Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
lgrassin icon
Sec9

A remote Model Context Protocol (MCP) server providing basic calculator tools without authentication, designed for deployment on Cloudflare Workers and integration with AI agents.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires Cloudflare's Wrangler CLI for local development and deployment.
  • ⚠️Requires an MCP client (e.g., Cloudflare AI Playground or mcp-remote proxy) to interact with the server's tools, as it does not have a user interface itself.
Verified SafeView Analysis
The server is explicitly designed to be 'authless' for demonstration purposes, meaning it is publicly accessible without authentication. Inputs to the calculator tools are strictly validated using Zod (z.number(), z.enum()), preventing common injection vulnerabilities. Division by zero is handled, and no direct 'eval' or other high-risk functions are used. The overall code quality for the implemented tools is high, and sensitive operations are not exposed. However, its 'authless' nature means it should not be used for private or sensitive calculations without adding an authentication layer.
Updated: 2025-11-28GitHub
0
0
Medium Cost
dvvincent icon

vergeos-mcp-server

by dvvincent

Sec3

An MCP server that enables AI assistants to manage VergeOS virtualization platform resources (VMs, networks, tenants, storage, monitoring) through natural language commands.

Setup Requirements

  • ⚠️Requires VergeOS API host and credentials (VERGEOS_HOST, VERGEOS_USER, VERGEOS_PASS, or VERGEOS_TOKEN).
  • ⚠️Disables SSL/TLS certificate validation (`rejectUnauthorized: false`) for communication with VergeOS API, which is a significant security risk for production environments.
  • ⚠️Requires Node.js (version 20+ recommended) and `npm install` for dependencies. Remote deployment options involve Kubernetes and a local proxy.
Review RequiredView Analysis
CRITICAL: Disables SSL/TLS certificate validation (`rejectUnauthorized: false`) in all API communication with VergeOS. This makes the server vulnerable to Man-in-the-Middle (MITM) attacks, allowing an attacker to intercept or modify sensitive VergeOS API traffic. The HTTP server also exposes a wide range of administrative VergeOS API functions, which, if deployed without robust network security (e.g., strong ingress/WAF rules and network policies), could significantly increase the attack surface. Default environment variables for VergeOS credentials are empty or point to a default IP, requiring proper configuration to avoid authentication issues or unintended exposure.
Updated: 2025-12-06GitHub
0
0
High Cost
sfc-gh-dflippo icon

skills-mcp-server

by sfc-gh-dflippo

Sec7

Manages AI agent skills by synchronizing them from local SKILL.md files and remote Git repositories into a consolidated AGENTS.md catalog.

Setup Requirements

  • ⚠️Requires Git command-line tool to be installed and available in the system's PATH.
  • ⚠️For TypeScript version, Node.js 18+ and `tsx` (typically via `npx`) are required.
  • ⚠️For Python version, Python 3.8+ and `python-frontmatter` (which auto-installs if missing) are required.
Verified SafeView Analysis
The skill executes external `git` commands (`git clone`, `git pull`) using `subprocess.run` (Python) or `child_process.execSync` (TypeScript). While necessary for its function, this involves executing arbitrary commands based on URLs specified in `repos.txt`. If `repos.txt` were to be compromised or contain malicious URLs, it could lead to arbitrary code execution through Git's extensibility features (e.g., hooks). However, the skill itself does not expose obvious vulnerabilities like `eval` or hardcoded credentials in the truncated source. The primary risk lies in the trust placed on the contents of `repos.txt` and the remote repositories.
Updated: 2025-11-18GitHub
0
0
Low Cost
stardikas icon

mcp-jira-go

by stardikas

Sec5

Acts as an open-source Model Context Protocol (MCP) server to expose Jira 8.5 (Server/Data Center) issues via JSON-RPC, facilitating integration with AI tools.

