Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Sec9

Manages platform engineering tools (Teleport, Kubernetes, Flux, Git) through AI agents for secure, idempotent operations and workflow automation.

Setup Requirements

  • ⚠️Requires Teleport CLI (`tsh`) to be installed and the user logged in to target Teleport clusters.
  • ⚠️Requires `kubectl` CLI to be installed locally for `list_kube_contexts`, and on remote Kubernetes nodes for Flux/Kubernetes operations.
  • ⚠️Assumes a Python 3.11+ environment with `uv` for dependency management.
  • ⚠️Assumes an `ansible-mac` setup for initial deployment and recommended fixes, implying a macOS host environment, though the roadmap aims for OS agnosticism.
Verified SafeView Analysis
Employs strong security practices including `subprocess.run(shell=False)`, `shlex.quote()` for user-supplied inputs, and robust input validation (e.g., `ALLOWED_TELEPORT_CLUSTERS`). A critical compliance check prevents SSH operations via MCP tools to production environments. Cryptographic tokens enforce a secure tool design validation workflow. No hardcoded secrets or malicious patterns were identified.
Updated: 2025-11-23GitHub
0
0
Low Cost
boat077 icon

mail-mcp-bridge

by boat077

Sec8

An AFK (Away From Keyboard) bot for a Minecraft server, designed to keep a player online and simulate activity through random movements and item activation.

Setup Requirements

  • ⚠️Node.js runtime environment is required.
  • ⚠️Dependencies must be installed via npm (npm install).
  • ⚠️A valid Minecraft account (specified in config.json) is required to connect to the server.
Verified SafeView Analysis
The bot uses 'mineflayer' to connect to a Minecraft server. It reads connection details (IP, port, username) from a local 'config.json' file. There is no usage of 'eval' or any obvious obfuscation. The primary risk is limited to the security of the Minecraft account used and the integrity of the 'config.json' file, which is assumed to be controlled by the user running the bot. No sensitive data is exposed, and it doesn't host any network services. The `fs` module is used to read a local configuration file, which is standard practice.
Updated: 2026-01-19GitHub
0
0
High Cost
Synvya icon

mcp-server

by Synvya

Sec8

Provides an AI assistant with tools to discover food establishments, browse menus, search for specific dishes, find offers, and make reservations via Nostr protocol integration.

Setup Requirements

  • ⚠️Requires an AWS Account with Lambda and DynamoDB access.
  • ⚠️Requires a DynamoDB table named 'synvya-nostr-events' with specific GSIs for persistent storage of Nostr events.
  • ⚠️Requires a generated Nostr key pair, with the private key (nsec format) securely configured as 'MCP_SERVER_NSEC' for reservation functionality.
Verified SafeView Analysis
The server utilizes NIP-59 for secure communication (rumor, seal, gift wrap with NIP-44 encryption) for its reservation protocol, ensuring message privacy and integrity. Sensitive keys (MCP_SERVER_NSEC) are correctly handled via environment variables. Interactions with external Nostr relays via WebSockets are inherent to the protocol but introduce a dependency on the integrity of those relays and require robust handling of incoming data, which appears to be present through event validation and structured processing. The Vercel deployment includes rate limiting to prevent abuse. Data loading from DynamoDB is performed securely using the AWS SDK, assuming proper IAM role configuration. No direct `eval` or obvious command injection vulnerabilities are immediately apparent.
Updated: 2026-01-13GitHub
0
0
Medium Cost
iamsocool24 icon

dbt-core-mcp

by iamsocool24

Sec8

The dbt Core MCP Server enables interaction with dbt projects, providing tools to query project metadata, run dbt commands, inspect data models, sources, and tests, view compiled SQL, and analyze lineage and impact within a Model Context Protocol (MCP) framework.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires dbt-core and a dbt adapter (e.g., dbt-duckdb) to be installed in the local Python environment (e.g., via `uv pip install dbt-core dbt-duckdb`).
  • ⚠️Requires a `dbt_project.yml` file in the workspace root and a corresponding `profiles.yml` (either in the project directory or `~/.dbt`) configured to connect to a database.
Verified SafeView Analysis
The server design generally appears robust. It uses `asyncio.create_subprocess_exec` to run `dbt` commands in the user's environment, constructing the command arguments safely using `json.dumps` to prevent shell injection through user-provided parameters. It employs `yaml.safe_load` for configuration files. The `psutil` library is used for process checking, which is a common and generally safe practice. No hardcoded secrets, obfuscation, or direct use of `eval` or `exec` on untrusted input were identified. The primary security consideration lies in the permissions granted to the `dbt` installation itself and the database credentials configured in `profiles.yml`, which is external to the server's source code and managed by the user. The server will operate with the same privileges as the user's `dbt` environment.
Updated: 2026-01-19GitHub
0
0
Low Cost
Suraj-Varade icon

