Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
Samicostox icon

rapidchart-mcp

by Samicostox

Sec5

Facilitates the generation and management of AI-powered diagrams from code within the Cursor IDE by acting as a Model Context Protocol (MCP) server for RapidChart.

Setup Requirements

  • ⚠️Requires a `RAPIDCHART_API_TOKEN` which must be generated from rapidchart.com settings.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Diagram creation can experience 503 Service Unavailable timeouts due to Heroku's 30-second router limit for complex diagrams, even if the diagram is created successfully on the RapidChart backend. Users must manually verify diagram creation via `list_diagrams`.
Review RequiredView Analysis
The `httpx.AsyncClient` in `src/rapidchart_mcp/client.py` hardcodes `verify=False` for SSL certificate validation. While commented as 'For self-signed certs in dev', this disables crucial security checks for all API communication with the RapidChart API, making it vulnerable to Man-in-the-Middle (MITM) attacks if the `RAPIDCHART_API_URL` is compromised or untrusted. This setting is applied universally and cannot be configured or disabled for production use. No 'eval' or direct arbitrary code execution from user input was found. The API token is handled via environment variables, which is good practice.
Updated: 2026-01-17GitHub
0
0
Low Cost
nghialuong53 icon

vn-radio-mcp

by nghialuong53

Sec8

Simple MCP server and HTTP proxy for streaming Vietnamese radio to web clients, MCP-enabled applications, and robots.

Setup Requirements

  • ⚠️User must update `streamSrc` in `channels.json` with real and trusted radio stream URLs for functionality and security.
  • ⚠️Requires Node.js >= 18.
Verified SafeView Analysis
The server acts as an HTTP proxy, forwarding requests to `streamSrc` URLs defined in `channels.json`. While `channels.json` is a static, user-configured file, the user is responsible for ensuring these `streamSrc` URLs are trusted and valid to prevent potential Server-Side Request Forgery (SSRF) or other malicious data injection. No `eval`, code obfuscation, or hardcoded secrets were found in the provided source code snippets. The explicit instruction to replace placeholder URLs with trusted ones mitigates risk.
Updated: 2025-12-02GitHub
0
0
Low Cost
afaraha8403 icon

MCP-Scooter

by afaraha8403

Sec3

MCP Scout acts as a local-first management and gateway system for AI tools, designed to reduce context bloat and simplify configuration for AI agents interacting via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Go 1.24+, Node.js 18+, Rust (with rustup.rs), and Make to build and run from source.
  • ⚠️Default control server (6200) and MCP Gateway (6277) ports may conflict with other applications, requiring manual intervention or killing processes.
  • ⚠️The primary way to consume tools is via a registry that executes remote NPM packages using `npx -y`, posing a significant supply chain and arbitrary code execution risk if registry entries are malicious or compromised.
Review RequiredView Analysis
The project uses good practices for local network binding and credential storage (OS Keychain). However, a critical security vulnerability exists in its tool runtime configuration. The `runtime` definitions for tools (e.g., in `github.json`, `brave-search.json`) specify `"command": "npx", "args": ["-y", "@scope/package-name"]`. The `npx -y` command automatically installs and executes arbitrary npm packages without explicit user confirmation. This creates a severe supply chain risk where a malicious MCP tool definition, whether from a compromised 'community' registry or a locally injected definition, could lead to arbitrary code execution on the user's machine. While the `scooter_code_interpreter` uses a sandboxed JavaScript engine (`goja`), the `npx -y` mechanism bypasses this sandbox for external tool execution. Additionally, the `kill_process` Tauri command, while for a legitimate purpose (port conflict resolution), grants the UI the ability to terminate arbitrary processes by PID, which is a high-privilege action.
Updated: 2026-01-17GitHub
0
0
Low Cost
Mandapati-SuryanarayanaRaju icon

Sample-MCP-client-and-Server

by Mandapati-SuryanarayanaRaju

Sec9

A minimal example of an MCP (Model Context Protocol) server and client demonstrating basic tool exposure and invocation.

