Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Christoph icon

treesitter-mcp

by Christoph

Sec9

Facilitates AI-powered code analysis and refactoring by exposing code structure, usage, and diff analysis across multiple languages via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Rust toolchain (1.70 or later)
  • ⚠️Requires configuring an absolute path to the compiled binary for client applications
Verified SafeView Analysis
The server operates over standard I/O (stdio) and does not expose network ports, minimizing its external attack surface. It executes `git` commands for diff analysis, but implements input validation (`validate_git_revision`) using a regex to prevent command injection. File system access is limited to reading files specified by tool arguments; integrating client applications are responsible for sanitizing user-provided paths to prevent arbitrary file access. No dynamic code execution (e.g., 'eval') or hardcoded secrets were identified.
Updated: 2026-01-13GitHub
0
0
Medium Cost
annpannmannnouta-afk icon

note_MCP_server

by annpannmannnouta-afk

Sec8

Enables AI assistants to programmatically interact with Note.com, offering features like article search, user RSS feed retrieval, content reading, and draft creation.

Setup Requirements

  • ⚠️Requires manual extraction of a `note_session` cookie from the browser to enable the `create_draft` functionality.
  • ⚠️Requires Python 3 and installation of dependencies via `pip install -r requirements.txt`.
Verified SafeView Analysis
The server correctly handles sensitive information (session cookie) via environment variables. It does not use `eval` or other notoriously unsafe functions. The `get_note_content` tool could theoretically be directed to arbitrary URLs by the AI, leading to unintended web scraping or resource consumption, though the underlying `requests` library generally mitigates severe SSRF vulnerabilities. The `create_draft` tool relies on a user-provided session cookie and sends AI-generated HTML; if Note.com's platform does not adequately sanitize user input, there could be risks, but this is an interaction risk rather than a direct server vulnerability.
Updated: 2025-12-03GitHub
0
0
Medium Cost
aelkz icon
Sec6

This MCP server enables AI assistants to manage Keycloak Identity and Access Management operations safely and efficiently, offering comprehensive tools for user, group, realm, authentication, and client scope management.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires a running Keycloak Server (v26.4.5 recommended) with admin credentials or a configured service account.
  • ⚠️The default Keycloak client secret ('test12345') is hardcoded; users MUST override `KEYCLOAK_CLIENT_SECRET` via environment variables for production environments to avoid security vulnerabilities.
Verified SafeView Analysis
The server has good safety features like read-only and operation modes, but a critical risk is the hardcoded default `KEYCLOAK_CLIENT_SECRET` ('test12345') in `src/common/constants.ts`. If environment variables are not properly configured, this weak default could be used in `client_credentials` authentication, potentially exposing admin access. While the HTTP transport is currently unimplemented, its future implementation would require careful security review. No `eval` or obvious malicious patterns found.
Updated: 2025-12-01GitHub
0
0
Medium Cost
dbshadow icon

m95-mcp

by dbshadow

Sec4

Manages M95 network devices, controlling functionalities and exposing them as tools for automated agents and AI assistants via a FastMCP server.

Setup Requirements

  • ⚠️Requires a `.env` file with M95_HOST, M95_USER, and M95_PASSWORD configured.
  • ⚠️Disables SSL certificate verification (`verify=False`) for device communication, posing a security risk (MITM vulnerability).
  • ⚠️Requires Python 3 and dependencies listed in `requirements.txt`, including the `fastmcp` library.
Review RequiredView Analysis
The `m95_api.py` explicitly disables SSL certificate verification (`verify=False`) for HTTPS requests to the M95 device. While this might be intended for devices with self-signed certificates, it severely compromises transport security, making the communication vulnerable to Man-in-the-Middle (MITM) attacks. This could allow attackers to intercept or alter commands and data. Credentials (M95_PASSWORD) are loaded from a `.env` file, which is good practice, but their protection relies on the file system permissions. The MCP server listens on `0.0.0.0:8444`, meaning it's accessible from all network interfaces; ensure proper network segmentation if this server is exposed beyond a trusted local network.
Updated: 2025-12-02GitHub
0
0
Low Cost
skutry icon
Sec9

A local MCP server and CLI tool for static analysis to detect hardcoded API keys, tokens, and credentials in source code and files.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Optional dependencies (tree-sitter, tree-sitter-python, tree-sitter-javascript) are needed for 'deep' scanning profile's AST analysis.
Verified SafeView Analysis
The codebase demonstrates good security practices for a tool processing arbitrary user files. It actively prevents path traversal, limits file and archive member sizes to mitigate resource exhaustion and regex DoS attacks on long lines, and does not use dangerous functions like 'eval'. No hardcoded secrets for its own operation were found. The tool's scanning logic is local, minimizing external attack surface.
Updated: 2025-12-01GitHub
0
0
Low Cost
ian-de-marcellus icon

incident-timeline-mcp

by ian-de-marcellus

Sec9

Extracts structured information from incident response logs to aid in timeline analysis, action tracking, entity identification, and severity assessment.

