Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse Directory Why Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:

SORT:

Vetted Servers(8554)

Medium Cost

devserver-mcp

by Uninen

Sec8

Manages and controls local development servers and browser automation through a TUI and Model Context Protocol (MCP) for LLM-assisted development workflows.

Setup Requirements

⚠️Requires Python 3.13+.
⚠️Uses `uv` for dependency management.
⚠️Playwright must be manually installed (`uv add playwright && playwright install`) if experimental browser automation features are enabled.
⚠️Requires a `devservers.yml` configuration file in the project root.

Verified SafeView Analysis

The server binds to localhost by default, limiting network exposure. Subprocesses are executed using `asyncio.create_subprocess_shell` (`shell=True`), which can be a shell injection risk if the `command` field in `devservers.yml` is populated from an untrusted source. However, for a local development tool where the user controls the `devservers.yml` configuration, this risk is mitigated. The project roadmap indicates future plans to address command injection prevention for a web-based architecture.

Updated: 2026-01-18GitHub→

Low Cost

selenium

by SeaQLe

Sec6

Tool for extracting and patching proprietary Android vendor files for custom ROM development (LineageOS).

Setup Requirements

⚠️Requires `extract_utils` library to be present at `../../../tools/extract-utils`.
⚠️Requires `llvm_objdump` tool to be available in the system's PATH.
⚠️Requires proprietary Android vendor images/files for extraction and patching.

Verified SafeView Analysis

The script performs direct binary patching of system libraries and configuration files using AArch64 NOP instructions and symbol version clearing. While intended for legitimate custom ROM development, incorrect patches could lead to device instability or introduce vulnerabilities. It executes external commands (`llvm_objdump`). There are no obvious `eval` or hardcoded secrets.

Updated: 2025-12-12GitHub→

Low Cost

mcp-server-demo

by remcoboerma

Sec9

This server acts as an AI assistant tool provider (MCP server) offering calculator functions, data logging, and reporting capabilities via SQLite, demonstrating how AI can interact with external services.

Setup Requirements

⚠️Requires 'uv' for virtual environment and package management (`inv venv` and `inv install`).
⚠️Docker and Traefik (or a similar reverse proxy/SSL setup) are required for networked/production deployment using SSE transport.

Verified SafeView Analysis

The server correctly uses parameterized queries for SQLite operations, preventing SQL injection. It explicitly warns about user input validation for logging functions. The `test_sse.py` client disables SSL verification for `localhost` testing, with an explicit note to re-enable for production, which is a common and acceptable practice for local development.

Updated: 2025-11-20GitHub→

Low Cost

mcp-id-date

by gergelyszerovay

Sec9

Generates auto-incrementing unique hexadecimal identifiers and current ISO 8601 timestamps, serving as an MCP server tool.

Setup Requirements

⚠️Requires Node.js and pnpm (specified as pnpm@9.15.0+ in package.json) to be installed.
⚠️The default 'idCounterFile' path (/workspace/last-tag-id.txt) may not be writable or exist in all environments; users might need to specify a custom path using '--idCounterFile'.
⚠️Enabling HTTP (--enableHttpTransport) or REST (--enableRestServer) servers might lead to port conflicts on default ports (3001 and 3002 respectively) if other services are already using them.

Verified SafeView Analysis

The server implements input validation using Zod schemas for its tools and includes error handling. No 'eval' or direct remote code execution vectors are apparent. File persistence for the ID counter stores only a number, not sensitive data. While the 'idCounterFile' path is configurable, potentially allowing misuse if pointed to sensitive locations by a malicious actor with elevated privileges, the default path is within a workspace, limiting immediate risk. Overall, it appears to follow good security practices for its intended functionality.

Updated: 2025-12-10GitHub→

Low Cost

VLArm

by gconsigli

Sec8

Enables a physical robotic arm (SO-101) to be controlled by a local Large Language Model via the Model Context Protocol (MCP) for autonomous, language-based task execution.

Setup Requirements

⚠️Requires Ollama to be installed and the 'qwen2.5' model to be running locally.
⚠️Requires the Phosphobot API to be downloaded and running locally.
⚠️Requires Python 3.13 or higher.

