Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
railsstudent icon

fake-store-mcp-server

by railsstudent

Sec6

This server simulates a fake store within a Minecraft server, allowing external applications to browse items, purchase them via bot commands, and check the bot's status.

Setup Requirements

  • ⚠️Requires a running Minecraft server for the bot to connect to.
  • ⚠️Requires Node.js runtime and npm/yarn for dependency management.
  • ⚠️Requires configuration of `MC_HOST`, `MC_PORT`, `MC_USERNAME`, and critically, `MC_PASSWORD` as environment variables (e.g., in a `.env` file).
Review RequiredView Analysis
The `POST /buy` endpoint directly uses user-provided `itemId` and `quantity` to construct a Minecraft chat command (`bot.chat`). This pattern could be vulnerable to command injection if the target Minecraft server or its plugins interpret special characters or commands within chat messages. The use of `cors()` without specific origin restrictions also broadens the potential attack surface. Sensitive information like `MC_PASSWORD` is correctly handled via environment variables.
Updated: 2025-12-01GitHub
0
0
Medium Cost
zero-to-prod icon

datadog-mcp

by zero-to-prod

Sec9

Provides a Multi-Cloud Platform (MCP) server for searching and analyzing Datadog logs, enabling AI agents to interact with Datadog's Logs API v2 with simplified natural language queries and advanced data transformation capabilities.

Setup Requirements

  • ⚠️Requires PHP 8.4+ and PHP extensions 'json' and 'curl'.
  • ⚠️Requires `jq` binary to be installed in the execution environment for filtering capabilities (e.g., `apk add --no-cache jq` in Docker).
  • ⚠️Requires Datadog API Key (DD_API_KEY) and Datadog Application Key (DD_APPLICATION_KEY) for authentication.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys (DD_API_KEY, DD_APPLICATION_KEY), which is good practice. The `applyJqFilter` method, which executes the `jq` binary, correctly sanitizes user-provided filters using `escapeshellarg()` to prevent command injection. Error handling for external API calls and `jq` execution is robust. The code does not appear to contain hardcoded secrets, obfuscation, or obvious malicious patterns. Regex patterns used in query normalization are standard, reducing the risk of ReDoS.
Updated: 2026-01-19GitHub
0
0
Medium Cost
FreeOnlineUser icon

shell-mcp

by FreeOnlineUser

Sec8

Provides secure local and remote shell access for Claude Desktop, enabling AI to interact with system environments.

Setup Requirements

  • ⚠️Requires Windows 10/11 and .NET 8.0 SDK (for building, pre-built binaries available).
  • ⚠️Requires manual configuration of Claude Desktop's `claude_desktop_config.json`.
  • ⚠️Specifically designed for integration with Claude Desktop, not a standalone general-purpose shell.
Verified SafeView Analysis
The project demonstrates a strong focus on security for its intended purpose of providing AI with shell access. It implements explicit security modes ('safe' with allowlists, 'dangerous' with per-command approval), a hardcoded blocklist for critical commands (e.g., `format`, `rm -rf /`), real-time command visibility, and a user-controlled 'Lift Pen' feature for instant pausing. SSH passwords are held in memory only, and sudo support is opt-in and disabled by default. While giving an AI shell access inherently carries risk, the extensive safeguards and user control mechanisms significantly mitigate these risks, making it safe to run under responsible user oversight.
Updated: 2025-12-22GitHub
0
0
Medium Cost
team-earth icon
Sec9

Provides a Model Context Protocol (MCP) interface for LLMs (like Claude Desktop) to query various urban intelligence datasets from the DataGraph API, including NYC building permits, property sales, crime, demographics, subway data, and GOSR framework-based civic programs.

