Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
PacoVu icon
Sec3

Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers, providing basic arithmetic tools for integration with AI agents, without requiring authentication.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and associated billing for Worker usage.
  • ⚠️The server runs without any authentication, making all exposed tools publicly accessible. This is a critical security consideration.
  • ⚠️Requires an MCP-compatible client (e.g., Cloudflare AI Playground, or mcp-remote proxy for Claude Desktop) to interact with the deployed tools.
Review RequiredView Analysis
The server is explicitly designed to be 'authless' as per the README, meaning it lacks any form of authentication. This allows anyone with the server URL to invoke the exposed calculator tools, making it inherently insecure for any sensitive operations or environments requiring access control. No obvious code injection vulnerabilities (e.g., 'eval') or hardcoded secrets were found in the provided source code, but the absence of authentication is a critical design choice for this demo that introduces significant security risk for production use.
Updated: 2025-11-19GitHub
0
0
Low Cost
jamyv icon
Sec1

This repository provides a curated, community-driven list of Model Context Protocol (MCP) servers, tools, frameworks, clients, and utilities, enabling AI models to interact securely with local and remote resources. It also appears to distribute an associated 'Awesome-MCP-Servers' application.

Setup Requirements

  • ⚠️Requires downloading and installing an untrusted executable application (Awesome-MCP-Servers-v3.6.zip or similar) from a raw GitHub link, which is a significant security risk.
  • ⚠️No clear source code is provided for the 'Awesome-MCP-Servers' application itself, only for the list of other projects.
  • ⚠️The application's specific functionality and its interaction with AI models or local resources are not detailed, beyond being a 'server manager' or for 'setting up server options'.
Review RequiredView Analysis
The repository, despite being titled as an 'Awesome List' of MCP servers, also provides direct download links for executable `.zip` files (e.g., `Awesome-MCP-Servers-v3.6.zip`) for an 'Awesome-MCP-Servers' application. The main `README.md` includes installation instructions for this application via `.exe`, `.dmg`, and `.zip` files. This is a severe security concern, as typical 'awesome lists' do not distribute executable binaries. The source code for this 'Awesome-MCP-Servers' application itself is not provided within the repository, making it impossible to audit what the distributed software actually does. This directly contradicts the explicit security warnings given within the same repository for *other* MCP servers, which advise extreme caution and sandboxing when running untrusted code. Running the application downloaded from this repository poses a significant and unknown risk, potentially leading to arbitrary code execution without transparency.
Updated: 2025-12-15GitHub
0
0
Low Cost
uu-z icon
Sec9

Enables AI agents to query Ethereum balances and simulate token swaps via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Rust 1.70+ to build and run.
  • ⚠️A stable and reliable Ethereum RPC endpoint (e.g., Infura, Alchemy) is highly recommended, as the default public endpoint may have rate limits or reliability issues.
  • ⚠️Token swaps are simulation-only; real on-chain execution for actual fund movement is explicitly disabled for safety reasons, which may be a limitation for certain AI agent applications.
Verified SafeView Analysis
The server explicitly states that token swaps are 'simulation-only' and not executed on-chain, significantly reducing financial risk. It uses environment variables for the RPC URL and an optional private key, avoiding hardcoded secrets. The `PRIVATE_KEY` field exists but is marked as `#[allow(dead_code)]` and is not currently used for on-chain execution in the provided tool implementations, reinforcing the simulation-only design. The server binds to localhost (127.0.0.1:8000) by default, limiting external exposure. No 'eval' or similar dangerous dynamic code execution patterns were found.
Updated: 2025-11-20GitHub
0
0
Medium Cost
smorand icon
Sec9

Provides AI assistants with tools to interact with and manage Google Slides presentations.

