Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost

rememberly

by jon-fox

Sec1

This MCP server manages and stores conversational context and chat history, likely to enhance AI model recall and consistency for chat applications.

Review RequiredView Analysis
Source code was not provided for analysis, making a security audit impossible. Cannot check for 'eval', obfuscation, hardcoded secrets, network risks, or malicious patterns. Therefore, a safe assessment cannot be made.
Updated: 2025-11-25GitHub
0
0
Medium Cost
hegner123 icon

shakespeare

by hegner123

Sec3

Provides Playwright-based browser automation and CSS Object Model (CSSOM) inspection for web development and debugging.

Setup Requirements

  • ⚠️Requires Node.js installed locally.
  • ⚠️Requires Playwright Chromium browser binary installed via `npx playwright install chromium`.
  • ⚠️Potential for high token usage if `evaluate` tool returns large content directly (up to 200,000 characters by default).
Review RequiredView Analysis
The `evaluate` tool allows execution of arbitrary JavaScript within the browser context, which is a significant security risk if the input script is not trusted or properly sanitized. The `newContext` call uses `ignoreHTTPSErrors: true`, bypassing SSL certificate validation and making it vulnerable to man-in-the-middle attacks on untrusted HTTPS sites. The `evaluate` tool can also write arbitrary content to disk, potentially to user-specified paths, which could lead to file overwrites or disk space exhaustion.
Updated: 2026-01-18GitHub
0
0
Low Cost
rlyeh-dev icon

miskatonic-mcp

by rlyeh-dev

Sec7

Enables LLMs to execute Lua code within a sandboxed environment for tool use and context generation.

Setup Requirements

  • ⚠️Requires Odin programming language installed to build and run.
  • ⚠️Relies on Lua 5.4 runtime dependency.
  • ⚠️Only supports stdio communication, no HTTP server is provided.
Verified SafeView Analysis
The server's core functionality relies on an 'evaluate' tool that executes arbitrary Lua code within an in-process Lua sandbox. While sandboxing is an explicit mitigation, in-process sandboxes carry inherent risks of sandbox escapes if not perfectly implemented. No immediate network risks from the server itself as it's stdio-based, but a robust Lua sandbox is critical to prevent code from accessing sensitive system resources or performing unauthorized network operations. No hardcoded secrets were identified.
Updated: 2025-11-28GitHub
0
0
Medium Cost
datablogin icon

PaidSearchNav-MCP

by datablogin

Sec9

Provides comprehensive analysis and recommendations for Google Ads campaign optimization, leveraging Google Ads, BigQuery, and Google Analytics 4 data for performance monitoring and issue detection.

Setup Requirements

  • ⚠️Google Ads API Key setup (Developer Token, OAuth Client ID/Secret, Refresh Token required)
  • ⚠️Google Cloud Project with BigQuery and GA4 API access enabled, requires credentials (Service Account or ADC)
  • ⚠️Redis server required for caching and rate limiting (can be run via Docker Compose)
Verified SafeView Analysis
Strong focus on security with Pydantic SecretStr for sensitive configurations, abstracted token storage (supporting secret managers), explicit input validation, and dedicated SQL injection prevention in BigQuery queries. Extensive security tests are present. Minor risk due to regex-based SQL injection prevention being potentially bypassable by complex queries, though it's a good first line of defense. The presence of rate limiting and circuit breakers also enhances operational security.
Updated: 2025-12-04GitHub
0
0
Medium Cost
arapodcho icon

mcp_server_fhir

by arapodcho

Sec9

Integrates a Multi-Cloud Platform (MCP) server with a FHIR API to retrieve, manage, and format clinical healthcare data, often for use in AI-powered clinical assistant applications.

