Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
conda-forge icon
Sec9

Provides a Managed Compute Platform (MCP) server for integrating with the Langsmith SDK.

Setup Requirements

  • ⚠️Requires Python 3.x (specific minor version derived from 'python_min' in recipe)
  • ⚠️Intended for installation via Conda or Mamba
Verified SafeView Analysis
The provided source code primarily consists of build recipes and CI/CD configurations. No 'eval' statements, obfuscation, or hardcoded secrets were found within these configuration and build scripts. The `build-locally.py` script uses `subprocess.check_call` to execute other build scripts, which is standard for such tools. However, the core Python server application logic (`langsmith_mcp_server.server:main`) is not available for a full security audit.
Updated: 2025-11-22GitHub
0
0
Medium Cost
plantoncloud-inc icon

mcp-server-planton

by plantoncloud-inc

Sec8

The Planton Cloud MCP Server enables AI agents to query, create, update, and delete cloud resources using user-scoped permissions via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Planton Cloud API Key, obtained from the Planton Cloud Console, which is a critical setup step for all operations.
  • ⚠️Specific Go version requirements (Go 1.24.7 in `go.mod`, Go 1.25 for Docker builds/CI/CD) and nuances with `go mod tidy` can be a friction point for local development environments.
  • ⚠️Requires a compatible MCP client (e.g., Cursor, Claude Desktop, LangGraph) for interaction; it doesn't offer a direct web UI or basic CLI for general users to interact with its tools.
Verified SafeView Analysis
The server employs a 'passthrough' security model for HTTP transport: user API keys from the Authorization header are extracted and forwarded to Planton Cloud APIs for authentication and fine-grained authorization (FGA), rather than being validated locally. This offloads robust validation to the backend. The `PLANTON_API_KEY` is handled securely via environment variables or request headers and is not hardcoded. A global state workaround is used for API key context propagation in tool handlers due to `mcp-go` library limitations, which could introduce theoretical race conditions in high-concurrency (non-SSE typical) scenarios. The project has a defined security reporting process.
Updated: 2025-12-14GitHub
0
0
Medium Cost
heejung0 icon
Sec4

This server exposes the Dissect digital forensics library as a Model Context Protocol (MCP) server, enabling MCP clients to extract and analyze various artifacts from disk images (E01, RAW, VMDK, etc.).

Setup Requirements

  • ⚠️Requires installation of Dissect binaries (`target-query`, `rdump`, `target-fs`, `acquire`) and their correct paths specified via environment variables (`DISSECT_TARGET_QUERY`, etc.).
  • ⚠️Processing large disk images requires significant local storage and computational resources.
  • ⚠️Output directories (`DISSECT_ACQUIRE_DIR`, `DISSECT_EXTRACT_DIR`) must have appropriate write permissions and sufficient space.
Review RequiredView Analysis
The server executes external binaries (`target-query`, `rdump`, `target-fs`, `acquire`) via `subprocess.run` with user-controlled arguments like `image_path`, `plugin`, `search`, `fs_path`, `username`, `profile`, and `output_type`. While `subprocess.run` with a list of arguments (`List[str]`) typically prevents direct shell injection, it does not mitigate application-level injection if the `dissect` binaries themselves interpret specially crafted arguments as commands or options. A significant risk is the ability to specify an `output_dir` in `extract_file_or_directory` and `acquire_minimal_artifacts`. Without robust path sanitization (e.g., preventing `../../../` traversal), a malicious client could potentially instruct the server to write or extract files to arbitrary locations on the host system, leading to privilege escalation, data destruction, or denial of service. The security posture is highly dependent on the robustness of the underlying `dissect` tools against malicious input passed as arguments.
Updated: 2025-12-13GitHub
0
0
High Cost
irab icon

orgbrain

by irab

Sec6

Provides a Model Context Protocol (MCP) server for knowledge extraction and cross-repository analysis within multi-repository organizations.

