Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
nomad3 icon

techopsmind

by nomad3

Sec8

Company-agnostic SRE operations platform with AI-powered monitoring, plugin architecture for multi-company support, and comprehensive infrastructure observability via Model Context Protocol (MCP). It acts as an AI-powered operations assistant for SRE teams.

Setup Requirements

  • ⚠️Requires GEMINI_API_KEY (paid Google service)
  • ⚠️Requires VPN connection for Prometheus and SSH access to internal infrastructure
  • ⚠️Requires Docker and Docker Compose (for full web stack deployment)
  • ⚠️Requires Python 3.10+ (managed by Poetry) and Go 1.21+ (for optional TUI dashboard), Node.js/npm (for React frontend)
  • ⚠️High resource requirements: ~2GB disk space for vector store, ~750MB-1.5GB memory for the MCP server process
  • ⚠️SSH multi-hop access requires specific configuration (`SSH_GATEWAY_PASSWORD` and potentially legacy SSH algorithms/host key management for older components)
Verified SafeView Analysis
The server incorporates strong security practices for an internal SRE tool. It leverages environment variables for all sensitive credentials (API keys, tokens, passwords). Input validation, command sanitization, and path traversal prevention are implemented via `core/security/validators.py`. The full web stack deploys with Docker containers for isolation and Nginx/Certbot for HTTPS/SSL. Access to internal Prometheus and SSH infrastructure requires an active VPN. While older documentation mentioned a 'StrictHostKeyChecking no' workaround for SSH multi-hop authentication, the refactored plugin architecture aims for more secure SSH key-based authentication. Operations involving root access on target servers are a high privilege but justified for its SRE purpose. The presence of robust input validators helps mitigate command injection risks.
Updated: 2025-12-03GitHub
0
0
Low Cost
tyranosurasmax icon

MCP-CODEGEN

by tyranosurasmax

Sec3

Generates type-safe TypeScript wrappers for MCP, REST, and GraphQL APIs to enable AI agents to interact with external services with 98% token reduction.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️MCP server adapter has known schema validation issues that prevent tool discovery for MCP sources in current version.
  • ⚠️Execution of commands for MCP servers (via `npx` or custom binaries) runs with full system privileges, posing a security risk if configuration files are compromised or not rigorously controlled.
Review RequiredView Analysis
The MCPAdapter and RawMCPClient components use Node.js `child_process.spawn` to execute commands and arguments defined in configuration files (e.g., `command: 'npx'`, `args: [...]`). If an attacker can inject or modify a configuration file, they could execute arbitrary code on the host system. The project explicitly states, 'No sandboxing: Generated code runs with full privileges' and lists sandboxing as a planned feature, indicating a known critical risk. While authentication for external APIs uses environment variables, the ability to run arbitrary child processes from configuration is a significant vulnerability for an AI agent tool.
Updated: 2026-01-06GitHub
0
0
Low Cost
rousseya icon
Sec7

Provides an MCP server to interact with Strava, offering activity retrieval, performance statistics, and activity management tools like renaming and e-bike detection.

Setup Requirements

  • ⚠️Requires creating a Strava App and obtaining OAuth tokens (multi-step process involving browser authorization).
  • ⚠️Requires `uv` for dependency management.
  • ⚠️Python 3.10+ is required.
Verified SafeView Analysis
The `scripts/get_tokens.py` file hardcodes `CLIENT_ID` and `CLIENT_SECRET`. While these appear to be public example credentials often used in Strava API examples and not a leak of private keys, hardcoding credentials in source code is a significant security anti-pattern and should be avoided. The server's main application code (`app.py`, `strava_client.py`) correctly utilizes environment variables for all secrets. `TrustedHostMiddleware` in `app.py` is configured with `allowed_hosts=["*"]`, which is overly permissive for general production use but might be acceptable within a managed container environment like Hugging Face Spaces; for other deployments, it should be restricted. The optional `API_TOKEN` for bearer authentication to the MCP endpoint is a good security feature.
Updated: 2025-12-18GitHub
0
0
Medium Cost
lokesh-reddy-afb icon

mcp-server

by lokesh-reddy-afb

Sec3

Provides tools to search files and directories using regular expressions, returning matched lines and line numbers.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0
  • ⚠️Requires file system access permissions to specified paths
Review RequiredView Analysis
Critical vulnerabilities identified: User-supplied regex patterns are used directly to construct `new RegExp()`, leading to potential Regular Expression Denial of Service (ReDoS) attacks. User-supplied file and directory paths are used with `fs.readFileSync` and `fs.readdirSync`, which, despite using `path.resolve`, could potentially lead to arbitrary file disclosure or traversal if not properly sandboxed or if the process has elevated permissions to sensitive areas.
Updated: 2026-01-19GitHub
0
0
Medium Cost
jordlee icon
Sec9

