GitHub
0
0
High Cost
felix-toledo icon
Sec6

An orchestration system for AI agents to interact with custom tools via the Model Context Protocol (MCP), integrating Large Language Models (LLMs) like OpenAI with backend services.

Setup Requirements

  • ⚠️Requires Node.js v20.x or higher and npm v10.x or higher.
  • ⚠️Requires PostgreSQL v14 or higher, which needs to be deployed externally as it is not included in the Docker Compose setup.
  • ⚠️Requires an OpenAI API Key, which typically involves a paid subscription to OpenAI services.
  • ⚠️Docker Desktop/Engine is required for the recommended Docker Compose setup.
Verified SafeView Analysis
The MCP Server (`services/mcp-server`) has `cors({ origin: '*' })` enabled by default, which is an overly permissive configuration and a significant security risk for production environments, as it allows any domain to make requests. The Orchestrator uses `JSON.parse(toolCall.arguments)` on LLM-generated strings; while `JSON.parse` itself is generally safe, robust schema validation (using Zod) within each custom tool is critical to prevent malformed inputs from causing unexpected application behavior or errors. Authentication to the Orchestrator is enforced via a `KAA` header, relying on a shared secret from environment variables, which is a good practice. Sensitive API keys and database credentials are correctly sourced from environment variables. The system's prompt for the LLM is verbose, but prompt injection remains an inherent risk in LLM-based systems.
Updated: 2025-12-03GitHub
0
0
Low Cost
LetsVenture2021 icon

dealengine-mcp-nano

by LetsVenture2021

Sec6

Provides a secure and abstracted interface for an application (likely 'DealEngine') to interact with the Notion API, enabling programatic data management within Notion databases, pages, and blocks.

Setup Requirements

  • ⚠️Requires Notion API Key (obtain from Notion Developer Console)
  • ⚠️Requires Node.js runtime
  • ⚠️Requires `.env` file for configuration
Verified SafeView Analysis
The server uses environment variables for sensitive API keys (NOTION_API_KEY), which is good practice. It handles errors and logs details. However, there is no explicit input validation or sanitization of the `req.body` payloads before they are passed directly to the Notion API. This means a malicious or malformed request from an upstream client could potentially lead to unexpected behavior, API errors, or rate limit issues on the Notion side. The `console.error` logging of `err.response?.data` could also expose internal Notion API error structures if not managed in a production environment.
Updated: 2026-01-01GitHub
0
0
Low Cost
themeselection icon

notes-mcp-demo

by themeselection

Sec9

A Model Context Protocol server for managing notes, offering tools for CRUD operations, a markdown snapshot, and an LLM summarization prompt.

Setup Requirements

  • ⚠️Requires Node.js (LTS) and npm installed.
  • ⚠️Understanding of Model Context Protocol (MCP) clients is necessary to fully utilize the server's tools and prompts.
  • ⚠️Notes data is stored locally in `~/.notes-mcp/data/notes.json`.
Verified SafeView Analysis
The server operates locally via standard I/O (stdio), significantly reducing network attack surface. Input validation is performed using Zod schemas for all tool inputs. Data is stored in local files under the user's home directory (`~/.notes-mcp/data/notes.json`). No sensitive hardcoded credentials, use of 'eval', or other obviously malicious patterns were detected. The local file storage could be a concern if highly sensitive data is stored, but it's appropriate for a 'notes' application.
Updated: 2025-11-24GitHub
0
0
Low Cost
julienld icon
Sec8

The MCP Server Tester is a FastMCP-based harness designed to launch, proxy, and manage other MCP servers over stdio for testing and development purposes.

Setup Requirements

  • ⚠️Requires an MCP client (e.g., Codex CLI) to interact with the server's control tools.
  • ⚠️Child servers managed by this tester must be MCP-compliant and communicate over stdio.
Verified SafeView Analysis
The server's core function involves launching arbitrary commands and passing environment variables to subprocesses based on user input. While `shlex.split` is used for command parsing, direct execution of user-provided commands (e.g., `tester_control_start_server`) means that if the harness itself is exposed to untrusted input, it presents a command injection risk. However, this is an inherent feature for a testing harness designed to control child servers, not a vulnerability in its intended use by trusted developers in a controlled environment. No explicit 'eval' or hardcoded secrets were found in the `mcp-server-tester`'s source code. The demo credentials in the install script are for a separate child server.
Updated: 2025-12-05GitHub
0
0
High Cost
tsoernes icon
Sec8

Provides a robust Model Context Protocol (MCP) server for executing shell commands, managing background jobs, detecting developer tools, and ensuring security within a development environment.

