Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
FYTJ icon
Sec3

A server that enables remote debugging capabilities by exposing LLDB functionalities over a TCP-based protocol.

Setup Requirements

  • ⚠️Requires macOS with Xcode or Command Line Tools installed.
  • ⚠️Requires Python 3.12.
  • ⚠️Requires careful configuration of Python and LLDB framework paths (PYTHONPATH, DYLD_FRAMEWORK_PATH, DYLD_LIBRARY_PATH) for 'import lldb' to succeed.
Review RequiredView Analysis
The server exposes powerful LLDB debugging primitives (e.g., lldb.command, lldb.evaluate, lldb.launch, lldb.attach, lldb.readMemory, lldb.writeMemory) over an unauthenticated TCP connection. While default listening is on 127.0.0.1, configurable host/port allows broader network exposure. There are no explicit authentication or fine-grained authorization mechanisms beyond LLDB_MCP_ALLOW_LAUNCH and LLDB_MCP_ALLOW_ATTACH environment variables, which only cover specific process operations and not the arbitrary command/evaluation features. This means any client connecting to the server can execute arbitrary lldb commands, evaluate expressions, and manipulate processes on the host machine, posing a significant privilege escalation and system compromise risk if deployed in an untrusted environment or made network-accessible.
Updated: 2025-12-03GitHub
0
0
Medium Cost
cyverse-de icon

formation-mcp

by cyverse-de

Sec9

Connects Claude Code (an AI assistant) to the CyVerse Discovery Environment to enable natural language management of scientific applications, analyses, and data.

Setup Requirements

  • ⚠️Requires a CyVerse Discovery Environment account and credentials (username/password or JWT token).
  • ⚠️Requires configuration in `~/.claude.json` or `~/.formation-mcp.yaml` with CyVerse API base URL and authentication details.
  • ⚠️If building from source, Go 1.25.3 or later is required.
Verified SafeView Analysis
The server handles authentication externally (via token or username/password) and uses HTTPS for API communication. It avoids `eval`-like functions. The `open_in_browser` functionality uses system commands (`open`, `xdg-open`, `cmd /c start`) which, while standard for URL opening, inherently rely on the host OS's handling and could be a very minor theoretical vector if an extremely malformed URL were passed and mishandled by the OS (though current usage passes raw URL directly). Overall, the code appears robust and follows good security practices for a Go application.
Updated: 2025-11-20GitHub
0
0
Medium Cost
AnnaSuSu icon

arxiv-mcp

by AnnaSuSu

Sec8

Enables LLMs to search, download, and read scientific papers from arXiv, providing direct access to scientific literature for AI assistants.

Setup Requirements

  • ⚠️Requires `uv` to be installed for recommended execution (`uvx`).
  • ⚠️Python 3.10+ is required.
  • ⚠️`pymupdf` (a dependency) may have native system library requirements, though `uv` typically handles these dependencies well.
Verified SafeView Analysis
The server uses the `arxiv` library to fetch paper metadata and URLs, and `urllib.request.urlretrieve` to download PDFs. PDF text extraction is handled by `pymupdf` (fitz). Potential security considerations include vulnerabilities in `pymupdf` when processing malformed PDFs (a common risk with any PDF parser) and the `download_paper` tool's `target_dir` parameter. While this parameter is for a specific tool and intended functionality, it could allow a malicious client to attempt to write files to arbitrary locations if not properly validated or sandboxed by the client-side system. The server's internal storage (`get_paper` tool) uses a controlled directory. No direct 'eval' calls, obfuscation, or hardcoded secrets were found in the provided source code. File path sanitization (`paper_id.replace('/', '_')`) is applied for local storage management.
Updated: 2026-01-04GitHub
0
0
Medium Cost
apopovic77 icon

mcp-server

by apopovic77

Sec4

Aggregates multiple microservice APIs (Storage, O'Neal, Artrack, CodePilot, AI, Content, Tarot) under a single FastAPI interface, providing a unified toolset for various domain-specific operations, including AI-driven content, human-in-the-loop interactions, and general API orchestration.

