Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
mtnvencenzo icon
Sec9

Provides a Model Context Protocol (MCP) server that gives AI agents secure, first-class access to Cezzis.com cocktail data for searching, retrieving details, authenticating, and rating cocktails.

Setup Requirements

  • ⚠️Requires Go 1.25+ for local development and compilation.
  • ⚠️Requires a subscription key (`COCKTAILS_API_XKEY`) for the upstream Cezzis.com Cocktails API and `AISEARCH_API_XKEY` for Azure AI Search, which must be provided via environment variables or Azure Key Vault.
  • ⚠️Full functionality (e.g., user ratings, login) depends on proper configuration of Auth0 (`AUTH0_DOMAIN`, `AUTH0_CLIENT_ID`, `AUTH0_AUDIENCE`, `AUTH0_SCOPES`) and Azure CosmosDB (`COSMOS_CONNECTION_STRING` or `COSMOS_ACCOUNT_ENDPOINT`, `COSMOS_DATABASE_NAME`, `COSMOS_CONTAINER_NAME`) for secure token storage.
Verified SafeView Analysis
The server implements robust security practices, including: secrets management via environment variables and Azure Key Vault, OAuth 2.1 / OIDC authentication with Auth0 for end-users, and secure token storage in Azure CosmosDB. All telemetry is sent via OpenTelemetry. HTTP/HTTPS transport is supported, with TLS configuration available. A minor note is the explicit `InsecureSkipVerify` for TLS connections to CosmosDB when `ENV` is 'loc', which is acceptable for local development but must be prevented in production.
Updated: 2026-01-19GitHub
0
0
High Cost
KSAklfszf921 icon

Merinfo.se-MCP

by KSAklfszf921

Sec5

A Model Context Protocol server for retrieving and analyzing Swedish company information from merinfo.se and allabolag.se, using robust web scraping and intelligent caching mechanisms.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm/yarn for execution.
  • ⚠️Playwright browser dependencies (Chromium) might require additional system-level packages depending on the host environment and configuration (e.g., outside of Docker, or without a specified `PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH`).
  • ⚠️An initial database setup is required by running `npm run setup-db` before starting the server.
Verified SafeView Analysis
The server performs web scraping using Playwright, which inherently introduces security considerations. Notably, Playwright is launched with `--no-sandbox` and `--disable-web-security` flags. While `--no-sandbox` is common in containerized environments, `--disable-web-security` is a significant browser security bypass that, if exploited (e.g., through redirection to a malicious site during scraping), could pose a risk to the host environment. The server includes input validation (Zod) and rate limiting, which are positive. The MCP endpoint (HTTP/SSE) does not implement explicit authentication, assuming client-side security or network isolation for access.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Khanhshuyen icon

cursor-n8n-builder

by Khanhshuyen

Sec9

An MCP server enabling AI assistants to manage n8n workflows (create, update, delete, activate, deactivate, and trigger) and view execution details via the n8n REST API.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires a running n8n instance with API access enabled.
  • ⚠️Mandatory environment variables: N8N_API_URL and N8N_API_KEY.
  • ⚠️Requires manual configuration in Cursor's .cursor/mcp.json (automated by the 'setup' command, but still a specific step).
Verified SafeView Analysis
The server's code itself appears robust, with no evident use of 'eval' on arbitrary user input or other direct malicious patterns. It correctly uses environment variables for sensitive API keys. The primary 'risk' involves the inherent capabilities of the tool: giving an AI assistant the ability to manage and trigger n8n workflows and webhooks. Users must ensure that the configured n8n instance and the workflows created/triggered are themselves secure and do not expose sensitive information or initiate harmful actions. The 'n8n_trigger_webhook' tool can call any user-provided URL, which is a powerful capability that needs to be used responsibly by the AI and end-user.
Updated: 2026-01-19GitHub
0
0
Medium Cost

ai-memory-mcp

by lapino-web

Sec4

Provides Claude Desktop with access to an external AI memory system for context retrieval.

