Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
tk-logl icon
Sec9

Provides a unified, multi-tenant gateway for Model Context Protocol (MCP) servers, enabling orchestration and access control for various integrated services.

Setup Requirements

  • ⚠️Requires a full stack setup including Node.js (>=18), PostgreSQL (>=14), and Redis (>=6). Deployment scripts are provided for Oracle Cloud Ubuntu 24.04 ARM.
  • ⚠️Extensive manual configuration is required for external service integrations (e.g., Google Calendar, Slack, Zoho, Obsidian, n8n) including OAuth flows, API key generation, and sometimes installing specific plugins (e.g., Obsidian Local REST API).
  • ⚠️Integrating with KIPRIS (Korean Patent Office) via 'kipris-enhanced' MCP requires applying for a KIPRIS Plus API Key from data.go.kr, which can take 1-2 days for approval.
Verified SafeView Analysis
The project implements robust security features including JWT and API Key authentication, AES-256-GCM encryption for API credentials at rest, Redis-backed rate limiting, Zod for input validation, and comprehensive RBAC. Standard Express security middlewares (Helmet, CORS) are used. Audit logging is in place. The main potential risk lies in not replacing default/example secret values (e.g., JWT_SECRET, ENCRYPTION_KEY, database/Redis passwords) with strong, unique values in production environments, as explicitly warned in documentation and setup scripts. No 'eval' or direct obfuscation found.
Updated: 2025-11-24GitHub
0
0
Low Cost
daner-itz icon
Sec3

A production-ready automation platform integrating n8n with AI services (Ollama, Qdrant), databases (PostgreSQL, RedisStack), and Model Context Protocol (MCP) servers for enhanced Claude Code interaction.

Setup Requirements

  • ⚠️Docker and Docker Compose are required.
  • ⚠️Manual import and activation of n8n workflows and creation of n8n credentials for MCP servers are required after `docker-compose up`.
  • ⚠️The hardcoded bearer tokens provided in the setup instructions are a severe security risk and *must* be replaced with unique, user-generated API keys.
Review RequiredView Analysis
The setup script `setup-mcp-workflows.sh` and the guide `MCP_SETUP_GUIDE.md` explicitly embed hardcoded bearer tokens for the MCP credentials. If users follow these instructions, their n8n instance will be configured with globally known, shared authentication tokens for its MCP webhooks. This is a critical vulnerability, allowing anyone with these tokens to interact with the MCP server endpoints on any such instance, bypassing proper authentication. Users *must* generate and use their own unique N8N API keys/bearer tokens for these credentials instead of the ones provided in the guide. Additionally, multiple services (n8n, pgadmin, ollama, openwebui, searxng, postgres, redis, qdrant) are exposed on host ports, requiring careful network security considerations if exposed beyond localhost. The n8n code nodes can execute arbitrary JavaScript, posing a risk if not carefully managed when extending functionality, especially in response to AI agent requests.
Updated: 2026-01-19GitHub
0
0
Medium Cost
sd2k icon
Sec8

Automates token usage analysis for Model Context Protocol (MCP) servers within GitHub CI/CD workflows, providing cost and complexity insights.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (paid service) if `anthropic` token counting provider is desired for accurate token counts.
  • ⚠️Requires `GITHUB_TOKEN` with `pull-requests: write` permission for posting PR comments.
  • ⚠️The MCP server specified by the `command` input must be runnable and correctly built within the GitHub Actions runner environment.
Verified SafeView Analysis
The `install.sh` script uses `curl ... | sh` to install the underlying `mcp-tokens` CLI, which can be a security risk as it executes a script directly without prior review. This is mitigated by pinning versions and implicitly trusting the `sd2k/mcp-tokens` repository. The action's core functionality involves executing a user-provided `command` within the CI environment, which is an expected feature but means the user is responsible for the security of the command they provide. No hardcoded secrets or direct `eval` calls were found within the action's scripts. GitHub API calls for comments are securely authenticated via `GITHUB_TOKEN`.
Updated: 2026-01-06GitHub
0
0
Medium Cost
MaxOstrowski icon

clockodo-mcp

by MaxOstrowski

Sec9

This server integrates with the Clockodo time tracking API to manage and automate tasks related to time entries, users, projects, and other workforce management data.

