Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
brianshin22 icon

dubcap-browser-mcp

by brianshin22

Sec5

A browser-based tool for interacting with or managing Minecraft Coder Pack (MCP) resources.

Review RequiredView Analysis
No source code was provided for analysis after the 'SOURCE CODE (Truncated, some files summarized):' header. Therefore, a comprehensive security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could not be performed. The score is a neutral default due to lack of information; caution is advised.
Updated: 2025-12-05GitHub
0
0
Medium Cost

mcp-server

by izardy

Sec9

Serves a local Ollama Large Language Model (LLM) via the MCP protocol over standard I/O, enabling client applications to interact with the LLM as a tool.

Setup Requirements

  • ⚠️Requires Ollama to be installed and running locally.
  • ⚠️Requires 'mcp' and 'ollama' Python packages to be installed.
  • ⚠️Requires a specific Ollama model (e.g., 'llama3') to be pulled locally via Ollama.
Verified SafeView Analysis
The server code itself does not contain obvious vulnerabilities like 'eval' or hardcoded secrets. It relies on a locally running Ollama instance, meaning its security posture is largely dependent on the security of the local Ollama setup. Input prompts are passed directly to Ollama, which is expected behavior for an LLM tool.
Updated: 2025-11-28GitHub
0
0
Low Cost
rishika105 icon

mcp-weather-server

by rishika105

Sec8

This server acts as a Model Context Protocol (MCP) agent to provide real-time weather data for specific cities to an AI language model.

Setup Requirements

  • ⚠️Requires Node.js 18+
Verified SafeView Analysis
The server's direct code is simple and does not contain obvious malicious patterns, hardcoded secrets, or uses of `eval`. It uses `StdioServerTransport`, suggesting communication via standard I/O, which limits direct network exposure from this application's perspective. However, it relies on `@modelcontextprotocol/sdk` and `express` which introduce their own dependencies and potential attack surface, although the SDK itself appears to include some security features like rate limiting.
Updated: 2025-11-25GitHub
0
0
Medium Cost
NeelayS icon

tabpfn-mcp

by NeelayS

Sec8

An MCP server that enables AI assistants to train and run TabPFN models for tabular classification and regression tasks.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires TabPFN API token, which might trigger browser-based login on first use if not explicitly provided via environment variable.
  • ⚠️Data for training and prediction is transferred to Prior Labs' servers, as outlined in their privacy policy.
Verified SafeView Analysis
The server itself does not contain 'eval', obfuscation, or hardcoded secrets. It explicitly discloses that all data processing, training, and inference are performed remotely by Prior Labs' TabPFN API, involving data transfer to their servers. Local file operations for CSV input/output rely on the calling AI assistant to provide safe paths; no advanced path sanitization is performed by the server, which is typical for local developer tools. Users must be aware of and consent to TabPFN's data handling policies.
Updated: 2026-01-18GitHub
0
0
Medium Cost
sharrjeel6636 icon

Gemini_CLI

by sharrjeel6636

Sec1

A command-line interface for interacting with the Google Gemini AI model, enabling users to send prompts and receive responses directly from their terminal.

Setup Requirements

  • ⚠️Requires Google Cloud Project with Gemini API enabled
  • ⚠️Requires GEMINI_API_KEY (API usage may incur costs)
Review RequiredView Analysis
Source code was not provided for analysis. A security audit could not be performed, so a minimal score is assigned, and 'is_safe_to_run' is set to false as a precautionary measure due to inability to verify the code's safety or malicious patterns.
Updated: 2025-12-05GitHub
0
0
Low Cost

LaunchReady

by tsinviking

Sec1

A generic server component whose specific function cannot be determined without source code.

Review RequiredView Analysis
Source code was not provided for analysis. Therefore, a comprehensive security audit could not be performed. The server's safety is unknown, and it should be treated with extreme caution. Potential risks common to any server include insecure network protocols, lack of input validation, authentication bypasses, and hardcoded credentials, none of which could be verified.
Updated: 2025-11-25GitHub
0
0
High Cost
srwlli icon

mcp-server

by srwlli

Sec7

Provides a modular platform for specialized AI agent personas and tools (documentation, planning, code analysis, workflow orchestration) to assist with software development lifecycle tasks.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires Node.js and pnpm for CodeRef CLI functionality
  • ⚠️Requires `CODEREF_CLI_PATH` environment variable set to the CodeRef CLI installation
  • ⚠️Requires Scriptboard FastAPI backend (localhost:8000) for clipboard integration tools
  • ⚠️Requires CodeRef backend (localhost:8042) for core CodeRef functionalities (if `scriptboard-mcp` is used)
  • ⚠️Requires API keys configured for RAG (Retrieval Augmented Generation) features, if utilized
Verified SafeView Analysis
The system heavily relies on `subprocess.run` to invoke various external CLIs (Node.js for CodeRef, Git, Pytest, Jest, etc.). While typically arguments are passed as lists to prevent shell injection, continuous vigilance is required when constructing these arguments, especially from dynamic or untrusted inputs. Local network connections to internal services (e.g., Scriptboard, CodeRef backends on localhost) are present, which are generally safe in a controlled environment but could pose a risk if the main MCP server is exposed. Path traversal vulnerabilities appear to have been addressed through dedicated security testing.
Updated: 2026-01-18GitHub
0
0
Medium Cost
abhisheksssss icon

