Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
111031075jack icon

mcp-server-9090

by 111031075jack

Sec9

Provides a shopping cart and inventory management service designed to be exposed as tools for an AI orchestrator or LLM.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) to compile and run.
  • ⚠️Intended for integration with a Spring AI orchestrator/LLM to utilize its '@Tool' annotated methods.
Verified SafeView Analysis
The provided source code is clean, without 'eval', obfuscation, or hardcoded secrets. It implements simple in-memory data structures for product catalog and cart. There are no direct database interactions shown. As a Spring Boot application, standard web security practices (authentication, authorization, advanced input validation) would be necessary for a production environment, but are not within the scope of the provided snippets.
Updated: 2025-12-13GitHub
0
0
Medium Cost
ywatanabe1989 icon

sci-writer

by ywatanabe1989

Sec3

Manages and compiles scientific LaTeX manuscripts, including content creation, document analysis, versioning, and background job processing for AI assistants.

Setup Requirements

  • ⚠️Requires the `fastmcp` Python package.
  • ⚠️Requires a full LaTeX distribution (e.g., `texlive-full`, ~5GB) OR a container runtime (`Apptainer`/`Singularity`).
  • ⚠️Requires `bibtexparser`, `rich`, `click`, `pydantic` Python packages.
Review RequiredView Analysis
The server enables LaTeX's `\write18` (shell escape) feature during compilation (`pdflatex -shell-escape` in compilation scripts). This means that any content submitted to section/figure/table handlers by an AI agent (or other client) can potentially execute arbitrary shell commands if it contains `\write18{malicious_command}`. While designed for trusted AI agents creating LaTeX content, this is a severe code execution vulnerability if deployed in an untrusted environment or if the AI agent itself is compromised. Pydantic validation for input content ensures type safety but does not filter for potentially malicious LaTeX commands. Direct `eval` calls in shell scripts are used with internally constructed commands, which reduces direct command injection risk through function arguments, but the `\write18` vector remains. The system also pulls external containers and packages, which introduces supply chain risks.
Updated: 2026-01-18GitHub
0
0
High Cost
OI-OS icon
Sec9

A vivid backend for AI agents, providing persistent memory, sophisticated task planning, a codebase knowledge graph, and semantic understanding to power intelligent workflows like code review and project management.

Setup Requirements

  • ⚠️Requires Google Gemini API Key (Paid Service)
  • ⚠️Requires Tavily Search API Key (Paid Service)
  • ⚠️Specific client-side configuration needed for full OI OS integration (see OI.md)
Verified SafeView Analysis
The server demonstrates strong security practices including: reading API keys from environment variables, extensive input validation (Ajv schemas) for tool arguments, robust path sanitization and containment checks to prevent path traversal, and the use of prepared statements for SQLite database interactions. While a fully exhaustive audit would require reviewing all dependencies and the complete `DatabaseUtilityService` implementation, the patterns observed in the provided snippets indicate a high level of security awareness. No direct `eval` or uncontrolled command execution from user input was identified.
Updated: 2025-11-23GitHub
0
0
Low Cost
kazheko icon

db-mcp-server

by kazheko

Sec9

Hosts a Model Context Protocol (MCP) server exposing a stubbed MSSQL query tool for structural data previewing to LLM clients.

Setup Requirements

  • ⚠️Node.js 20.x required
Verified SafeView Analysis
The server explicitly uses a `StubMssqlAdapter` which is designed to never open network sockets or use credentials, mitigating direct database access risks. Input SQL queries are only used for string matching (`includes`) to select templates or simulate errors, not for direct execution. No 'eval' or similar dangerous dynamic code execution patterns are observed. The `StdioServerTransport` implies IPC communication rather than open network ports. The primary dependency `@modelcontextprotocol/sdk` handles core server logic and may involve `cross-spawn` for process management, which is typical for SDKs but not directly controlled by this server's specific implementation with user input.
Updated: 2025-12-01GitHub
0
0
Medium Cost
NNSTD-cloud-ru-hack-2025 icon