mcp-math-server

by Suraj-Varade

Sec10

A minimal Model Context Protocol (MCP) server designed to expose basic mathematical tools to AI models.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires uv package manager
Verified SafeView Analysis
The server implements a single, simple 'add' function that performs basic integer arithmetic. No dynamic code execution, file system access, network calls, or hardcoded secrets are present in the provided source code. Input types are strictly defined as integers, mitigating common injection vectors. This is a very safe and minimal implementation.
Updated: 2025-11-28GitHub
0
0
Low Cost
HasnainAli47 icon

toon-mcp-server

by HasnainAli47

Sec9

Convert JSON data and system prompts to and from TOON format to reduce token usage when interacting with Large Language Models, exposed as an MCP stdio server.

Setup Requirements

  • ⚠️Requires Python 3.9 or higher
Verified SafeView Analysis
The server uses standard Python `json` and `toons` libraries for serialization/deserialization. Input validation is performed for types, and non-serializable objects or invalid TOON text raise explicit `TypeError` or `ValueError`. No `eval` or similar dangerous functions are used. It runs over stdio, limiting the network attack surface. The explicit error handling at the MCP tool level enhances robustness.
Updated: 2025-11-30GitHub
0
0
Medium Cost
carlosealves2 icon

mcp-postgres-server

by carlosealves2

Sec9

MCP server for read-only PostgreSQL database access, enabling AI assistants to securely query databases.

Setup Requirements

  • ⚠️Requires Bun v1.0+ runtime.
  • ⚠️Requires PostgreSQL 12+ database.
  • ⚠️Requires environment variables for PostgreSQL connection (e.g., POSTGRES_HOST, POSTGRES_DATABASE, POSTGRES_USER, POSTGRES_PASSWORD).
Verified SafeView Analysis
The server implements robust read-only query validation, blocking common SQL injection keywords (e.g., INSERT, UPDATE, DROP) and patterns (e.g., INTO OUTFILE, LOAD DATA). Queries are normalized by removing comments and excessive whitespace, and are limited by length (10,000 characters) and execution timeout (30 seconds). Internal tools (list_tables, describe_table) utilize parameterized queries. An optional 'insecure mode' allows write operations for development, but it's off by default and logs clear warnings when enabled. SSH tunneling is supported for secure remote connections, with various authentication methods. All credentials are sourced from environment variables, preventing hardcoding. A high score due to explicit and well-tested security measures, but not 10 as no system is perfectly impenetrable.
Updated: 2025-11-30GitHub
0
0
Medium Cost
XuYunlei icon
Sec8

A multi-agent customer support platform leveraging LLMs and a database to handle customer queries and manage tickets.

Setup Requirements

  • ⚠️Requires GOOGLE_API_KEY for Gemini models, which may incur costs beyond free tier limits.
  • ⚠️Optionally requires OPENAI_API_KEY for voice features (Whisper/TTS), which also incurs costs.
  • ⚠️Requires 'ffmpeg' installation for voice features on macOS/Linux.
  • ⚠️Local SQLite database needs initialization via 'python src/database_setup.py'.
Verified SafeView Analysis
The system correctly uses parameterized queries for SQLite interactions, mitigating SQL injection risks. API keys are handled via environment variables (.env file). However, the main user-facing API (extras/server.py) and the MCP server (mcp_impl/mcp_server.py) bind to '0.0.0.0' by default. While acceptable for local development or demo purposes, this exposes services to the local network and would require additional security layers (e.g., firewall, authentication, TLS) if deployed in a production or publicly accessible environment. No 'eval' or other obvious arbitrary code execution vectors were found.
Updated: 2025-12-09GitHub
0
0
Medium Cost
derekparent icon

maw-mcp

by derekparent

Sec8

Coordinates parallel AI agent development workflows, managing phases like codebase review, agent launch, code integration, and deployment decision-making.