Setup Requirements

  • ⚠️Requires multiple external API keys for full functionality (e.g., ARKTURIAN_API_KEY, ONEAL_STORAGE_API_KEY, ARTRACK_API_KEY, TELEGRAM_API_KEY, CODEPILOT_API_TOKEN, AI_API_KEY).
  • ⚠️Python dependencies (uvicorn, fastapi, httpx, etc.) must be installed, preferably in a virtual environment as implied by the `start.sh` script looking for `venv/bin/uvicorn`.
  • ⚠️Disables SSL certificate verification (`verify=False`) in specific media fetching functions, which is a significant security vulnerability and should be addressed before deployment in any sensitive environment.
Review RequiredView Analysis
The server uses a highly permissive CORS configuration (allow_origins=['*']), which could be a risk for public deployments if not properly secured with additional authentication/authorization. More critically, several HTTP client calls disable SSL certificate verification (`verify=False`) when fetching media (`storage_media_as_data_url`, `oneal_storage_media_as_data_url`), opening up to man-in-the-middle attacks. A hardcoded 'oneal_demo_token' is present as a default API key for the O'Neal API. Most other sensitive API keys are correctly loaded from environment variables, and the server explicitly checks for the presence of `ARKTURIAN_API_KEY` and `ONEAL_STORAGE_API_KEY` at startup.
Updated: 2026-01-02GitHub
0
0
Low Cost
betterhyq icon

sse-mcp-servers

by betterhyq

Sec8

This project provides server implementations for the Model Context Protocol (MCP), enabling external agents to interact with defined tools and services, exemplified by an 'add two numbers' function.

Setup Requirements

  • ⚠️Requires Node.js runtime (version 24.x or higher is indicated by `start:huaweiyun:node` and `tsconfig.json`).
  • ⚠️The Python server specifically requires Python 3.10.15.
  • ⚠️Uses pnpm for package management; `npm` or `yarn` might not work without adjustments.
  • ⚠️Specific ports (4000 for Node.js, 4100 for Python) need to be open and accessible.
Verified SafeView Analysis
The server implementations utilize strong schema validation for incoming parameters (Zod in Node.js, Pydantic Field in Python), which is crucial for mitigating injection and other input-related vulnerabilities. There are no explicit uses of 'eval' or arbitrary command execution based on user input within the provided code. The use of `execa` for spawning child processes is present (via `fastmcp` dependency) but typically for controlled internal operations. A deployment instruction in the README involving `sudo -S` is a high-privilege operation and should be handled with care in a production environment, but this is a deployment configuration risk, not a direct code vulnerability.
Updated: 2025-12-05GitHub
0
0
Low Cost
BERDataLakehouse icon

datalake-mcp-server-client

by BERDataLakehouse

Sec9

A Python client library for programmatic interaction with the BERDL Datalake MCP Server, enabling operations like health checks, database/table listing, schema retrieval, and data querying for Delta Lake tables.

Setup Requirements

  • ⚠️Requires the 'datalake-mcp-server' repository to be cloned and present in the parent directory (`../datalake-mcp-server`) relative to this client repository for client generation.
  • ⚠️The client generation process explicitly uses Python 3.13.
  • ⚠️Requires the 'uv' package manager to be installed for setting up the virtual environment and installing dependencies during client generation.
Verified SafeView Analysis
The provided code is for a client library. The generation process (via `run.sh` and `generate_spec_from_local.py`) involves dynamically importing the `create_application` function from the *server's* local repository (`../datalake-mcp-server`) to generate the OpenAPI specification. This implies a trust relationship with the server's source code during the client build step. The generated client code itself uses standard Python practices and the `httpx` library, which is well-regarded for HTTP requests. No 'eval', obfuscation, hardcoded secrets, or unusual network risks are evident within the client library's runtime code. The documentation for `table_select_request` explicitly states that the server's backend builds queries safely, preventing SQL injection.
Updated: 2025-12-28GitHub
0
0
Medium Cost
harshv2013 icon

claude-mcp-servers

by harshv2013

Sec9

Provides Model Context Protocol (MCP) servers for Claude Desktop, enabling secure file system access and advanced mathematical calculations.

