Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
dapapkung icon

mongo-ts-mcp

by dapapkung

Sec8

Integrate MongoDB operations with AI assistants via the Model Context Protocol (MCP) to enable natural language interaction for data querying, aggregation, and analysis.

Setup Requirements

  • ⚠️Requires Claude Desktop for AI integration.
  • ⚠️Manual configuration of `config.json` with MongoDB connection details (including sensitive information like URIs and credentials).
  • ⚠️Requires `chmod +x start-mcp.sh` for Linux/macOS/WSL users to use the recommended startup script for Claude Desktop.
Verified SafeView Analysis
The server uses `JSON.parse` for filters, pipelines, and documents provided by the AI agent. While standard for MongoDB interaction, this relies on the Model Context Protocol (MCP) SDK and the AI agent to prevent malicious or malformed input. Credentials can be configured using environment variables via placeholders in `config.json`, which is a good security practice. No `eval` or obvious obfuscation found. The server communicates via stdio, limiting network attack surface. Connection options include `serverSelectionTimeoutMS`, `connectTimeoutMS`, `maxPoolSize`, `minPoolSize`, and `maxIdleTimeMS` for robustness.
Updated: 2025-11-27GitHub
0
0
Medium Cost
Stellarhold170NT icon

news-mcp-server

by Stellarhold170NT

Sec7

Enables AI agents to interact with VnExpress for news search, latest headlines, and article content extraction.

Setup Requirements

  • ⚠️Requires manual addition of a JSON configuration snippet to the Claude Desktop config file.
Verified SafeView Analysis
The `news_reader` tool allows fetching content from any URL provided as input, validated only as a general URL via `z.string().url()`. While the tool is intended for VnExpress articles, there is no explicit domain validation in the code. This lack of domain restriction could theoretically lead to Server-Side Request Forgery (SSRF) if a malicious actor or a misconfigured AI agent provides an arbitrary internal or external URL, potentially exposing internal network resources or other services. No 'eval' or obvious malicious patterns were found. Hardcoded secrets are not present. Network risks are inherent to web scraping, but generally handled by direct requests.
Updated: 2025-12-14GitHub
0
0
High Cost
tommy0200 icon
Sec1

Generate beautiful code screenshots with syntax highlighting and themes from provided code, files, or git diffs.

Setup Requirements

  • ⚠️Requires Playwright to download and install browser binaries (Chromium), which can be a large download and may require network access.
  • ⚠️Requires the 'git' command-line tool to be installed and accessible in the system's PATH for 'screenshot_git_diff' functionality.
  • ⚠️Node.js version 18.0.0 or higher is required.
Review RequiredView Analysis
CRITICAL security risks identified. The server allows reading arbitrary files from the file system (via `screenshot_from_file` and `batch_screenshot` tools) and executing shell commands (via `screenshot_git_diff` tool) based on user-provided file paths. This can lead to severe information disclosure (e.g., reading sensitive system files like `/etc/passwd` or SSH keys) and potential arbitrary code execution via shell injection in the `git diff` command, even with basic quoting. Running this server with untrusted input (such as from an LLM that might be prompted maliciously) is highly dangerous and could compromise the host system.
Updated: 2026-01-19GitHub
0
0
Low Cost
roland-zhou icon
Sec10

A minimal, local server demonstrating integration between the Minecraft Client Protocol (MCP) and ChatGPT for development or testing purposes.

Setup Requirements

  • ⚠️Requires an OpenAI API Key for ChatGPT integration.
Verified SafeView Analysis
Only README.md was provided as source code. No executable code was available for security analysis. Based solely on the provided README content, no explicit security risks such as 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns were identified.
Updated: 2025-12-06GitHub
0
0
High Cost
apostoloss icon
Sec8

Minimal Model Context Protocol (MCP) server exposing Elastic Cloud billing/usage data for LLM tooling to enable cost tracking and stale environment cleanup.