Setup Requirements

  • ⚠️Python 3.13+ required
  • ⚠️Requires `mcp` package (version >= 1.22.0)
  • ⚠️Requires `uv` executable in PATH for the client to launch the server via `StdioServerParameters`
Verified SafeView Analysis
The client uses `StdioServerParameters` to launch the server as a subprocess. In this sample, the command (`uv run hello.py`) is hardcoded and points to a known, benign local script, making it safe. However, in a real application, if `command` or `args` were derived from untrusted user input, it could lead to arbitrary code execution. No other significant security risks like hardcoded secrets, 'eval', or network vulnerabilities were found in the provided code.
Updated: 2025-12-02GitHub
0
0
Medium Cost
Akshay1018 icon

mcp-codedoc

by Akshay1018

Sec6

AI-powered tool for automated code documentation, quality auditing, refactoring, and security scanning within a local development environment.

Setup Requirements

  • ⚠️Requires Cursor or Claude Desktop IDE as the host environment.
  • ⚠️Installation requires `uvx` command-line tool.
  • ⚠️Relies on the integrated AI capabilities of Cursor/Claude for generating audits and refactored code.
Verified SafeView Analysis
The `generate_smart_doc` function can potentially read arbitrary local files if an absolute path is provided for `file_path`. The `refactor_and_optimize`, `evaluate_and_refactor`, and `predict_impact` functions, while employing aggressive path resolution, are primarily constrained to the project root. The `global_security_audit` function performs local regex-based scanning for secrets, which is safe. No `eval` or direct network exfiltration is observed. The server's file system interaction is inherent to its functionality as a local development agent, but the direct use of user-provided `file_path` without explicit `realpath` and path-in-root checks for reading presents a moderate risk if the calling AI/IDE does not sufficiently sanitize input.
Updated: 2026-01-18GitHub
0
0
Low Cost
miguelfradeflores icon

MCP-tool-lesson

by miguelfradeflores

Sec6

Provides detailed Pokemon data from PokeAPI to AI assistants and other MCP clients via various tools.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires active internet connection to access PokeAPI.
Review RequiredView Analysis
The `export_pokemon_to_csv` tool's `filename` parameter is vulnerable to path traversal if not properly sanitized or restricted. An attacker could potentially write files outside the intended directory by providing a manipulated `filename` (e.g., `../../malicious.csv`). No other critical vulnerabilities like `eval` or hardcoded secrets were found. Network requests are made to a public, well-known API.
Updated: 2025-11-20GitHub
0
0
Medium Cost
abhitatachar2000 icon

container-dockter

by abhitatachar2000

Sec1

This server provides a web interface to deploy and manage applications within Docker containers by interacting with the Docker daemon and Git repositories.

Setup Requirements

  • ⚠️Docker daemon must be running and accessible.
  • ⚠️Docker Compose must be installed.
  • ⚠️Requires Git client installed on the host.
Review RequiredView Analysis
The application is critically vulnerable to remote code execution. It uses `child_process.exec` extensively (via `src/lib/docker.js`) to execute Docker commands, and it passes unsanitized user inputs (e.g., `repoUrl`, `appName`, `envVars`, `buildArgs`, `port`) directly from API requests (e.g., `/api/apps/deploy`) into these `exec` calls. This allows attackers to inject arbitrary shell commands. For example, by crafting a malicious `appName` or `envVars` payload, an attacker can execute commands on the host system where the 'container-dockter' server is running. No input validation or sanitization is evident in the provided code snippets before these dangerous operations.
Updated: 2025-12-06GitHub
0
0
Low Cost
sharmaratnesh icon

first_mcp_server

by sharmaratnesh

Sec8

This server provides a multi-purpose HTTP endpoint to route requests to specific handlers (e.g., math operations, employee data retrieval) based on the incoming JSON payload.

Setup Requirements

  • ⚠️The 'employee_details.csv' file must be present at the repository root for the employee handler to function correctly.
Verified SafeView Analysis
The server generally handles inputs safely. Numbers are cast to float, and CSV parsing normalizes values. No 'eval' or similar dangerous functions are used. Pathing for the 'employee_details.csv' is hardcoded relative to the script, not user-controlled. Generic 'Exception' catching returning 'str(e)' could potentially expose minor internal details, but is not a critical vulnerability.
Updated: 2025-11-28GitHub
0
0
Low Cost
frkr icon

ubuntu-mcp

by frkr

Sec2

Execute shell commands within a Dockerized Ubuntu environment via HTTP API or MCP stdio.