Setup Requirements

  • ⚠️Requires SSH access to a remote server, and configuration to run as `root` (security risk; a dedicated user with minimal permissions is recommended).
  • ⚠️Assumes an existing AI Memory System is accessible by the remote server where the script runs.
  • ⚠️Requires manual deployment of the `ai_memory_mcp_server.py` script to the `/tmp/ai-memory-mcp/` directory on the remote server.
Review RequiredView Analysis
The setup involves configuring Claude Desktop to run a Python script as `root` on a remote server via `ssh`. Without examining the script's code (`ai_memory_mcp_server.py`), it's impossible to verify its safety and potential vulnerabilities. Running arbitrary code as root on a remote server poses significant security risks, including potential for arbitrary command execution, privilege escalation, or data exfiltration.
Updated: 2025-11-23GitHub
0
0
Medium Cost
suman724 icon

mcp-server-agent

by suman724

Sec8

Demonstrates an intelligent agent utilizing an MCP (Model Context Protocol) server for mathematical operations and showcases Agent-to-Agent (A2A) communication.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️The MCP server must be running (`make server`) for the agent and client to function.
  • ⚠️The Calculator Agent must be running in A2A server mode (`make run-agent-server`) for the A2A invoker.
  • ⚠️An LLM API key (e.g., `API_KEY` for Gemini) or a configured local LLM (e.g., Ollama with LiteLLM) is needed for the agent's intelligent capabilities.
Verified SafeView Analysis
The server binds to `0.0.0.0` and all default communication (MCP, A2A) happens over unencrypted HTTP (e.g., `localhost:8000`, `localhost:8001`). This is acceptable for local development and demonstration purposes but would require HTTPS and proper network configuration for production deployment. API keys are appropriately managed via environment variables. The 'simple_exec' mode in the agent's CLI is not a direct arbitrary code execution vulnerability, as it parses fixed tool names and numeric arguments.
Updated: 2026-01-19GitHub
0
0
Low Cost
altbee icon
Sec9

A minimal JSON-RPC server for interacting with Ethereum, providing balance queries, Uniswap V2 token price lookups, and swap simulations.

Setup Requirements

  • ⚠️Requires an Ethereum RPC URL (e.g., Infura/Alchemy, which can be a paid service) set in ETH_RPC_URL.
  • ⚠️The 'swap_tokens' simulation requires WALLET_PRIVATE_KEY to be set for the 'from' address to perform gas estimation. Without it, this specific method will fail.
  • ⚠️Only supports Uniswap V2; Uniswap V3 or other DEXes are not supported.
Verified SafeView Analysis
The server primarily focuses on read-only operations and simulations. Crucially, `swap_tokens` explicitly states it's a simulation and does not send transactions on-chain, which significantly mitigates financial risk. Private keys, if provided, are handled via environment variables, adhering to good security practices. The server binds to localhost by default, reducing external attack surface. No 'eval' or malicious patterns were found. The use of 'ethers-rs' and 'rust_decimal' suggests robust cryptographic and numerical handling.
Updated: 2025-12-03GitHub
0
0
Medium Cost
alephtex icon
Sec9

Integrates Perplexity AI for web search capabilities into a Model Context Protocol (MCP) client.

Setup Requirements

  • ⚠️Requires a Perplexity AI API Key (Paid service)
  • ⚠️Requires Python 3.10+ to run
  • ⚠️Dependencies must be installed via `pip install -r requirements.txt`
Verified SafeView Analysis
The server correctly retrieves the Perplexity API key from an environment variable, preventing hardcoding. It uses `httpx` for making API requests, which is a standard and secure library. Input `query` is passed directly to the Perplexity API, relying on the external service for content handling. There are no 'eval' or similar dangerous patterns, nor direct file system access beyond script execution. Error handling is present for API key absence and network issues. Overall, the code appears safe for its intended purpose.
Updated: 2025-12-13GitHub
0
0
Low Cost
aadversteeg icon

echo-mcp-server

by aadversteeg

Sec9

A simple echo server implementing the Model Context Protocol (MCP) to demonstrate custom MCP server creation and echo messages.

Setup Requirements

  • ⚠️Requires .NET 10.0 SDK for local development/deployment.
  • ⚠️Requires Docker for container deployment.
Verified SafeView Analysis
The provided source code snippets (configuration files) and README do not reveal any immediate security vulnerabilities like 'eval' usage, hardcoded sensitive credentials, or network misconfigurations. The 'MessageFormat' relies on string templating, which is generally safe in .NET applications and does not imply code execution. A full audit would require inspecting the complete C# application logic, but based on the available information, it appears secure for its stated purpose.
Updated: 2026-01-19GitHub
0
0
Low Cost
bioanywhere icon

mcp-base-mcp-pibe

by bioanywhere

Sec5

A Model Context Protocol (MCP) server that provides onchain tools for AI applications to interact with the Base Network and Coinbase API, enabling various blockchain and DeFi operations.