Setup Requirements

  • ⚠️Requires access to a FHIR API server (default is hapi.fhir.org/baseR4).
  • ⚠️Requires FHIR API credentials (Client ID, Client Secret, Token Endpoint) if the FHIR server requires authentication.
  • ⚠️Requires Python dependencies: httpx, requests, python-dotenv, and the FastMCP framework.
Verified SafeView Analysis
The server uses environment variables for sensitive configurations like FHIR API keys, which is a good practice. It utilizes standard and well-maintained HTTP clients (httpx, requests) for external API communication. No 'eval' or obvious malicious patterns were detected. Input validation for date formats and allowed enum values is present for tool arguments. Parameters for API calls are generally passed as dictionaries, which prevents URL injection, though one internal path allows string parameters (which is used safely by internal construction). OAuth2 Client Credentials flow is used for authentication.
Updated: 2026-01-19GitHub
0
0
High Cost
ledgerW icon

gdelt-mcp

by ledgerW

Sec4

Model Context Protocol server providing AI agents with access to GDELT 2.0 (Global Database of Events, Language, and Tone) via Google BigQuery for cost-optimized querying.

Setup Requirements

  • ⚠️Requires a Google Cloud Platform (GCP) project with BigQuery API enabled, which is a paid service.
  • ⚠️Requires setting up a GCP service account with BigQuery Data Viewer and BigQuery Job User roles, and obtaining its JSON key or credentials.
  • ⚠️Python 3.11+ is required, along with the `uv` package manager.
Review RequiredView Analysis
The server directly interpolates user-provided `where_clause` and `select_fields` parameters into BigQuery SQL queries without explicit sanitization or parameterization. This creates a significant SQL Injection vulnerability. While the server is designed to use client-provided BigQuery credentials (limiting direct harm to the server operator's own project if they are not used), if the server falls back to environment variable credentials, a malicious client could exploit this to execute arbitrary BigQuery SQL against the server's configured GCP project. This makes the server unsafe to run in environments with untrusted inputs.
Updated: 2025-11-25GitHub
0
0
Medium Cost
matuteduro icon

mcp-server

by matuteduro

Sec9

To serve a React design system's components and instructions to an LLM via Model Context Protocol (MCP) for guided UI generation.

Setup Requirements

  • ⚠️Requires a 'design-system.json' file to be present in the root directory relative to 'src/mcp-server.js'.
  • ⚠️Requires Node.js runtime.
Verified SafeView Analysis
The server communicates over standard I/O (stdio), significantly reducing its external network attack surface. It reads a local JSON file ('design-system.json') and exposes its content via MCP resources and tools. No 'eval' or explicit dangerous operations detected. Security relies on the integrity of the 'design-system.json' file.
Updated: 2025-11-26GitHub
0
0
Low Cost
Cloud-Ops-Dev icon

n8n.mcp

by Cloud-Ops-Dev

Sec3

This server is a multi-cloud infrastructure orchestration platform that combines n8n automation with Terraform to build, deploy, and manage distributed applications across AWS, IBM Cloud, and on-premises environments, featuring an AI-assisted workflow creation via MCP.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to be installed and running.
  • ⚠️Requires AWS and IBM Cloud accounts with appropriate API keys and SSH key pairs configured.
  • ⚠️Requires SSH access to a local AMD workstation and a specific Arch workstation (192.168.1.43) for the full message queue demo.
  • ⚠️Initial setup requires populating sensitive credentials (API keys, SSH paths, passwords) in `docker/.env`.
Review RequiredView Analysis
The `N8N_ENCRYPTION_KEY` which encrypts all credentials within n8n is hardcoded in `docker-compose.yml` and explicitly used in utility scripts. This is a severe vulnerability for any non-lab, production environment, as compromise of this key means all cloud credentials stored in n8n are exposed. Additionally, many deployment scripts and workflows use `ssh -o StrictHostKeyChecking=no`, which disables SSH host key verification, making connections vulnerable to Man-in-the-Middle attacks. Cloud API keys and SSH private keys are stored in plaintext in `.env` files and/or written to `terraform.tfvars` within mounted Docker volumes, making them accessible to the n8n container. While common for automation agents, it necessitates robust security of the host system and the n8n container.
Updated: 2025-12-31GitHub
0
0
Low Cost
Ethan2298 icon
Sec9