Setup Requirements

  • ⚠️Requires Docker (recommended for setup and running)
  • ⚠️For Apple Silicon/ARM users, `--platform linux/amd64` is pinned, which might require specific Docker configurations or impact native performance.
Review RequiredView Analysis
The `/api/exec` endpoint directly executes arbitrary shell commands using `subprocess.run` with `shell=True`, making it highly vulnerable to command injection if exposed to untrusted input or networks. While the README warns against this and suggests running in a disposable container with a non-root user, the core functionality allows any shell command sent by the client, which is a critical security risk.
Updated: 2025-12-01GitHub
0
0
High Cost
subramanya1997 icon

agentic-trust

by subramanya1997

Sec2

A unified platform for deploying, authenticating, monitoring, and managing production AI agents within an enterprise environment.

Setup Requirements

  • ⚠️Requires Node.js 18.0 or higher.
  • ⚠️Requires a configured Sanity.io project with specific schemas and corresponding environment variables (`NEXT_PUBLIC_SANITY_PROJECT_ID`, `NEXT_PUBLIC_SANITY_DATASET`, `SANITY_API_TOKEN`).
  • ⚠️The blog newsletter subscription form uses a hardcoded Google Form URL. Customizing this functionality would require manually identifying the form's entry ID for a different form.
Review RequiredView Analysis
Critical vulnerabilities identified: 1. Webhook Revalidation (src/app/api/sanity/revalidate/route.ts): The `isValidSignature` function implements a simplified signature verification that merely compares the received signature header with the `SANITY_WEBHOOK_SECRET`. This is NOT proper HMAC verification. If the `SANITY_WEBHOOK_SECRET` is compromised, an attacker can easily forge requests to trigger cache revalidation for arbitrary paths, potentially leading to denial-of-service (DDoS) on the cache or presentation of stale/incorrect content. 2. Unauthenticated Image Generation API (src/app/api/generate-blog-cover/route.tsx): This API endpoint is completely unauthenticated and unvalidated. Any unauthenticated user can send a POST request to this endpoint with a `title`, `category`, `authors`, and optionally a `postId`. This allows attackers to: - Consume server resources by repeatedly triggering image generation. - Upload arbitrary images to the Sanity project's asset storage. - If a valid `postId` is provided, an attacker could attach any generated image as the `coverImage` for an existing blog post, leading to content defacement or injection. This is a severe vulnerability for content integrity and resource abuse. Sensitive environment variables (`SANITY_API_TOKEN`, `SANITY_WEBHOOK_SECRET`) are correctly referenced via `process.env` but their secure handling and protection in deployment are paramount given the identified vulnerabilities.
Updated: 2025-12-10GitHub
0
0
Low Cost
frekkanzer2 icon

kompass

by frekkanzer2

Sec8

This project acts as a Minecraft Protocol (MCP) server or proxy, handling client connections and potentially providing web-based statistics and management.

Setup Requirements

  • ⚠️Requires Node.js runtime
  • ⚠️Requires an available network port (default 25565)
Verified SafeView Analysis
No 'eval' or obfuscation found. The web server serves static files from a 'public' directory, which appears to be path-constrained, mitigating simple path traversal. The core server handles raw Minecraft protocol packets, which always requires careful validation to prevent malformed data exploits; no obvious flaws detected in the provided snippets. No hardcoded secrets were identified.
Updated: 2025-12-04GitHub
0
0
Low Cost
tokenring-ai icon

mcp

by tokenring-ai

Sec3

Client-side plugin for TokenRing agents to connect with Model Context Protocol (MCP) servers and register their external tools.

Setup Requirements

  • ⚠️Requires a running TokenRingApp instance to operate as a plugin or for manual usage.
  • ⚠️Requires an external MCP server (via stdio, SSE, or HTTP) to connect to, as this package is a client.
  • ⚠️Configuration for transports must strictly adhere to Zod schemas, particularly specifying 'command' for 'stdio' or 'url' for 'sse'/'http' transports.
Review RequiredView Analysis
The `stdio` transport type allows arbitrary command execution via the `command` field in the configuration. If the application's configuration (specifically `mcp.transports[name].command`) can be sourced from or influenced by untrusted input, it poses a severe arbitrary code execution vulnerability. The `sse` and `http` transports also allow configurable URLs. If these URLs can be set by an untrusted source, it could lead to Server-Side Request Forgery (SSRF) or data exfiltration. Robust external validation of all configuration inputs is critical.
Updated: 2026-01-13GitHub
PreviousPage 383 of 713Next