Setup Requirements

  • ⚠️Requires macOS and Claude Desktop application.
  • ⚠️Requires Python 3.10+.
  • ⚠️Manual configuration of Claude Desktop's `claude_desktop_config.json` with absolute paths to the server scripts is required and can be error-prone.
  • ⚠️Currency exchange rates in the calculator are hardcoded (as of Jan 2025 approximations) and not real-time.
Verified SafeView Analysis
The File System server implements robust path validation checks (e.g., `path.resolve().startswith(ALLOWED_DIR.resolve())`) for all file operations (read, write, search, stats). This is crucial and effectively prevents directory traversal attacks, limiting file access and modification to the `test_files` directory (or a user-configured directory). The `write_file` tool is exposed, allowing an agent to create/modify files within the allowed directory, which is an intended but powerful capability. The Calculator server is purely computational, using standard Python `math` functions and explicit arithmetic operations without `eval` or dynamic code execution, making it inherently safe. There are no obvious hardcoded secrets or network risks beyond standard MCP (stdin/stdout) communication. The `factorial` tool has a maximum input limit (n<=20) to prevent resource exhaustion.
Updated: 2026-01-18GitHub
0
0
Medium Cost
Maxbleu icon

MCP-F1data

by Maxbleu

Sec1

Provides a Model Context Protocol (MCP) server to allow LLMs like Claude to interact with Formula 1 data through a set of Python tools.

Setup Requirements

  • ⚠️Requires Claude Desktop application to be installed and configured with the MCP server entry in its `claude_desktop_config.json` file.
  • ⚠️Requires Python 3.12 or newer to run the server.
  • ⚠️Relies on several environment variables (`JWT_TOKEN`, `APIF1DB_PRIVATE_NETWORK_BASE_PATH`, `PUBLIC_KEY`, `ALGORITHM`) for API authentication and endpoint configuration, which must be correctly set.
Review RequiredView Analysis
The `ExecutionTools.execute_code` function uses `exec(code, env, local_env)` to execute arbitrary Python code. If the LLM is prompted by a malicious actor to generate harmful code, this could lead to critical Remote Code Execution (RCE) vulnerabilities on the host system. While environment variables are used for sensitive API keys (e.g., `JWT_TOKEN`), the direct execution of arbitrary code from potentially untrusted LLM outputs presents a severe risk.
Updated: 2025-12-20GitHub
0
0
Low Cost
Pratham-Prog861 icon

mcp-code-analyzer

by Pratham-Prog861

Sec9

Analyzes JavaScript/TypeScript code quality in real-time, providing linting suggestions via both a Model Context Protocol (MCP) server and a standalone HTTP API.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Initial setup requires 'npm install' to fetch dependencies.
  • ⚠️For MCP integration with Claude Desktop, the absolute path to 'index.js' needs to be configured manually.
Verified SafeView Analysis
The server performs static code analysis using ESLint on user-provided code. It does not execute the input code, significantly reducing dynamic execution risks (e.g., no 'eval' or direct arbitrary code execution). No hardcoded secrets or obvious malicious patterns are present. Input sanitization is inherently handled by ESLint's static analysis process. The risk is very low.
Updated: 2025-12-02GitHub
0
0
Medium Cost
repkam09 icon

repka-lifeforce

by repkam09

Sec3

A modular REST API server providing an AI conversational assistant, server utilities, weather, music playback information, and media management.

