Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
syncaster icon

xiaozhi-mcp-server

by syncaster

Sec2

Extending AI model capabilities by exposing tools for remote control, calculations, and external system interactions.

Setup Requirements

  • ⚠️Requires `MCP_ENDPOINT` environment variable to connect to the WebSocket endpoint.
  • ⚠️Requires `mcp_config.json` for managing multiple tool servers, or a direct script path.
  • ⚠️The hardcoded JWT token in `xiaozhi_chat_web.py` would need to be replaced with a secure method (e.g., environment variable).
Review RequiredView Analysis
The primary security risk is the use of `eval()` in the `calculator` tool implementations (`calculator.py` and `server.py`). These tools directly execute arbitrary Python expressions provided by the AI model. While `calculator.py` attempts to sandbox `eval` to `math` and `random` modules, this is often insufficient to prevent sophisticated arbitrary code execution. The `server.py` example's `eval(python_expression)` is even more dangerous, offering no sandboxing at all. This allows an attacker (or a malfunctioning AI) to execute arbitrary code on the server where the tool is running, potentially leading to system compromise. Additionally, `xiaozhi_chat_web.py` contains a hardcoded JWT token in `XIAOZHI_ENDPOINT`, which is a critical secret management vulnerability.
Updated: 2026-01-18GitHub
0
0
Low Cost
cowboy0015 icon

ethereum-mcp-server

by cowboy0015

Sec9

Provides an MCP (Multi-Modal Agent Protocol) server for interacting with the Ethereum blockchain, offering tools for querying balances, fetching token prices, and building Uniswap V3 swap transactions.

Setup Requirements

  • ⚠️Requires a valid Ethereum private key (with sufficient ETH for gas) to be set as the `PRIVATE_KEY` environment variable.
  • ⚠️Requires a Rust toolchain to build and run the application.
  • ⚠️Interaction with the Ethereum blockchain means real transaction costs (gas fees) for swap operations (though the current implementation primarily builds and simulates transactions).
Verified SafeView Analysis
The server loads sensitive `PRIVATE_KEY` from environment variables, which is good practice. A hardcoded private key exists in `Config::ethereum_default()` but is explicitly for testing and not used in the main application flow. Users must securely manage their `PRIVATE_KEY` environment variable, as it's used for transaction signing. No 'eval', obfuscation, or other critical malicious patterns were found.
Updated: 2025-12-03GitHub
0
0
Low Cost
marcelmedina icon
Sec1

Backend server for a generic application, likely providing API endpoints.

Review RequiredView Analysis
A comprehensive security audit is impossible as the source code was not provided for analysis. Without code, risks such as 'eval', obfuscation, hardcoded secrets, or malicious patterns cannot be identified or ruled out. Therefore, it is considered unsafe to run without prior code inspection.
Updated: 2026-01-19GitHub
0
0
Low Cost
AaronGoldsmith icon

mcp-remote-control

by AaronGoldsmith

Sec8

Enables AI assistants and agentic systems to control Roku TVs on a local network using natural language commands.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher
  • ⚠️TV and computer must be on the same local network
  • ⚠️Requires 'Control by mobile apps' to be enabled on Roku TV
  • ⚠️HOST_IP environment variable must be set with the TV's IP address
Verified SafeView Analysis
The server retrieves the Roku TV's IP address ('HOST_IP') from an environment variable. A compromised environment could theoretically direct requests to an unintended local network device. However, the commands sent are highly specific to Roku's External Control Protocol (ECP) (keypresses, app launches, device info queries) and are not inherently arbitrary command execution vectors. No 'eval' or obvious obfuscation found. No hardcoded secrets. Interaction is confined to the local network. Requires user to enable 'Control by mobile apps' on their Roku TV.
Updated: 2025-12-14GitHub
0
0
Medium Cost
iafnetworkspa icon

bc-odata-mcp

by iafnetworkspa

Sec9

A Go-based MCP server that provides access to Microsoft Business Central OData APIs for Large Language Models (LLMs) and tools like Cursor, enabling LLMs to query, create, update, and delete Business Central data.