Setup Requirements

  • ⚠️Requires GitHub CLI (`gh`) to be installed and authenticated (`gh auth login`).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires manual configuration in Claude Desktop (`claude_desktop_config.json`) or Cursor (`mcp.json`) to integrate the MCP server.
Verified SafeView Analysis
The server uses `subprocess.run` to execute `gh` (GitHub CLI) and `git` commands. While arguments are generally constructed from structured inputs (PR numbers, branch names), external process execution always carries inherent risk if input is not perfectly sanitized. However, the current implementation appears to use controlled inputs, reducing the risk of shell injection. File system operations for state and prompt management are confined to the specified project path. No hardcoded secrets or direct `eval`/`exec` calls were found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
AerialByte icon

mcp-netcoredbg

by AerialByte

Sec7

Enables AI agents to debug .NET applications by setting breakpoints, stepping through code, and inspecting variables, including hot reload support and method invocation.

Setup Requirements

  • ⚠️Requires 'netcoredbg' to be installed and available in the system's PATH.
  • ⚠️Requires Node.js 18+ to run the MCP server.
  • ⚠️Requires .NET SDK 8.0+ for building the invocation harness and target applications. The harness is auto-built on first use, which may require an initial 'dotnet build' invocation.
Verified SafeView Analysis
The server's core functionality involves launching and attaching debuggers to .NET applications, and invoking arbitrary methods. This inherently allows execution of user-provided .NET code and evaluation of expressions within the debuggee. While the server itself appears to handle internal parsing and child process execution parameters (like project names) safely, the fundamental power of the tool means that if an AI agent is compromised or instructed to run malicious .NET code, it can lead to code execution on the host machine. The README explicitly warns about this, stating 'Only use this with code you trust. Do not debug untrusted applications.' There are no obvious hardcoded secrets or direct network attack surfaces beyond standard I/O for the MCP protocol.
Updated: 2026-01-19GitHub
0
0
High Cost
naveenkshyam icon

SearchAndApplyJobs

by naveenkshyam

Sec4

A Model Context Protocol (MCP) server designed to help with job applications by searching jobs across multiple sites, analyzing job postings, and optimizing resumes and cover letters.

Setup Requirements

  • ⚠️Requires Python 3.13 (or >=3.12, but .python-version specifies 3.13).
  • ⚠️Requires internet access for DuckDuckGo search (via `ddgs` library) and web scraping (`requests`).
  • ⚠️Local file system access is required for resume and document processing (reading/writing files to disk).
Verified SafeView Analysis
The server uses `read_file`, `read_resume_pdf`, `read_document`, and `save_cover_letter` functions that take user-provided file paths. If the MCP server is exposed to untrusted external input (e.g., via an LLM generating arbitrary paths), this could lead to directory traversal or unauthorized file system access (read/write). The `scrape_job_posting` tool takes an arbitrary URL, which could be exploited for Server-Side Request Forgery (SSRF) if the URL is not validated. The `ddgs` library performs external network requests, which can be a network risk if not contained. The hardcoded date filter in `search_jobs` (`after:2024-11-01`) is a functional issue, not a security one.
Updated: 2025-12-01GitHub
0
0
Medium Cost
benoute icon

calibre-mcp

by benoute

Sec7

Provides a Model Context Protocol (MCP) interface to a local Calibre e-book library, allowing programmatic search and content access.

Setup Requirements

  • ⚠️Requires Go 1.25+ installed to build and run.
  • ⚠️Requires access to a local Calibre library directory containing 'metadata.db'.
Verified SafeView Analysis
The server uses `cors.New` with `AllowOriginFunc` always returning `true`, which enables cross-origin requests from any domain. While this simplifies development or local use, it is a significant security risk if the server is exposed to the public internet, as it allows arbitrary websites to interact with it. SQL queries utilize parameter binding for user input, preventing typical SQL injection vulnerabilities. File path construction uses `filepath.Join` to mitigate path traversal risks. No hardcoded secrets or malicious patterns were identified.
Updated: 2025-11-30GitHub
PreviousPage 371 of 713Next