Setup Requirements

  • ⚠️Requires a Temporal cluster for workflow management.
  • ⚠️Requires a Supabase instance for user authentication and database operations.
  • ⚠️Requires multiple external API keys for services like OpenAI, Brave Search, OpenWeatherMap, and Last.fm (many are paid services).
  • ⚠️Requires Docker and Docker Compose for easy setup and development.
Review RequiredView Analysis
1. Critical Directory Traversal Vulnerability: The `backend_helper/repcast.php` script, which is actively deployed by the project's helper scripts, directly concatenates user-controlled base64-decoded input (`$urlparam`) into the directory path without sanitization. This allows an attacker to list and potentially read arbitrary files outside the intended `repcast` directory (e.g., `?dir=Lw==` would decode to `/`). 2. Static Authentication Token: The system relies on a single, static `LIFEFORCE_AUTH_TOKEN` for general API authorization. If this token is compromised, an attacker gains full access to all endpoints protected by this mechanism, with no expiry or user-specific revocation capabilities. 3. Potential Command Injection in RepCast Torrent Add: While magnet links are base64-decoded, if the `transmission` library (used for adding torrents) doesn't adequately sanitize or escape shell commands embedded within a malformed magnet link, this could lead to command injection on the server running Transmission. This is a hypothetical risk depending on the `transmission` library's internal robustness. 4. Sensitive Data in Logs: Logging webhook request bodies and query parameters directly (`/api/webhook/log`) could expose sensitive information (e.g., passwords, API keys) if clients send such data to these endpoints. 5. Misconfiguration Risk: Plugins like Home Assistant and Weather rely on API keys/URLs from environment variables. A misconfigured or malicious URL could lead to Server-Side Request Forgery (SSRF) if not properly vetted by an administrator.
Updated: 2026-01-07GitHub
0
0
Medium Cost
miho icon
Sec6

Provides an MCP server and GUI for managing, configuring, and executing UG4 Lua simulation scripts by interacting with an external UG gRPC server.

Setup Requirements

  • ⚠️Requires an external UG gRPC server to be running (default localhost:50051) for script analysis and execution.
  • ⚠️Requires the UG4 `ugshell` executable (UG4 simulation software) to be installed and configured in the application.
  • ⚠️The `ughub` launcher in the macOS DMG requires Python 3.x to be installed.
  • ⚠️On macOS, users are advised to run a 'Fix Security.command' (using `xattr -cr`) to bypass Apple's Gatekeeper security warnings for unsigned applications.
Verified SafeView Analysis
The application runs a Model Context Protocol (MCP) server that can be exposed via HTTP (default port 7072) or STDIO. This server allows external clients (like AI agents) to perform actions such as searching scripts, getting script schemas, loading scripts, setting parameters, and executing scripts. While argument passing to the underlying 'ugshell' process is done via `ProcessBuilder` (which mitigates direct shell command injection via parameter values), the server itself provides capabilities for arbitrary script execution. If the HTTP server is exposed to an untrusted network without additional authentication or authorization, it presents a significant security risk, as it grants full control over the execution environment. The `create-dmg.sh` script, intended for macOS distribution, includes a 'Fix Security.command' that uses `xattr -cr` to remove macOS quarantine flags, advising users to disable a system security feature.
Updated: 2025-12-14GitHub
0
0
Medium Cost
oychao1988 icon

mcp-server-doubao

by oychao1988

Sec6

An MCP server that provides comprehensive image and video generation capabilities using Doubao AI models (Seedream for images, Seedance for videos), designed for integration with clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires an `ARK_API_KEY` obtained from the Volcengine Ark console (potentially a paid service).
  • ⚠️Primarily designed for integration with Claude Desktop, requiring specific `claude_desktop_config.json` setup.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The `download_image` tool's handler uses `path.resolve` and `fs.writeFile` with a user-provided `filePath`. This creates a potential path traversal and arbitrary file write vulnerability if an attacker can control the `filePath` parameter, allowing files to be written outside intended directories (e.g., to sensitive system locations) on the server's host machine. The server relies on an external API key (ARK_API_KEY) which is correctly loaded from environment variables, preventing hardcoded secrets.
Updated: 2026-01-17GitHub
PreviousPage 355 of 713Next