Setup Requirements

  • ⚠️Requires `CLOCKODO_API_USER`, `CLOCKODO_API_KEY`, and `CLOCKODO_EXTERNAL_APP` environment variables to be set (typically via a .env file).
  • ⚠️Requires Python 3.13 or newer.
Verified SafeView Analysis
The server uses environment variables (CLOCKODO_API_USER, CLOCKODO_API_KEY, CLOCKODO_EXTERNAL_APP) for API credentials, which is a good practice to avoid hardcoding sensitive information. It leverages the `requests` library to interact with a specific, known external API (`https://my.clockodo.com/api`). No 'eval', code obfuscation, or other immediately obvious malicious patterns were found in the provided source code snippets. All network communication appears to be directed to the Clockodo API.
Updated: 2026-01-12GitHub
0
0
Medium Cost
kanekitakitos icon

pentest-mcp-server

by kanekitakitos

Sec1

Provides a server to bridge AI assistants with Kali Linux penetration testing tools via Docker's MCP protocol for authorized security assessments.

Setup Requirements

  • ⚠️Requires Docker installed and running
  • ⚠️Requires at least 4GB of RAM allocated to Docker
  • ⚠️Running the container requires the --privileged flag, posing a significant security risk to the host system.
Review RequiredView Analysis
The server uses `subprocess.run(cmd, shell=True)` for executing commands. Many exposed tools (`sqlmap_test`, `wpscan_scan`, `dirb_scan`, `searchsploit_search`, `whatweb_scan`, `gobuster_dir`, `wafw00f_detect`) use user-supplied string inputs directly within f-strings without proper sanitization or escaping, leading to severe command injection vulnerabilities. The `sanitize_target` function used by other tools (`nmap_scan`, `nikto_scan`, `masscan_fast`) is insufficient to prevent injection in a `shell=True` context, and the `ALLOWED_TARGET_PATTERN` regex is defined but never used for validation. Furthermore, the installation explicitly requires running the Docker container with `--privileged` mode, which grants extensive capabilities to the container and critically reduces isolation, making a compromise of the vulnerable server a direct threat to the host system. There are no apparent authentication or authorization mechanisms, meaning anyone who can connect to the server's port can execute these powerful tools.
Updated: 2025-11-22GitHub
0
0
Low Cost
dvvbk icon

bdl-mcp-ts

by dvvbk

Sec9

Exposes the Polish Central Statistical Office (GUS) Local Data Bank API as Model Context Protocol (MCP) tools, enabling AI assistants to query statistical data.

Setup Requirements

  • ⚠️Requires a Cloudflare account and Wrangler CLI for deployment and development.
  • ⚠️Requires Node.js 18+.
  • ⚠️Relies on the external Bank Danych Lokalnych (BDL) API for all data, which must be accessible.
Verified SafeView Analysis
The server demonstrates good security practices for an API gateway. It uses Zod for robust input validation, preventing malformed requests and potential injection. Environment variables (BDL_API_BASE_URL, DEFAULT_LANGUAGE) are properly configured via Cloudflare Workers environment, avoiding hardcoded secrets. The use of `crypto.randomUUID()` for session IDs is secure. CORS is set to allow all origins (`*`), which is acceptable for a public API but should be noted. No 'eval' or other directly dangerous patterns were found. Relies on the security of the upstream BDL API.
Updated: 2026-01-19GitHub
0
0
High Cost
dbrown725 icon
Sec3

Spring Boot server demonstrating AI capabilities, RAG, image processing, and human resources data management as a learning tool.

Setup Requirements

  • ⚠️Requires multiple third-party API keys (Brave Search, Gemini, Groq, OpenRouter), some potentially paid.
  • ⚠️Extensive setup for Google Cloud Platform (GCP) including project ID, Storage Bucket, and Application Default Credentials (ADC) for Vertex AI and GCS.
  • ⚠️Manual installation and configuration of Elasticsearch, Kibana, and data ingestion (CSV to index) is required, along with Docker for Prometheus and Grafana.
Verified SafeView Analysis
The README explicitly states, 'Do not use it as a template for a Production application. Giving your LLM access to create, update and delete database rows is probably not a good idea.' This indicates a critical architectural security flaw for production use cases involving sensitive HR data. Additionally, the default Grafana admin password ('mysecretpassword') in `compose.yml` and the lack of security enabled for Elasticsearch (`ES_API_KEY: " "`) pose immediate security risks in any deployed environment. Direct LLM access to database CRUD operations on HR data is highly risky.
Updated: 2026-01-01GitHub
0
0
Medium Cost
Sec8

Converts natural language QA scenarios into fully automated test execution across UI, API, and Database layers, leveraging AI for scenario parsing and execution.

