Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
miriamtoca-ui icon

notion-mcp-server

by miriamtoca-ui

Sec4

This server acts as a Model Context Protocol (MCP) endpoint, enabling agents to interact with Notion for document management, including creating, retrieving, and updating entries, and provides a direct `/ingest` endpoint for data entry.

Setup Requirements

  • ⚠️Requires NOTION_TOKEN environment variable (from a Notion integration).
  • ⚠️Requires NOTION_DATABASE_ID environment variable (from a Notion database, critical to avoid using hardcoded default).
  • ⚠️Requires a Notion integration to be set up with appropriate permissions to the target database(s).
Review RequiredView Analysis
No 'eval' or obfuscation was found. Secrets (NOTION_TOKEN) are intended to be loaded from environment variables. However, a critical flaw exists in `tools.js`: `NOTION_DATABASE_ID` has a hardcoded default value ('2b704d5815c48030bf12f039d1a06893') which will be used if the environment variable is not explicitly set. Although `server-http.js` logs a warning, the server will proceed to operate on this potentially unintended or public database. This poses a significant risk of data exposure or accidental writes to the wrong database. The `/mcp/call_tool` endpoint dynamically executes handlers, relying on input schema validation and Notion's API to prevent misuse, but still represents a broad attack surface if tool arguments can be crafted maliciously. The `/ingest` endpoint also accepts arbitrary JSON for Notion page creation.
Updated: 2025-12-10GitHub
0
0
Low Cost
like-a-freedom icon

rusty-intervals-mcp

by like-a-freedom

Sec9

An MCP server for Intervals.icu, enabling LLMs (like Claude and VSCode Copilot) to access and analyze athlete training data, wellness metrics, and performance.

Setup Requirements

  • ⚠️Requires a valid Intervals.icu API Key.
  • ⚠️Requires your Intervals.icu Athlete ID.
  • ⚠️Requires Rust 1.92+ and Cargo, or Docker, for execution.
Verified SafeView Analysis
The project demonstrates strong security practices: no hardcoded secrets (API keys and athlete IDs are environment variables), explicit input validation (date formats, empty queries), and robust webhook handling with HMAC-SHA256 verification and deduplication. The `CONTRIBUTING.md` reinforces security best practices by advising against storing secrets in the repository. Network security for remote deployment emphasizes TLS and an authentication layer, which is commendable.
Updated: 2026-01-18GitHub
0
0
Low Cost
Angelxd0714 icon

mcp-payment-server

by Angelxd0714

Sec1

Processes and manages financial payments within a server environment.

Review RequiredView Analysis
Cannot perform a comprehensive security audit as the source code was truncated and not provided for analysis. Given the name 'mcp-payment-server', it likely handles highly sensitive financial data, making a thorough security review critical but impossible with the provided information. No specific risks like 'eval', hardcoded secrets, or malicious patterns can be identified without access to the code.
Updated: 2025-11-23GitHub
0
0
Medium Cost
lightningfaucet icon

mcp-server

by lightningfaucet

Sec8

Enables AI agents to manage Bitcoin wallets on the Lightning Network, supporting payments, invoicing, and L402 protocol access for AI economic autonomy.

Setup Requirements

  • ⚠️Requires a Lightning Faucet API key, which can be obtained via self-registration using the `register_operator` tool, or pre-configured as an environment variable.
  • ⚠️Relies on the external Lightning Faucet service (lightningfaucet.com) for all transaction processing and wallet management.
  • ⚠️Requires Node.js version 18.0.0 or higher to run.
Verified SafeView Analysis
The server uses Zod for input validation, mitigating common injection risks. API keys are sourced from environment variables, which is a good practice for secret management. There is no direct use of 'eval' or similar dynamic code execution functions. The client makes secure HTTPS calls to the external 'lightningfaucet.com' API. Past security fixes (e.g., error exposure, XSS in webhook URLs) indicate a history of addressing vulnerabilities, improving confidence in current versions. Key security is largely dependent on the user's handling of the API key and recovery codes.
Updated: 2026-01-18GitHub
0
0
Low Cost
Sav1ouR520 icon
Sec8

