Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Tech-Trailblazers icon

pgpro-com-documentation

by Tech-Trailblazers

Sec5

An open-source documentation platform for education, AI training, and MCP server knowledge, supported by utility scripts for scraping and downloading documentation.

Setup Requirements

  • ⚠️Python script requires Selenium WebDriver (e.g., ChromeDriver) to be installed and accessible in the system PATH.
  • ⚠️Python script requires a 'valid_urls.txt' file containing URLs to process.
  • ⚠️Go script requires a Go environment to build and run.
Review RequiredView Analysis
The Python script utilizes Selenium with the '--no-sandbox' argument, which significantly reduces the browser's security protections and can pose a risk to the host system if it navigates to malicious or compromised URLs, especially if the 'valid_urls.txt' input is not carefully curated. The Go script performs HTTP requests to external domains and downloads files based on scraped content; while it attempts to sanitize filenames and hardcodes initial scraping targets, direct interaction with external content always carries a risk of downloading malicious files. Neither script contains obvious 'eval' or direct code injection vulnerabilities within its own logic, but the nature of web scraping and disabling browser sandboxing introduces inherent security risks.
Updated: 2025-11-26GitHub
0
0
Low Cost
mschultheiss83 icon

context-processor

by mschultheiss83

Sec8

Intelligent context management and enhancement for AI agents, providing configurable pre-processing strategies (clarify, analyze, search, fetch) for content quality and discoverability within a local knowledge base.

Setup Requirements

  • ⚠️File-based storage (`./contexts` directory) is local and lacks database features such as ACID transactions, concurrent locking, or robust multi-user support, which may limit scalability and data integrity for very large or concurrent datasets.
  • ⚠️No built-in authentication or authorization mechanisms; any client connected via the MCP protocol has full access to all tools and data.
  • ⚠️The 'custom' preprocessing strategy is an extensibility point that could introduce security risks if users implement unsafe code within it.
  • ⚠️Requires a Node.js runtime environment to execute.
Verified SafeView Analysis
The server performs local file system operations for storage and in-memory string processing for content enhancement. It utilizes the standard `@modelcontextprotocol/sdk`. There are no external network requests initiated by the built-in preprocessing strategies (e.g., the 'fetch' strategy only extracts URLs, it does not download content from them). Contexts are stored as plain JSON files on the local disk, lacking built-in encryption, authentication, or authorization, making it suitable for a single-user, local environment rather than an exposed or multi-user production system. The 'custom' preprocessing strategy is an extension point that could introduce risks if users implement unsafe code within it, though the provided implementation is benign.
Updated: 2026-01-12GitHub
0
0
Medium Cost
JuniorJoanis icon
Sec3

Exposes Meilisearch documentation as structured tools, resources, and prompts for LLMs to facilitate intelligent querying and integration of technical information.

Setup Requirements

  • ⚠️Requires Git client to be installed on the host system.
  • ⚠️Performs an initial clone and indexing of the Meilisearch documentation repository (can take 'a few minutes' on first run and on updates).
  • ⚠️Requires write permissions to the configured cache and index directories (default: `.cache/docs` and `.cache/index` within the package directory).
Review RequiredView Analysis
The `read_resource` function, when handling a resource URI, uses `pathlib.Path` to combine the `repo_path` (local repository clone directory) with `doc_path` (extracted from the URI, which can contain user-controlled input and is URL-decoded). This is vulnerable to path traversal attacks (e.g., `meilisearch-docs://../../../../etc/passwd`), potentially allowing an LLM or malicious user to read arbitrary files on the host system. Although `pathlib.Path` handles `..` sequences, it does not prevent resolving paths outside the intended base directory. Additionally, the system relies on Git cloning and local file system operations, and while configurations are via environment variables, general host filesystem access should be considered when deploying.
Updated: 2025-11-19GitHub
0
0
High Cost
Anirog icon
Sec7

Transforms Sketch designs into HTML/CSS by enabling AI coding assistants to extract design data via the Sketch MCP server.

Setup Requirements

  • ⚠️Requires Sketch (version 2025.2.4 or later)
  • ⚠️Requires a paid AI coding assistant (e.g., GitHub Copilot for VS Code)
  • ⚠️Manual activation of MCP Server within Sketch settings is required
Verified SafeView Analysis
The provided 'source code' consists of documentation (README, technical decisions) and AI agent/prompt configurations, not the actual MCP server implementation code. Therefore, a code-level security audit for 'eval', obfuscation, or specific network vulnerabilities of the MCP server cannot be performed. The system relies on the Sketch MCP server (an internal Sketch component) and external AI coding assistants. Potential conceptual risks include data exposure if the AI client or connection to the Sketch API through MCP is compromised, as design data is extracted. However, no malicious patterns or hardcoded secrets are evident in the provided documentation for this project.
Updated: 2026-01-18GitHub
0
0
High Cost
Amier-ge icon
Sec9

Parses PowerShell ConsoleHost_history.txt files from disk images to extract command history for forensic analysis.