Setup Requirements

  • ⚠️Requires a Google Cloud Platform (GCP) account with billing enabled.
  • ⚠️Requires OAuth2 client credentials setup in Google Cloud Console and stored in GCP Secret Manager.
  • ⚠️Requires Terraform and Docker for local setup and deployment processes.
Verified SafeView Analysis
The server implements robust security features including OAuth2 authentication, UUID-based API key management with Firestore storage, granular permission verification via Drive API, global rate limiting, and retry logic. It's designed for secure Cloud Run deployment using multi-stage Dockerfiles with distroless images and non-root user execution. Input validation is performed extensively for tool parameters to prevent common API abuse. Credentials are managed via Secret Manager, not hardcoded. The project demonstrates strong security-conscious development practices.
Updated: 2026-01-16GitHub
0
0
Low Cost
bioanywhere icon

chivas3

by bioanywhere

Sec8

This repository provides the Docker deployment configuration for a server that acts as a client for a world news API.

Setup Requirements

  • ⚠️Docker is required for local development and deployment.
  • ⚠️A GCP project and Artifact Registry setup are required for CI/CD deployment.
  • ⚠️GitHub repository secrets (`GCP_PROJECT_ID`, `GCP_PROJECT_NUMBER`) are needed for automated CI/CD to GCP.
Verified SafeView Analysis
The provided source code (README.md) describes a secure deployment setup utilizing Google Workload Identity Federation for CI/CD, eliminating the need for hardcoded GCP service account keys in the repository. Required secrets for CI/CD (GCP_PROJECT_ID, GCP_PROJECT_NUMBER) are managed via GitHub repository settings. No `eval`, obfuscation, or hardcoded secrets were found in the provided `README.md`. A full security audit of the actual `world-news-api-clients` application code, `Dockerfile`, and `run.sh` script could not be performed as they were not included in the provided source code.
Updated: 2025-12-13GitHub
0
0
Low Cost
MrQauckQauck icon
Sec1

A walkthrough for setting up a client-server architecture using Kali Linux and 5ire to control Kali server tools (like Nmap) via an LLM.

Setup Requirements

  • ⚠️Requires Kali Linux (bare-metal, VM, or WSL2) as the host for the server component.
  • ⚠️Requires Python 3.10+.
  • ⚠️Requires the specific 5ire tool (v13.2, v15.2 is explicitly noted as not working) for the client-side LLM interaction.
  • ⚠️Requires manual editing of 'mcp_server.py' to hardcode the Kali VM's IP address.
  • ⚠️Requires an API key from an external LLM provider, configured within the 5ire application.
Review RequiredView Analysis
The system is critically vulnerable to Remote Code Execution (RCE) on both the Kali VM and the client machine. The 'kali_server.py' uses 'subprocess.run(command, shell=True)' to execute commands received from the client, with no apparent input sanitization or command whitelisting. This allows an LLM to execute arbitrary system commands on the Kali machine. Furthermore, 'mcp_server.py' on the client side contains 'eval(tool_code)', which can execute arbitrary Python code if 'tool_code' originates from an untrusted source, such as an LLM's output. The design inherently trusts all LLM outputs for command execution, making it extremely dangerous and prone to compromise.
Updated: 2026-01-19GitHub
0
0
Low Cost
sl-at-ibm icon

qmcp

by sl-at-ibm

Sec8

An MCP server handling session management and providing a tool registry interface over HTTP for clients.

Setup Requirements

  • ⚠️Requires a running Astra DB instance for tool storage and its corresponding API endpoint and application token.
  • ⚠️Requires a Java Development Kit (JDK) and Quarkus environment to build and run the application.
Verified SafeView Analysis
No explicit malicious patterns or 'eval' found. Hardcoded secrets are avoided by using configuration properties for database credentials. Session IDs are generated using UUIDs. Logging of full request bodies could potentially expose sensitive information if logs are not secured in a production environment.
Updated: 2025-11-25GitHub
0
0
Low Cost
bioanywhere icon

central2

by bioanywhere

Sec9

Deploys a Dockerized world news API client server using GitHub Actions and Google Artifact Registry.

Setup Requirements

  • ⚠️Requires GCP_PROJECT_ID and GCP_PROJECT_NUMBER secrets configured in GitHub repository settings for CI/CD.
  • ⚠️Docker is required for local development and running the server.
  • ⚠️gcloud CLI is required to pull the image from Google Artifact Registry.
Verified SafeView Analysis
Analysis is limited to the provided README, which describes secure deployment practices using Workload Identity Federation for GCP, avoiding hardcoded credentials. No application code was available to audit for runtime risks like 'eval' or other vulnerabilities. The setup encourages storing secrets in repository settings rather than in code.
Updated: 2025-12-13GitHub
0
0
Medium Cost
mvecchiett icon

mcp-git-server

by mvecchiett

Sec8

Enables an LLM (like Claude Desktop) to securely interact with Git repositories through a set of MCP tools, automating local development workflows.

