Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost

dotprompts

by xu2xulim

Sec6

A SvelteKit application for managing and serving AI prompts, integrated with authentication and a database.

Setup Requirements

  • ⚠️Requires InstantDB account and API keys (`INSTANT_APP_ID`, `INSTANT_API_KEY`).
  • ⚠️Requires OAuth credentials for GitHub and Google (`GITHUB_CLIENT_ID`, `GITHUB_CLIENT_SECRET`, `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`).
  • ⚠️Requires a Turso database and credentials (`DATABASE_URL`, `DATABASE_TOKEN`).
Verified SafeView Analysis
The project uses `better-auth` and InstantDB for authentication and data storage, which are generally robust solutions. Secrets are correctly managed via environment variables. However, the `svelte.config.js` sets `csrf: { trustedOrigins: ['*'] }`, which is a critical security vulnerability for a web application in a production environment as it disables CSRF protection from any origin. This setting should be locked down to specific trusted origins for production deployments.
Updated: 2025-11-25GitHub
0
0
Low Cost
standardbeagle icon

dart-query

by standardbeagle

Sec9

Manages tasks and documents in Dart AI through an MCP server, focusing on context-efficient batch operations, SQL-like selectors, and CSV imports to prevent context rot in LLM interactions.

Setup Requirements

  • ⚠️Requires a Dart AI API Token (starts with 'dsa_')
  • ⚠️Requires Node.js 18.0.0 or higher
  • ⚠️Batch operations (`batch_update_tasks`, `batch_delete_tasks`, `import_tasks_csv`) default to `dry_run: true` or `validate_only: true` for safety, requiring explicit confirmation/flag changes for execution.
Verified SafeView Analysis
The server explicitly reads the DART_TOKEN from `process.env`, which is a secure practice (no hardcoded secrets). It performs extensive input validation on all tool arguments, significantly reducing injection risks. The use of `fs.readFileSync` in `import_tasks_csv` for `csv_file_path` could be a vector for arbitrary file access if the input path is not carefully controlled by the calling LLM or MCP environment; however, this is within the expected functionality of a tool designed to interact with local files. Overall, the code demonstrates robust defensive programming, token validation, and error handling, making it relatively safe to run within a trusted environment.
Updated: 2026-01-19GitHub
0
0
Low Cost
BlockRunAI icon
Sec10

This repository serves as a curated list of Model Context Protocol (MCP) servers focused on research, academia, and knowledge discovery, rather than being an MCP server itself.

Verified SafeView Analysis
The provided source code consists solely of Markdown files (`README.md`, `CONTRIBUTING.md`). There is no executable code (e.g., Python, JavaScript, Dockerfiles) to audit for runtime security risks such as 'eval' usage, code obfuscation, network vulnerabilities, or hardcoded secrets. This repository is a static list of external projects, and its own content poses no direct execution-based security risks. The security of the *listed* external projects is beyond the scope of this analysis.
Updated: 2026-01-17GitHub
0
0
High Cost
Desckars icon
Sec4

Integrates Claude AI with an OLAP cube (Oracle Essbase O3) via a custom Model Context Protocol (MCP) for natural language MDX queries and data analysis.

Setup Requirements

  • ⚠️Requires an Oracle Essbase O3 server to be running locally on `localhost:7777`.
  • ⚠️Requires a pre-built `mcp_o3` JAR file (expected to be in `chatbot03/mcp_o3/target/` or a path specified in `config.properties`).
  • ⚠️Requires an Anthropic API Key, which is a paid service.
  • ⚠️API key decryption might fail if underlying system properties (username, OS, Java version) change, requiring the key to be re-entered.
Review RequiredView Analysis
A critical security risk exists due to hardcoded Oracle Essbase O3 database username ('user') and password ('user') within `MCPService.java` when it launches the external O3 server process. If this server connects to a production Essbase instance, it could lead to unauthorized access. The API key encryption relies on system properties (username, OS, Java version), which, if changed, could render stored API keys undecryptable and require manual re-entry.
Updated: 2025-12-19GitHub
0
0
Medium Cost
antisynthesis icon

asc-mcp

by antisynthesis

Sec9

Provides a Model Context Protocol (MCP) server that enables AI assistants to manage Apple App Store Connect resources and operations.