Setup Requirements

  • ⚠️Requires Rust 1.70+ and Cargo to build from source.
  • ⚠️Optional 'Sudoers Timestamp Sharing' involves modifying `/etc/sudoers.d/` which requires root privileges and understanding of sudo security implications (e.g., `!tty_tickets` configuration).
  • ⚠️Default askpass script `~/scripts/askpass-zenity.sh` implies that `zenity` (or a similar GUI tool) must be installed and available for interactive sudo priming if sudoers sharing is not configured.
Verified SafeView Analysis
The server implements a strong default denylist for dangerous commands (`rm -rf /`, `shutdown`, fork bombs, etc.), supports PTY for isolation, and allows custom denylist patterns. Sudo handling with automatic `-n` (non-interactive) wrapping and a keepalive mechanism is a key feature for convenience, but the `!tty_tickets` sudoers configuration (if applied as recommended) explicitly notes a security trade-off by allowing any process running as your user to reuse your sudo timestamp. This requires careful consideration and a reasonable `timestamp_timeout` for maximum security. No obvious hardcoded secrets or 'eval' vulnerabilities were found. Overall, the server is designed with security in mind, but the sudo integration requires responsible configuration.
Updated: 2025-12-31GitHub
0
0
Medium Cost
peacockery-studio icon

mcp-sharepoint-cert

by peacockery-studio

Sec9

Integrate AI assistants with Microsoft SharePoint for comprehensive document and folder management using certificate-based authentication.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires manual Azure AD App Registration: create app, upload certificate, and grant `Sites.FullControl.All` or `Sites.ReadWrite.All` permissions.
  • ⚠️Requires OpenSSL installed on the system for certificate generation during setup.
  • ⚠️Installation and execution examples typically use `uv` and `uvx`, which may require prior setup of the uv package manager.
Verified SafeView Analysis
The server uses certificate-based authentication (preferred) or client secrets, handled via environment variables, avoiding hardcoded credentials. It employs input validation (`PathValidator`) to prevent common path traversal and invalid character attacks in file/folder names. `subprocess.run` is used for certificate generation (OpenSSL) and clipboard operations, which are controlled and expected CLI calls, not arbitrary user input execution. Content extraction from PDF, Word, and Excel files relies on external libraries, which have inherent risks with malicious files, but the server primarily extracts text and does not execute file content directly.
Updated: 2025-12-05GitHub
0
0
Medium Cost
QuickMythril icon

qortal-mcp-server

by QuickMythril

Sec10

Provides a read-only, LLM-friendly API for Qortal blockchain and QDN data, designed for agents to query information without transaction capabilities.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires a running Qortal Core node accessible via HTTP API (default localhost:12391)
  • ⚠️Qortal Core API key required for /admin/* endpoints (can be set via environment variable QORTAL_API_KEY or apikey.txt)
Verified SafeView Analysis
The project adheres to a robust and explicitly enforced read-only security model. It strictly whitelists GET endpoints, performs rigorous input validation (e.g., address formats, numeric ranges, list limits) before querying the Qortal Core node, and sanitizes/truncates outputs to prevent data leaks or excessive payloads. The Qortal Core API key is kept server-side and never exposed. Rate limiting is implemented per-tool. Error handling is standardized to prevent exposure of internal stack traces. There is no evidence of 'eval' or obfuscation. Deployment notes advise on external exposure for enhanced security.
Updated: 2025-12-03GitHub
0
0
Medium Cost
rahibas icon

ts-mcp

by rahibas

Sec2

Provides a server for the Minecraft Protocol, likely for custom game logic or proxying.

