Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
sd2k icon

mcp-tokens

by sd2k

Sec9

Analyzes the token usage of Model Context Protocol (MCP) servers to help authors understand, track, and optimize context window consumption for AI models.

Setup Requirements

  • ⚠️Requires `ANTHROPIC_API_KEY` for accurate (non-estimated) token counts via Anthropic's free token counting API; otherwise, it defaults to the approximate `tiktoken` counter.
  • ⚠️Requires a running or runnable Model Context Protocol (MCP) server command as input for analysis (e.g., `npx @modelcontextprotocol/server-everything` or a local executable).
Verified SafeView Analysis
The tool is designed to execute user-provided commands to start target MCP servers, which inherently carries a risk if a malicious command is supplied by the user. However, this is part of its intended functionality to analyze local or remote MCP servers. External network requests are made to the Anthropic API for accurate token counting, using an API key managed via environment variables or CLI arguments. The source code does not contain 'eval' or similar dynamic code execution patterns, nor any hardcoded secrets. The `mcp-tokens` tool itself does not expose any network services.
Updated: 2025-12-12GitHub
0
0
Low Cost
nelsonjingusc icon

goose-mcp-escrow-server

by nelsonjingusc

Sec9

A minimal MCP server for escrow-style intent verification, deterministic planning, and reversible execution for Goose agents.

Verified SafeView Analysis
The server primarily operates as a command-line tool, processing single JSON requests from files or stdin. It utilizes standard Python library functions for JSON parsing, file I/O (for local plans.json and executions.json), and UUID generation. No 'eval' or dynamic code execution is present. Input validation is performed for actions, risk levels, and amounts. The file I/O is localized to fixed filenames, reducing path traversal risks. Overall, the design appears robust for its intended minimal scope with no apparent critical vulnerabilities.
Updated: 2025-11-27GitHub
0
0
High Cost
swethasalunke-tech icon

postgres-dynamodb-mcp-server

by swethasalunke-tech

Sec8

Enable PostgreSQL-familiar developers to interact with Amazon DynamoDB via an MCP server, translating SQL-style operations into DynamoDB API calls.

Setup Requirements

  • ⚠️Requires AWS credentials configured (e.g., via `aws configure` or environment variables).
  • ⚠️Requires appropriate AWS IAM permissions for DynamoDB (create, read, write, describe).
  • ⚠️Requires Python 3 and dependencies from `requirements.txt`.
Verified SafeView Analysis
The server uses `boto3` for AWS interactions, which generally handles credentials securely via standard AWS configuration (`aws configure` or environment variables). No hardcoded secrets or `eval`/`exec` statements were found. A minor potential risk exists in dynamically constructing DynamoDB `FilterExpression` and `UpdateExpression` parameters where attribute names are derived directly from user input. While `ExpressionAttributeValues` secures the actual data values, malformed or unexpected attribute names from input could theoretically lead to less optimal queries or unexpected behavior, though DynamoDB's API is generally robust against such injections in attribute names. The server itself runs via stdio and does not expose direct network interfaces.
Updated: 2025-11-20GitHub
0
0
Low Cost

MCP_Server_and_Agents-Fat-Earth

by niccolo-redantlergroup

Sec1

A system designed for managing and orchestrating distributed agents from a central server.

Review RequiredView Analysis
No source code was provided for analysis. Therefore, a comprehensive security audit could not be performed. Assuming lowest safety due to lack of visibility, as potential risks cannot be assessed.
Updated: 2025-11-25GitHub
0
0
Low Cost
aryanduntley icon

AIFP

by aryanduntley

Sec8

A modular Python server component designed to manage and track project metadata, code entities (files, functions, types), tasks, and functional programming compliance within a SQLite database for AI-driven development.