Educational management for teachers, integrating with AI assistants via MCP to manage resources, create questions, and track tasks.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires authentication credentials (XIAOYA_ACCOUNT/XIAOYA_PASSWORD or XIAOYA_AUTH_TOKEN) to be set via environment variables or HTTP headers.
  • ⚠️Specifically designed for the '小雅智能教学平台' (xiaoya intelligent teaching platform) due to hardcoded API endpoints and client IDs.
Verified SafeView Analysis
No use of 'eval' or obvious code obfuscation. Network communication uses HTTPS. Authentication involves fetching and caching tokens, which is standard. Hardcoded URLs (fzrjxy.ai-augmented.com) and client/school IDs tie the server to a specific platform, which isn't a vulnerability per se but limits general applicability. Input validation via Pydantic models is present for tool arguments. File download uses URL quoting, reducing injection risk. Overall appears robust for its intended purpose.
Updated: 2025-11-22GitHub
0
0
Medium Cost
namphuongtran icon

mcp-server

by namphuongtran

Sec8

Provides a framework for managing, interacting with, and inspecting model context and related knowledge bases using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed.
  • ⚠️Requires `OUTLINE_API_KEY` environment variable.
  • ⚠️Requires `MCP_PROXY_AUTH_TOKEN` environment variable.
Verified SafeView Analysis
No obvious security risks in the provided `docker-compose.yml`. Secrets (`OUTLINE_API_KEY`, `MCP_PROXY_AUTH_TOKEN`) are passed via environment variables, not hardcoded. The security of the application code within the Docker images is not assessable from this file.
Updated: 2025-11-30GitHub
0
0
Low Cost
MagnusMax-tech icon

Kopi-af-MCP-server

by MagnusMax-tech

Sec7

A simple web application and API for students to view and sign up for extracurricular activities at a high school.

Setup Requirements

  • ⚠️Data is stored in-memory and will be reset when the server restarts.
  • ⚠️The provided `src/README.md` suggests running with `python app.py`, but a FastAPI application is typically run using Uvicorn, e.g., `uvicorn app:app --host 0.0.0.0 --port 8000` to start the server properly.
Verified SafeView Analysis
The application uses an in-memory database, which resets on server restart. No hardcoded secrets, 'eval', or obfuscation found. The frontend uses `innerHTML` to render activity details and participant emails. While not currently exploitable due to static data, dynamic user-controlled inputs rendered via `innerHTML` could pose an XSS risk. Lacks production-grade features like rate limiting, comprehensive input sanitization, and authentication/authorization.
Updated: 2025-11-25GitHub
0
0
Medium Cost
joelab1224 icon

mcp-server

by joelab1224

Sec1

A multi-tenant server designed to dynamically load, compile, and execute AI tools (like user profiling and text analysis) within a sandboxed environment, exposing them via an API.

Setup Requirements

  • ⚠️Requires MongoDB connection via MONGODB_URI and DATABASE_NAME environment variables.
  • ⚠️Default API_KEY and ADMIN_API_KEY environment variables are hardcoded ('dev-key-123', 'admin-key-123') and should be changed for production.
  • ⚠️Requires a modern Python version (likely 3.7+) due to asyncio usage.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `core/tool_compiler.py` explicitly allows `__import__` in the `safe_globals` dictionary passed to `exec`. This means a malicious tool can import and execute arbitrary Python modules (e.g., `os`, `sys`, `subprocess`) regardless of the `dangerous_patterns` regex, leading to remote code execution. This flaw is explicitly identified and warned against in `SECURITY_RECOMMENDATIONS.md` but not implemented in the provided compiler code. Additionally, hardcoded default values for `ADMIN_API_KEY` ('admin-key-123') and `API_KEY` ('dev-key-123') in environment variables pose a risk if not changed in production. The system lacks robust AST-based validation, bytecode inspection, resource monitoring, and subprocess isolation, all outlined as necessary improvements in the `SECURITY_RECOMMENDATIONS.md`.
Updated: 2025-11-27GitHub
0
0
Low Cost
bugzy-ai icon

jira-mcp-server

by bugzy-ai

Sec9

Enables AI assistants to interact with on-premise Jira Server deployments for issue management.