Setup Requirements

  • ⚠️Requires Node.js 17+ and Playwright 1.48+ for local environment setup.
  • ⚠️Requires an LLM API Key (e.g., OpenAI, Anthropic) for scenario parsing, which may be a paid service.
Verified SafeView Analysis
The server interacts with external LLM providers (OpenAI, Anthropic) which implies sending test scenario data for processing. This carries a data privacy consideration depending on the sensitivity of the test data. The server also executes browser automation, API calls, and database operations which, if given malicious or poorly crafted instructions (via LLM), could potentially interact with unintended systems or data. However, it parses natural language into structured steps, providing a layer of control over direct arbitrary execution.
Updated: 2025-11-20GitHub
0
0
Medium Cost
alacambra icon
Sec9

Provides Claude with scoped file system access and Git operations within a specific directory of a Git repository, ensuring path traversal protection.

Setup Requirements

  • ⚠️Requires `MCP_SCOPED_REPO_PATH` environment variable to be set.
  • ⚠️Requires Node.js runtime (>=18.0.0).
  • ⚠️Requires `git` command-line tool to be installed and available in the server's execution environment for Git operations.
Verified SafeView Analysis
The server implements robust path validation using `path.resolve` and `path.normalize` to prevent path traversal attacks, explicitly checking if resolved paths remain within the configured `basePath`. File system operations use `fs/promises`. Git commands are executed via `child_process.execFile` which is safer than `exec` as it avoids shell interpretation of arguments, with `cwd` explicitly set to the `repoRoot`. Delete operations are intentionally omitted. No 'eval' or other dynamic code execution is apparent. No hardcoded secrets were found. The server communicates via standard I/O (StdioServerTransport) which typically implies local process communication rather than exposing network ports by default, reducing external attack surface.
Updated: 2025-11-28GitHub
0
0
Medium Cost
fwextensions icon

datasf-mcp

by fwextensions

Sec9

Provides LLMs with seamless access to San Francisco's open data portal (DataSF), enabling dataset search, schema retrieval, and SoQL querying.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Optional Socrata App Token (free registration required) for higher API rate limits.
Verified SafeView Analysis
The server uses environment variables for sensitive API tokens (SOCRATA_APP_TOKEN), implements robust input validation using Zod, and includes comprehensive error handling for external API calls, covering network issues, timeouts, and rate limits. No 'eval' or obfuscation found. External network calls are made via axios with a 30-second timeout. Overall, the security practices are sound for an API integration.
Updated: 2025-12-11GitHub
0
0
High Cost
RafaPan04 icon

mcp-server

by RafaPan04

Sec1

This server provides a Model Context Protocol (MCP) interface to a PostgreSQL database, allowing clients (e.g., AI models) to query the database and retrieve table schemas via defined tools.

Setup Requirements

  • ⚠️Requires a running PostgreSQL database instance.
  • ⚠️Requires environment variables for database connection (DATABASE_URL or POSTGRES_USER, POSTGRES_HOST, POSTGRES_DB, POSTGRES_PASSWORD) and server port (PORT).
Review RequiredView Analysis
CRITICAL SQL INJECTION VULNERABILITY: The `query_database` tool directly executes the `args.query` parameter (`pool.query(args.query)` in `src/tools/queryDatabase.ts`) without any sanitization or parameterization. This allows an attacker to inject arbitrary SQL commands, potentially leading to data exfiltration, modification, deletion, or even remote code execution depending on database configuration. This is a severe vulnerability making the server unsafe to run with untrusted input. No hardcoded secrets were found as database configuration uses environment variables.
Updated: 2026-01-18GitHub
0
0
High Cost
eic icon
Sec2

The server enables LLMs to interact with XRootD file systems for scientific data access, management, and ROOT file analysis, particularly for the Electron-Ion Collider (EIC) project data.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires XRootD client tools (xrdfs, xrdcp) to be installed and accessible in the system's PATH.
  • ⚠️Requires access to an XRootD server for functionality. ROOT file analysis involves reading entire files into memory, which may cause memory pressure for very large files (>1GB).
Review RequiredView Analysis
CRITICAL: The server is highly vulnerable to command injection. User-provided `path` arguments (and other string arguments used in shell commands) are directly interpolated into `execAsync` calls for `xrdfs` and `xrdcp` without proper shell escaping. This allows a malicious user or LLM to inject arbitrary shell commands (e.g., `list_directory({ path: ".; rm -rf /" })`) that will be executed on the host machine where the MCP server is running. While there is path traversal protection (preventing `../`), this does not mitigate command injection within valid path segments. No hardcoded secrets were found.
Updated: 2026-01-19GitHub
PreviousPage 381 of 713Next