Setup Requirements

  • ⚠️Requires access to a Jira 8.5 (Server/Data Center) instance with appropriate API permissions for the configured `JIRA_USERNAME`.
  • ⚠️The `JIRA_PASSWORD` environment variable *must* be set, as the default empty string will cause Jira connection failures.
  • ⚠️Enabling `JIRA_INSECURE_SKIP_VERIFY` simplifies setup for Jira instances with self-signed or invalid certificates but critically compromises connection security; it should be explicitly understood and avoided in production environments.
Verified SafeView Analysis
Several critical security risks are present if deployed without careful hardening: - `JIRA_INSECURE_SKIP_VERIFY`: This environment variable, if set to true, disables TLS certificate verification for Jira API calls, making the connection vulnerable to Man-in-the-Middle (MiTM) attacks. This is a severe risk in production. - `Access-Control-Allow-Origin: *`: The server explicitly allows requests from any origin for its HTTP and Server-Sent Events (SSE) endpoints. This, combined with `websocket.Upgrader.CheckOrigin: true` for WebSockets, disables critical browser-level security mechanisms, potentially exposing the server to Cross-Site Request Forgery (CSRF) and other client-side attacks if not adequately protected by external layers or client-side logic. - Basic Authentication: Relies on basic authentication for Jira API calls. While compatible, it is only secure over HTTPS. If `JiraURL` is HTTP or `JIRA_INSECURE_SKIP_VERIFY` is enabled with HTTPS, credentials could be exposed in plaintext. - Lack of explicit input validation: While `json.Unmarshal` handles basic structure, deep input validation for tool parameters (e.g., preventing injection attacks into JQL queries if `search_issues` were implemented) is not explicitly detailed in the provided snippets. The current exposed tools (`list_projects`, `get_issue`) have simpler parameters, reducing immediate risk, but it's a general concern for future expansions. - No visible rate limiting or abuse prevention mechanisms.
Updated: 2026-01-16GitHub
0
0
Low Cost
deveshsharma551 icon

mcp-server-langchain-first

by deveshsharma551

Sec9

This project demonstrates building and integrating multiple Micro-Agent Communication Protocol (MCP) servers (Math and Weather) with a LangChain/LangGraph agent for advanced tool utilization.

Setup Requirements

  • ⚠️Requires Python >=3.13
  • ⚠️Requires the GROQ_API_KEY environment variable to be set
  • ⚠️The 'Weather' server (`Weather.py`) must be run separately (e.g., `python Weather.py`) before the client to provide the `http://localhost:8080/mcp` endpoint.
Verified SafeView Analysis
No 'eval', obfuscation, or hardcoded secrets found. API keys are handled via environment variables. The weather server runs locally over HTTP, which is generally safe for local development but would require security measures if exposed externally.
Updated: 2025-11-22GitHub
0
0
High Cost
BACH-AI-Tools icon

pdf-reader-mcp

by BACH-AI-Tools

Sec2

Extracts text, images, and metadata from PDF files (local or URL) for AI agent consumption.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0.
  • ⚠️The server's current working directory (cwd) dictates the base for relative file paths; explicitly configuring `cwd` for the MCP server may be necessary.
  • ⚠️The tool allows reading *any* local file via absolute paths or path traversal (e.g., `../../etc/passwd`) using relative paths. This poses a severe security risk; users must enforce strict runtime permissions for the server process to mitigate unauthorized file access.
Review RequiredView Analysis
The `resolvePath` function in `src/utils/pathUtils.ts` and the `README.md` explicitly permit and encourage the use of absolute paths (e.g., `C:\path\to\file.pdf` or `/home/user/file.pdf`). Additionally, for relative paths, `path.resolve(process.cwd(), userPath)` is used without further validation to prevent directory traversal (`../../`). This means an AI agent, if compromised or instructed to do so, could read *any* file on the host machine's filesystem where the server is running, bypassing the stated "Secure Context" and "Context Confinement" design principles. This is a critical security vulnerability. Users *must* run this server with extremely restrictive filesystem permissions for the Node.js process and be aware that an agent can request any file via an absolute path. The server also makes external network requests for URL-based PDFs, which could be a risk if untrusted URLs are processed.
Updated: 2026-01-12GitHub
0
0
Medium Cost
amirrosi icon

israeli-cbs-mcp

by amirrosi

Sec9

Provides a Model Context Protocol (MCP) server for accessing statistical data and price indices from the Israeli Central Bureau of Statistics (CBS) with local caching.

Setup Requirements

  • ⚠️Initial index build takes approximately 5 minutes on first run (or cache expiry) during which search/navigation tools report 'Index is building'.
  • ⚠️Requires ~20MB of local disk space for the cached index file.
  • ⚠️Default language for API calls and output is Hebrew ('he').
Verified SafeView Analysis
The server appears generally safe. It uses standard `httpx` for external API calls, configures via environment variables, and manages a local cache in a user-specific directory. No 'eval' or other highly dangerous functions are observed. Data validation for tool arguments (like year ranges) is present. Logging is directed to stderr to prevent stdout corruption.
Updated: 2025-11-24GitHub
0
0
Medium Cost
Danah-alquaamiz icon

tadawul-mcp-server

by Danah-alquaamiz

Sec8

This server fetches sustainability and ESG reports from the Tadawul website for specified companies.