Setup Requirements

  • ⚠️Requires 'ConsoleHost_Parser' library folder to be located in the parent directory of this MCP server.
  • ⚠️Installation of 'pytsk3' and 'pyewf' may require system-level dependencies (e.g., libtsk, libewf) which can be complex on some operating systems.
Verified SafeView Analysis
The code uses established forensic libraries (pytsk3, pyewf) for disk image parsing and does not contain obvious security vulnerabilities like 'eval', direct shell execution without sanitization, or hardcoded credentials. It focuses on file system analysis and decoding content, which is generally robust. The main security considerations would be vulnerabilities in the underlying third-party libraries or potential exploits from extremely malformed disk images.
Updated: 2025-12-13GitHub
0
0
Medium Cost
seb999 icon

EEA_sdi_mcp

by seb999

Sec8

Interacting with the European Environment Agency (EEA) GeoNetwork Catalogue API for metadata search, discovery, export, and management.

Setup Requirements

  • ⚠️Requires Node.js and npm to install dependencies and run the server.
  • ⚠️Write operations (e.g., duplicate, update, tag management, attachment upload/delete) require 'CATALOGUE_USERNAME' and 'CATALOGUE_PASSWORD' environment variables configured for authentication with the upstream GeoNetwork API.
  • ⚠️The 'upload_file_to_record' tool requires the specified 'filePath' to be an absolute path accessible on the local filesystem of the machine running the MCP server.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API credentials (CATALOGUE_USERNAME, CATALOGUE_PASSWORD). Rate limiting is implemented using 'express-rate-limit' to prevent abuse. File uploads are handled by 'multer' with a configurable MAX_FILE_SIZE. Crucially, the serving of uploaded files includes robust directory traversal protection using 'path.resolve'. The CORS configuration with 'origin: true' is highly permissive; while common for flexible API clients, it means any origin can make requests, potentially requiring the upstream GeoNetwork API to have its own origin validation for sensitive operations. No instances of 'eval' or other obvious malicious patterns were found in the provided code.
Updated: 2025-12-04GitHub
0
0
Medium Cost
Zetrix-Chain icon

zetrix-mcp-server

by Zetrix-Chain

Sec6

The Zetrix MCP Server allows AI assistants, like Claude, to interact with the Zetrix blockchain using natural language, providing a suite of tools for account management, transaction processing, real-time monitoring, cryptography, and smart contract development and generation.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️MCP client configuration (`args` field) requires an absolute path to the server's `dist/index.js` file.
  • ⚠️When using the `create-zetrix-tool` or `zetrix-sdk-nodejs` internally, `NODE_URL` environment variables in `.env` files must NOT include the `https://` protocol prefix (e.g., `node.zetrix.com` instead of `https://node.zetrix.com`).
Review RequiredView Analysis
The server's `zetrix_contract_init_dev_environment` tool utilizes `child_process.execSync` to run `npx -y create-zetrix-tool`. While the `contractName` input is sanitized, executing external CLI tools via `npx` introduces a supply chain risk. A compromised `create-zetrix-tool` package, even with valid input, could lead to arbitrary code execution on the user's system. Additionally, the `zetrix_contract_generate_advanced` tool writes LLM-generated code directly to the filesystem (`fs.writeFileSync`), which could pose a risk if malicious or vulnerable code is generated and later executed. The default WebSocket connections use `ws://` (unencrypted), which is less secure than `wss://` for sensitive data over untrusted networks.
Updated: 2025-11-29GitHub
0
0
Medium Cost
liamintemann icon
Sec9

A lightweight Model Context Protocol server that proxies Notion API calls for OpenAI Agent Builder.