Setup Requirements

  • ⚠️Requires an initialized SQLite 'project.db' (and 'aifp_core.db' for some helpers) to function, as the core logic is database-centric.
  • ⚠️Requires Git CLI installed and accessible in the system's PATH for features like file change detection and Git hash tracking.
  • ⚠️The Python helper files assume a specific internal module structure for imports (e.g., 'sys.path.insert'), which might require specific setup if run outside the AIFP project context.
Verified SafeView Analysis
The source code demonstrates good security practices for database interactions by consistently using parameterized queries, effectively preventing SQL injection vulnerabilities. Path manipulation is also handled with explicit validation, such as checking for absolute paths and directory traversal ('..') to mitigate path injection risks. Reliance on 'subprocess.run' for Git commands is a necessary external dependency and potential attack surface, but is constrained to known Git commands. No direct 'eval' or obvious hardcoded secrets are present within the provided helper functions. Network risks, if any, would stem from external integrations defined in directives, not directly from these core helper files.
Updated: 2026-01-19GitHub
0
0
Low Cost
beepmedia icon

mcp-telegram

by beepmedia

Sec7

Enables AI agents to send and manage Telegram messages using the Telegram Bot API.

Setup Requirements

  • ⚠️Requires Telegram Bot Token for API access (free to obtain from @BotFather)
  • ⚠️Requires Bun runtime for execution
  • ⚠️HTTP and SSE transports run without authentication if `MCP_TELEGRAM_API_KEY` is not set, posing a security risk if exposed.
Verified SafeView Analysis
The server uses environment variables for sensitive data like `TELEGRAM_BOT_TOKEN`. HTTP and SSE transports offer API key authentication via `MCP_TELEGRAM_API_KEY`, but this key is optional. If not configured, these endpoints will run without authentication, posing a significant security risk if exposed externally. Input validation is performed using `zod` in tool definitions and HTTP handlers. Webhook verification relies on an optional `TELEGRAM_WEBHOOK_SECRET`. No direct code injection or `eval` usage found.
Updated: 2025-12-11GitHub
0
0
Medium Cost
FreeOnlineUser icon

surgical-fs-mcp

by FreeOnlineUser

Sec3

A C# MCP server providing whitespace-tolerant, ACID-compliant file editing tools for Claude Desktop.

Setup Requirements

  • ⚠️Requires .NET 8.0 SDK installed.
  • ⚠️Requires Claude Desktop to be installed and configured to use this server.
  • ⚠️Requires manual code modification of 'SurgicalFsMcp.cs' to configure 'AllowedDirectories' for security, followed by a rebuild.
Review RequiredView Analysis
A critical security audit is not possible as only the README.md was provided as 'source code'. The README *claims* to implement path validation against allowed directories and directory traversal blocking, which are essential for a filesystem-modifying tool. However, these claims cannot be verified without inspecting the actual C# implementation of `SurgicalFsMcp.cs`, `PathValidator`, `UpdateFindReplaceWithResult`, and `BackupManager`. The project involves direct filesystem modification, making a thorough code review essential for ensuring safety against malicious operations or data loss.
Updated: 2025-12-22GitHub
0
0
Low Cost

TraceVerde-MCP-Server

by Mandark-droid

Sec9

The TraceVerde-MCP-Server likely serves as a backend for an application that needs to interact with an AI model, possibly for processing or generating text related to trace verde, indicated by 'MCP' which could stand for Model Communication Protocol or similar.

Verified SafeView Analysis
The provided code snippets are minimal and do not contain any obvious security vulnerabilities such as 'eval', obfuscation, hardcoded secrets, or suspicious network patterns. The primary security concern would depend on how the server integrates with external services and handles user input, which is not visible in these snippets.
Updated: 2025-11-24GitHub
0
0
Low Cost
featbit icon
Sec3

This server acts as a Node.js proxy agent for the FeatBit feature flag system, allowing client-side SDKs to evaluate feature flags and send insights without direct communication with the FeatBit backend.