Setup Requirements

  • ⚠️Requires Node.js 20.0.0 or higher.
  • ⚠️Jira Server/Data Center 8.14+ is required for Personal Access Token (PAT) authentication; older versions necessitate less secure Basic Auth.
  • ⚠️Local development setup with 'npm run setup' requires Docker and manual steps for Jira license and administrator account creation on first run.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (PAT or Basic Auth) and performs input validation with Zod. It logs sensitive request/response data to a separate file only when a debug flag is enabled, preventing exposure via standard output. The use of Basic Authentication for older Jira versions is inherently less secure than PAT, but is a documented functional requirement and not a vulnerability in the server itself.
Updated: 2025-11-25GitHub
0
0
High Cost
Scarmonit icon
Sec2

Provides a multi-model AI prompt templating engine with variable substitution, orchestration, workflow automation, and cost optimization for various LLMs like Claude, GPT-4, Gemini, and Kimi.

Setup Requirements

  • ⚠️Requires API keys for Claude, GPT-4, Gemini, and Kimi (paid services).
  • ⚠️Requires YAML templates to be defined for prompt templating.
  • ⚠️Integration with an MCP server implies an external dependency or specific deployment environment.
Review RequiredView Analysis
Cannot perform a comprehensive security audit as only the README.md file was provided for 'SOURCE CODE'. No executable code, dependencies, or configuration files were available to check for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. The security_score reflects this critical lack of visibility into the actual codebase.
Updated: 2025-12-03GitHub
0
0
Low Cost
Vitruveo icon

vtru-mcp

by Vitruveo

Sec9

Provides read-only blockchain services for the Vitruveo network to AI agents via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Bun 1.0+ or Node 18+
  • ⚠️Hardcoded to Vitruveo Mainnet (Chain ID 1490)
Verified SafeView Analysis
The server's source code contains functions for performing write operations (transfers, approvals, contract writes) that require a private key (`src/mcp/services/transfer.ts`). However, the `src/mcp/tools.ts` file explicitly comments out the registration of all such 'write' tools, aligning with the README's claim of being 'read-only' and 'safe for public use' with 'no private keys, no transfers or approvals, no write methods'. This means, as provided and configured, it adheres to its read-only guarantee. The presence of the underlying write functionality (even if commented out) is a minor concern as it could be enabled by a malicious actor or misconfiguration.
Updated: 2025-11-19GitHub
0
0
Low Cost
GHjiejie icon
Sec7

Provides a web-based API and frontend for a control program or service.

Setup Requirements

  • ⚠️Requires Node.js to be installed.
  • ⚠️A frontend build step (`npm run build`) is necessary to generate the static assets (`dist` folder) that the Node.js Express server needs to serve. The server's `src/index.js` currently points to a `public` directory, while `webpack.config.js` outputs to `dist`, indicating a potential path mismatch that would need to be resolved for the application to function correctly.
  • ⚠️The `start` script in `package.json` only runs a `webpack-dev-server` for frontend development, not the Node.js backend server.
Verified SafeView Analysis
The provided source code is heavily truncated, making a comprehensive security audit impossible. Based on the visible `src/index.js` and configuration files, there are no explicit 'eval' calls, direct obfuscation, or hardcoded secrets. The application is an Express server serving static files, which introduces standard web security considerations (e.g., XSS, CSRF, path traversal) that cannot be fully assessed without the complete application code and a deeper understanding of its functionality. However, no immediate critical vulnerabilities are apparent in the provided snippets.
Updated: 2025-12-03GitHub
PreviousPage 363 of 713Next