Setup Requirements

  • ⚠️Requires 'NOTION_API_KEY' environment variable to be set for tools to function.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys (NOTION_API_KEY) and explicitly warns if it's not set. It relies on official Notion and MCP SDKs. Input schemas for tools use `z.any()` for Notion filters and properties, which allows for flexible but potentially large/complex inputs from an agent. However, this is passed directly to the Notion API and is not a direct server vulnerability. There are no 'eval' calls, obfuscation, or hardcoded secrets found.
Updated: 2025-11-24GitHub
0
0
Medium Cost
OumaimaZerouali icon

chatbots-mcp-server

by OumaimaZerouali

Sec8

This server acts as a backend for AI chatbots, exposing tools for managing bot configurations and creating appointments through a REST API client.

Setup Requirements

  • ⚠️Requires a dependent Spring Boot service running on `http://localhost:8080` that provides `/api/bot-configs` and `/api/appointments` endpoints. Without this service, the application's core functionality will not work.
  • ⚠️The `systemPrompt` field in `BotConfigEntity` could potentially store very long strings, which if returned to an AI model, could increase token costs and latency for the AI interaction.
Verified SafeView Analysis
The code does not use 'eval' or any obfuscation. It relies on internal REST calls to 'http://localhost:8080'. While the hardcoded URL is a configuration best practice violation (should be configurable), it points to an internal resource and does not expose direct external network risks or hardcoded secrets. Basic input validation is present for appointment creation. The overall security of the system heavily depends on the security of the dependent service running on localhost:8080.
Updated: 2026-01-05GitHub
0
0
Medium Cost
saadkhan1150 icon

telegram-mcp

by saadkhan1150

Sec8

Manages multiple Telegram accounts, sending bulk messages, scheduling tasks, and integrating with AI tools via a web dashboard for streamlined messaging and automation.

Setup Requirements

  • ⚠️Requires Telegram API ID and API Hash (can use provided defaults, but personal credentials are recommended for higher limits).
  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Playwright's Chromium browser to be installed for web-based QR login. (Can be installed via `playwright install chromium` after `pip install playwright`).
  • ⚠️The 'AI Tools' feature refers to prompts for an external AI model; the server itself does not contain an integrated LLM. An external AI model is needed to consume these prompts and interact with the server's MCP tools.
Verified SafeView Analysis
The project avoids `eval` and dangerous patterns. Sensitive session data (`.telegram_session`, `accounts/config.json`) is correctly listed in `.gitignore`. Telegram API credentials can be overridden by environment variables, though public fallback credentials are hardcoded. A notable security suggestion from the audit report is that local session storage is currently unencrypted, although its risk is assessed as low due to local storage.
Updated: 2026-01-19GitHub
0
0
Low Cost
Q07K icon
Sec9

Initializes an API server using the FastMCP framework for Multi-Agent Communication Protocol (MCP) related functionalities.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires 'uvicorn' to run the ASGI server (install via 'pip install uvicorn' if not included with 'mcp[cli]').
Verified SafeView Analysis
The provided source code is minimal, only initializing the FastMCP server with no evident malicious patterns, hardcoded secrets, or dangerous functions like 'eval'. Potential security risks would reside within the 'mcp' framework itself, which is an external dependency, or in subsequent API endpoint implementations not shown here.
Updated: 2025-11-18GitHub
0
0
Medium Cost
statnativ icon

novasonicmcp

by statnativ

Sec4

This server acts as a voice-powered AI dental receptionist, handling patient inquiries, scheduling, and emergency detection through real-time speech-to-speech conversations using AWS Bedrock Nova Sonic and MCP for tool integration.

Setup Requirements

  • ⚠️Requires AWS account with Amazon Nova Sonic Bedrock model access enabled (explicit activation needed).
  • ⚠️Requires AWS CLI configured with appropriate credentials (e.g., via 'aws configure').
  • ⚠️MCP server configurations in 'mcp_config.json' can execute arbitrary commands ('npx', 'node') which may download and run untrusted code; these configurations must be strictly controlled and audited.
Review RequiredView Analysis
The server uses Model Context Protocol (MCP) which allows execution of external commands (like 'npx' or 'node') or HTTP calls defined in 'mcp_config.json'. This introduces a significant supply chain and arbitrary code execution risk if MCP server configurations are not carefully vetted and restricted, or if the server itself is exposed to untrusted user input that could alter these configurations. While AWS credentials are primarily sourced from the AWS CLI profile or environment variables, local testing guides mention hardcoding them in Docker run commands, which is a bad practice. Network ingress for the ALB is wide open (0.0.0.0/0) which is typical for public web apps, but requires careful management of other security layers. Basic input validation is present in some areas (e.g., JSON parsing in tool use), but overall, the MCP extensibility model requires extreme caution to prevent exploitation.
Updated: 2025-11-22GitHub
PreviousPage 374 of 713Next