Setup Requirements

  • ⚠️Requires App Store Connect API credentials (Issuer ID, Key ID, and a .p8 private key file) which must be securely configured via environment variables or Kubernetes secrets.
  • ⚠️Requires Go 1.23 or later for local development and building.
  • ⚠️Kubernetes deployment requires manual population of sensitive data in `ops/k8s/secret.yaml` template before application.
Verified SafeView Analysis
The project demonstrates strong security practices: it uses Go's standard library for cryptographic operations (JWT ES256), prevents hardcoded secrets by requiring environment variables or Kubernetes Secrets for App Store Connect API credentials, and its Kubernetes manifests enforce strict security contexts (runAsNonRoot, readOnlyRootFilesystem, dropped capabilities). The primary communication via stdin/stdout also inherently limits network exposure. No 'eval' or obvious obfuscation detected.
Updated: 2026-01-16GitHub
0
0
High Cost
Watashicuvu icon

world-history-engine

by Watashicuvu

Sec7

A narrative graph engine for generating, tracking, and visualizing fictional worlds, usable with LLMs as an MCP server or procedurally.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires an OpenAI (or compatible) API key for LLM-assisted features (API_KEY env var).
  • ⚠️LLM usage can incur significant token costs due to extensive context building for narration and agent interactions.
Verified SafeView Analysis
The server uses Pydantic for data validation and `yaml.safe_dump` for writing configuration files, mitigating common deserialization and injection risks. LLM-powered agents can call tools that modify the world state (e.g., `define_new_archetype`, `add_entity_instance`, `update_entity_tags`, `add_fact`), which introduces inherent risks of unintended state changes if the LLM acts maliciously or incorrectly. However, these tools are constrained by their defined parameters and Pydantic models. Hardcoded API keys are avoided by using environment variables. The potential to modify `data/custom` with arbitrary YAML content via the `define_new_archetype` tool represents the most significant, though mitigated, write-access risk.
Updated: 2025-12-08GitHub
0
0
Low Cost
adasNetwoven icon

mcp-server-hotel

by adasNetwoven

Sec9

Exposes an API endpoint for an MCP (Multi-tool Coordination Protocol) server to retrieve hotel reviews.

Setup Requirements

  • ⚠️Requires the 'fastmcp' Python package to be installed.
Verified SafeView Analysis
The provided code is minimal and acts as a simple wrapper, returning a hardcoded string. It does not process user input in a way that introduces direct injection vulnerabilities, nor does it use 'eval' or access external systems beyond what's implied by the 'fastmcp' library. No hardcoded secrets are present. The primary security considerations would lie within the 'fastmcp' library itself or if the 'get_hotel_reviews' function were expanded to interact with a real backend without proper input sanitization.
Updated: 2025-12-14GitHub
0
0
Medium Cost
Xiechengqi icon
Sec3

A service for scraping content from Xiaohongshu (a Chinese social media platform), providing API and MCP (Micro-Agent Protocol) access for searching notes and retrieving detailed note content.

Setup Requirements

  • ⚠️Requires Docker to run the Chromium environment.
  • ⚠️Requires manual login to a Xiaohongshu account via the browser interface after initial setup.
  • ⚠️May require proxy configuration to access Xiaohongshu from certain geographic locations (commented out in `run.sh` by default).
Review RequiredView Analysis
The Docker container is run with the `--privileged` flag, which grants the container almost all capabilities of the host system, significantly increasing the attack surface and potential for container escape. Sensitive browser user data (cookies, login sessions) are persisted on the host system by mounting `user-data` volume, posing a risk if the host is compromised. The project description itself includes a disclaimer that it is for 'learning and technical research' and 'prohibits any commercial use or violation of local laws', suggesting awareness of the sensitive nature of scraping activities. No `eval` or direct command injection vectors are found in the Python source code, but the `--privileged` flag is a critical concern.
Updated: 2025-11-24GitHub
0
0
Low Cost
consigcody94 icon

mcp-server-generator

by consigcody94

Sec8

Automates the generation of Model Context Protocol (MCP) servers from OpenAPI/Swagger specifications, enabling rapid integration for LLM agents and API orchestration.

