Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
randybritsch icon

c4-mcp

by randybritsch

Sec8

Exposes Control4 home automation capabilities as Model Context Protocol (MCP) tools for AI agents and other clients to query rooms/devices and safely run automations on a local network.

Setup Requirements

  • ⚠️Requires Python 3.12 (or another version with pydantic-core wheels available), as Python 3.14 might not work on Windows due to pydantic-core dependency.
  • ⚠️Requires an active Control4 system on the local network accessible from where the server is run.
  • ⚠️Control4 authentication credentials (host, username, password) must be provided via a local `config.json` file (excluded from git) or `C4_HOST`, `C4_USERNAME`, `C4_PASSWORD` environment variables.
Verified SafeView Analysis
The project is designed with security in mind for local network operation. Credentials (host, username, password) are loaded from a gitignored `config.json` or environment variables, with explicit warnings against committing secrets. It enforces 'safe-by-default' controls, requiring explicit environment variable (`C4_WRITES_ENABLED=true`) to enable state-changing actions, and supports allow/deny lists for tools. Network communication with the Control4 Director on the local LAN uses `aiohttp` with `ssl=False`, which disables certificate verification. This is a common practice for local systems with self-signed certificates but means it won't detect local Man-in-the-Middle attacks. The `discover_controller.py` tool performs local IP scanning, which is a discovery feature. No 'eval' or obvious malicious patterns were found. Overall, it's responsibly built for its intended local-only use case.
Updated: 2026-01-17GitHub
0
0
Low Cost
TeamRetriever icon

retriever-website

by TeamRetriever

Sec9

Serves as the public marketing website for the Retriever Infrastructure as Code platform, providing information and access to its observability stack and MCP server offerings.

Setup Requirements

  • ⚠️Requires Node.js installed
  • ⚠️Requires npm or similar package manager to install dependencies (e.g., `npm install`)
Verified SafeView Analysis
The server-side code is minimal, primarily serving static files using Express. There are no indications of 'eval', obfuscation, hardcoded secrets, or direct execution of user-provided code within the provided files. The main security considerations would likely be for the static HTML/CSS/JS content it serves (e.g., XSS vulnerabilities in client-side code), which is not provided for analysis. The server logic itself is robust for its stated purpose.
Updated: 2026-01-12GitHub
0
0
Medium Cost
chrisguillory icon

claude-session-mcp

by chrisguillory

Sec8

Archive, restore, clone, delete, and manage Claude Code sessions across machines, preserving conversation history and artifacts.

Setup Requirements

  • ⚠️Requires modifying `~/.claude/settings.json` to set `cleanupPeriodDays: 99999` to prevent automatic session deletion by Claude Code.
  • ⚠️Requires Claude Code CLI (`claude` command) to be installed and available in PATH for launching sessions.
  • ⚠️GitHub Gist integration requires a `GITHUB_TOKEN` environment variable or GitHub CLI to be authenticated.
Verified SafeView Analysis
The project extensively uses `subprocess.run` to interact with system tools (`ps`, `lsof`, `rg`, `gh`). While justified for its functionality (e.g., discovering Claude's PID/session ID, GitHub authentication), extensive use of subprocess can be a security risk if inputs are not sanitized, though inputs here are largely internal or UUIDs. `GITHUB_TOKEN` is handled via environment variables or `gh auth token` securely. No direct `eval` or obvious obfuscation observed. Interactions with user's `~/.claude/` directory are expected and documented.
Updated: 2026-01-17GitHub
0
0
Medium Cost
davidruzicka icon

mcp4openapi

by davidruzicka

Sec9

Universal MCP server that transforms any OpenAPI specification into LLM-friendly tools, enabling agents to interact with APIs without writing code.

