Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
Amier-ge icon

NTFS_Parser_MCP

by Amier-ge

Sec8

Provides an MCP server for forensic analysis of NTFS file systems by parsing artifacts like MFT, UsnJrnl, and LogFile from disk images or raw files.

Setup Requirements

  • ⚠️Requires the 'NTFS_Parser' library folder to be located in the parent directory of 'NTFS_Parser_MCP'.
  • ⚠️E01 image support requires installing 'libewf-python' (e.g., `pip install libewf-python`).
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server's direct implementation appears robust. It primarily handles file inputs/outputs locally and does not expose direct 'eval' or other arbitrary code execution vectors. The main security considerations are the robustness of the underlying `NTFS_Parser` library (which it imports) and its dependencies against potentially malicious or malformed forensic input files, which is an inherent challenge in forensic tooling.
Updated: 2025-12-05GitHub
0
0
Medium Cost
belayoub icon
Sec7

Enables AI agents to interact with terminal-based applications (TUI/CLI) by providing a structured Terminal State Tree representation.

Setup Requirements

  • ⚠️Requires Rust 1.75+ toolchain to build and run.
  • ⚠️Full PTY support is available on Linux, macOS, and WSL2, with partial support on native Windows.
  • ⚠️The main server functionality (MCP integration) is currently a placeholder ('TODO: Initialize MCP server when rmcp is available') in the main.rs, meaning it will not yet function as a full MCP server.
  • ⚠️Requires a `terminal-mcp.config.yaml` for critical security settings (e.g., command whitelisting) and operational parameters.
Verified SafeView Analysis
The server's core functionality involves spawning arbitrary commands and managing pseudo-terminals (PTY). This is inherently high-risk, as it could allow for command injection or PTY escape if not properly secured. The project explicitly addresses these risks in its documentation, planning for 'Command whitelist + sandbox options' and 'Redact passwords in snapshots'. Configuration of 'allowed_commands' and 'sandbox_mode' is crucial for safe operation. Without a strict whitelist, or with a misconfigured one, running this server could pose significant security vulnerabilities.
Updated: 2025-11-30GitHub
0
0
High Cost
3D-Tech-Solutions icon

code-scalpel

by 3D-Tech-Solutions

Sec8

Code Scalpel provides a robust, multi-language code analysis and transformation platform for AI agents, integrating deep static analysis, security scanning, refactoring, and project-wide insights to enable AI to understand and modify code effectively.

Setup Requirements

  • ⚠️Extensive Tool Dependencies: Requires Node.js/npm for JavaScript/TypeScript tools (ESLint, Prettier, TypeScript compiler, Babel, etc.), Java/Gradle/Maven for Java/Kotlin tools (Detekt, ktlint, SonarQube, etc.), Ruby/Bundler for Ruby tools (RuboCop, Reek, Brakeman), C++ toolchains (Clang Static Analyzer, Cppcheck), and various Python tools (MyPy, Pylint, Bandit, etc.). Many of these are external CLI tools that need to be installed and accessible.
  • ⚠️Resource Requirements: Can be highly CPU and memory intensive due to deep static analysis, PDG generation, symbolic execution (with Z3), and cross-file dependency resolution, especially for large projects. Deployment without sufficient resources or outside a robust sandbox can lead to performance bottlenecks or instability.
  • ⚠️Licensing Tiers: Many advanced features (e.g., cross-file analysis, extended context, detailed compliance reports, advanced security features) are gated behind 'Pro' and 'Enterprise' tiers, requiring a valid JWT license key and potentially a connection to a remote verification server for full functionality. Defaults to 'Community' tier if no license is provided.
  • ⚠️Configuration Complexity: Involves multiple configuration files for governance (`.code-scalpel/policy.yaml`), tier-specific limits (`.code-scalpel/limits.toml`), and various language-specific linters/analyzers (`.eslintrc`, `tsconfig.json`, `detekt.yml`, etc.), which adds complexity to setup and maintenance.
Verified SafeView Analysis
The server implements extensive internal security controls, including a robust policy engine (OPA-based with Rego rules), cryptographic verification of policies, tamper resistance for critical configurations, strict input validation, and secure path resolution. It proactively analyzes security vulnerabilities *in* the code it processes rather than exposing direct code execution risks. However, processing arbitrary code strings and file paths, even for analysis, carries inherent risks such as potential resource exhaustion (DoS) or exploitation of parser vulnerabilities if not adequately sandboxed and monitored externally.
Updated: 2026-01-19GitHub
0
0
High Cost
HolyCrusader2004 icon