Verified SafeView Analysis

The server primarily acts as a proxy, forwarding commands from a local LLM to a locally-running Phosphobot API. It uses hardcoded local URLs and a default robot ID (0), which is safe for local operation. No dynamic code execution (e.g., 'eval') or obvious injection vulnerabilities were found in the provided code. The primary risk would stem from vulnerabilities within the local Phosphobot API itself or if the local 'localhost' endpoint is inadvertently exposed externally.

Updated: 2025-11-29GitHub→

Medium Cost

wincher-mcp-server

by chris-tutt

Sec9

Integrates Wincher's SEO API with Claude Desktop to allow natural language querying and analysis of SEO data.

Setup Requirements

⚠️Requires Python 3.10+
⚠️Requires Claude Desktop app to function
⚠️Requires a Wincher account with API access (likely paid)
⚠️API key must be configured in Claude Desktop's JSON config file, not a standard .env file.

Verified SafeView Analysis

The server uses `os.getenv` for the API key, preventing hardcoding. It relies on the Wincher API for data and does not appear to execute arbitrary commands or access local files beyond its script. Network requests are made via `httpx`, which is a standard library. There's no clear 'eval' or other directly exploitable code patterns. The main risk lies in the API key exposure if the configuration file is not secured, which the README warns against.

Updated: 2025-11-24GitHub→

Medium Cost

switch-mcp-server

by DistributorX

Sec9

Provides comprehensive Enfocus Switch scripting documentation via MCP to AI assistants for development and context-aware help.

Setup Requirements

⚠️Requires Node.js runtime (v12+).
⚠️Manual JSON configuration in AI client settings (e.g., Claude Desktop, Cursor) is required.
⚠️If not using 'npx', a build step ('npm run build') is needed to compile TypeScript to JavaScript before running.

Verified SafeView Analysis

The server operates over stdin/stdout (stdio) primarily, limiting direct network attack vectors. It has zero external runtime dependencies, relying only on Node.js built-ins. Crucially, it implements robust path sanitization (uriToPath, sanitizeUri, abs.startsWith(DOC_ROOT)) to prevent directory traversal attacks when reading resources. JSON parsing includes error handling. There are no signs of 'eval' usage, arbitrary command execution from user input, or hardcoded secrets. The only minor potential risk could be denial-of-service if very large documentation files are repeatedly requested via 'resources/read' or 'search_docs' leading to high memory/CPU usage, but this is inherent to serving large documents and mitigated by the application's single-threaded Node.js nature and typical MCP client behavior.

Updated: 2025-11-26GitHub→

Low Cost

yt-mcp-server

by alanhc

Sec9

A Model Context Protocol (MCP) server that enables MCP clients (like ChatGPT, Claude Desktop, or other LLM applications) to control and create n8n workflows through standardized tool interfaces.

Setup Requirements

⚠️Requires a running n8n instance with API access.
⚠️Requires an n8n API Token (Bearer token) for authentication.
⚠️Requires Python 3.10 or higher.

Verified SafeView Analysis

The server correctly loads API tokens from environment variables, preventing hardcoded secrets. It utilizes httpx for asynchronous HTTP requests to the n8n API, handling timeouts and error responses. The FastMCP server implementation includes explicit TransportSecuritySettings for allowed hosts and origins, enhancing network security when deployed behind a reverse proxy. Input validation ensures that the 'workflow' parameter is a dictionary, but deep content validation for the n8n workflow definition itself is not performed by the proxy, relying on the n8n API for that. No 'eval' or direct arbitrary shell command execution patterns were found in the Python code.

Updated: 2025-12-10GitHub→

Medium Cost

ro-crate-mcp-server

by johannehouweling

Sec9

Server for indexing and querying Research Object (RO-Crates) using pluggable storage backends and offering keyword and semantic search capabilities.

Setup Requirements

⚠️Requires Python 3.12 or newer.
⚠️Requires configuration for a storage backend (Filesystem, Azure Blob Storage, or HTTP) to be fully functional, otherwise defaults to no backend.
⚠️Semantic search requires an embeddings provider (e.g., a local SentenceTransformer model or an external service like OpenAI), which can incur computational or monetary costs.

