Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Shigakuresama icon

canvas-mcp-developer

by Shigakuresama

Sec7

A Model Context Protocol (MCP) server for students to access read-only Canvas LMS data and integrate with NotebookLM for study material organization.

Setup Requirements

  • ⚠️Requires CANVAS_API_TOKEN, which must be manually generated by the user from Canvas account settings.
  • ⚠️NotebookLM integration is optional but requires a Python environment, `playwright install chromium`, and an *interactive manual Google login* (`notebooklm_auth_setup`).
  • ⚠️Canvas file downloads are optional but require manually exporting browser cookies (e.g., as `cookies.txt`) and setting the `CANVAS_COOKIES_FILE` environment variable.
Verified SafeView Analysis
The server uses environment variables for sensitive Canvas API tokens and cookie paths, which is good practice. It also implements rate limiting to respect Canvas API limits. `child_process.spawn` is used for Python bridge scripts, which is safer than `exec`. However, the 'read-only access' claim in the README is contradicted by the presence of `canvas_bookmark_create` and `canvas_bookmark_delete` tools, which perform write operations (though minor, affecting only the user's bookmarks). The `notebooklm_prepare_content` tool takes user-provided `input_path` and `output_dir` which, in an adversarial AI scenario, could theoretically lead to path traversal for reading/writing arbitrary files on the server if not strictly contained. However, for its intended use case with a trusted AI agent, these are considered low risk.
Updated: 2025-12-01GitHub
0
0
Medium Cost
timoconnellaus icon

bun-runner-mcp

by timoconnellaus

Sec9

Execute TypeScript/JavaScript code in a sandboxed Bun environment with permission-based security controls, supporting code snippets and web-based management.

Setup Requirements

  • ⚠️Requires Bun runtime to be installed locally.
  • ⚠️Container mode requires macOS 26 (Tahoe) or later with Apple Containers CLI installed.
  • ⚠️Requires specific JSON configuration for MCP clients (e.g., Claude Desktop).
Verified SafeView Analysis
The server employs robust sandboxing, offering two main modes: preload and container. Preload mode uses Bun's `--preload` to intercept dangerous APIs (like `fetch`, `Bun.write`, `Bun.spawn`, `process.env` access) and routes them through a permission-checking proxy. Container mode (recommended for untrusted code) leverages Apple Containers (macOS 26+) for VM-level isolation, resource limits (CPU, memory), and package management. The accompanying Docker configuration (`docker-compose.yml`, `seccomp-profile.json`) further demonstrates a high level of security consciousness, implementing read-only filesystems, dropped capabilities, and syscall filtering. Hardcoded secrets are not apparent; environment variables are loaded securely from files or prefixed process environment variables.
Updated: 2025-11-28GitHub
0
0
Medium Cost
marcusvbda icon

general-mcp-server

by marcusvbda

Sec8

This server acts as a Multi-Capability Protocol (MCP) server, integrating custom tools and orchestrating their use with an AI assistant.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid service required)
  • ⚠️Requires an OpenAI model name to be specified in environment variables.
  • ⚠️The environment variable `OEPN_AI_BASE_URL` appears to be a typo in the source code; it is likely intended as `OPEN_AI_BASE_URL`.
Verified SafeView Analysis
The server correctly uses environment variables for API keys and does not contain 'eval' or obvious obfuscation. Tool arguments are passed directly to handlers, which are responsible for their own input validation. The `OEPN_AI_BASE_URL` environment variable appears to be a typo and should likely be `OPEN_AI_BASE_URL`, which could lead to misconfiguration but is not a security vulnerability in itself.
Updated: 2025-12-14GitHub
0
0
Low Cost
ecociel icon
Sec8

A starter template for building OpenAI Apps that expose custom HTML or React widgets via an MCP server, demonstrating end-to-end workflow and best practices.

Setup Requirements

  • ⚠️Requires Python 3.8+ (implied by modern packages).
  • ⚠️Python dependencies (mcp, fastmcp, uvicorn, pydantic) must be installed.
  • ⚠️For the React widget, Node.js/npm is required to build the frontend assets (npm install && npm run build-widgets) before running the Python server.
Verified SafeView Analysis
The server uses FastMCP and standard SDK components. It handles user input by extracting string arguments for tool calls, and serves static or built HTML/React widget content. There's no apparent use of 'eval' or direct arbitrary code execution from user input. The React widget's build process involves inlining JS/CSS, which, if not meticulously handled for external inputs, could pose a risk, but here it's for its own trusted build artifacts. No hardcoded secrets found.
Updated: 2025-12-23GitHub
0
0
Medium Cost
nohuiam icon

synapse-relay

by nohuiam

Sec8

Synapse Relay acts as a neural packet routing system for the InterLock mesh, facilitating inter-service communication through signal relaying, buffering for offline targets, and rule-based routing.