SysAdminAIAgent

by HolyCrusader2004

Sec3

An AI agent interacts with the operating system securely through a Microservice Communication Protocol (MCP) server, offering controlled filesystem operations.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for full setup.
  • ⚠️Requires a local Ollama instance with a large language model (e.g., `gpt-oss:20b`) to be running.
  • ⚠️Specific host path (e.g., `D:/ASO/aso-project/playground`) needs to be configured as a Docker volume for `/mnt/playground`.
Review RequiredView Analysis
CRITICAL: Hardcoded secrets for 'OAUTH_CLIENT_SECRET' and 'KEYCLOAK_ADMIN_PASSWORD' are present in `docker-compose.yml` and `mcp-server/config.py`. CRITICAL: SSL/TLS certificate verification is explicitly disabled (`verify=False`) in `mcp-server/token_verifier.py` for HTTP client, posing a severe risk of Man-in-the-Middle attacks. The agent is confined to a `/mnt/playground` directory but has `delete_file` and `delete_folder` capabilities within it, which could lead to data loss if misused or compromised.
Updated: 2025-12-06GitHub
0
0
Medium Cost
robwatsongtr icon

notes-querier-mcp

by robwatsongtr

Sec8

A macOS Notes app MCP server for querying notes and folders via AppleScript.

Setup Requirements

  • ⚠️Requires macOS with Notes.app installed.
  • ⚠️Requires user permission for AppleScript automation to access Notes.app.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The server interacts with macOS Notes.app via AppleScript, which typically requires user permissions. The server is read-only, reducing attack surface. AppleScript inputs for note names and search queries are escaped to mitigate simple injection risks, but complex AppleScript injection vulnerabilities might theoretically exist if the escaping is not exhaustive for all edge cases. The server runs locally and communicates via STDIO, limiting direct network exposure.
Updated: 2025-12-02GitHub
0
0
Medium Cost
makespacemadrid icon

docmost-mcp

by makespacemadrid

Sec8

Provides a lightweight HTTP and JSON-RPC interface, implementing the MCP protocol, to interact with a Docmost instance, enabling agents to read and write pages and spaces.

Setup Requirements

  • ⚠️Requires Node.js v18+.
  • ⚠️Requires either `DOCMOST_API_TOKEN` OR (`DOCMOST_EMAIL` AND `DOCMOST_PASSWORD`) for Docmost authentication.
  • ⚠️Requires `DOCMOST_BASE_URL` pointing to a Docmost instance.
Verified SafeView Analysis
The server relies on environment variables for sensitive Docmost authentication credentials (API token or email/password), which is good practice. It handles JSON input parsing carefully, using it for parameters rather than direct code execution. The use of `fetch` for external API calls is standard. CORS `Access-Control-Allow-Origin: *` is enabled, which means it will accept requests from any origin; for some applications, this might be overly permissive, but for an API gateway consumed by various agents, it might be acceptable if Docmost's internal authentication is robust. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2025-12-03GitHub
0
0
High Cost
fvanlanduyt icon

mcp-generator

by fvanlanduyt

Sec7

A web application that enables users to connect to various databases, analyze schemas with AI assistance (Claude), and generate Model Context Protocol (MCP) capabilities for use by MCP-compatible AI clients.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid Service)
  • ⚠️Requires Python 3.11+
  • ⚠️Requires Node.js 18+ (for frontend development, or Docker for production)
Verified SafeView Analysis
The application employs parameterized queries to mitigate SQL injection risks and uses environment variables or an internal settings store for the Anthropic API key. AI prompts are designed to encourage safe SQL generation (e.g., using WHERE clauses for UPDATE/DELETE). However, database connection strings, which can contain sensitive credentials, are stored in the application's local SQLite database without explicit encryption in the SQLAlchemy model (though the README states 'Encrypted'). If the application's database itself is compromised, these connection strings could be exposed. There are no obvious `eval` or malicious patterns found in the truncated source.
Updated: 2025-12-08GitHub
0
0
Medium Cost
kankbokans icon