A RAG-based MCP server providing semantic search and information retrieval from Sony camera help guides, enabling LLMs to answer camera-related queries and perform comparisons.

Setup Requirements

  • ⚠️Requires Pinecone API Key (Paid Service) for functionality.
  • ⚠️Requires a pre-populated Pinecone index (e.g., 'camera-rag-agent') with processed camera help guide data, involving several preprocessing scripts (download, parse, chunk, embed).
  • ⚠️Requires Redis for rate-limiting functionality (optional for basic operation, but crucial for production stability).
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API keys like PINECONE_API_KEY. Input validation is handled implicitly by passing parameters to the Pinecone client's query filters, mitigating direct injection risks in the search logic. The rate limiter adds a layer of protection against abuse. No direct `eval` or `os.system` calls were found with user-controlled input. However, the repository contains a `scripts/clear_pinecone_index.py` utility that can delete all vectors from the Pinecone index; while it includes a user confirmation step, it highlights a powerful and potentially destructive capability in the codebase. The `mcp/chatgpt.md` file also explicitly outlines the broader LLM-level prompt injection and data exfiltration risks when *using* such a server with an AI model, which are inherent to agentic systems and not solely code-level vulnerabilities within the server itself.
Updated: 2025-12-05GitHub
0
0
Low Cost
tamangmilan icon
Sec8

This server provides a simple API for tracking, listing, and summarizing personal expenses.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer
Verified SafeView Analysis
The server uses parameterized SQL queries, which effectively prevents common SQL injection vulnerabilities. No 'eval', 'exec', or other potentially dangerous functions were identified. There are no apparent hardcoded secrets. The server is exposed via HTTP, but the provided code snippet does not include authentication or authorization mechanisms, which would be necessary for secure deployment in untrusted environments.
Updated: 2025-11-30GitHub
0
0
Medium Cost
professordnyc icon

qanat-goose-mcp

by professordnyc

Sec8

A multimodal seller dashboard assistant for Square, integrating voice and gesture controls via a Goose MCP-UI extension.

Setup Requirements

  • ⚠️Requires a Square API Key for sandbox or production (a free developer account or paid account is needed).
  • ⚠️Requires an ElevenLabs API Key for voice features (ElevenLabs offers free and paid tiers).
  • ⚠️PyAudio is required for microphone input, which can be challenging to install on some operating systems. Voice features will be disabled if not present.
  • ⚠️Requires 'Goose Desktop' application to run as an MCP-UI extension.
Verified SafeView Analysis
The project uses environment variables for API keys and is structured to avoid common vulnerabilities like `eval` with user input. However, the demo scripts include hardcoded `demo_key` values as fallbacks, which could be a concern if these fallbacks were to be used in a production context. The main `env_loader` explicitly validates required keys. Inputs from the Goose MCP-UI are passed directly to service methods; robust input validation within services for production use is crucial.
Updated: 2025-11-22GitHub
0
0
Low Cost
JJAMAWAVE icon

mcp-relay-server

by JJAMAWAVE

Sec6

The MCP Relay Server acts as an intermediary, forwarding tool call requests from clients to a local agent and synchronizing tool definitions.

Setup Requirements

  • ⚠️Requires a 'tools/' directory containing Python modules with `@mcp_tool` decorated functions for tool definitions.
  • ⚠️Requires a separate 'Local Agent' application to connect via WebSocket to `/ws` to provide actual tool implementations; without it, tool calls will fail.
  • ⚠️Relies on `uvicorn` for execution (implicitly, as it's a FastAPI app).
Verified SafeView Analysis
The server uses an open CORS policy (`allow_origins=["*"]`) which allows requests from any domain. More critically, the WebSocket endpoint (`/ws`) used by the 'Local Agent' is unauthenticated. An attacker could potentially connect to this endpoint, register arbitrary tools, and intercept/relay tool calls if the server is exposed publicly without network-level security. The tool loading mechanism from a local 'tools/' directory is generally safe, assuming the server's host environment is trusted and not susceptible to arbitrary file writes.
Updated: 2025-11-22GitHub
0
0
Medium Cost
yuvko24 icon
Sec9

Provides an API wrapper for accessing country information from an external REST API (restcountries.com), exposing tools to query country details by name, list by region, or search by language.

