Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Yapade0708 icon

catalyst_builder

by Yapade0708

Sec2

Build AI-powered integrations for various business systems (databases, REST APIs, cloud services) using no-code YAML configurations, primarily for enterprise business process automation with LLMs like Claude and ChatGPT.

Setup Requirements

  • ⚠️Requires Python 3.8+ runtime environment.
  • ⚠️An external "Catalyst MCP Server" is a prerequisite for deploying and using the AI integrations created by this builder. This server needs to be obtained separately (e.g., from https://github.com/billebel/catalyst).
  • ⚠️Functional packs require external API keys, database credentials, or SSH keys for target systems, which must be configured via environment variables (e.g., in .env files).
  • ⚠️For Docker deployment, Docker must be installed and running on the target machine, and the `docker` CLI tool must be available.
Review RequiredView Analysis
The project explicitly supports dynamic code execution through `TransformEngine` (Python, JavaScript) and command execution via `ToolType.COMMAND` (SSH, Local Shell). While a `sandbox` parameter exists in `TransformConfig`, there is no visible implementation of robust sandboxing in the provided source code to prevent arbitrary or malicious code from being executed if a "Knowledge Pack" is untrusted. Similarly, SSH `command` tools allow arbitrary shell commands to be defined within packs without explicit runtime constraints in the provided code, posing a severe risk of remote code execution or system compromise if a malicious pack is installed or deployed to a server. The `installer.py` uses `subprocess.run` to copy and execute files (`tar`, `docker exec`) based on pack source, which could be exploited if `pack_source` is not trusted.
Updated: 2026-01-19GitHub
0
0
Low Cost
fozagtx icon
Sec8

Provides real-time DeFi blockchain analytics, market insights, and AI-powered investment intelligence to autonomous AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 18+ and pnpm for installation and execution.
  • ⚠️Relies on external Cambrian Network APIs (Opabinia, Deep42) for data, which must be operational.
  • ⚠️Requires an MCP client/AI agent to interact with its capabilities.
  • ⚠️An optional `CAMBRIAN_API_KEY` may be needed for full functionality of the underlying Cambrian APIs.
Verified SafeView Analysis
The server utilizes Zod for robust input validation on all tool parameters, significantly mitigating injection risks. It uses Axios for external API calls to trusted Cambrian Network endpoints (Opabinia for onchain data, Deep42 for AI intelligence). CORS is configured with `origin: "*"`, which is broad but often acceptable for public agent endpoints. No 'eval' or other dynamic code execution patterns were found. A `CAMBRIAN_API_KEY` is mentioned as optional in the `README` but its integration into the `CambrianClient` for authentication is not explicitly shown in the provided `cambrian.ts` file, which could be a functional oversight but not a direct security vulnerability within this server's code.
Updated: 2025-11-28GitHub
0
0
Medium Cost
NitinTalluri icon

mcp_server

by NitinTalluri

Sec7

An MCP server that enables LLM models to query live Snowflake architecture data tables for application structure analysis, dependencies, and relationships.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher (based on pyproject.toml).
  • ⚠️Requires access to a Snowflake environment and a pre-configured `common.sec` module for secure credential retrieval (module not provided in repo).
  • ⚠️Configuration for Continue IDE requires manual steps: copying `config_snowflake.yaml` to `config.yaml` and updating the `cwd` path.
Verified SafeView Analysis
The server uses an external `common.sec` module for Snowflake credential management, which is a good practice, preventing hardcoded secrets. Table names in queries are validated against an allowed list, mitigating table enumeration. However, the `where_clause` parameter in `query_architecture_table` is directly inserted into the SQL string via f-string before being passed to `sqlalchemy.text()`. While `sqlalchemy.text()` usually helps with parameterized queries, direct f-string interpolation of a user-provided `where_clause` can introduce a SQL injection vulnerability if the input is not sanitized by the LLM or the calling framework.
Updated: 2025-11-20GitHub
0
0
Medium Cost
BaGRoS icon
Sec9

Modular MCP server for aggregating and synthesizing AI research queries from multiple providers.

