Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
EzraFathurrahman icon

mcp-http-server

by EzraFathurrahman

Sec7

Provides an HTTP-based Multi-Agent Communication Protocol (MCP) server exposing tools for making external HTTP requests and echoing JSON payloads, primarily designed for integration with LLMs or other agents.

Setup Requirements

  • ⚠️Requires `fastmcp` and `httpx` Python libraries (install via pip).
Verified SafeView Analysis
The `http_get` tool allows making requests to arbitrary URLs. If the server is exposed to untrusted inputs (e.g., directly from an LLM without strict input validation or sandboxing), it could potentially be exploited for Server-Side Request Forgery (SSRF) or used to probe internal networks. However, the code itself does not contain obvious vulnerabilities like `eval`, obfuscation, or hardcoded secrets. The `httpx` library is used responsibly.
Updated: 2025-11-25GitHub
0
0
Low Cost
umaima-fareed13 icon

mcp_server

by umaima-fareed13

Sec10

The provided source code is a Markdown file describing a developer's skills and interests, not an MCP server. Therefore, the use case for an MCP server cannot be determined from this content.

Verified SafeView Analysis
The provided 'source code' is a Markdown file describing a software developer. It contains no executable code, server logic, network interactions, hardcoded secrets, or any other patterns that could introduce security risks. It is a static text file.
Updated: 2025-12-03GitHub
0
0
Medium Cost
YosefHayim icon

ebay-mcp-docs

by YosefHayim

Sec9

This repository provides comprehensive documentation for the eBay MCP Server, a Model Context Protocol implementation that enables AI assistants to access eBay's Sell APIs through over 230 tools.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Requires Mintlify CLI to be installed globally (npm install -g mintlify).
  • ⚠️Full functionality described in documentation (e.g., eBay API calls, AI integrations) depends on a separate eBay MCP Server instance and relevant API keys (e.g., eBay, Google Gemini).
Verified SafeView Analysis
This repository is for documentation only, not the operational server code. It includes robust security practices for documentation, such as explicit warnings against hardcoding credentials in examples, a dedicated `SECURITY.md` policy for vulnerability reporting, and local validation scripts to ensure content quality and prevent common errors. There are no 'eval' or obfuscation patterns observed. Risks are minimal and primarily related to potential vulnerabilities in the external Mintlify documentation platform, or very subtle issues in documentation content, which are addressed by clear contribution guidelines.
Updated: 2025-11-18GitHub
0
0
Low Cost
Bruno1702vm icon

AI-Infra

by Bruno1702vm

Sec2

Provides an application for exploring and learning about AI infrastructure, particularly LLM inference engines and Kubernetes concepts.

Setup Requirements

  • ⚠️Requires Windows 10+ / macOS Catalina+ / Linux (Ubuntu 18.04+)
  • ⚠️Requires at least 4 GB RAM and 500 MB free disk space
  • ⚠️Requires downloading and installing an unverified binary from a raw GitHub URL.
Review RequiredView Analysis
The provided source code largely consists of markdown documentation. However, the `README.md` instructs users to download and run a pre-compiled application (`AI-Infra.zip`) directly from a raw GitHub URL. The source code for this specific application is not provided for analysis. Running binaries from unverified sources without access to their source code for auditing is a critical security vulnerability and poses substantial risks, including the potential for malware, system compromise, or data exfiltration. Therefore, from a security standpoint, the project, as presented with a downloadable binary, is highly unsafe to execute without further inspection of the binary itself or its source code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Fredoq icon
Sec9

A Model Context Protocol server that exposes the Alfa Investments PRO Terminal API to LLM clients over stdio.