Setup Requirements

  • ⚠️Requires Claude Desktop to be installed and running to use as an MCP server.
  • ⚠️The Claude Desktop configuration requires absolute file paths for the Python interpreter and the server.py script.
  • ⚠️Requires a Python 3 virtual environment and dependency installation (`pip install -r requirements.txt`).
Verified SafeView Analysis
The server primarily relies on Python's regex engine and string manipulation for text extraction. It runs as a local MCP server, communicating via stdio, which inherently limits network exposure. There are no direct calls to external APIs, use of 'eval' with untrusted input, or hardcoded secrets observed in the provided source code. Input sanitization is handled via context-based filtering for regex patterns (e.g., timestamps, actors), which helps mitigate false positives. The main potential (minor) risk would be if complex, malicious regex input could trigger a ReDoS vulnerability, but this is less impactful in a local, single-user context.
Updated: 2025-11-24GitHub
0
0
Medium Cost
Rayaannotfound icon

mcppractice

by Rayaannotfound

Sec8

This MCP server provides tools for an AI agent to fetch cryptocurrency news and prices, send emails, and create tasks in an external system.

Setup Requirements

  • ⚠️Requires an SMTP server configured with credentials for sending emails.
  • ⚠️Requires an external 'TASK_API_BASE' endpoint for task creation and a corresponding 'TASK_API_TOKEN'.
  • ⚠️Requires Python packages 'fastmcp', 'requests', and 'feedparser' to be installed.
Verified SafeView Analysis
The code uses environment variables for all sensitive information (SMTP credentials, API tokens, API base URLs), which is a good security practice. It uses standard, secure libraries for network operations (requests with timeout, smtplib with SSL/TLS context). No 'eval' or other dynamic code execution is present. External API calls (CoinGecko, Google News RSS, custom task API) are made over HTTPS. The 'Trust Vox Tech' branding within the email footer and advice section, while part of the agent's personality, could be considered a minor social engineering aspect to be aware of in a real-world deployment.
Updated: 2025-11-20GitHub
0
0
Medium Cost
Cronos402 icon

examples

by Cronos402

Sec7

A Next.js application demonstrating how to build an OpenAI Apps SDK compatible MCP server with widget rendering in ChatGPT.

Setup Requirements

  • ⚠️OpenAI developer mode is required to connect the MCP server to ChatGPT.
  • ⚠️The `auth-example` requires an external authentication service URL (`NEXT_PUBLIC_AUTH_URL`).
  • ⚠️The `cronos-weather-server` requires configuring a Cronos wallet address for payment reception and the Cronos402 CLI for testing paid tools.
Verified SafeView Analysis
The application uses broad CORS headers (`Access-Control-Allow-Origin: *`) and patches browser APIs (`history.pushState`, `window.fetch`, `MutationObserver` for `<html>`) to function within a ChatGPT iframe. While these are necessary for the specific integration, they inherently increase the attack surface and complexity compared to a standard web application. The `baseURL` is derived from Vercel environment variables, reducing direct user manipulation risk. The `auth-example` relies on an external authentication service via `NEXT_PUBLIC_AUTH_URL` and forwards cookies for session management. No obvious malicious code patterns or critical hardcoded secrets were identified in the provided snippets for the server operations.
Updated: 2026-01-18GitHub
0
0
Low Cost
bioanywhere icon
Sec8

This repository provides Docker deployment configuration for an MCP (Managed Cloud Platform) server, enabling its build and execution.

