Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Ackie1980 icon
Sec9

This server monitors Claude Desktop conversations for truncation, tracks task progress, and enables automatic recovery from incomplete or cut-off AI responses by providing reformulated questions.

Setup Requirements

  • ⚠️Requires Windows 10/11 operating system.
  • ⚠️Administrator rights are recommended for the installer to manage system-wide prerequisites.
  • ⚠️Python must be installed on the system (though the installer attempts to auto-install it).
Verified SafeView Analysis
The server code uses Pydantic for robust input validation on all MCP tool parameters, significantly reducing the risk of injection attacks. File operations are confined to specific directories within the user's home path, preventing arbitrary file system access. There are no explicit calls to `eval`, `exec`, or direct shell commands, nor are there hardcoded sensitive credentials. The server appears to function as a local utility, limiting external network risks.
Updated: 2026-01-19GitHub
0
0
Medium Cost
JoshDoesIT icon
Sec9

Automated Network Security Control (NSC) configuration reviews and network segmentation analysis using LLMs via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires AWS Account with configured credentials (profile 'mcp') and specific IAM permissions (read-only EC2 actions).
  • ⚠️Requires AWS test environment deployed via Terraform.
  • ⚠️Python 3.11+ required.
Verified SafeView Analysis
The server is read-only and uses boto3 for AWS API interactions, explicitly warning against hardcoding credentials. AWS credentials must be securely configured outside the codebase (e.g., via ~/.aws/credentials or environment variables) using the principle of least privilege. The "violations" mentioned in the README refer to the Terraform-deployed AWS environment, not the server's code, as the server's purpose is to identify these issues.
Updated: 2025-11-25GitHub
0
0
Medium Cost
gazisdomain icon

sql-server-mcp-server

by gazisdomain

Sec4

Provides AI assistants like Claude with secure, structured access to SQL Server databases through natural language queries using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires manual installation and configuration of SQL Server Express and the AdventureWorks2025 sample database.
  • ⚠️Requires .NET 9 SDK.
  • ⚠️Requires manual configuration of the Claude Desktop app's `claude_desktop_config.json` to integrate the MCP server.
Review RequiredView Analysis
The project explicitly states it's a 'demonstration project using public sample data' and 'NOT suitable for production use with sensitive data.' Key risks include database queries executing with full user credentials, and query results being sent to Anthropic's cloud for AI processing, raising significant data privacy concerns for sensitive information. While recommendations for enterprise deployment are provided (read-only access, data masking, self-hosted AI, audit logging, rate limiting), the current implementation's default state is highly insecure for production or sensitive data.
Updated: 2025-11-23GitHub
0
0
Low Cost
fordez icon
Sec8

This project provides a Python/FastAPI application to manage multiple Zoho Books accounts and expose an MCP (Micro Control Protocol) interface to interact with them via automated tools.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for setup.
  • ⚠️Requires manual configuration of Zoho API credentials (Client ID, Client Secret, Redirect URI) in `.env` file.
  • ⚠️The `ZOHO_REDIRECT_URI` must precisely match the configuration in the Zoho Developer Console for OAuth flow to function.
  • ⚠️The `ngrok` service exposes the MCP interface publicly, which requires a valid `NGROK_TOKEN` and careful consideration of public exposure risks.
Verified SafeView Analysis
The server externalizes sensitive credentials via environment variables and uses Zoho's OAuth flow, which are good practices. Database connections use `check_same_thread=False`, which can be problematic in some threading models but is mitigated by `threading.local()` for connections. The `ZohoAsyncClient` dynamically parses potential JSON strings within JSON request bodies, which could lead to unexpected data structures if a malicious input is crafted, though `json.loads` itself is generally safe against code execution. The inclusion of an `ngrok` service for public exposure requires careful management of `NGROK_AUTHTOKEN` and network security.
Updated: 2025-12-12GitHub
0
0
Low Cost
Song-JunHyeong icon

Appwrite-MCP

by Song-JunHyeong

Sec7

Enable AI agents to fully automate and configure Appwrite backend operations, including databases, users, storage, functions, and messaging.