Ai-Agent

by abhisheksssss

Sec5

An AI Agent server leveraging Model Context Protocol (MCP) to provide various AI-powered tools and intelligent prompts through an SSE-based event transport system.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (paid service) for the core AI model interactions.
  • ⚠️Requires Twitter API access (appKey, appSecret, accessToken, accessSecret) for the `createPost` tool; this usually involves a developer account and may have rate limits or costs.
  • ⚠️Requires a Tavily API Key (paid service) for real-time information retrieval. Although one is hardcoded for development, it should be replaced with an environment variable for production and security.
Verified SafeView Analysis
A Tavily API key is hardcoded directly in `server/index.js` (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), which is a critical security vulnerability as it exposes a sensitive credential. While other API keys are managed via `dotenv`, this specific instance needs to be rectified. In a production environment, proper CORS configuration for the `/sse` and `/messages` endpoints would also be crucial.
Updated: 2025-11-22GitHub
0
0
Low Cost
almai1 icon
Sec8

Manages VoiceForge AI agents, knowledge bases, workflows, and calendars from MCP-compatible AI assistants like Cursor or Antigravity (Gemini).

Setup Requirements

  • ⚠️Requires a VoiceForge API Key (e.g., vf_...) obtained from https://voiceforge.super-chatbot.com/api-keys.
  • ⚠️For n8n integration, you may need to configure N8N_BASE_URL and N8N_API_KEY environment variables if not using a local default n8n instance.
  • ⚠️If using 'npx github:...' for deployment, the GitHub repository must be public.
Verified SafeView Analysis
API keys are correctly handled via environment variables (VOICEFORGE_API_KEY, N8N_API_KEY) and are not hardcoded. No 'eval' or obvious malicious code patterns were found. The n8n client defaults to a local IP (http://10.0.1.113:5678) for N8N_BASE_URL, which is safe for local N8n instances but should be securely configured for external ones. N8n workflow ownership is verified via agent-specific tags, adding a layer of security against unauthorized workflow execution.
Updated: 2026-01-19GitHub
0
0
Low Cost
meta-engine icon

mcp-server

by meta-engine

Sec8

Facilitates AI-assisted code generation by providing an MCP server that processes structured type specifications into consistent, multi-language files.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to be installed locally for the client server.
  • ⚠️Requires specific configuration within Claude Code or Claude Desktop's mcp.json settings to integrate with the AI assistant.
  • ⚠️Relies on the external MetaEngine API for code generation, necessitating an active internet connection.
Verified SafeView Analysis
The local MCP server client (distributed as an MIT-licensed npm package) is designed for privacy, running locally, and explicitly states it does not save/log specifications, access user files outside output directories, or send telemetry. It communicates via HTTPS with the proprietary MetaEngine API for the actual code generation. The core generation logic within the MetaEngine API is not open source and thus cannot be fully audited for internal security risks (e.g., 'eval' use or specific vulnerabilities). However, the documentation guarantees ephemeral processing and no data retention on their servers. The primary risk lies in trusting the proprietary cloud service for generation, but the local client's described behavior is robustly privacy-focused. No obvious malicious patterns or hardcoded secrets were found in the provided documentation for the client component.
Updated: 2025-11-27GitHub
0
0
High Cost
benoute icon

grokipedia-mcp

by benoute

Sec9

Provides an MCP server to enable LLMs to search and retrieve information from Grokipedia, an online encyclopedia.

Setup Requirements

  • ⚠️Requires manual configuration in `claude_desktop_config.json`
  • ⚠️Requires providing the absolute path to the `grokipedia-mcp` executable in the configuration
  • ⚠️Requires restarting Claude Desktop after configuration changes
Verified SafeView Analysis
The server uses standard Go HTTP client practices with context timeouts. URL parameters are properly escaped using `url.QueryEscape` to prevent injection. There are no hardcoded secrets or 'eval' equivalent. Running in HTTP mode exposes a local port, which is generally acceptable for local development/integration with Claude Desktop, but users should be aware of network configurations if exposing it publicly. The default 'stdio' transport is secure for local LLM integration.
Updated: 2025-12-01GitHub
0
0
Low Cost
5p1d32-m4n icon
Sec8

Provides token-efficient tools for Spring Boot integration testing workflows by returning structured summaries of code and test results.

Setup Requirements

  • ⚠️Requires Node.js 18+, Maven 3.6+, and Java 11+ JDK installed (or within a container if using the Docker/Podman method).
  • ⚠️Claude Code/Desktop configuration requires absolute paths to the 'dist/index.js' file in the 'args' field.
  • ⚠️On Windows, JSON configuration paths require double backslashes (e.g., 'C:\Users\...').
Verified SafeView Analysis
The server uses 'child_process.exec' to run Maven and other system commands. While inputs like 'projectPath', 'testClass', and 'entityName' are used in controlled contexts (e.g., as 'cwd' or within specific command flags), any unforeseen shell injection vulnerabilities through these user-supplied arguments could pose a risk. However, there's no direct 'eval' or overly dynamic command construction, and the inputs are expected to be well-formed identifiers or paths, mitigating most common injection vectors.
Updated: 2026-01-19GitHub
PreviousPage 367 of 713Next