Setup Requirements

  • ⚠️Docker Desktop or Engine required for local development and deployment.
  • ⚠️Authentication to GitHub Container Registry may be required if the image is private.
Verified SafeView Analysis
The provided code consists of Docker deployment configurations and shell scripts. No direct application logic is available for review. The scripts themselves use standard Docker commands and do not contain 'eval', obfuscation, or hardcoded secrets. Network exposure is limited to port 3000, which is typical for a web server. The security score reflects the safety of the deployment mechanism, not the unseen application code within the Docker image.
Updated: 2025-12-01GitHub
0
0
Medium Cost
AccelByte icon

ags-api-mcp-server

by AccelByte

Sec9

Provides AI assistants with access to AccelByte Gaming Services APIs through OpenAPI integration.

Setup Requirements

  • ⚠️Requires AccelByte OAuth Client configuration in Admin Portal, with a Redirect URI that exactly matches the server's configured URI (e.g., http://localhost:3000/oauth/callback).
  • ⚠️Docker is the recommended deployment method for easy integration with AI Assistants, implying it's a necessary component for the intended quick start setup.
  • ⚠️The 'openapi-specs' directory must be populated with valid OpenAPI definitions, which may require a separate process or source for users beyond the initial setup.
Verified SafeView Analysis
The server employs several good security practices: environment variables for configuration, token masking in logs, PKCE for OAuth flows, OIDC token verification with JWKS, Helmet for HTTP security headers, and rate limiting (in V2). It adheres to a stateless architecture in V2, reducing session-related attack surfaces. A minor concern in V1's `StreamableHTTPTransport` is its `validateOrigin` which logs warnings but still allows non-localhost origins by default, which should be tightened for production outside of specific local scenarios. Furthermore, while the server uses JSONPath expressions, care must be taken when exposing these to LLMs to prevent potential injection if user input directly influences the expression, although the current implementation doesn't appear to directly facilitate this risk.
Updated: 2026-01-14GitHub
0
0
Medium Cost
patpil-cloudflare-mcp icon

facebook-ads-mcp

by patpil-cloudflare-mcp

Sec9

Production-ready Cloudflare MCP server for Facebook Ad Library competitive intelligence, combining Apify scraping with AI-powered strategic analysis and format aggregation.

Setup Requirements

  • ⚠️Requires configuration of multiple Cloudflare bindings (D1, KV, Durable Objects) and external API keys (WorkOS, Apify, Cloudflare AI Gateway).
  • ⚠️An active Apify account is mandatory, along with the `apify/facebook-ads-scraper` Actor configured for use.
  • ⚠️A manual code change is required for Zod v4 compatibility (`z.string().url()` to `z.url()`) in `src/server.ts` and `src/api-key-handler.ts` as detailed in `MIGRATION_PLAN.md`.
Verified SafeView Analysis
The server implements robust security practices: OAuth 2.1 with PKCE using WorkOS for user authentication, API key authentication with SHA-256 hashing and user-level validity checks against a D1 database, and explicit PII redaction and output sanitization via `pilpat-mcp-security` (v1.1.0+) in all tool outputs (Step 4.5). Secrets are managed through `.dev.vars` locally and `wrangler secrets` in production, not hardcoded. Concurrency is controlled via a Durable Object semaphore to prevent resource exhaustion. URL validation is present before external API calls. No `eval` or suspicious dynamic code execution is observed. The choice to disable email/phone PII redaction for ad content is a documented, deliberate business decision for publicly available marketing data.
Updated: 2025-12-28GitHub
0
0
Low Cost
kubeagentics icon

kubeagentics-catalog

by kubeagentics

Sec6

Provides a curated, machine-readable catalog of Kubernetes-relevant Model Context Protocol (MCP) servers, facilitating their discovery and one-click installation within the KubeAgentics platform.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to execute the described MCP servers.
  • ⚠️Most MCP servers require specific environment variables (e.g., API keys, URLs) that must be provided by the user.
  • ⚠️Relies on external npm packages which must be accessible from the network where KubeAgentics executes them.
Verified SafeView Analysis
The catalog itself is a static JSON file and inherently safe to process. However, the MCP server definitions within it specify 'command' fields that use 'npx' to execute external npm packages (e.g., '@anthropic/mcp-server-prometheus'). This means the consuming application (KubeAgentics) would download and run arbitrary code from npm. This introduces a supply chain security risk if a listed npm package is compromised or if a malicious entry is added to the catalog, as the executed package would have full access to the host environment. No 'eval' or obfuscation is present in this repository's own files, nor are any secrets hardcoded for the catalog's operation.
Updated: 2025-12-01GitHub
PreviousPage 346 of 713Next