Setup Requirements

  • ⚠️Requires the `uv` package manager for dependency resolution as specified in `mcp.json`.
  • ⚠️Requires at least one `.env.<account_name>` file (e.g., `.env.dev`) in the 'accounts' directory, containing the `ELASTIC_API_KEY`.
  • ⚠️The `requirement.txt` file is not provided, relying on `pyproject.toml` and `uv` for dependency management.
Verified SafeView Analysis
The server securely handles Elastic Cloud API keys by loading them from dedicated `.env` files in a configurable 'accounts' directory, rather than hardcoding. It uses `httpx` for API requests, a modern and secure HTTP client. No `eval`, `exec`, or direct command execution vulnerabilities are apparent. The server is explicitly designed for read-only operations on billing and deployment data, minimizing risks of unintended resource modification. The primary security consideration is ensuring the `.env` files containing API keys are protected on the host system.
Updated: 2026-01-19GitHub
0
0
Medium Cost
bioanywhere icon

pepe-mujica

by bioanywhere

Sec8

This server connects an AI assistant to GitLab, enabling natural language interaction for managing merge requests, pipelines, tests, and discussions.

Setup Requirements

  • ⚠️Requires `uv` for Python dependency management, which might be unfamiliar to some users.
  • ⚠️Requires a GitLab Access Token; while `read_api` scope is suggested, using interactive tools (replying, creating comments, resolving discussions) will necessitate an `api` scope, requiring broader permissions.
  • ⚠️Requires manual configuration of `gitlab-mcp.env` and `.cursor/mcp.json` files.
Verified SafeView Analysis
The server loads sensitive GitLab API tokens via environment variables, which is a good practice to avoid hardcoding. However, the user must ensure these tokens (especially `GITLAB_ACCESS_TOKEN`) are kept confidential. The README suggests a `read_api` token scope, but the server includes tools for replying to discussions, creating comments, and resolving discussions (`reply_to_review_comment`, `create_review_comment`, `resolve_review_discussion`), which would require a broader `api` scope. If a token with `api` scope is used, the potential impact of a token compromise is higher.
Updated: 2025-12-10GitHub
0
0
Medium Cost
Chopin85 icon
Sec9

Connects LLMs to the Mon Marché French grocery store for product search, cart management, and order interaction.

Setup Requirements

  • ⚠️Requires a valid Mon Marché account for authentication.
  • ⚠️Requires manual execution of 'npm run login' to establish and refresh the session, saving cookies to 'session-cookie.json'.
  • ⚠️Session cookies can expire, necessitating re-running the login script.
Verified SafeView Analysis
The server handles user credentials via environment variables (.env file) and stores session cookies in a local file (session-cookie.json). While storing session cookies locally is a common pattern for session persistence, it's crucial that the 'session-cookie.json' file is properly secured (e.g., appropriate file permissions) and never committed to version control. Credentials are not hardcoded. API calls use URL encoding for search queries, mitigating some injection risks. No 'eval' or direct system command execution identified. The system relies on the user to keep their .env and session-cookie.json secure.
Updated: 2025-11-20GitHub
0
0
Low Cost
PayMCP icon
Sec8

A sample Model Context Protocol (MCP) server demonstrating how to gate access to tools behind active Stripe subscriptions with OAuth/OIDC authentication.

Setup Requirements

  • ⚠️Requires Auth0, Keycloak, or a generic OIDC provider for authentication setup.
  • ⚠️Requires a Stripe account with a configured product and recurring price ID.
  • ⚠️Requires `pdm` for dependency management, not `pip`.
Verified SafeView Analysis
The server uses `os.getenv` for all sensitive configuration values, preventing hardcoded secrets. OAuth/OIDC token verification is implemented using standard JWT decoding and JWKS fetching. Custom logic for issuer and audience validation correctly handles variations from different providers (Auth0, Keycloak, generic OIDC), including array audiences and trailing slash inconsistencies. No 'eval' or malicious patterns were found. The primary risk would be misconfiguration of the OAuth provider or Stripe details, which is external to the code.
Updated: 2025-12-06GitHub
0
0
Medium Cost
avdp1951 icon
Sec8

Integrates AI-powered image generation using Volcengine's SeeDream model with developer tools like Cursor and Claude Code via Model Context Protocol.