Setup Requirements

  • ⚠️Requires an OpenAPI 3.x specification file (`MCP4_OPENAPI_SPEC_PATH`).
  • ⚠️Requires API base URL (`MCP4_API_BASE_URL`) and an API token (`MCP4_API_TOKEN`) for the target API.
  • ⚠️Custom tool definitions require a JSON MCP profile (`MCP4_PROFILE_PATH`), though a default profile can be auto-generated.
Verified SafeView Analysis
The project demonstrates a strong focus on security, implementing explicit safeguards against common web vulnerabilities. Key measures include: DNS rebinding protection, robust prototype pollution prevention (`isSafePropertyName`), ReDoS protection in regex handling, comprehensive sensitive data redaction in logs and HTTP requests, and strict policy enforcement (including private network access control, MIME type validation, and size limits) for proxy downloads to mitigate SSRF and LFI. Payload size limits are enforced for incoming requests. Authentication is flexible, supporting OAuth 2.0 (with PKCE, state parameter, redirect URI validation) and various token-based methods. Input validation is performed using a schema validator. Tool filtering further reduces the attack surface by controlling API exposure.
Updated: 2026-01-19GitHub
0
0
Medium Cost
lzp0301 icon

swagger-mcp

by lzp0301

Sec8

Provides a Model Context Protocol (MCP) server to search and retrieve detailed information about API endpoints from a Swagger/OpenAPI specification.

Setup Requirements

  • ⚠️Requires the SWAGGER_URL environment variable to be set, pointing to your Swagger/OpenAPI specification.
  • ⚠️Requires Node.js to be installed on the host system.
Verified SafeView Analysis
The server fetches a Swagger/OpenAPI specification from a URL specified by an environment variable (SWAGGER_URL). While the code itself uses input validation (zod) and includes a recursion guard (depth > 5) in schema resolution, the primary security consideration is ensuring the SWAGGER_URL points to a trusted and valid source to prevent fetching malformed or malicious data. No 'eval' or direct command injection points from user input are apparent.
Updated: 2025-11-27GitHub
0
0
Medium Cost
dexx-dev-back icon

mcpe-server-

by dexx-dev-back

Sec1

To host a custom Minecraft Pocket Edition (Bedrock Edition) server for multiplayer gaming.

Review RequiredView Analysis
The SOURCE CODE was indicated as 'Truncated' but no actual code snippets or summaries were provided for analysis. Therefore, a comprehensive security audit is impossible. Without access to the source code, critical risks such as 'eval' usage, obfuscation, network vulnerabilities, hardcoded secrets, or malicious patterns cannot be identified. Running this software without source code review presents an extremely high, unknown risk.
Updated: 2026-01-19GitHub
0
0
Medium Cost
SidneyBissoli icon
Sec9

Provides unified programmatic access to major global medical terminologies (ICD-11, SNOMED CT, LOINC, RxNorm, MeSH) for various healthcare and AI applications.

Setup Requirements

  • ⚠️Requires WHO_CLIENT_ID and WHO_CLIENT_SECRET environment variables for ICD-11 tools, obtainable from the WHO ICD API portal.
  • ⚠️SNOMED CT content is for reference only; production use requires an IHTSDO license.
  • ⚠️LOINC to SNOMED CT mapping and some other advanced cross-terminology features may require additional licenses (e.g., UMLS) or manual verification.
  • ⚠️Requires Node.js version 20.0.0 or higher.
Verified SafeView Analysis
The server demonstrates good security practices including input validation using Zod for all tool arguments, fetching API credentials from environment variables (`WHO_CLIENT_ID`, `WHO_CLIENT_SECRET`) rather than hardcoding, and implementing rate limiting and retry mechanisms to interact responsibly with external APIs. There are no obvious signs of 'eval', obfuscation, or directly malicious patterns. External API dependencies inherently introduce some risk, but the client implementations show robustness.
Updated: 2026-01-19GitHub
0
0
Low Cost
akash-soni icon

MCP-MATH-SERVER

by akash-soni

Sec9

Provides basic arithmetic operations (addition, subtraction, multiplication) as remote tools via an MCP server, primarily for integration with AI agents.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Project dependencies listed in `pyproject.toml` (e.g., `fastmcp`, `langchain-mcp-adapters`) must be installed (e.g., `pip install .`).
  • ⚠️The `mcp.run(transport="stdio")` line in `main.py` is commented out, meaning running `python main.py` directly will not start the server. It must be launched via the `fastmcp` CLI command or the line needs to be uncommented.
Verified SafeView Analysis
The server's source code is simple and does not contain obvious security vulnerabilities like `eval`, arbitrary file access, or direct network listening configurations beyond what the `fastmcp` framework provides. Input validation in `_as_number` handles basic type safety. The overall security relies on the `fastmcp` framework itself.
Updated: 2025-11-23GitHub
0
0
High Cost
htoami icon
Sec8

Provides a Micro-Capability Platform (MCP) server with tools to search and retrieve detailed information on Russian government purchases (223-FZ) from the GosPlan API.