Setup Requirements

  • ⚠️Requires multiple API keys (Coinbase Developer Platform, Alchemy, Neynar, OpenRouter) which may involve registration and potentially costs.
  • ⚠️A wallet seed phrase is required for all write operations and sensitive local configuration, necessitating careful handling and security practices.
  • ⚠️The initialization CLI writes sensitive credentials in plain text to client configuration files (e.g., Claude Desktop, Cursor) on the local machine.
Review RequiredView Analysis
The server stores sensitive credentials (Coinbase API keys, wallet seed phrase, other API keys) in plain text JSON configuration files on the user's local filesystem via its initialization CLI, which is a significant local security risk. The `buy_openrouter_credits` tool relies on a third-party API (`openrouter.ai`) to provide transaction intent data (`call_data`) for on-chain transfers; a compromise of this third-party API could lead to malicious fund transfers. Additionally, client configurations use `npx -y base-mcp@latest`, dynamically pulling the latest package version, which could expose users to supply chain attacks if the npm package is compromised. While the core blockchain interaction logic uses robust libraries like AgentKit and Viem, these configuration and third-party dependencies introduce notable vulnerabilities.
Updated: 2025-12-10GitHub
0
0
Low Cost
BlockRunAI icon
Sec10

This repository serves as a curated 'Awesome List' of Model Context Protocol (MCP) servers relevant to e-commerce, retail, and online stores, providing a directory for developers and AI agents.

Verified SafeView Analysis
The provided 'SOURCE CODE' consists entirely of Markdown documentation files (README.md, CONTRIBUTING.md) for an 'Awesome List' of e-commerce MCP servers. It contains no executable code, scripting, server logic, or dynamic elements. Therefore, there are no inherent security risks such as 'eval', obfuscation, hardcoded secrets, or network vulnerabilities within this repository's content itself. Security risks for actual MCP servers would lie within the external repositories linked in this list, not in this documentation.
Updated: 2026-01-17GitHub
0
0
Medium Cost
ekkerdthomas icon

pharos-mcp

by ekkerdthomas

Sec9

A Model Context Protocol (MCP) server that enables natural language querying and schema exploration of SYSPRO ERP SQL databases for non-technical users via Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires access to a SYSPRO SQL Server database.
  • ⚠️Requires Claude Desktop for end-user access and integration configuration.
  • ⚠️Requires manual creation and population of a `.env` file for database credentials.
  • ⚠️Windows users typically need WSL configured for Claude Desktop integration.
Verified SafeView Analysis
The `QueryValidator` module (`src/pharos_mcp/core/security.py`) implements strong, explicit blocking of all data modification/DDL SQL commands (INSERT, UPDATE, DELETE, DROP, etc.), system stored procedures, and common SQL injection patterns like multi-statements and inline comments. It enforces read-only operations for user-executed queries. Database credentials are loaded from environment variables, preventing hardcoding. All tool calls are audit logged with sanitized parameters. `sanitize_identifier` is used to prevent injection in table/column names.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ptitmonnstree icon

sonarlint-mcp-server

by ptitmonnstree

Sec8

Provides SonarLint-powered code quality analysis, bug detection, and quick fixes as an MCP server for AI clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires Node.js v22.7.5 or higher to run the server.
  • ⚠️Initial setup (via 'npm install' or first 'npx' run) downloads the SonarLint Java backend and plugins (approx. 70MB) via a postinstall script, which can take time and requires internet access.
  • ⚠️Relies on a Java Runtime Environment (JRE 17) for its SLOOP backend, although a JRE is bundled and automatically set up; environmental conflicts or issues with the bundled JRE could cause friction.
Verified SafeView Analysis
The server primarily uses standard I/O for communication via the Model Context Protocol (MCP), minimizing direct network attack surface. It utilizes 'child_process.spawn' to interact with a local Java-based SLOOP backend, which is generally safer than arbitrary command execution. File system operations are inherent to its code analysis function and are performed on user-specified paths. No 'eval' or directly malicious code patterns were found. Hardcoded credentials for testing purposes are isolated to test fixtures, not operational code. The Node.js path for language analyzers is set to 'process.execPath', preventing arbitrary executable injection.
Updated: 2026-01-19GitHub
PreviousPage 365 of 713Next