Setup Requirements

  • ⚠️Requires Node.js 18+ and pnpm.
  • ⚠️Requires GitHub CLI (`gh`) to be installed and authenticated for `connect_org` functionality (`gh auth login`).
  • ⚠️Relies on `git` and `gh` executables being in the system's PATH.
  • ⚠️Tree-sitter parsers for Rust, Go, Python require native modules, which are expected to be available.
Verified SafeView Analysis
The system involves cloning repositories and executing `git` commands, which inherently carries risks if interacting with untrusted code. The `GitManager` explicitly sets `GIT_SSH_COMMAND: "ssh -o BatchMode=yes -o StrictHostKeyChecking=no"`. Disabling `StrictHostKeyChecking` bypasses host key verification for SSH connections, making the cloning process vulnerable to Man-in-the-Middle (MITM) attacks if the git remote server is compromised or impersonated. While this prevents interactive prompts and might be acceptable in tightly controlled environments (e.g., trusted CI/CD against a trusted GitHub instance), it is a significant security consideration for a general-purpose tool.
Updated: 2026-01-08GitHub
0
0
Low Cost
shobhit743 icon
Sec9

Manages personal financial expenses by allowing users to add, list, and summarize expenditures with categorization via an API.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
Verified SafeView Analysis
The server uses parameterized SQL queries via aiosqlite, which effectively mitigates SQL injection vulnerabilities. No 'eval', 'exec', or other obvious dangerous patterns were found. A broad 'try...except' block in 'add_expense' could mask specific errors but does not pose a direct security risk.
Updated: 2025-12-13GitHub
0
0
Medium Cost
d01ki icon

Pentest-mcp

by d01ki

Sec8

Unified penetration testing toolkit for authorized systems, integrated with Claude Desktop.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for LLM agent functionality.
  • ⚠️Docker is required for the recommended easy setup and server isolation.
  • ⚠️Nmap must be installed on the host system (or within the Docker container for the unified server).
Verified SafeView Analysis
The server implements robust command sanitization (using `shlex.quote` and dangerous character checks), human-in-the-loop approval for destructive operations, and masking of sensitive data in logs. It explicitly warns users against unauthorized use and emphasizes Docker isolation for security. The core functionality involves inherently risky penetration testing actions (e.g., SSH brute force, SQL injection tests), so proper authorization and strict ethical considerations are paramount for the user to avoid misuse. The Playwright integration also introduces potential browser-based risks if not used carefully.
Updated: 2026-01-19GitHub
0
0
Low Cost
cs224 icon
Sec10

A sample server demonstrating the Model Context Protocol (MCP) for integrating custom data and tools with ChatGPT's Developer Mode.

Setup Requirements

  • ⚠️Requires ChatGPT Pro subscription with Developer Mode enabled.
  • ⚠️Requires ngrok (or similar tunneling service) to expose the local server to the internet.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️This server is designed for testing and explicitly does not implement authentication, making it unsuitable for production use.
Verified SafeView Analysis
The server is a 'toy' example explicitly for testing purposes. It does not contain `eval`, `exec`, or other dynamic code execution risks. No hardcoded secrets were found. It is designed to be run locally and exposed via ngrok; however, it explicitly notes 'No authentication' making it unsuitable for production, but safe for its stated test use. The data returned is hardcoded and non-sensitive.
Updated: 2025-12-02GitHub
0
0
Medium Cost
halbares icon

mcp-obsidian

by halbares

Sec8

Enables AI agents to directly interact (read, search, write) with an Obsidian knowledge vault.

Setup Requirements

  • ⚠️Requires `ripgrep` (rg) system dependency for optimal search performance.
  • ⚠️Crucially requires the `OBSIDIAN_VAULT_PATH` environment variable to be set to an existing Obsidian vault directory.
  • ⚠️A hardcoded fallback path (`/home/pablo/Baul_Obsidian`) for `OBSIDIAN_VAULT_PATH` exists in `src/server.py` if the environment variable is not set or valid, which will likely not work for other users.
  • ⚠️Requires Python 3.12 or higher.
Verified SafeView Analysis
The `_safe_path` method is implemented to prevent directory traversal attacks by resolving paths and ensuring they remain within the vault. `subprocess` is used to execute `ripgrep` for search functionality; this is a controlled call to an external, well-defined CLI tool, with `--json` output for safer parsing and arguments passed directly (not via shell), mitigating injection risks. No `eval`, hardcoded sensitive secrets, or obvious network risks beyond local file system access are present. A hardcoded fallback path for `OBSIDIAN_VAULT_PATH` is present in `server.py`, but it's a configuration detail, not a security flaw.
Updated: 2026-01-16GitHub
0
0
Medium Cost
peskaf icon

edupage-mcp

by peskaf

Sec8

Serves as an MCP (Multi-Channel Platform) backend server for the EduPage service.