Setup Requirements

  • ⚠️Node.js runtime required
  • ⚠️TypeScript compiler required (for building from source)
Review RequiredView Analysis
Insufficient source code provided (only README.md) to perform a comprehensive security audit. Cannot check for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. The score reflects an inability to verify safety rather than identified vulnerabilities.
Updated: 2025-11-25GitHub
0
0
High Cost
BUZDOLAPCI icon

openapi-generate

by BUZDOLAPCI

Sec8

Parse OpenAPI 3.x specifications to generate MCP tool schemas and full MCP server scaffolds in TypeScript or Python.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️The server exclusively uses HTTP transport (fixed to port 8080 and host 0.0.0.0), despite the README claiming STDIO as the default transport and providing CLI options (`-t, --transport`) or environment variables (`MCP_TRANSPORT`) for STDIO transport. These options are not implemented in the server's primary entry point (`src/index.ts`) or CLI argument parsing (`src/cli.ts`) for this server instance.
  • ⚠️The configuration environment variables (e.g., `MCP_PORT`, `MCP_HOST`, `MCP_SERVER_NAME`, `MCP_SERVER_VERSION`) listed in the README for this server are hardcoded in its primary entry point (`src/index.ts`), making them non-configurable via environment variables or CLI arguments for this specific server instance. The `loadConfig` function that would read these environment variables is only used in the *generated* scaffolds, not in the `openapi-generate` server itself.
Verified SafeView Analysis
The server uses `@apidevtools/swagger-parser` to dereference OpenAPI specs, which can involve fetching remote URLs (via `spec_url_or_json` input). This introduces a potential Server-Side Request Forgery (SSRF) risk if untrusted or malicious URLs are provided, and the server's environment is not adequately isolated. However, this is a core and expected functionality of an OpenAPI parser. The implementation of tool execution via JSON-RPC uses a `switch` statement to explicitly call known functions (`openapiParse`, `generateToolSchemas`, `generateServerScaffold`), preventing dynamic code execution vulnerabilities like `eval`. No hardcoded sensitive secrets were found in this server's codebase, although generated server scaffolds include placeholder API keys in their `.env.example` files, which is appropriate.
Updated: 2026-01-17GitHub
0
0
Low Cost
payvilla icon
Sec3

Provides a centralized Model Context Protocol (MCP) server for SabPaisa's design system, enabling AI assistants and developers to access design tokens, components, patterns, and formatting guidelines.

Setup Requirements

  • ⚠️Requires Node.js 20.x or higher.
  • ⚠️When deployed as an HTTP API (e.g., AWS Lambda), Claude Code requires a local `mcp-bridge.mjs` script to connect to the HTTP-based MCP endpoint. This script needs to be manually created and made executable.
  • ⚠️The `data/` and `data-enhanced/` directories containing the design system JSON files must be correctly present relative to the compiled `dist` directory or bundled with the deployment.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `src/index-http.ts` exposes a `/debug/files` endpoint that allows listing directories and reading files from the server's filesystem (`process.cwd()`, `data/`, `data-enhanced/`). This is a severe information disclosure vulnerability for a publicly deployed Lambda function, as it can expose sensitive configurations, server logic, and internal directory structures. This endpoint lacks authentication/authorization and should be removed or heavily secured (e.g., IP whitelisting, authentication) immediately if deployed publicly. Reliance on numerous third-party dependencies also expands the attack surface.
Updated: 2025-12-05GitHub
0
0
Medium Cost
satheeshds icon

gbp-review-agent

by satheeshds

Sec8

Manages Google Business Profile reviews by fetching reviews, generating AI-powered responses, and posting replies back to Google Business Profile.

Setup Requirements

  • ⚠️Requires Google Business Profile API Access (requires Google approval, which can take time)
  • ⚠️Requires Google Cloud Platform account with My Business API and My Business Account Management API enabled
  • ⚠️Manual OAuth authentication (`npm run auth`) required to generate and store local tokens before first use
Verified SafeView Analysis
The server stores Google OAuth tokens in a local `.tokens.json` file. While convenient for development, this file could be accidentally exposed if committed to a public repository or not properly secured on the host system, potentially leading to unauthorized access to the linked Google Business Profile. The `authenticate.js` and `quick-test.js` scripts use `execSync` from `child_process`, but these are auxiliary setup/test scripts and not part of the main server runtime, mitigating risk.
Updated: 2025-12-03GitHub
PreviousPage 341 of 713Next