ymetrika-mcp

by NNSTD-cloud-ru-hack-2025

Sec9

This server provides a Model Context Protocol (MCP) interface to Yandex Metrika, enabling tools to query analytics data, generate reports, and access insights.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️YANDEX_API_KEY environment variable is critical for Yandex Metrika tools functionality and is enforced in production mode.
  • ⚠️Requires 'uv' or 'pip' for dependency management. 'uv' is recommended.
Verified SafeView Analysis
All sensitive configurations, like the YANDEX_API_KEY, are managed via environment variables. The Dockerfile is configured to run the application as a non-root user (UID 1000), significantly reducing the blast radius in case of a container compromise. Input parameters are validated using Pydantic, which helps mitigate common injection vulnerabilities. OpenTelemetry tracing is implemented, and while the OTEL_ENDPOINT is configurable, this is a standard pattern for observability rather than a direct security flaw in the application's core logic. There are no obvious 'eval', obfuscation, or direct malicious patterns in the provided source code.
Updated: 2025-12-12GitHub
0
0
Medium Cost
CodeProcessor icon

mcp-server

by CodeProcessor

Sec6

Provides optical character recognition (OCR) capabilities for images, either from base64 encoded strings or remote URLs.

Setup Requirements

  • ⚠️Requires Python 3.13+ for the Tesseract OCR server (the weather server requires Python 3.12+).
  • ⚠️The Tesseract OCR engine must be installed on the host system and available in the system's PATH, as 'pytesseract' is only a Python wrapper.
  • ⚠️Requires 'uv' package manager for dependency installation and running the server.
Review RequiredView Analysis
The 'ocr_image_from_url' function fetches images from arbitrary HTTP/HTTPS URLs. This poses a Server-Side Request Forgery (SSRF) risk, allowing a malicious actor to potentially scan internal networks or access internal services if the URL is not sufficiently validated. While 'httpx' includes timeouts and redirect following, it doesn't mitigate the core SSRF vulnerability. Temporary files created for OCR are cleaned up. No 'eval' or hardcoded secrets were found.
Updated: 2025-12-10GitHub
0
0
Low Cost
elcometestemail7-ui icon

test_mcp_server

by elcometestemail7-ui

Sec1

Cannot determine the use case as no source code was provided for analysis. Analysis is based solely on the project name 'MCP Server', which could imply a server related to the Minecraft Coder Pack or a similar game/development context.

Setup Requirements

  • ⚠️No source code provided, making it impossible to identify specific requirements, dependencies, or potential friction points for setup.
  • ⚠️Running this server without source code inspection is extremely risky and not recommended due to unverified security and unknown functionality.
Review RequiredView Analysis
A critical security audit cannot be performed as no source code was provided. Running any server or application without inspecting its source code is highly dangerous and poses severe security risks, including potential for malicious activity, data breaches, or system compromise. No known 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns can be identified or ruled out due to the absence of code. Therefore, it is considered extremely unsafe.
Updated: 2025-12-03GitHub
0
0
Medium Cost
brutalzinn icon

simple-mcp-selenium

by brutalzinn

Sec7

Automates browser interactions, web testing, and data extraction using Selenium, enabling programmatic control of web pages and access to browser developer tools.

Setup Requirements

  • ⚠️Requires Google Chrome browser installed on the host system.
  • ⚠️Requires a compatible ChromeDriver executable, which the `postinstall` script attempts to download but can be a point of failure depending on the OS and system tools (e.g., 'unzip', 'powershell').
  • ⚠️Tools saving files (like `take_screenshot`) prioritize `CURSOR_PROJECT_DIR`, `CURSOR_WORKSPACE_ROOT`, `WORKSPACE_ROOT`, or `PWD` environment variables to determine the project root. If these are not set, it defaults to `process.cwd()`, which might not be the user's intended project directory.
Verified SafeView Analysis
The server allows execution of arbitrary JavaScript within the browser context via the `execute_script` tool. While sandboxed within the browser, untrusted scripts could perform actions like data exfiltration from visited websites or malicious DOM manipulation. This is an inherent risk of browser automation tools that expose such functionality. The `dev_tools` tool also injects JavaScript for logging and network monitoring, which is standard for its purpose but extends browser control. No direct server-side 'eval' of untrusted input or hardcoded secrets were found.
Updated: 2025-11-20GitHub
0
0
Medium Cost
ngr-drm icon
Sec8

Exposes support case retrieval functionality via an MCP server, interacting with a backend 'BX API' to fetch and format case data.