Setup Requirements

  • ⚠️Requires a Go 1.21+ development environment for compilation and execution from source.
  • ⚠️Requires an Azure AD application registration with appropriate permissions to access Business Central OData APIs. This involves obtaining Client ID, Client Secret, and Tenant ID, and is an administrative setup process external to the server.
  • ⚠️Effective utilization by LLMs (and for debugging) requires a conceptual understanding of Business Central's OData data model, including available endpoint names and entity properties.
Verified SafeView Analysis
The server implements robust security practices, including OAuth 2.0 client_credentials for authentication, automatic token caching with proactive refresh and invalidation on 401 errors, and mandatory use of HTTPS for all Business Central API communications. Sensitive credentials are correctly sourced from environment variables, protected by .gitignore. Built-in retry mechanisms with exponential backoff and `Retry-After` header handling mitigate rate limiting. No `eval` or directly malicious code patterns were identified. While OData query parameters are passed directly to Business Central, relying on the API's robustness for input validation, this is a standard practice for OData clients.
Updated: 2025-12-05GitHub
0
0
Medium Cost
LLMTooling icon
Sec9

Enables LLMs to send messages and rich embeds to Discord via webhooks for notifications, monitoring, and integrations.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires a Discord Webhook URL, which must be obtained from Discord server settings and set as an environment variable (DISCORD_WEBHOOK_URL).
Verified SafeView Analysis
The server demonstrates strong security practices: - **Input Validation**: Extensive validation is performed on message content length, embed field counts, and color formats, preventing common Discord API errors and potential overflow issues. The webhook URL is also validated against a specific Discord pattern. - **Environment Variables**: Sensitive information like the Discord Webhook URL is correctly sourced from environment variables (`DISCORD_WEBHOOK_URL`), preventing hardcoded secrets. - **Error Handling**: Custom error types (`ValidationError`, `WebhookError`, `EnvironmentError`) are implemented, and tool calls are wrapped in `try-catch` blocks, providing robust error reporting to the MCP client. - **Network Security**: All external network requests are explicitly directed to the validated Discord webhook endpoint. No arbitrary network access is apparent. - **Code Clarity**: The TypeScript codebase is clear, well-structured, and does not contain obfuscated code or dangerous functions like `eval`. - **Dependencies**: Dependencies are managed via `package.json` and `package-lock.json`, and are mostly standard, well-maintained libraries. No red flags found in dependency list for direct security issues.
Updated: 2025-12-09GitHub
0
0
Low Cost
EPortman-Ping icon

remote-mcp-pingone

by EPortman-Ping

Sec9

Provides an OIDC-secured Model Context Protocol (MCP) server on Cloudflare Workers, allowing AI agents to securely call protected APIs on behalf of authenticated end-users, leveraging PingOne DaVinci for authentication and consent.

Setup Requirements

  • ⚠️Requires a PingOne environment with DaVinci, necessitating significant manual configuration (registering applications, creating DaVinci flows and policies, assigning roles).
  • ⚠️Requires a separate 'Todo API' Cloudflare Worker (also provided in the repository) to be deployed first as the downstream protected resource.
  • ⚠️Extensive Cloudflare environment setup is needed, including installing Wrangler CLI, creating KV namespaces, binding Durable Objects, and setting multiple environment variables/secrets using `wrangler secret put`.
Verified SafeView Analysis
The server implements strong security practices for OAuth 2.1 and OIDC flows, including PKCE, Nonce, and robust CSRF protection with one-time use tokens and state binding to session via hashed cookies. Input sanitization for HTML rendering is present to prevent XSS. JWT validation for the downstream API checks signature, issuer, audience, and expiry using JWKS. Sensitive credentials are externalized to environment variables. The architecture leverages Cloudflare's secure serverless platform (Workers, Durable Objects, KV). While marked as a 'demo template' by its authors, the provided source code demonstrates adherence to security best practices for an OAuth/OIDC proxy. A minor deduction is made due to the inherent complexity of OAuth server implementations and the disclaimer that it's a demo, implying further production hardening might be needed depending on the specific threat model.
Updated: 2025-12-15GitHub
0
0
Low Cost
vilashkardate icon

remote-mcp-server-test

by vilashkardate

Sec9

An expense tracking server that allows adding, listing, and summarizing financial expenses.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Data (expenses.db) is stored in a temporary directory, meaning it will not persist across server restarts or system cleanups by default.
Verified SafeView Analysis
The server uses parameterized SQL queries, which effectively prevents SQL injection. No 'eval' or direct use of hardcoded secrets were found in the provided code. The database is stored in a temporary directory, which could lead to data loss on restart but mitigates persistence risks if the server is meant to be ephemeral. It listens on 0.0.0.0, making it network accessible, which is standard but should be considered in a production environment.
Updated: 2025-11-23GitHub
0
0
Medium Cost
andreransom58-coder icon

ad-mcp-server

by andreransom58-coder

Sec9

Manage Microsoft Active Directory user accounts (create, modify, enable/disable, delete, reset passwords, search) via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires a live Active Directory environment with network access.
  • ⚠️Requires a dedicated Active Directory service account with specific, delegated permissions (e.g., create, modify, delete user objects, reset passwords).
  • ⚠️Mandatory `.env` file configuration with sensitive Active Directory credentials.
Verified SafeView Analysis
Strong input validation and LDAP filter escaping (`escape_ldap_filter`) are implemented to prevent LDAP injection. Uses LDAPS by default with certificate verification. The README explicitly warns against hardcoding secrets and recommends least-privilege service accounts configured via the `.env` file. Logging of AD actions is present. No 'eval' or obfuscation detected. A minor note is that dedicated audit logging to a separate file (as suggested by README) isn't explicitly configured in the provided snippets, but actions are logged via standard logging.
Updated: 2025-11-25GitHub
0
0
Medium Cost
jesrzrz icon
Sec8