Setup Requirements

  • ⚠️Requires Python 3.13.0 or higher.
  • ⚠️Requires 'uv' package manager for environment setup.
Verified SafeView Analysis
Based on the provided truncated source, no 'eval' calls, obfuscation, hardcoded secrets, or obvious malicious patterns are present. The project relies on the 'fastmcp' dependency, whose security posture is not ascertainable from this snippet alone. As a server, it inherently faces network-based security risks, which are not mitigated or exacerbated by the provided code.
Updated: 2025-11-29GitHub
0
0
Low Cost
Scarmonit icon

rag-mcp-server

by Scarmonit

Sec7

Provides semantic document search and management capabilities as a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Python >= 3.10.
  • ⚠️ChromaDB and ONNX embedding models require local disk space (downloads on first use).
  • ⚠️Needs specific MCP client configuration (e.g., Claude Desktop JSON config).
Verified SafeView Analysis
The `ingest_file` tool allows reading arbitrary local files based on a user-provided path. While `path.resolve()` helps prevent simple path traversal, it does not prevent access to any file the server process has read permissions for (e.g., `/etc/passwd`). The `ingest_url` tool allows fetching content from arbitrary URLs, which could be exploited for Server-Side Request Forgery (SSRF) if the server is deployed in a sensitive network. There are no obvious hardcoded secrets, obfuscation, or direct use of `eval` or `exec`. The risks are primarily due to the nature of the ingestion tools if the server is exposed or run with excessive permissions.
Updated: 2025-12-02GitHub
0
0
High Cost
archetana icon

pysr-mcp-server

by archetana

Sec6

Discovering interpretable mathematical equations from data using symbolic regression for scientific discovery, feature engineering, and data modeling.

Setup Requirements

  • ⚠️Requires Julia backend installation (5-10 minutes) for PySR to function, which is a significant initial setup step.
  • ⚠️Requires Python and specific libraries: `pysr`, `numpy`, `pandas`, (potentially `matplotlib`, `seaborn`, `sympy`, `psutil` based on dependencies in READMEs).
  • ⚠️Relies on temporary files for data exchange between Node.js and Python, which might require appropriate file system permissions and sufficient disk space in `/tmp` or the configured `workDir`.
Verified SafeView Analysis
The server uses Python's `pickle` module for saving and loading PySR models. `pickle` is known to be insecure against maliciously constructed data, which could lead to arbitrary code execution if a loaded model file is untrusted or tampered with. While the server generates these files internally, a compromised file system could exploit this. The Node.js wrapper utilizes `child_process.spawn` to execute Python scripts, but input sanitization and path management appear to be handled carefully by internal logic, reducing direct command injection risk. For other components in the repository (like `app_server.py`, which is not the MCP server itself), a hardcoded fallback `SECRET_KEY` poses a critical vulnerability if deployed in production without modification.
Updated: 2025-11-25GitHub
0
0
Low Cost

mcp-marketplace

by saraivabr

Sec9

A marketplace and API gateway for Model Context Protocol (MCP) servers, enabling discovery, installation, and management of AI application capabilities.

Setup Requirements

  • ⚠️Requires Node.js 18+ for development and production.
  • ⚠️Requires PostgreSQL 16 as the primary database.
  • ⚠️Requires Redis 7 (optional but highly recommended for distributed rate limiting and session management in production).
  • ⚠️Full feature set (e.g., publisher authentication) requires GitHub OAuth App credentials (client ID and secret).
  • ⚠️Email notifications depend on an external service (e.g., Resend) with a configured API key and 'FROM_EMAIL'.
  • ⚠️Analytics and error tracking require API keys for PostHog and Sentry, respectively.
Verified SafeView Analysis
The application demonstrates high security awareness, utilizing bcryptjs for password hashing, JWT for authentication, and retrieving all sensitive credentials from environment variables. The middleware applies comprehensive security headers (CSP, XSS, Frame Options, Referrer Policy, Permissions Policy, CORS) and implements rate limiting per IP and endpoint. The core MCP message router currently returns mock responses, which inherently limits direct execution risks. Future plans for hosted MCPs detail robust sandboxing, resource limits, and container isolation, indicating a strong commitment to security for dynamic execution. Minor deduction for the current design choice of allowing unauthenticated access for 'public servers' in the MCP gateway, although it's within expected design parameters for an open marketplace and not a direct vulnerability in the current mock implementation.
Updated: 2025-11-27GitHub
PreviousPage 378 of 713Next