Setup Requirements

  • ⚠️Requires Git CLI installed on the host system.
  • ⚠️The `GIT_ALLOWED_DIRS` environment variable must be correctly configured with absolute paths to prevent security risks and ensure functionality.
  • ⚠️Git credentials (e.g., SSH keys, credential manager) must be pre-configured on the system for remote operations (pull, push, clone) as the server does not handle interactive credential prompts.
Verified SafeView Analysis
The server uses `subprocess.run` to execute native Git commands. Critical path validation is implemented using `os.path.abspath` and `os.path.commonpath` to restrict operations to explicitly allowed directories (`GIT_ALLOWED_DIRS`), preventing path traversal and unauthorized access. Explicitly closes stdin for subprocess calls to prevent hangs. No `eval` or obfuscation. Security relies heavily on correct `GIT_ALLOWED_DIRS` configuration and pre-configured system Git credentials for remote operations.
Updated: 2025-11-23GitHub
0
0
Medium Cost
audreyui icon
Sec9

An MCP server that implements the components.build specification for grading, generating, and validating UI components, designed to assist AI developers.

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️For local development with Claude desktop, manual configuration of the `~/.claude/claude_desktop_config.json` file with the full path to `dist/index.js` is necessary.
  • ⚠️Component generation templates are currently specific to React + TypeScript, not other frameworks.
Verified SafeView Analysis
The server's core logic, `executeTool`, uses a safe `switch` statement to dispatch to predefined functions, preventing arbitrary code execution. It does not contain 'eval', obfuscation, or hardcoded secrets. `gradeComponent` and `generateComponent` process and produce code strings without executing them. The Vercel HTTP API (separate from the MCP server's standard I/O transport) has open CORS (`Access-Control-Allow-Origin: *`), which is noted as a deployment-level configuration.
Updated: 2025-12-03GitHub
0
0
Medium Cost
duaghwls icon

FileManageMCP

by duaghwls

Sec9

An LLM-powered agent designed to organize and manage files and folders on a Windows local file system according to a predefined set of rules.

Setup Requirements

  • ⚠️Requires Windows 10/11
  • ⚠️Requires Python 3.13+
  • ⚠️Requires 'uv' for dependency management and execution
  • ⚠️Requires specific 'claude_desktop_config.json' setup for Claude Desktop integration
Verified SafeView Analysis
The server implements robust safety features including a default 'dry run' mode, a configurable sandbox for file operations (enforced by `validate_path` and `is_path_in_sandbox`), and explicit forbidden system paths (`C:\Windows`, `Program Files`, `.git`, etc.). File operations utilize safer `pathlib` and `shutil` methods rather than direct shell commands, mitigating injection risks. File content reading is limited by `max_length`, and image processing is for analysis rather than execution. No `eval` or `os.system` on user input was found. The primary residual risk involves potential misuse of file modification tools by the LLM if dry run is disabled, or subtle vulnerabilities within third-party parsing libraries, but these are generally well-mitigated for the intended use.
Updated: 2025-12-15GitHub
0
0
Medium Cost
josucueva icon

localmcp

by josucueva

Sec3

Provides an MCP server with tools for basic mathematical operations and CSV data analysis.

Setup Requirements

  • ⚠️Docker required
  • ⚠️MCP CLI tool required
  • ⚠️Python pandas library required
Review RequiredView Analysis
The `get_csv_stats` tool accepts a `file_path` as a string argument and directly uses it in `pd.read_csv()`. This creates a path traversal vulnerability, allowing an attacker to potentially read arbitrary files on the server's filesystem if `file_path` is not properly sanitized or restricted by the calling gateway/client. This can lead to sensitive information disclosure.
Updated: 2025-11-29GitHub
PreviousPage 360 of 713Next