Enables semantic search over local notes and documents, integrated with MCP-compatible clients like Claude Code.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️First startup involves downloading an ~80MB embedding model, taking ~10 seconds.
  • ⚠️Requires ~500MB of disk space for the model and dependencies.
Verified SafeView Analysis
The server appears generally safe. It uses local storage (ChromaDB) and a local embedding model (sentence-transformers), minimizing external network exposure beyond initial model download. File operations are handled using `pathlib` for robustness. Input queries are processed as data for embedding and search, not executed as code. There are no obvious hardcoded secrets, `eval` usage, or direct shell command execution of untrusted input. Potential risks are limited to vulnerabilities within its well-known third-party dependencies (e.g., `sentence-transformers`, `chromadb`, `beautifulsoup4`, `PyMuPDF`).
Updated: 2025-12-14GitHub
0
0
Medium Cost
ForestAdmin icon

mcp-server-metabase

by ForestAdmin

Sec2

Connects AI agents to Metabase BI platform, providing comprehensive access to databases, saved questions, dashboards, collections, and query execution.

Setup Requirements

  • ⚠️Requires access to a Metabase instance (self-hosted or cloud).
  • ⚠️Requires a Metabase API key or username/password to connect to Metabase.
  • ⚠️Requires a manually generated MCP_AUTH_TOKEN for server authentication.
Review RequiredView Analysis
CRITICAL SQL INJECTION VULNERABILITIES (CVE-2025-XXXXX) have been identified and are present in the provided source code. The `execute_sql_query` tool allows `WITH` (Common Table Expression) queries which can contain arbitrary SQL statements (UPDATE, INSERT, DELETE, DROP), bypassing read-only validation. The `create_question` tool lacks any input validation for its `query` argument, allowing malicious SQL to be saved as persistent questions. These vulnerabilities enable data modification, destruction, and privilege escalation, as detailed in `CRITICAL_SECURITY_ADVISORY.md`. Despite previous security patches, these critical issues are unaddressed in the provided code.
Updated: 2025-12-03GitHub
0
0
Medium Cost
ach968 icon
Sec9

Aggregates and provides search capabilities for a user's saved posts/bookmarks from Reddit and X (Twitter) via MCP tools.

Setup Requirements

  • ⚠️Requires exporting browser cookies for Reddit and X (Twitter) and providing them via environment variables (X_COOKIES_FILE/X_COOKIES, REDDIT_COOKIES_FILE/REDDIT_COOKIES) or default paths.
  • ⚠️Requires setting the REDDIT_USERNAME environment variable for Reddit scraping.
  • ⚠️Requires Playwright browser binaries to be installed (`uv run playwright install chromium`).
  • ⚠️Requires Python 3.13 or higher.
  • ⚠️If running via Docker, Docker daemon must be running.
Verified SafeView Analysis
The server uses Playwright for web scraping, which involves launching a browser. Sensitive user data (authentication cookies and Reddit username) are expected to be provided via environment variables or files, not hardcoded. There are no 'eval' statements or obfuscation found. The risk largely depends on the security of the provided cookies and the environment it runs in.
Updated: 2026-01-17GitHub
0
0
Low Cost

mcp-server-weather

by truck-intel

Sec9

A simple Model Context Protocol (MCP) server that provides static weather information.

Verified SafeView Analysis
The server is a demo implementation with static weather data, meaning it does not interact with external APIs or handle sensitive dynamic data. No indicators of 'eval' or obfuscation are present in the provided information. It likely opens a network port, typical for a server, but with minimal inherent risk given its static nature.
Updated: 2025-11-20GitHub
PreviousPage 393 of 713Next