Setup Requirements

  • ⚠️Requires API keys for each AI provider (OpenAI, Google Gemini, Perplexity, DeepSeek) to function, which are typically paid services.
  • ⚠️Requires Node.js v18.0.0 or higher to run.
  • ⚠️Designed to run as an MCP server, requiring an MCP-compatible client (e.g., Claude Desktop, MCP Inspector) for interaction.
Verified SafeView Analysis
The server securely handles API keys by requiring them as environment variables, preventing hardcoding. It primarily uses standard `fetch` for external network requests and `fs` for local log/report file writes, which are common and justified functionalities. Log and report file paths (`logs/`, `reports/`) are relative to `process.cwd()` or a configurable `DEBUG_LOG_DIR`, which is generally safe for non-executable outputs, but users should be aware of the runtime directory. No `eval` or direct arbitrary command execution from user input was identified.
Updated: 2025-11-23GitHub
0
0
Medium Cost
burgueishon icon
Sec7

An AI-powered diagnostic and health monitoring agent for Home Assistant smart homes, providing troubleshooting, network analysis, and cleanup recommendations via 39 specialized tools.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires a Gemini API Key (paid service) for primary LLM functionality, though an OpenAI API Key can be configured for a fallback explanation-only mode.
  • ⚠️Requires an existing Home Assistant instance and a long-lived access token for 'LIVE' mode.
  • ⚠️Disables SSL certificate validation for Home Assistant WebSocket connections by default, which is a security risk for Man-in-the-Middle attacks.
Verified SafeView Analysis
The agent employs good practices for AI safety, including explicit handling of 'dangerous' tools (e.g., restarting HA, identifying devices physically) to prevent unintended actions. It uses environment variables for API keys and Home Assistant credentials, avoiding hardcoded secrets. However, the `app/ha.py` module explicitly disables SSL certificate verification (`ssl.CERT_NONE`, `check_hostname = False`) for WebSocket connections to Home Assistant, which can expose users to Man-in-the-Middle attacks if connecting over an untrusted network.
Updated: 2025-11-29GitHub
0
0
Medium Cost
rdwj icon
Sec9

Provides tools for accessing FBI crime statistics, generating crime forecasts, and analyzing historical crime trends.

Setup Requirements

  • ⚠️Requires FBI_API_KEY (free registration at api.data.gov/signup)
  • ⚠️Requires Python 3.11+
  • ⚠️Local development with a separate backend prediction service (hardcoded URL) or mocked service. Production deployment designed for OpenShift.
Verified SafeView Analysis
The server uses environment variables for sensitive data like FBI_API_KEY, which is good practice. It interacts with known external and internal APIs, using HTTPS for external calls and includes robust error handling for network issues. The `openWorldHint` annotation on tools, however, is inconsistently set to `False` for tools that do make external API calls (e.g., `ucr_history` directly calls the FBI CDE API). The internal prediction API endpoint is hardcoded to an OpenShift sandbox route, which is less flexible but not a direct security vulnerability if the environment is controlled. No obvious malicious patterns or unsafe code like `eval` were found.
Updated: 2026-01-13GitHub
0
0
Medium Cost
aryanb12393 icon

spotify-mcp-server

by aryanb12393

Sec9

Allows Claude to manage Spotify playlists, including searching for tracks, creating playlists, and adding songs.

Setup Requirements

  • ⚠️Requires manual creation and configuration of a Spotify Developer App to obtain Client ID, Client Secret, and set the Redirect URI.
  • ⚠️Requires specific configuration within Claude Desktop's `claude_desktop_config.json` file.
  • ⚠️The first run will open a web browser for Spotify OAuth authentication.
Verified SafeView Analysis
The server correctly uses environment variables for Spotify API credentials, avoiding hardcoded secrets. It utilizes the standard Spotipy library for OAuth authentication, which opens a browser for user consent and caches tokens locally in a `.spotify_cache` file. Input schemas for tools are defined, limiting potential for injection. No `eval` or obvious malicious patterns were found. The server binds to a local redirect URI, limiting network exposure to the local machine.
Updated: 2025-11-27GitHub
0
0
Low Cost
yus1977 icon

SampleMcpServer

by yus1977

Sec8

This server facilitates the setup, management, and development of a Minecraft Forge server, primarily for modding or custom server environments.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE) installed
  • ⚠️Requires Python installed (likely Python 2.x for older MCP versions)
  • ⚠️Requires internet access for initial download of Forge and MCP files
Verified SafeView Analysis
The script relies on downloading core components (Forge installer, MCP) from external, hardcoded URLs, which introduces a dependency risk if those sources were compromised. However, the code itself doesn't exhibit common vulnerabilities like 'eval' on untrusted input, hardcoded secrets, or malicious patterns. It primarily uses `subprocess.run` for executing external commands, which is a standard and relatively safe practice.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Ivan2993 icon