Verified SafeView Analysis

The codebase demonstrates good security practices for preventing common vulnerabilities: 'pydantic-settings' with 'SecretStr' is used for sensitive environment variables like API keys. Filesystem and HTTP storage backends include explicit path traversal prevention checks. The zip file extraction utility (`zip_reader.py`) also safely extracts members, mitigating 'zip slip' vulnerabilities. SQL queries in `sqlite_store.py` use parameter binding to prevent SQL injection. The custom query parser and FTS interaction appear to correctly use parameterized queries for SQLite FTS, reducing injection risk. No 'eval' or direct shell command execution with unsanitized user input was observed.

Updated: 2025-12-09GitHub→

Medium Cost

mcp-gitlab-mcp-server

by bioanywhere

Sec9

Integrate an AI assistant with GitLab to manage merge requests, CI/CD pipelines, code reviews, and discussions.

Setup Requirements

⚠️Requires a GitLab Private Access Token with appropriate permissions.
⚠️Requires a specific GitLab Project ID to be configured.
⚠️Requires Python 3.10+ and all dependencies listed in pyproject.toml to be installed within a virtual environment.

Verified SafeView Analysis

The server securely handles GitLab access tokens by requiring them as environment variables, preventing hardcoding. It uses `aiohttp` for asynchronous HTTP requests to the GitLab API, which is a standard and secure practice. There is no usage of 'eval' or other directly dangerous functions. Input validation is handled at the tool schema level, and basic error handling is present. Further hardening could involve more granular access control if the server is exposed to untrusted clients, but for its intended use case, it is well-implemented.

Updated: 2025-12-10GitHub→

High Cost

claude-code-settings

by IrfanThomson

Sec3

Manages and synchronizes global configuration settings for Claude Code, including multi-agent setup and secure secrets management across different machines.

Setup Requirements

⚠️Requires `claude-code` CLI tool to be installed globally (via npm).
⚠️Requires `python3` and `openssl` for secrets management scripts.
⚠️Grants broad `sudo` and `docker` permissions to the Claude Code agent, posing a significant security risk that must be carefully reviewed and potentially restricted.
⚠️Requires separate installations for MCP servers like Obsidian MCP (e.g., `uvx obsidian-mcp`) and Docker for Atlassian MCP.
⚠️Requires API keys for Jules (Google) and potentially Jira/Confluence credentials (paid services).

Review RequiredView Analysis

CRITICAL RISK: The `settings.local.json` file grants very broad `Bash` permissions to the Claude Code agent, including `Bash(sudo systemctl start:*)`, `Bash(sudo usermod:*)`, and `Bash(sudo -S docker:*)`. Granting `sudo` permissions to an AI agent is a severe security vulnerability, as a compromised agent or successful prompt injection could lead to arbitrary command execution with root privileges on the host system. This poses an extreme risk of system compromise. A minor concern is the hardcoded `OBSIDIAN_REST_API_KEY` and `OBSIDIAN_URL` in `obsidian-mcp-config.json`, which is committed publicly, though it appears to be for local access and potentially a placeholder. The secrets management system itself (encryption/decryption scripts) is well-designed using OpenSSL and explicitly avoids committing plaintext secrets.

Updated: 2025-12-13GitHub→

Low Cost

demos-ros-mcp-server

by robotmcp

Sec8

Control a Tugbot mobile robot in a simulated warehouse environment using natural language via an AI LLM and the ROS-MCP server.

Setup Requirements

⚠️Requires Ubuntu 22.04 LTS and ROS 2 Humble due to Gazebo compatibility and ROS distribution.
⚠️Specific ROS 2 packages (`ros-humble-ros-gz`, `ros-humble-rosapi`, `ros-humble-rosbridge-server`) must be installed via `apt`.
⚠️Uses `uv` for Python environment management, and ROS system bindings must be installed into the virtual environment.

Verified SafeView Analysis

The system uses `ExecuteProcess` to launch Gazebo, which is standard but could be a vector for injection if inputs were user-controlled (not the case here with fixed commands). The `rosbridge_websocket` node opens a network port (default 9090) without explicit authentication in this configuration, which is expected for its function but represents a network ingress point. In a non-isolated environment, this could pose a risk if not properly secured via firewalls or network segmentation. No hardcoded secrets or obvious malicious patterns were found in the provided code.

Updated: 2025-12-08GitHub→

PreviousPage 361 of 713Next