Setup Requirements

  • ⚠️Requires Appwrite Project ID and API Key with full administrative access.
  • ⚠️Node.js version >=18.0.0 is required.
  • ⚠️Appwrite endpoint (cloud or self-hosted) must be accessible.
Verified SafeView Analysis
The server acts as a wrapper around the Appwrite SDK, exposing comprehensive administrative capabilities. It processes API calls using credentials provided via environment variables or CLI arguments. There are no obvious code injection vulnerabilities (e.g., direct use of `eval` or unsanitized `child_process.exec`) within the MCP server's logic itself. However, due to the nature of 'complete automation' and exposing tools like `graphql_query`, `graphql_mutation`, and `create_deployment` (which accepts base64-encoded function code), a compromised AI agent or malicious input to the agent could lead to extensive data manipulation, resource deletion, or deployment of arbitrary code within the Appwrite project. This is an inherent risk of granting broad administrative access, rather than a flaw in the MCP server's implementation.
Updated: 2025-12-24GitHub
0
0
High Cost
CR-AudioViz-AI icon

crav-mcp-filesystem

by CR-AudioViz-AI

Sec7

Model Context Protocol (MCP) server for file system operations, enabling AI to autonomously manage and validate files with security sandboxing.

Setup Requirements

  • ⚠️Requires `MCP_API_KEY` environment variable for all API routes except health checks.
  • ⚠️The `STORAGE_PATH` (default: `/tmp/javari-builds`) requires write permissions and should be a persistent volume for production data.
  • ⚠️File creation/update operations are limited by `MAX_FILE_SIZE` (default: 10MB), configurable via environment variable.
Verified SafeView Analysis
The server includes robust path sanitization to prevent directory traversal, file type whitelisting, and size limits. API key authentication and rate limiting are implemented. However, the `execAsync` command for TypeScript validation runs `npx tsc --noEmit` with a user-controlled `cwd` (workspace directory). While `tsc --noEmit` is generally safe, any shell injection vulnerability in `workspaceId` (though mitigated by `path.join`) or unexpected behavior of `tsc` in a malicious context could be a theoretical concern. Additionally, `SUPABASE_ANON_KEY` is hardcoded in some files, though it's typically for client-side use and not a service-level secret.
Updated: 2026-01-09GitHub
0
0
Medium Cost
vcampitelli icon

workshop-mcp-laravel

by vcampitelli

Sec7

This server provides an e-commerce database layer for simulating various scenarios and experimenting with Eloquent/SQL queries, exposed via public API routes and an MCP (Microservice Communication Protocol) for AI interaction related to orders.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to run the environment.
  • ⚠️Requires PHP and Composer installed locally if not using Docker.
  • ⚠️Database seeding (`php artisan migrate --seed`) is necessary to populate the database with dummy data for testing the API and MCP functionalities.
  • ⚠️To fully utilize the AI interaction features (MCP), a local LLM server (like Ollama) configured to run on `http://localhost:11434/v1` is required, as suggested by `fastagent.config.yaml`.
Verified SafeView Analysis
The application uses standard Laravel security practices, including form validation (e.g., `OrderValidation`) and Eloquent ORM, which mitigates common web vulnerabilities like SQL injection and mass assignment. The `docker-compose.yaml` file includes a hardcoded weak default password (`password`) for the MariaDB root user, which is a critical security risk if used in a production environment. There are no obvious `eval` or similar dangerous functions used without justification in the provided code. The `.env.example` is assumed to contain placeholders for sensitive credentials that need to be configured.
Updated: 2025-12-14GitHub
0
0
Medium Cost
haksndot icon

haksnbot-memory

by haksndot

Sec8

Provides persistent memory storage and retrieval for AI agents using SQLite with full-text search and a tagging system.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires specific configuration in Claude Code's settings.json to register as an MCP server, including the full path to its `index.js` file.
Verified SafeView Analysis
The server uses `better-sqlite3` with prepared statements, mitigating SQL injection risks. It communicates via standard I/O (StdioServerTransport), reducing direct network attack surface for the server itself. Database path is configurable via an environment variable, preventing hardcoded paths. No `eval` or obvious malicious patterns found. The primary security considerations would be the integrity of the underlying MCP SDK and Node.js environment, and careful management of the `MEMORY_DB_PATH` if not defaulted.
Updated: 2026-01-18GitHub
0
0
Low Cost
kirbah icon
Sec9

This is a starter template for developing Model Context Protocol (MCP) servers that enable AI models to interact with custom tools, resources, and prompts via a class-based, type-safe architecture.