Setup Requirements

  • ⚠️Requires a local HTTP server to be running on `http://localhost:3000` that exposes a `/cases` endpoint to provide support case data.
Verified SafeView Analysis
No 'eval' or code obfuscation found. The 'API_BASE' for the BX API is hardcoded to `http://localhost:3000`, which is not a secret, but typically should be configurable via environment variables in a production setup. The server relies on an external local HTTP service for its data, so the security of that external service is paramount. The server itself does not introduce obvious new vulnerabilities.
Updated: 2025-11-23GitHub
0
0
Low Cost
TahaHussein-dotcom icon

mcp-encrypted-sqlite

by TahaHussein-dotcom

Sec6

To provide secure and encrypted data storage for a Minecraft-related application or server using SQLite.

Setup Requirements

  • ⚠️Requires SQLite library installation and configuration.
  • ⚠️Encryption key management will be critical for secure operation.
  • ⚠️Likely requires integration with a Minecraft server or client to be functional.
Review RequiredView Analysis
Source code is unavailable for full review, preventing a comprehensive audit for 'eval', obfuscation, hardcoded secrets, or specific network risks. The 'encrypted' aspect suggests a focus on data security at rest, but implementation details for runtime security, dependency vetting, and potential vulnerabilities (e.g., SQL injection, key management practices) cannot be assessed.
Updated: 2026-01-19GitHub
0
0
Medium Cost
yeshsurya icon
Sec8

Provides AI assistants with comprehensive access to React Flow components, hooks, types, utilities, examples, and documentation via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️For Microsoft Copilot Studio deployment, an external hosting service with Streamable HTTP transport (e.g., Azure, AWS) and proper configuration (authentication) is required, as the server's default transport is stdio.
Verified SafeView Analysis
The server includes Zod for robust input validation and `sanitizeString` to mitigate potential injection risks in textual outputs. It primarily uses StdioServerTransport, reducing direct network exposure in its default run mode. No hardcoded secrets or direct `eval` calls are identified. While it relies on external data (React Flow definitions), these are hardcoded within the server, preventing external data injection. Deployment to HTTP transport (e.g., for Copilot Studio) would introduce standard web security considerations (authentication, HTTPS, rate limiting) which are external to this specific server's code but mentioned as requirements.
Updated: 2025-11-22GitHub
0
0
Medium Cost
jhigh1594 icon
Sec7

An MCP server to integrate AI agents with the AgilePlace project management platform, providing tools for board, card, OKR, and activity management.

Setup Requirements

  • ⚠️Requires an active AgilePlace account and generating an API token (commercial product).
  • ⚠️OKR features rely on an external Planview API endpoint specified by `OKRS_API_BASE_URL` (defaulting to `https://api.pv-platforma.xyz/api`), implying an external dependency or service.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Designed for interaction with an MCP-compatible client like Claude Desktop.
Verified SafeView Analysis
The server utilizes environment variables for sensitive API credentials (AGILEPLACE_DOMAIN, AGILEPLACE_API_TOKEN), which is a good practice. It handles API communication via HTTPS with httpx. Input parameters that are expected to be complex structures (like lists or dictionaries) are received as JSON strings and then parsed using `json.loads`. While `json.JSONDecodeError` is caught, the parsed dictionaries are then passed directly to underlying API client methods without extensive internal schema validation for all possible fields within the `server.py` wrappers. This shifts the responsibility for validating the *content* of these dynamic inputs primarily to the backend AgilePlace and OKR APIs. The OKR API interactions use GraphQL, which typically provides some inherent protection against SQL injection when variables are used correctly with parameterized queries, as appears to be the case here. No explicit `eval()` or obfuscation is observed. The `okr_activities.py` module uses Pydantic models for stricter input validation for some actions, which is a positive. The main security concern is the direct passing of parsed JSON dictionaries without strong internal schema validation for *all* possible fields in `server.py` wrappers, which could forward unexpected or malformed data to the backend APIs if they are vulnerable.
Updated: 2025-12-15GitHub
PreviousPage 357 of 713Next