Setup Requirements

  • ⚠️Requires the Alfa Investments PRO Terminal desktop application to be running locally.
  • ⚠️Requires .NET SDK (version 10.0.100 or compatible with C# 14, as specified in global.json and AGENTS.md - note that .NET 10/C# 14 are future versions, indicating a forward-looking or custom environment).
  • ⚠️The 'dnx' command used in the quick start might be a custom alias or specific runtime environment, as 'dnx' was an older .NET Core runtime.
Verified SafeView Analysis
The server connects to a local WebSocket endpoint (ws://127.0.0.1:3366/router/) of the Alfa Investments PRO Terminal desktop app, minimizing external network attack surface. Configuration can be overridden by environment variables (TERMINAL__ENDPOINT, TERMINAL__TIMEOUT). No obvious hardcoded secrets, obfuscation, or 'eval' usage in the provided snippets. The project includes a SECURITY.md file detailing vulnerability reporting. While appsettings.json has 'AllowedHosts: "*"', this is less critical for a local stdio-based MCP server whose primary interaction is not through HTTP. The AGENTS.md document also describes good security-conscious coding practices (e.g., 'fail fast', no reflection for business logic).
Updated: 2026-01-13GitHub
0
0
Low Cost
sean-jack icon

Agentic-Emotion

by sean-jack

Sec9

An MCP server that enables Claude Code to analyze text and display emotions in a real-time visual window.

Setup Requirements

  • ⚠️Requires .NET 8 SDK or higher for the Avalonia display application to run.
  • ⚠️Requires Python 3.9+ and can involve potentially large `transformers` and `torch` model downloads on the first run of the MCP server.
  • ⚠️Configuration involves manually editing `claude_desktop_config.json` with absolute paths, which is platform-specific (e.g., forward vs. backslashes, `python` vs `python3` executable name).
  • ⚠️The Avalonia display application must be running separately (in a different terminal or as a background process) for emotions to be visually displayed.
Verified SafeView Analysis
The server uses local inter-process communication (named pipes on Windows, Unix sockets on macOS/Linux) and `stdio` for MCP communication, significantly limiting network exposure. Text input for emotion analysis is processed by a local AI model (`transformers` pipeline) and keyword matching, without direct `eval` or arbitrary code execution. `pywin32` is a dependency on Windows, which interacts with OS internals but is a standard library.
Updated: 2025-12-03GitHub
0
0
Low Cost
fairanswers icon

confirminator

by fairanswers

Sec9

An MCP Server offering tools to confirm the successful compilation and testing of Java/Maven projects.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) to build and run.
  • ⚠️Requires Maven for local development and build.
  • ⚠️Designed to be part of an MCP (Multi-Agent Communication Protocol) ecosystem; its full utility might require an MCP runtime.
Verified SafeView Analysis
The current implementation of `ConfirmJavaMavenTool.confirm()` is extremely minimal, logging a message and returning a hardcoded string, thus posing low security risk. The commented-out `@McpToolParam File zipFile` suggests future functionality involving file processing, which would require careful security considerations (e.g., zip bomb, path traversal, arbitrary code execution through build scripts) if implemented.
Updated: 2025-11-18GitHub
0
0
Low Cost
gabrielbergel icon

IA_II-MCP_Server

by gabrielbergel

Sec9

This project simulates a Multi-Agent Coordination Platform (MCP) agent for automated IT support, demonstrating how an agent processes user intentions, applies guardrails, executes specialized tools (diagnostics, resolution, escalation), and logs all operations.

Verified SafeView Analysis
The code does not contain 'eval', obfuscation, or hardcoded secrets. It implements input and output guardrails for the 'escalate_ticket' function, which is a good practice. All operations are logged to a local JSON file ('operation_log.json'). While the logging itself is secure (local file, no network exposure), the content of the logs could potentially contain sensitive user information if not properly managed in a production environment. However, for a simulated environment, this is acceptable. There are no direct network risks.
Updated: 2025-11-20GitHub
0
0
Medium Cost
AppliNH icon

mcp-rag-vector

by AppliNH

Sec9

An MCP server designed to serve as a RAG pipeline, enabling LLMs to write and read from a vector database.