markitdown

by Ivan2993

Sec3

Converts various file formats (documents, images, audio) to Markdown for indexing, text analysis, and integration with AI agents.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Optional AI features (LLM image/audio description, Azure Document Intelligence) require API keys (e.g., OPENAI_API_KEY, AZURE_API_KEY) and incur paid usage.
  • ⚠️Requires external system dependency 'exiftool' for enhanced image/audio metadata extraction.
  • ⚠️Many file format conversions require additional Python dependencies (e.g., pdfminer.six, mammoth, pandas) which can be installed via `pip install markitdown[all]`.
Review RequiredView Analysis
The server's `convert_to_markdown(uri)` tool allows fetching and processing content from arbitrary `http:`, `https:`, `file:`, or `data:` URIs. When running as an unauthenticated service (default), this poses a significant risk. Fetching from untrusted `http/https` URLs can lead to Server-Side Request Forgery (SSRF), while `file:` URIs can expose local file system contents. The `exiftool` dependency (a system utility) also introduces a potential attack surface if not properly secured, although a version check is in place. The `SECURITY.md` and `markitdown-mcp/README.md` acknowledge the lack of authentication and recommend binding to `localhost` and containerization for safety, but if these precautions are not followed, the server is highly vulnerable.
Updated: 2026-01-19GitHub
0
0
Low Cost
gabriel-berzescu icon

mcp-servers

by gabriel-berzescu

Sec4

Provides an MCP server to execute Windows terminal commands, primarily for use by AI agents or other automated systems.

Setup Requirements

  • ⚠️Requires Python 3.10+ and Windows 11 operating system.
  • ⚠️Requires installation of `mcp-python-sdk` dependencies via `requirements.txt`.
  • ⚠️Careful virtual environment setup is needed, ensuring the full path to the virtual environment's Python executable is used for server configuration, not just `python`.
Review RequiredView Analysis
The server's core functionality is to execute arbitrary system commands using `asyncio.create_subprocess_shell` with `shell=True`. This design is inherently high-risk as it allows for full shell access with the permissions of the user running the server. While the README explicitly warns about this and recommends sandboxed environments, the server itself performs no input sanitization or command validation. This makes it a critical security vulnerability if not deployed in a strictly controlled, sandboxed, and trusted environment. There are no other apparent vulnerabilities like hardcoded secrets or direct network exposure beyond stdio.
Updated: 2025-11-28GitHub
0
0
Low Cost
myvfc icon
Sec8

A unified API server for multi-source college sports data (ESPN, NCAA) with JSON-RPC 2.0 compliance, designed to be used as a tool by AI bots.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️A `MCP_API_KEY` environment variable is required for server authentication; a default example key is provided in the source code but should be replaced for production environments.
  • ⚠️The provided `server.js` explicitly states that CollegeFootballData.com (CFBD) integrations have been removed, meaning the 6 CFBD-dependent tools (e.g., `get_stats`, `get_recruiting`) described in the `README` will not be functional, even if a `CFBD_API_KEY` is provided.
Verified SafeView Analysis
The server uses environment variables for API keys (`MCP_API_KEY`, `CFBD_API_KEY`), and implements Bearer token authentication for its main `/mcp` endpoint, which are good practices. External API calls (to ESPN, NCAA) are handled with basic error checks. A default `MCP_API_KEY` is present in `server.js`, which should be replaced in a production environment to prevent potential unauthorized access if not properly secured via environment variables. No 'eval', obfuscation, or obvious malicious patterns were found.
Updated: 2025-11-20GitHub
0
0
Medium Cost
titan77champion icon

webustler

by titan77champion

Sec2

Webustler is designed for extracting clean, markdown text from any URL, including Cloudflare-protected sites, primarily for local desktop use.

Setup Requirements

  • ⚠️Requires a separate, unspecified local service to be running at `http://localhost:8191` for its fallback scraping mechanism, crucial for Cloudflare bypass. Setup instructions for this dependency are missing.
  • ⚠️Relies on the external `r.jina.ai` service for primary scraping, which introduces a dependency on a third-party's availability, reliability, and potential rate limits or costs not detailed in the provided information.
Review RequiredView Analysis
The server's fallback mechanism (`_fetch_fallback`) posts user-provided URLs to `http://localhost:8191/v1` for scraping. If this MCP server is deployed publicly, this constitutes a severe Server-Side Request Forgery (SSRF) vulnerability, allowing attackers to make the server request arbitrary URLs on its local network or external targets. Even as a local desktop application, it poses a risk by allowing malicious URLs to potentially interact with other local services on the user's machine. The primary scraping method also forwards user URLs to an external service (`r.jina.ai`), which could be a risk if `jina.ai`'s service is vulnerable to URL manipulation.
Updated: 2026-01-19GitHub
PreviousPage 389 of 713Next