Interact with Apache Kafka and Schema Registry for topic management, schema operations, and message handling within an MCP environment.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires access to an Apache Kafka cluster.
  • ⚠️Requires Confluent Schema Registry access.
  • ⚠️Requires SASL credentials (username/password) or Azure EntraID credentials for Kafka.
  • ⚠️Requires SSL/TLS CA certificate (KAFKA_SSL_CA_LOCATION) for SASL_SSL security protocol.
Verified SafeView Analysis
The server leverages established secure libraries (confluent-kafka, pydantic-settings) and extensively documents security best practices (e.g., storing credentials in .env, using SASL_SSL, not committing secrets). It performs SSL certificate validation. However, its security relies heavily on correct external configuration of Kafka, Schema Registry, and SSL certificates. Direct user input is processed within defined Avro schemas or JSON structures, mitigating typical injection risks, but no sandboxing is apparent.
Updated: 2025-11-26GitHub
0
0
High Cost

data-mcp-servers

by ClearCalcs

Sec3

This monorepo contains multiple Model Context Protocol (MCP) servers designed for ClearCalcs engineering workflows, including an AST MCP server for converting calculation sheets to Mermaid diagrams, a Buildkite MCP server for CI/CD operations, and a ClearCalcs MCP server for general API integration and widget analysis, often involving LLM processing.

Setup Requirements

  • ⚠️Requires AWS Profile/Credentials for deployment and Cognito setup.
  • ⚠️Requires external AST Service to be running and accessible via AST_SERVICE_URL.
  • ⚠️Requires an Anthropic API Key (CHOSEN_API_KEY) and specific model (CHOSEN_MODEL) for the ClearCalcs MCP server.
  • ⚠️Requires a Buildkite API Token (BUILDKITE_API_TOKEN) for the Buildkite MCP server.
  • ⚠️Critical: Placeholder secrets (`REPLACE_ME`) in AWS CDK infrastructure files *must* be replaced with actual secure values before deployment to prevent severe vulnerabilities.
  • ⚠️Requires `uv` package manager for local development commands.
  • ⚠️Requires Python 3.10+.
Review RequiredView Analysis
Multiple AWS CDK infrastructure files (e.g., `fjall/clearcalcs_mcp/infrastructure.ts`, `fjall/buildkite-mcp/infrastructure.ts`) explicitly use `SecretValue.unsafePlainText("REPLACE_ME")` for sensitive API keys (Anthropic, Buildkite, TypingMind). While likely intended as a placeholder, if not correctly replaced with secure values from a secrets manager, this directly results in hardcoded secrets and a critical vulnerability. The server also relies on session tokens passed via HTTP headers (`X-CLEARCALCS-SESSION`), requiring robust security (e.g., HTTPS, WAF) at the gateway level to prevent token interception. The `AST_SERVICE_URL` is an environment variable, which, if compromised, could be redirected to a malicious service.
Updated: 2025-11-25GitHub
0
0
Medium Cost
BUZDOLAPCI icon
Sec8

End-to-end testing and validation of Dedalus Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires DEDALUS_API_KEY environment variable for authentication with the Dedalus platform.
  • ⚠️Requires `servers.json` to be configured with specific MCP server details and test cases before execution.
Verified SafeView Analysis
The project is a test suite for Dedalus MCP servers. It handles API keys via environment variables (DEDALUS_API_KEY) and explicitly checks for their presence, which is a good security practice. The code does not appear to directly execute arbitrary user-provided code. Regular expressions (`expectedToolPattern`, `expectedOutputPattern`) are used for test validation, but these patterns are defined in the static `servers.json` configuration file, not directly from untrusted runtime input, mitigating common ReDoS risks. The core interaction with AI agents and MCP servers is abstracted by the `dedalus-labs` SDK, meaning the security posture for the actual agent execution largely depends on that SDK and the external MCP servers being tested. No critical vulnerabilities like `eval` or code obfuscation were found in this test suite's direct codebase.
Updated: 2026-01-17GitHub
PreviousPage 347 of 713Next