Setup Requirements

  • ⚠️Docker is required for deployment via docker compose.
  • ⚠️Requires Python 3.13 as specified in 'pyproject.toml'.
  • ⚠️Configuration requires a '.env' file (and possibly a '.secrets.yml' file, as checked by the settings loader).
Verified SafeView Analysis
No direct 'eval' or 'os.system' patterns were found. Input and output are validated using Pydantic models. The server relies on an external API ('v2test.gosplan.info'). Configuration is handled via Dynaconf, which loads settings from '.env' and potentially '.secrets.yml' files, which is a standard practice for managing secrets.
Updated: 2025-12-10GitHub
0
0
Low Cost
bioanywhere icon
Sec8

Deployment and orchestration of a gitlab-mcp-server using Docker and Docker Compose.

Setup Requirements

  • ⚠️Docker must be installed and running.
  • ⚠️For CI/CD integration with Google Artifact Registry, GCP_CREDENTIALS and GCP_PROJECT_ID secrets are required.
  • ⚠️The server exposes port 3000, ensure it's not conflicting with other services.
Verified SafeView Analysis
The provided code consists of Docker deployment configurations (Dockerfile, docker-compose.yml, run.sh, README.md). There are no obvious hardcoded secrets in these configuration files; sensitive GCP credentials are specified to be handled as repository secrets. No 'eval' or other directly malicious patterns are found within the provided infrastructure code. Network exposure is limited to port 3000, with a healthcheck configured. A full security audit of the actual application code running inside the container is not possible without access to that code.
Updated: 2025-12-02GitHub
0
0
Medium Cost
sayouzone icon

stocks-mcp-server

by sayouzone

Sec8

A Model Context Protocol (MCP) server for retrieving, caching, and analyzing stock fundamental and market data from various financial APIs (OpenDart, FnGuide, Naver Finance, Yahoo Finance, SEC EDGAR) to be used as a tool by LLMs.

Setup Requirements

  • ⚠️Requires API keys/secrets for OpenDart, Korea Investment Securities, and Naver Finance, which must be set as environment variables (e.g., OPEN_DART_API_KEY, KIS_APP_KEY, KIS_APP_SECRET, NAVER_CLIENT_ID, NAVER_CLIENT_SECRET).
  • ⚠️Deployment to Google Cloud Run requires `GCP_PROJECT_ID` environment variable for GCS caching and Secret Manager integration.
  • ⚠️Browser automation tools like Playwright are explicitly noted in the README as incompatible with Cloud Run and must be avoided; ensure `requests`-based parsing is used where applicable to prevent runtime errors related to missing browser executables.
Verified SafeView Analysis
The server primarily relies on external APIs and web scraping. API keys and secrets are expected to be provided via environment variables, which is a good security practice. Rate limiting and retry mechanisms are implemented for external requests. No 'eval', code obfuscation, or obvious malicious patterns were found. Local file storage is used for caching access tokens, which in a stateless serverless environment like Cloud Run, is ephemeral and less of a direct 'hardcoded secret' risk, but should be noted.
Updated: 2026-01-17GitHub
0
0
Medium Cost
sauravchandra icon

gemini-agent

by sauravchandra

Sec6

Provides a REST API service and Python client for Google's Gemini CLI agentic capabilities, enabling programmatic control over AI agent tasks.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed on the host system or within the container.
  • ⚠️Requires Google's Gemini CLI (`@google/gemini-cli`) installed globally via npm.
  • ⚠️Requires a Redis instance for server mode to manage Celery tasks and results.
  • ⚠️Requires `GEMINI_API_KEY` environment variable.
Review RequiredView Analysis
The server relies heavily on `subprocess.run` to execute external `gemini` CLI commands. Several endpoints, specifically for MCP server management (add/remove) and session deletion, directly pass user-controlled strings (e.g., MCP server name, URL, arguments, session ID) into these `subprocess.run` calls without explicit input sanitization in the Python code. This introduces a potential for command injection if the underlying `gemini` CLI does not robustly sanitize all its arguments against shell exploits, or if a malicious input could escape its intended interpretation. The main task submission also passes the `prompt` directly.
Updated: 2025-12-14GitHub
PreviousPage 388 of 713Next