Setup Requirements

  • ⚠️Requires Python environment with FastAPI, FastMCP, httpx, and uvicorn installed.
  • ⚠️Relies on the external restcountries.com API availability and its data structure; changes to this API could break functionality.
Verified SafeView Analysis
The server uses `urllib.parse.quote` for user-provided input in URLs, which helps prevent URL injection. It uses `httpx` with a timeout, which is good practice for external API calls. No `eval` or hardcoded secrets are present. The primary external risk comes from the reliability and security of the `restcountries.com` API itself, which is beyond the scope of this code's direct control. The server binds to 0.0.0.0, making it externally accessible if deployed without proper firewalling, but this is standard for server applications.
Updated: 2025-11-23GitHub
0
0
Low Cost
jules-tnk icon

ts-http-mcp

by jules-tnk

Sec8

An MCP server enabling AI agents to send HTTP requests with full control over methods, headers, query parameters, and request bodies.

Setup Requirements

  • ⚠️Requires Node.js environment
  • ⚠️Only supports stdio transport for MCP communication
Verified SafeView Analysis
The server is designed to proxy HTTP requests from AI agents. While the code includes robust input validation (Zod schema for parameters, URL format validation), deployment in environments with access to sensitive internal networks could pose an SSRF (Server-Side Request Forgery) risk if the AI agent's prompts are not sufficiently sandboxed or if the agent itself is compromised. No obvious malicious patterns, hardcoded secrets, or dangerous functions like 'eval' were found in the provided source code. It uses well-vetted libraries like Axios for HTTP requests and Zod for schema validation, enhancing internal security.
Updated: 2025-11-23GitHub
0
0
High Cost
brandonlacoste9-tech icon

skills-integrate-mcp-with-copilot

by brandonlacoste9-tech

Sec7

This repository demonstrates how to integrate GitHub Copilot Agent Mode with Model Context Protocol (MCP) servers to practice agentic loops for various development stages including research, planning, implementation, testing, and updates.

Setup Requirements

  • ⚠️Requires GitHub Copilot subscription/access
  • ⚠️Likely requires API keys/authentication for external MCP services (GitHub, Figma, Playwright)
Review RequiredView Analysis
Insufficient source code provided for a comprehensive security audit. The provided `README.md` file does not contain any executable code or patterns like 'eval', obfuscation, or hardcoded secrets. A full audit would require inspecting the actual implementation files.
Updated: 2025-11-24GitHub
0
0
High Cost
taskcrew icon

cua-mcp-server

by taskcrew

Sec9

Delegates desktop automation tasks to an autonomous vision-based AI agent controlling cloud-based virtual machine sandboxes.

Setup Requirements

  • ⚠️Requires CUA Cloud API Key (Paid for sandbox access)
  • ⚠️Requires Anthropic API Key (Paid for vision AI processing)
  • ⚠️Requires Vercel Pro plan (for 800s maximum function timeout)
Verified SafeView Analysis
The server implements robust input validation for sandbox names and task IDs to prevent injection and path traversal attacks. It includes specific URL validation (`isValidBlobUrl`) to prevent Server-Side Request Forgery (SSRF) when fetching task history from Vercel Blob storage. API keys are sourced from environment variables or request headers, not hardcoded. The agent architecture relies on an LLM generating structured tool calls, not direct shell commands from user input, significantly reducing direct execution risks. The primary security concern, as noted in the `AGENTS.md` and `README.md`, is the default wide-open CORS policy (`Access-Control-Allow-Origin: *`) for broad MCP compatibility, which might need tightening for production deployments with untrusted users, and the implication that the server's Anthropic API key is shared among authenticated CUA API key users.
Updated: 2025-12-17GitHub
PreviousPage 394 of 713Next