eBird-Navigator

by kankbokans

Sec9

A multi-agent birding assistant that automatically finds birding hotspots, recent observations, and top species lists for any location worldwide using eBird data and Google AI.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires Node.js 18+
  • ⚠️Requires an eBird API Key (may be rate-limited or require registration for extensive use)
Verified SafeView Analysis
The system uses environment variables for API keys (EBIRD_API_KEY, GOOGLE_GENAI_API_KEY), which is a good security practice. Communication with the eBird MCP server (Node.js) is handled via stdio, reducing external network exposure for the internal MCP component. No 'eval' or obvious malicious patterns were found in the provided Python code. Security heavily relies on the external APIs (eBird, Google Search, Gemini) and the integrity of the unprovided Node.js server code.
Updated: 2025-12-01GitHub
0
0
Medium Cost
aubi-one-david icon

claude-container-mssql

by aubi-one-david

Sec8

Provides a secure, isolated Podman container environment for running Claude Code with pre-configured MSSQL database tools and multiple MCP servers.

Setup Requirements

  • ⚠️Requires Podman (or Docker with minor modifications) to be installed on the host machine.
  • ⚠️ANTHROPIC_API_KEY environment variable is mandatory for Claude Code authentication.
  • ⚠️Full MSSQL database functionality and integration tests require an accessible external MSSQL Server instance, with credentials provided via environment variables (DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_DATABASE).
Verified SafeView Analysis
The container employs robust security measures against the host, including iptables for strict network isolation (whitelist by default), running as a non-root user, and restricting filesystem access to the mounted workspace. API keys are passed at runtime rather than baked into the image. However, it explicitly runs Claude Code with '--dangerously-skip-permissions', granting Claude arbitrary execution capabilities *within the container*. While this is mitigated by the container's isolation from the host, users must be aware of the high trust implicitly placed in the AI's actions inside the sandbox. The 'NET_ADMIN' capability is added for firewall management, a powerful permission, but used for a restrictive whitelist.
Updated: 2026-01-19GitHub
0
0
Medium Cost
LKCY23 icon
Sec8

The ArXiv MCP Server enables AI assistants to programmatically search, access, download, and analyze academic papers from arXiv via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.11+ to run.
  • ⚠️Recommends 'uv' for dependency installation, which may require prior setup.
  • ⚠️Requires outbound network access to the arXiv API for searching and downloading papers.
  • ⚠️Needs write permissions to the configured storage path for paper downloads and conversions.
Verified SafeView Analysis
The server primarily communicates via stdio, limiting direct network attack surface from the MCP client. Input validation for search categories is present. File operations are confined to a resolved storage path from CLI/ENV/default, mitigating simple path traversal. The main potential risk lies in the external dependency `pymupdf4llm` processing downloaded PDFs, which could theoretically be exploited by a maliciously crafted PDF, though papers are sourced from generally trusted arXiv.
Updated: 2025-11-22GitHub
0
0
Low Cost
priadiliav icon

ShoppingMCP

by priadiliav

Sec9

Provides a backend API for an e-commerce or shopping application, handling server-side logic and data interactions.

Setup Requirements

  • ⚠️.NET SDK is required to build and run the application.
Verified SafeView Analysis
The provided code consists solely of configuration files (launch settings, app settings) for an ASP.NET Core application. No business logic, data handling, or secret management is visible, preventing a comprehensive security audit. The 'AllowedHosts: *' in appsettings.json is a broad default that should be restricted to specific hostnames in production environments for enhanced security, but it is not a direct vulnerability in these configuration files.
Updated: 2025-12-06GitHub
0
0
Medium Cost
chrishayuk icon
Sec3

Reference implementation for Model Context Protocol (MCP) servers and clients, demonstrating all features of the MCP specification.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires local `chuk-mcp-server` repository in parent directory (e.g., `../chuk-mcp-server`)
Review RequiredView Analysis
The `calculate` tool (in examples/11_full_server.py, 12_icons_metadata.py, 14_spec_2025_11_25.py) uses `eval()` to execute mathematical expressions. While a `safe_dict` is provided to limit its scope, `eval()` with user-provided input is an inherently dangerous function that can lead to arbitrary code execution if not perfectly sanitized or if vulnerabilities in the `safe_dict` setup are discovered. This constitutes a significant security risk for a production server.
Updated: 2025-11-27GitHub
PreviousPage 366 of 713Next