Setup Requirements

  • ⚠️Requires network access to fetch the OpenAPI specification if a URL is provided.
  • ⚠️The generated MCP server will require installing its own language-specific dependencies (e.g., npm for TypeScript, pip for Python) after generation.
Verified SafeView Analysis
The generator itself appears safe, with no 'eval' or obvious hardcoded secrets in the provided source code. It fetches OpenAPI specs from a provided URL, which is a standard network operation. The primary security considerations would be in the quality and safety of the *generated* code for production use, especially regarding complex authentication flows, which the README notes may require manual enhancement. The generated server's security depends on the integrity of the input OpenAPI spec and the target API it integrates with.
Updated: 2025-11-24GitHub
0
0
Low Cost
adrianolaselva icon

dataql

by adrianolaselva

Sec3

Query and transform data across multiple formats using SQL, specifically designed for efficient integration with Large Language Models.

Setup Requirements

  • ⚠️Remote data sources (S3, GCS, Azure, PostgreSQL, MySQL, MongoDB) require specific environment variables (e.g., AWS_ACCESS_KEY_ID, GOOGLE_APPLICATION_CREDENTIALS, AZURE_STORAGE_KEY) or local CLI configuration for authentication.
  • ⚠️Building from source requires Go 1.24+ and GCC (for CGO-enabled SQLite/DuckDB support).
  • ⚠️LLM integration requires configuring the specific LLM client (e.g., Claude Code, OpenAI Codex) with the MCP server details or installing skills in the LLM's environment.
Review RequiredView Analysis
The system directly executes SQL queries and utilizes file paths (for both input and output) provided by the LLM or user. This design, while enabling powerful functionality, poses significant security risks. Specifically: 1. Arbitrary File Read/Write/Delete: The `source` and `export` parameters allow the tool to read from, write to, and remove arbitrary files on the local file system (e.g., `os.Remove` in export functions). An attacker (or a misbehaving LLM) could craft paths to sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/authorized_keys`) for exfiltration, modification, or deletion, assuming appropriate process permissions. 2. SQL Injection / Local File Exploits: Although SQL queries run against an embedded SQLite database, SQLite has capabilities for file I/O (e.g., `readfile`, `writefile` if extensions are loaded or custom functions are registered). A malicious SQL query could attempt to read or write local files. Additionally, providing connection strings for external databases (PostgreSQL, MySQL, MongoDB) directly from user/LLM input introduces a risk of exploiting vulnerabilities in those database systems or their drivers. 3. Resource Exhaustion: Processing large remote files from URLs or cloud storage (S3, GCS, Azure) specified by an attacker could lead to excessive disk/memory usage. It is critical to run this tool in a tightly sandboxed environment (e.g., a Docker container with restricted volume mounts, limited network access, and a non-privileged user) and only with trusted LLM inputs.
Updated: 2026-01-19GitHub
0
0
Medium Cost
odenizo icon

mcp-hq

by odenizo

Sec7

MCP server providing persistent code context, memory, and semantic search capabilities for AI development tools to enhance agent performance.

Setup Requirements

  • ⚠️Requires `CONTEXTSTREAM_API_KEY` or `CONTEXTSTREAM_JWT` for authentication (obtained from contextstream.io).
  • ⚠️Requires Node.js version 18+ and npm 10+ to run locally.
  • ⚠️Automated setup script `install-all.sh` recommends `jq` for seamless JSON configuration.
Verified SafeView Analysis
Secrets (API key/JWT) are managed via environment variables, not hardcoded. Installation scripts create backups before modifying configuration files. The core MCP server logic for `@contextstream/mcp-server` is an external NPM package, not directly auditable in this source code. Network access to `https://api.contextstream.io` is required for functionality.
Updated: 2026-01-06GitHub
0
0
Low Cost
vgunti1982 icon
Sec1

Provides log search capabilities, including regex-based keyword search and natural language semantic search, for local log files.

Setup Requirements

  • ⚠️Requires an internet connection for the initial download of the 'all-MiniLM-L6-v2' SentenceTransformer model for semantic search.
  • ⚠️Log files must be present in the configured LOG_DIRECTORY for the server to perform useful operations.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `read_resource` function, which calls `log_resource.tail_log`, is susceptible to path traversal. The `uri.replace("log:///", "")` sanitization is insufficient to prevent an attacker from using `../` sequences in the URI (e.g., `log:///../../../../etc/passwd`) to read arbitrary files outside the designated log directory. This allows unauthorized access to sensitive system files. Additionally, the `LogSearchTool` uses `re.compile` directly on user-provided regex patterns, which could potentially expose the server to a Regular Expression Denial of Service (ReDoS) attack, although this is less critical than the path traversal.
Updated: 2025-12-14GitHub
PreviousPage 375 of 713Next