Setup Requirements

  • ⚠️Requires Node.js 20.0.0 or higher.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) for full interactive functionality beyond standalone execution.
Verified SafeView Analysis
The server implements robust input validation using Zod schemas for all tools and prompts, which is a critical security measure against malformed inputs. Centralized error handling and logging (`LoggerService`) are in place. Communication uses `StdioServerTransport`, which operates over standard I/O streams and does not open network ports directly in its default configuration. The logger sanitizes data, preventing accidental exposure in logs. Hardcoded secrets are avoided by using `dotenv/config`. No explicit `eval` or direct arbitrary command execution of user-provided strings is evident in the provided code snippets.
Updated: 2026-01-16GitHub
0
0
Low Cost
Maxbleu icon

MCP-F1analisys

by Maxbleu

Sec9

An MCP server for LLM interfaces like Claude to interact with F1Analisys for Formula 1 telemetry data visualization and analysis.

Setup Requirements

  • ⚠️Requires Claude to be installed on your system.
  • ⚠️Requires `PUBLIC_KEY`, `ALGORITHM`, `JWT_TOKEN`, and `F1ANALISYS_PRIVATE_NETWORK_BASE_PATH` environment variables to be set for proper operation.
  • ⚠️Requires Python 3.12 or newer.
Verified SafeView Analysis
The server uses JWT for authentication, retrieving `PUBLIC_KEY` and `ALGORITHM` from environment variables. It makes outbound HTTP requests to an external F1 analysis API, using a `JWT_TOKEN` and `F1ANALISYS_PRIVATE_NETWORK_BASE_PATH` also from environment variables. URL path construction within `path_utils.py` appears robust against path injection, converting parameters to strings or specific path segments. No 'eval' or obvious malicious patterns were found. The primary external risk relies on the security and trustworthiness of the `F1ANALISYS_PRIVATE_NETWORK_BASE_PATH` backend.
Updated: 2025-12-03GitHub
0
0
Low Cost
wusimpl icon

VisioInWord-MCP

by wusimpl

Sec6

An MCP server enabling large language models to insert Visio UML class diagrams and plain text directly into Microsoft Word documents.

Setup Requirements

  • ⚠️Requires Windows OS, Microsoft Word, and Microsoft Visio to be installed and runnable.
  • ⚠️Word must be open with an active document and cursor placed at the insertion point before use.
  • ⚠️Python 3.10+ is required.
Verified SafeView Analysis
The server uses `pywin32` for COM automation of Microsoft Word and Visio. While this is the core functionality, direct manipulation of desktop applications based on LLM input introduces potential risks if input sanitization is not robustly handled within the Python script. Without the actual `word_visio_mcp.py` source code, a thorough audit for 'eval', 'exec', or uncontrolled system interactions cannot be performed. It runs locally via stdio, limiting network-based attack vectors, but local compromise via crafted LLM input is a theoretical concern.
Updated: 2025-11-28GitHub
0
0
Low Cost
Indranil2020 icon

crystal_mcp_server

by Indranil2020

Sec8

Provides a backend API for crystal structure generation, analysis, and optimization, integrating Machine Learning Force Fields (MLFFs) and enabling natural language interaction through Large Language Models (LLMs).

Setup Requirements

  • ⚠️Node.js (18+) runtime required for the core MCP server.
  • ⚠️Python 3.x with extensive scientific libraries (pymatgen, pyxtal, ase, spglib, numpy, matplotlib) required for core functionality and MLFFs.
  • ⚠️Ollama server must be running separately (e.g., `ollama serve`) for LLM chat features.
  • ⚠️Specific MLFF Python packages (e.g., 'chgnet', 'm3gnet', 'mace-torch') need to be `pip install`-ed individually if those tools are used.
Verified SafeView Analysis
The architecture utilizes a complex multi-language subprocess model (Node.js invoking Python scripts via a Python FastAPI bridge). Extensive input validation (Zod in TypeScript, Pydantic in Python) is implemented to mitigate common injection risks by strictly controlling tool arguments. Data passed to Python subprocesses uses temporary files, which is a robust practice against command injection. CORS is restricted to localhost, appropriate for a local desktop application. While reliance on external CDNs for frontend libraries (MolStar, Kekule.js) is present and common, it introduces a dependency on their security. Overall, the codebase demonstrates good defensive programming practices, but the inherent complexity of orchestrating multiple processes and languages means minor, though mitigated, risks exist.
Updated: 2026-01-16GitHub
PreviousPage 343 of 713Next