Setup Requirements

  • ⚠️Requires a DATAGRAPH_API_KEY from datagraph.city (a free tier is available, but a key is still needed).
  • ⚠️Specific configuration steps for Claude Desktop (editing claude_desktop_config.json) are required for integration.
  • ⚠️Requires Node.js and npm/npx to be installed.
Verified SafeView Analysis
The server acts as a proxy to the external DataGraph API, requiring a DATAGRAPH_API_KEY which is securely handled via environment variables (not hardcoded). There are no 'eval' calls or obfuscation detected. The server explicitly enforces read-only operations and includes a LIMIT clause validation for user-provided Cypher queries, demonstrating a focus on preventing malicious database operations. The core security depends on the DataGraph API itself, but the server component appears robust.
Updated: 2025-12-30GitHub
0
0
Low Cost
hackafterdark icon

uplink

by hackafterdark

Sec2

Connects local AI agents to a web browser for interaction, control, and debugging.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Manual browser extension installation via 'Load Unpacked' (Chrome/Edge/Brave) or 'Load Temporary Add-on' (Firefox).
  • ⚠️Server and extension require matching ports if not using default 8765, necessitating manual update in extension dashboard.
  • ⚠️The `AUTH_TOKEN` is hardcoded in `server.py`, requiring manual modification for stronger security.
Review RequiredView Analysis
CRITICAL RISK: The extension uses `eval()` to execute arbitrary JavaScript received from the WebSocket server within the browser's context (`extension/content.js` and `extension/background.js`). While the WebSocket connection is local and secured by a hardcoded token, this design allows for arbitrary code execution on any visited website if the local AI agent is compromised, misconfigured, or if the `AUTH_TOKEN` is discovered. This is a severe vulnerability that can lead to XSS, data exfiltration, or complete browser takeover within the user's session. The `AUTH_TOKEN` is also hardcoded in `server.py`, which makes it easily discoverable and reduces the effectiveness of token-based authentication.
Updated: 2026-01-19GitHub
0
0
Low Cost
CrackingShells icon

mcp-servers

by CrackingShells

Sec10

This repository serves as a temporary list for compiling Systems Biology MCP servers.

Verified SafeView Analysis
The provided 'SOURCE CODE' consists solely of a README.md file. There is no executable code (e.g., JavaScript, Python, Dockerfiles) to audit for 'eval', obfuscation, hardcoded secrets, or network risks within this repository itself. The repository is inert; security risks would only arise from visiting the external links listed within the README, which are outside the scope of this repository's code.
Updated: 2025-12-02GitHub
0
0
Medium Cost
ChaseRichardsonGit icon

wp-mcp-chaserich

by ChaseRichardsonGit

Sec8

Enables AI assistants to interact with a WordPress site for content management, including posts, pages, media, and taxonomies, with specific support for Elementor.

Setup Requirements

  • ⚠️Requires a running WordPress instance with REST API enabled.
  • ⚠️Requires a WordPress Application Password for authentication (generated in WordPress Admin > Users > Your Profile).
  • ⚠️For full Elementor integration and meta field access, the custom `mcp-elementor-support.php` plugin must be installed and activated on the WordPress site.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server uses environment variables for WordPress credentials (WP_URL, WP_USERNAME, WP_APP_PASSWORD) and an optional API_KEY for the MCP server itself, which is good practice against hardcoded secrets. It employs HTTPS communication with WordPress (recommended via WP_URL). Authentication for the MCP server relies on a basic API key (via header or query parameter), which is acceptable for internal/development use but less robust than OAuth 2.1, a standard becoming mandatory for public HTTP MCP transports as per the provided `MCP_CREATION_RULES.md`. The WordPress plugin (`mcp-elementor-support.php`) includes `current_user_can('edit_posts')` for permission callbacks. Safety features like 'draft-first' post creation and default slug protection ('preserve_slug: true') are implemented to prevent accidental data loss or SEO impact. No 'eval' or malicious patterns were identified in the provided source code.
Updated: 2026-01-16GitHub
0
0
Low Cost
zuhairabbas1 icon

legal-research-mcp

by zuhairabbas1

Sec6

This server exposes a Google Search tool as an MCP endpoint, allowing a client application to perform legal research and leverage an LLM for structured analysis.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️MCP server must be started before the client application
  • ⚠️The Google Search tool provides mock results for educational purposes, not real-time search outcomes.
Verified SafeView Analysis
The Flask server runs with `debug=True`, which is a critical security vulnerability for any production deployment as it can expose the debugger and allow arbitrary code execution. While acceptable for a local, educational project, it's a significant risk if used outside this context. The `perform_google_search` function initiates an external HTTP request to Google but then discards the response in favor of hardcoded mock data, making the actual search functional but irrelevant to the output and potentially fragile. No 'eval' or malicious patterns were found.
Updated: 2025-11-19GitHub
0
0
High Cost
telagod icon

papermcp

by telagod

Sec9

The PaperMCP server provides a unified interface for searching, downloading, and extracting text from academic papers across 23+ diverse scientific and academic sources through the Model Context Protocol.