Setup Requirements

  • ⚠️Requires a Volcengine SeeDream API Key, provided via the `--ark-key` command-line argument.
  • ⚠️Requires Node.js version 18.0.0 or higher to run via `npx`.
Verified SafeView Analysis
The application handles an API key provided via command-line argument, which is then used for authentication with the Volcengine API. There are no obvious hardcoded secrets or direct network listen operations on arbitrary ports. Communication with the host environment is via standard I/O (stdio). Outbound calls are made to the Volcengine API. No 'eval' or other highly dangerous patterns were observed. The primary security consideration is the secure handling of the `ARK_API_KEY` by the user.
Updated: 2026-01-19GitHub
0
0
Medium Cost
twinzen icon
Sec5

A mock wealth management API server exposing portfolio, trading, market data, and financial planning functionalities, designed to integrate with AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK 17+).
  • ⚠️The Model Context Protocol (MCP) endpoints (`/mcp/*`) are disabled by default (`spring.ai.mcp.server.enabled: false`) and must be explicitly enabled in configuration to be used by AI agents.
  • ⚠️Uses an in-memory H2 database, meaning data is not persistent across restarts unless configured otherwise.
Verified SafeView Analysis
Permissive CORS (`*` origin, credentials allowed) and an enabled H2 console with default `sa` user and empty password present significant security vulnerabilities if deployed outside of a secure, local development environment. User-provided JSON data is parsed by `ObjectMapper.readTree`, which is generally safe for JSON but should be monitored for potential deserialization attacks if Jackson configuration is changed.
Updated: 2025-12-06GitHub
0
0
Low Cost
Tilak-Shenoy icon

mcp-yh-finance

by Tilak-Shenoy

Sec9

Provides a Model Context Protocol (MCP) server for retrieving comprehensive Yahoo Finance data, including market quotes, historical data, financial statements, and options data.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires a RapidAPI account and subscription to the Yahoo Finance 15 API (free tier available, paid for higher limits).
  • ⚠️Requires the `RAPIDAPI_KEY` environment variable to be set for authentication with RapidAPI.
  • ⚠️Requires `uv` for dependency management and execution.
Verified SafeView Analysis
The server handles API keys by retrieving them from `Context.session_config` or environment variables (`RAPIDAPI_KEY`), which prevents hardcoding. It uses the `requests` library for external API calls, which is a standard and generally secure practice. There are no `eval` or `exec` calls, and no obvious direct shell command execution. Responses are limited in size for some tools, reducing potential for large data transfers or denial-of-service via oversized responses. Error handling for API failures is present.
Updated: 2025-11-19GitHub
0
0
Medium Cost
enrodrigu icon

PersonaMate

by enrodrigu

Sec3

PersonaMate is a personal knowledge graph assistant that leverages AI and the Model Context Protocol (MCP) to manage personal contact data and relationships.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for deployment and testing.
  • ⚠️An OpenAI API Key is required for full functionality (paid service).
  • ⚠️The MCP Server has no authentication by default, posing a security risk in network environments.
Review RequiredView Analysis
CRITICAL: The `utils/neo4j_graph.py` file constructs Cypher queries using f-strings for node labels (`type`) and relationship types (`edgetype`). This direct interpolation without sanitization of user-provided input (e.g., `type1`, `type2`, `linktype` from MCP tools) is vulnerable to Cypher injection attacks, allowing arbitrary database manipulation. Additionally, the MCP server runs without any authentication by default, enabling anyone with network access to invoke its tools and potentially perform data operations. Default Neo4j credentials (`neo4j`/`personamate` or `neo4j-pass`) are weak and hardcoded but can be overridden by environment variables.
Updated: 2025-12-09GitHub
PreviousPage 386 of 713Next