Setup Requirements

  • ⚠️Requires Playwright browser dependencies to be installed (`playwright install --with-deps chromium`).
  • ⚠️Functionality is dependent on the target website's UI and HTML structure (`https://www.saudiexchange.sa`), which can change and break the scraper.
  • ⚠️Requires Python 3.10 as specified in the deployment configuration.
Verified SafeView Analysis
The server uses Playwright for web scraping, which involves launching a headless browser. While Playwright itself is generally secure, any browser environment can have potential vulnerabilities. The code does not use 'eval', show obfuscation, or hardcode sensitive secrets. Input 'company_name' is used safely within Playwright methods. The main risk, not directly observable here, would be from the 'requirements.txt' dependencies.
Updated: 2025-11-20GitHub
0
0
Low Cost
drkhannah icon

mcp-deployment

by drkhannah

Sec10

Provides a tool to fetch the current price of various cryptocurrencies from CoinGecko.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Designed for integration with Claude Desktop via the provided configuration.
Verified SafeView Analysis
The server's code is straightforward, without any 'eval' or similar dangerous patterns. It makes a standard HTTP GET request to a public, reputable API (CoinGecko) and handles responses safely. No hardcoded secrets or malicious patterns were identified.
Updated: 2025-11-23GitHub
0
0
Medium Cost
tedrubin80 icon

BlueSkyMCP-Server

by tedrubin80

Sec1

A server for a game, likely Minecraft, allowing players to connect, interact, and play together.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE) for execution.
  • ⚠️Potential need for port forwarding (e.g., 25565) for external player access.
  • ⚠️Configuration files (e.g., server.properties) will need to be set up or customized.
Review RequiredView Analysis
Source code was not provided for analysis. Therefore, a comprehensive security audit for specific risks like 'eval' usage, obfuscation, hardcoded secrets, or network vulnerabilities could not be performed. Without source code, it's impossible to verify the implementation's security practices, leading to a critical risk assessment by default.
Updated: 2025-12-05GitHub
0
0
Low Cost
josedefreitas91 icon

raycast-codex-manager

by josedefreitas91

Sec8

Manages Codex MCP server configurations and skills (scripts/files) through Raycast commands, offering local operations and diagnostic tools.

Setup Requirements

  • ⚠️Requires Raycast (macOS application) to run.
  • ⚠️The ZIP import functionality relies on the macOS-specific `ditto` command, limiting its full functionality to macOS environments.
  • ⚠️Requires Node.js (version 22.14.0 or higher for `@raycast/api` runtime).
  • ⚠️If the 'Preferred Editor' preference is set to 'VS Code (code)', the VS Code command-line tool (`code`) must be installed and accessible in the system's PATH.
Verified SafeView Analysis
The application primarily performs local file system operations (read, write, delete, copy) and local command execution. It uses `fs/promises` for file handling and `child_process.execFile` for executing external utilities like `unzip`, `ditto`, and `code`. The use of `execFile` with arguments passed as an array is a good practice to prevent shell injection. Input validation is present for MCP server names, skill names, and content, mitigating risks from malformed user input. Path resolution in `SkillEntryForm` is designed to prevent directory traversal within skill folders. Configuration changes trigger optional timestamped backups, adding a layer of safety. No direct network requests or hardcoded secrets for its own operation are apparent in the provided source.
Updated: 2026-01-17GitHub
0
0
Low Cost
avinashyadav09 icon

Avinash-portfolio

by avinashyadav09

Sec9

This repository serves as a professional portfolio showcasing Avinash Yadav's expertise across various cloud, data, and AI technologies, including experience with MCP Server Integrations.

Verified SafeView Analysis
Only README.md content was provided for analysis, which does not contain executable code. Therefore, common security vulnerabilities like 'eval', obfuscation, hardcoded secrets, or malicious patterns within server logic could not be assessed. The provided content itself poses no direct security risk.
Updated: 2025-11-25GitHub
PreviousPage 353 of 713Next