Setup Requirements

  • ⚠️Full functionality for several core platforms (e.g., Semantic Scholar, Web of Science, Scopus, CORE, Microsoft Academic) requires setting specific API keys as environment variables.
  • ⚠️Optional plugins (e.g., Sci-Hub, LibGen, Unpaywall, ScienceDirect, SpringerLink, IEEE Xplore) are disabled by default and must be explicitly enabled via `PLUGIN_XYZ=true` environment variables.
  • ⚠️The Unpaywall plugin specifically requires setting the `UNPAYWALL_EMAIL` environment variable to function.
  • ⚠️Requires Node.js version >= 18.18 to run. The `canvas` dependency (used by `pdfjs-dist`) might require system-level build tools on some environments.
Verified SafeView Analysis
The server's core functionality involves making HTTP requests to external academic platforms and handling local file operations for PDF download and text extraction. It uses `process.env` for API keys, preventing hardcoded secrets. HTTP requests are throttled and use random user agents. File paths for downloads are sanitized to prevent directory traversal. The optional plugins (e.g., Sci-Hub, LibGen) are explicitly disabled by default and come with warnings about responsible use, mitigating potential legal or security risks associated with those sources. No `eval` or other obvious malicious patterns are found.
Updated: 2025-11-22GitHub
0
0
Low Cost
cocolizh icon
Sec1

Analysis is severely limited as no source code was provided. Based on the repository name 'demo-algorithms-repo' and the description 'MCP Server', it likely demonstrates algorithms within a server context, but specifics regarding its exact function are unknown.

Setup Requirements

  • ⚠️Source code not provided for analysis, preventing detailed evaluation of requirements or friction points.
Review RequiredView Analysis
CRITICAL: The source code was not provided for analysis, making a comprehensive security audit impossible. Without code, it's impossible to check for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Therefore, the server cannot be deemed safe to run.
Updated: 2025-11-24GitHub
0
0
Medium Cost
RezaJF icon
Sec1

Exposes FinnGen data analysis R package functionalities to AI agents and generates Jupyter notebooks using Google Vertex AI for research and development.

Setup Requirements

  • ⚠️Requires R and the `fganalysis` R package to be installed separately.
  • ⚠️Requires a Google Cloud Vertex AI API Key, Project ID, and Location (a paid service) for notebook generation.
  • ⚠️The `fganalysis-r` repository must be cloned as a sibling directory for default database configuration.
Review RequiredView Analysis
CRITICAL: The `execute_r_code` tool allows arbitrary R code execution. If this server is exposed to untrusted AI agents or clients, it presents a severe remote code execution vulnerability, allowing an attacker to run any R code, which can interact with the underlying operating system. The `subprocess.run` calls, while generally requiring care, are particularly dangerous in conjunction with the `execute_r_code` tool. This server is highly insecure for public exposure.
Updated: 2025-11-30GitHub
0
0
Medium Cost
wzrazsh icon
Sec9

A unified platform for managing, monitoring, and auditing AI development tools and their task lifecycles, providing both a standardized API and a web administration interface.

Setup Requirements

  • ⚠️Requires Node.js runtime environment for backend development.
  • ⚠️Requires PostgreSQL database for production (SQLite for development).
  • ⚠️Requires Redis for caching and performance optimization.
  • ⚠️Recommends Docker and Kubernetes for containerized deployment and orchestration.
Verified SafeView Analysis
The design documents outline a comprehensive security strategy including JWT for admin authentication, tool_id + token for client authentication, RBAC for authorization, mandatory HTTPS, field-level encryption for sensitive data (e.g., API keys, request payloads), at-rest encryption for storage, strict database permissions, rate limiting, and robust input validation against common vulnerabilities. A strong focus on security auditing is also defined. While actual code implementation would require verification, the documented design principles are robust.
Updated: 2025-11-20GitHub
PreviousPage 344 of 713Next