Setup Requirements

  • ⚠️Requires Node.js v20.0.0 or higher.
  • ⚠️Requires 'config/interlock.json' to be properly configured with peer names and ports for effective InterLock mesh communication, as default configuration is minimal.
  • ⚠️Needs UDP port 3025, HTTP port 8025, and WebSocket port 9025 available and open for incoming connections (for HTTP/WS) and UDP traffic.
Verified SafeView Analysis
The server employs several security measures including CORS with an explicit whitelist, rate limiting on HTTP endpoints, and input validation using Zod for MCP tools. Critically, the InterLock Tumbler (`src/interlock/tumbler.ts`) enforces whitelisting of allowed peers and signal types for UDP messages, along with freshness checks, significantly enhancing the security of the InterLock mesh communication. Database interactions utilize prepared statements, mitigating SQL injection risks. A notable architectural choice is the use of 'localhost' for all outgoing UDP messages to specified peer ports, implying that all InterLock 'peers' are expected to run on the same machine as synapse-relay, differentiated by port. While this limits true distributed network mesh capabilities, it also prevents sending UDP packets to arbitrary remote IPs, which can be seen as a security feature in a single-host inter-process communication context. Overall, the server demonstrates a good commitment to security best practices for its intended operational scope.
Updated: 2026-01-17GitHub
0
0
Medium Cost
grammy-jiang icon

RaspberryPiOS-MCP

by grammy-jiang

Sec9

Manages and observes Raspberry Pi OS devices, enabling AI assistants to control hardware, monitor system metrics, and manage services securely through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Raspberry Pi OS devices with specific hardware (GPIO, I2C, Camera) for full functionality.
  • ⚠️Requires `sudo` privileges for initial installation and for the privileged agent (`raspi-ops-agent`) to run.
  • ⚠️Authentication requires configuration of either Cloudflare Access with OAuth or a local static token for secure access.
Verified SafeView Analysis
The project demonstrates a high level of security awareness, implementing multiple layers of defense. It leverages Cloudflare Tunnel for secure internet exposure and OAuth for authentication. Inter-process communication (IPC) between the non-privileged server and the privileged agent uses a Unix domain socket, limiting attack surface. Role-Based Access Control (RBAC) is enforced for all tool calls, with granular permissions for 'viewer', 'operator', and 'admin' roles. Input validation and sanitization are consistently applied, particularly for parameters passed to underlying shell commands (e.g., systemctl, shutdown) and for package update commands (uv/pip), explicitly checking for dangerous characters and path traversal attempts. Hardware access (GPIO, I2C, Camera) is protected by whitelists and validation. Audit logging captures critical operations. While any system interacting with privileged commands carries inherent risk, the design includes robust mitigations.
Updated: 2025-12-05GitHub
0
0
Low Cost
DionteAlley icon

mcp-server-rycrawl

by DionteAlley

Sec9

A basic Minimal Compliance Protocol (MCP) server providing an API for asset scanning (mocked) and message handling.

Verified SafeView Analysis
The provided source code is simple and does not contain any 'eval' or similar dangerous functions. There are no hardcoded secrets, obfuscation, or apparent malicious patterns. The 'run_scan' functionality is mocked and does not perform actual external operations, minimizing immediate security risks from its core logic. Standard web server vulnerabilities might exist if deployed publicly, but the code itself is very clean.
Updated: 2025-12-10GitHub
0
0
Low Cost
service-atlas icon

mcp

by service-atlas

Sec8

This MCP server provides read-only access to a Service Atlas API, enabling browsing of teams, listing services by team, searching services by name, identifying service ownership, getting release information, and querying technical debt reports.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires the 'uv' Python package runner installed (e.g., 'pip install uv').
  • ⚠️The 'API_URL' environment variable MUST be set to the base URL of the target Service Atlas API for functionality.
Verified SafeView Analysis
The server acts as a read-only proxy to an external Service Atlas API. No 'eval' or direct arbitrary code execution detected. It relies on the 'API_URL' environment variable, which if misconfigured or pointing to an untrusted source, could expose or proxy malicious data. URL paths are constructed using f-strings with input parameters, which could pass through injection if the downstream API is vulnerable, but the server itself does not perform additional sanitization beyond parameter embedding. All API calls are GET requests.
Updated: 2025-12-04GitHub
0
0
Low Cost
Sec1

A server designed to act as an unauthenticated proxy or interface for a Minecraft (MCP) server.