Setup Requirements

  • ⚠️Requires local Ollama server running
  • ⚠️Requires Docker and Docker Compose
  • ⚠️Requires downloading large LLM models (e.g., 2 GB)
Verified SafeView Analysis
The system binds HTTP servers to `0.0.0.0`, which is a common practice within Docker containers but requires careful network configuration in production environments. The 'greet' tool processes user input by simple string concatenation, which is safe. No 'eval', direct shell execution of unsanitized user input, or obvious hardcoded secrets were identified in the provided code snippet.
Updated: 2025-12-05GitHub
0
0
Low Cost
IAmKSquared icon

onenotemcp

by IAmKSquared

Sec9

The OneNote MCP Server enables AI assistants to securely read, write, search, and comprehensively edit Microsoft OneNote data via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires an active Microsoft account with OneNote access.
  • ⚠️For production/shared use, it is strongly recommended to create your own Azure Application Registration and set the AZURE_CLIENT_ID environment variable with specific delegated permissions.
  • ⚠️Initial setup requires an interactive browser authentication via the Microsoft device code flow.
  • ⚠️When connecting to an MCP client (e.g., Claude Desktop), the absolute path to `src/server.mjs` must be specified correctly.
Verified SafeView Analysis
The project demonstrates strong security practices: it uses OS-native secure storage (keyring) for encryption keys, encrypts access tokens using AES-256-GCM, employs Zod for robust input validation and sanitization to prevent injection attacks, and explicitly disables `no-new-func` in ESLint to prevent dangerous code execution. While it defaults to a public Azure Client ID for testing, it strongly recommends using a custom, securely configured Azure App Registration via environment variables for production use. No `eval` or similar dangerous patterns were found in the provided code snippets.
Updated: 2025-12-27GitHub
0
0
Medium Cost
martinzarfl icon

mail-mcp

by martinzarfl

Sec2

Enables AI assistants to securely send, read, manage, and organize emails via SMTP and IMAP.

Setup Requirements

  • ⚠️Requires Node.js version 23.0.0 or higher.
  • ⚠️Requires configuring multiple environment variables for SMTP and IMAP connections (e.g., host, port, user, password).
  • ⚠️The IMAP connection's hardcoded `rejectUnauthorized: false` disables TLS certificate validation, posing a significant security risk for MITM attacks. This must be addressed for secure use.
  • ⚠️May require generating app-specific passwords for email providers (e.g., Gmail) if 2-Factor Authentication is enabled.
Review RequiredView Analysis
The server hardcodes `tlsOptions: { rejectUnauthorized: false }` for IMAP connections within `createImapConnection`. This critical vulnerability disables TLS certificate validation, making IMAP connections susceptible to Man-in-the-Middle (MITM) attacks, even if TLS is ostensibly enabled. While credentials are managed via environment variables and the SSE transport supports OAuth 2.0, this IMAP flaw severely compromises the overall security for sensitive email data.
Updated: 2025-11-19GitHub
0
0
Medium Cost
Devanand-debug-ai icon

mcp-server-tasktracking

by Devanand-debug-ai

Sec7

Manages tasks using an Excel spreadsheet as the backend, exposing CRUD operations and statistics via an MCP server with a conversational interface.

Setup Requirements

  • ⚠️Requires a Python 3.x environment with 'mcp' and 'openpyxl' libraries installed.
  • ⚠️Needs write permissions in the script's directory for 'tasks.xlsx' to be created or modified.
  • ⚠️Designed to be run by an MCP-compatible client (e.g., Claude Desktop) as it uses standard I/O for communication.
Verified SafeView Analysis
The server reads and writes to a local 'tasks.xlsx' file based on user tool calls. While input is validated via 'inputSchema' to prevent arbitrary tool execution, malicious Excel formulas or excessively long strings could potentially be injected into cells (e.g., task title, category). This could lead to data corruption or unintended behavior if the Excel file is later opened by another application without proper sanitization. However, there is no direct arbitrary code execution vulnerability identified within the Python server process itself through user input.
Updated: 2025-11-24GitHub
PreviousPage 368 of 713Next