Setup Requirements

  • ⚠️Requires a running Node.js environment.
  • ⚠️Relies on an active FeatBit account and backend for feature flag data and streaming.
  • ⚠️Requires configuration with FeatBit SDK keys/secrets (e.g., `FB_SDK_KEY`, `FB_ENV_SECRET` passed as arguments or environment variables).
Review RequiredView Analysis
The server utilizes `eval()` extensively in its feature flag evaluation logic (`src/utils/index.js`, `src/core/flags_engine.js`) to execute rules and variations received from the FeatBit backend. This poses a critical security risk as it allows arbitrary JavaScript code execution on the server if the FeatBit backend is compromised or if the data stream containing flag rules is tampered with. No obvious sandboxing mechanisms (like Node.js `vm` module) are in place to mitigate this vulnerability, potentially leading to remote code execution.
Updated: 2026-01-19GitHub
0
0
Medium Cost
laramarcodes icon

plaid-transactions-mcp

by laramarcodes

Sec9

An MCP server enabling Claude to sync, search, and analyze financial transactions securely using Plaid's API.

Setup Requirements

  • ⚠️Requires macOS due to heavy reliance on `security` command for Keychain integration.
  • ⚠️Plaid API Client ID and Secret must be manually set up in macOS Keychain prior to first use.
  • ⚠️Access tokens for linked bank accounts are obtained via an interactive web-based Plaid Link flow using the `plaid_add_account` tool.
  • ⚠️Requires manual JSON configuration in Claude Desktop/CLI config files for the MCP server.
Verified SafeView Analysis
Credentials (Plaid Client ID, Secret, and Access Tokens) are securely managed using macOS Keychain, preventing hardcoding or storage in plain-text files. The server avoids environment variables for sensitive data. A temporary local HTTP server is launched for Plaid Link OAuth callbacks, which is well-contained and shuts down after use. Input validation is performed using Pydantic models. No 'eval' or malicious patterns were identified.
Updated: 2026-01-05GitHub
0
0
Medium Cost
visusnet icon
Sec8

Provides a Model Context Protocol (MCP) server that interfaces with the Coinbase Advanced Trading API, enabling AI assistants like Claude to perform autonomous crypto trading.

Setup Requirements

  • ⚠️Requires Coinbase API Key Name and Private Key with 'Trading' permissions.
  • ⚠️Private Key must be in PEM format (multiline string) and saved securely.
  • ⚠️Node.js version >=24.12.0 is required.
Verified SafeView Analysis
The server's primary function is real-money cryptocurrency trading, which inherently carries financial risk, explicitly warned about in the README. It requires sensitive Coinbase API credentials (API Key Name and Private Key) which are loaded from environment variables and explicitly excluded from version control (.env). Input validation is performed using 'zod' schemas, reducing the risk of malformed requests. No direct 'eval' or other obvious code vulnerabilities are present. The main security concerns are operational: potential for financial loss due to trading decisions or misconfiguration, which the project mitigates through features like 'dry-run' mode and strong warnings about risk.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Insight-DevSecOps icon

mcp-api-center-sync

by Insight-DevSecOps

Sec9

GitOps-powered synchronization of Model Context Protocol (MCP) server metadata from a public registry into Azure API Center instances for enterprise governance and discovery.

Setup Requirements

  • ⚠️Requires comprehensive Azure OIDC (OpenID Connect) Workload Identity Federation setup, involving multiple Azure CLI commands and Microsoft Entra ID (Azure AD) App Registration.
  • ⚠️Requires an active Azure Subscription with an existing Azure API Center instance.
  • ⚠️PowerShell 7.0+ is a prerequisite for local script testing and potentially for the GitHub Actions runner environment if a custom runner is used (though GitHub-hosted runners usually have it).
Verified SafeView Analysis
The project exhibits strong security practices through its GitOps design. It leverages Azure OIDC (OpenID Connect) for passwordless authentication to Azure, eliminating hardcoded credentials. GitHub secrets are used for sensitive configuration. The workflow is PR-based, ensuring code reviews and audit trails via Git history. No use of `eval` or similar dangerous functions is visible in the truncated source. The architecture explicitly recommends least privilege for Azure roles and enforces branch protection, indicating a secure-by-design approach. Potential risks would primarily stem from misconfiguration of OIDC, insufficient RBAC, or vulnerabilities in the underlying PowerShell runtime or GitHub Actions runner environment, rather than the application code itself.
Updated: 2025-11-30GitHub
PreviousPage 392 of 713Next