Setup Requirements

  • ⚠️Lacks authentication by design, requiring strict network isolation (e.g., localhost, private VLAN) to prevent unauthorized access.
  • ⚠️Likely requires an existing Minecraft server to proxy for or interact with.
Review RequiredView Analysis
The server is explicitly described as 'authless', meaning it lacks any authentication mechanism. If this server exposes any functionality over a network, this design choice represents an extreme security risk, allowing any client to interact with it without credentials. This is a critical vulnerability by design unless extremely strict network isolation and trust boundaries are enforced.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Entropy-Is-Software-Development icon

zed-shell-mcp-server

by Entropy-Is-Software-Development

Sec8

Provides a Model Context Protocol (MCP) server for the Zed IDE to securely execute whitelisted shell commands (git, pnpm, npm, yarn, bun, deno) and read workspace files.

Setup Requirements

  • ⚠️Requires manual configuration in Zed IDE's settings.json to specify the absolute path to the compiled server script.
  • ⚠️AI agents using the server MUST include a `cwd` (current working directory) parameter in every tool call for proper operation, as explicitly stated in the agent instructions.
Verified SafeView Analysis
The `execute_command` tool uses `node:child_process.exec` but strictly whitelists commands (`git`, `pnpm`, `npm`, `yarn`, `bun`, `deno`), preventing arbitrary command execution. The `read_many_files` tool uses `node:fs/promises.readFile` and includes a critical path traversal check (`!absolutePath.startsWith(cwd)`) to ensure files are read only within the specified current working directory. No direct `eval` or similar code injection vectors, or hardcoded secrets are present.
Updated: 2025-11-28GitHub
0
0
Medium Cost
cucinellclark icon

copilot-mcp-server

by cucinellclark

Sec3

This server provides Multi-Modal Command Protocol (MCP) tools for executing Python code and querying RAG databases, primarily for BV-BRC related helpdesk and publication data.

Setup Requirements

  • ⚠️Requires Singularity installed and a pre-built container image specified in `config.json` for Python code execution.
  • ⚠️Requires cloning and installing dependencies for an external `rag_api` repository (`git@github.com:cucinellclark/rag_api.git`).
  • ⚠️Dependency on BV-BRC (PATRIC) authentication service at `https://user.patricbrc.org/authenticate` for user login and token validation.
Review RequiredView Analysis
The `run_python_code` tool allows execution of arbitrary Python code using `subprocess.run` within a Singularity container. While attempts are made to sandbox using `--net --network none --containall`, local directories are explicitly bound (`--bind`), allowing the executed code access to parts of the host filesystem. This is a critical security vulnerability if not extremely well-controlled and audited, as it could lead to host compromise. Additionally, the server acts as an OAuth provider, handling user credentials for BV-BRC authentication, which requires secure implementation.
Updated: 2025-12-04GitHub
0
0
Medium Cost
michaelkrasa icon

alpha-ess-mcp-server

by michaelkrasa

Sec9

A Model Context Protocol (MCP) server providing access to Alpha ESS solar inverter and battery system data through their official Open API.

Setup Requirements

  • ⚠️Requires Alpha ESS developer account and linked inverter system.
  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires `uv` package manager for installation and execution.
Verified SafeView Analysis
The server correctly uses environment variables for API credentials, avoiding hardcoding. It integrates with a third-party Alpha ESS Open API client library. The code itself does not contain obvious malicious patterns, 'eval' calls, or obfuscation. Network communication is outbound to the Alpha ESS API and a local HTTP server for the MCP. The primary security consideration is the secure management of the 'ALPHA_ESS_APP_ID' and 'ALPHA_ESS_APP_SECRET' by the user.
Updated: 2025-12-10GitHub
PreviousPage 398 of 713Next