Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
SamMorrowDrums icon

mcp-csharp-starter

by SamMorrowDrums

Sec8

A starter template for building Model Context Protocol (MCP) servers in C# with .NET 8, demonstrating core MCP features like tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires .NET 8.0 SDK
Verified SafeView Analysis
The `ask_llm` tool facilitates LLM sampling, which inherently carries risks like prompt injection or potential data exposure if not carefully managed in a production environment. However, the server itself, as a template, does not exhibit direct system-level vulnerabilities like arbitrary code execution or hardcoded secrets in the provided source code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
bvm-arjun108 icon

mcp-server-weather

by bvm-arjun108

Sec9

Provides current weather, hourly forecasts, and geocoding-based location lookup using the Open-Meteo API.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires MCP Python SDK (`mcp[cli]`)
Verified SafeView Analysis
The server utilizes `httpx` for external API interactions, incorporating basic error handling. Input validation is performed for `forecast_days` and `count` parameters to ensure they fall within acceptable ranges. No `eval` statements, obfuscation, hardcoded secrets, or obvious malicious patterns were identified. Generic exception handling in `make_openmeteo_request` could obscure specific types of errors, but this is a minor concern in this context and not a direct security vulnerability.
Updated: 2026-01-19GitHub
0
0
Medium Cost
heebin2 icon

go-swagger-mcp

by heebin2

Sec8

This server provides a Model Context Protocol (MCP) interface to manage and retrieve Swagger/OpenAPI specifications.

Setup Requirements

  • ⚠️The `SWAGGER_MCP_SERVER_URL` environment variable is required and must point to the URL (or local file path) of a Swagger/OpenAPI specification file, not the MCP server's own endpoint.
  • ⚠️As implemented in `cmd/mcp/main.go`, the server currently loads only a single Swagger specification, even though the underlying `swagger.NewServer` function could technically handle multiple if the environment variable was parsed differently.
  • ⚠️The server defaults to listening on port `8080`, which might conflict with other services running on the host.
Verified SafeView Analysis
The server loads Swagger specifications from pre-configured URLs or local paths at startup. While loading from untrusted URLs could theoretically pose risks (e.g., if a malicious spec is hosted), the implementation only processes URLs provided via the `SWAGGER_MCP_SERVER_URL` environment variable during server initialization, mitigating dynamic SSRF risks from external requests. There are no 'eval' or similar dangerous dynamic code execution patterns. The server binds to port 8080 by default, primarily for SSE communication, and lacks explicit authentication/authorization mechanisms within the provided code, relying on the MCP framework or deployment context for security.
Updated: 2025-12-15GitHub
0
0
Low Cost
Volk-Prizrak icon

mcp

by Volk-Prizrak

Sec8

Enables AI assistants to safely and efficiently interact with AWS DocumentDB databases through a Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires `uv` (Python package manager) and Python 3.10 for local development/execution.
  • ⚠️Requires network access to an AWS DocumentDB cluster with appropriate credentials.
  • ⚠️Requires an SSL/TLS certificate (`global-bundle.pem`) if TLS is enabled for DocumentDB connection.
  • ⚠️The DocumentDB connection string MUST include `retryWrites=false`.
Verified SafeView Analysis
The server runs in read-only mode by default, blocking all write operations and collection modifications, significantly enhancing security. It validates DocumentDB-specific connection parameters like `retryWrites=false` to prevent common misconfigurations. No direct code injection vulnerabilities or `eval` usage detected. However, if the server is run with the `--allow-write` flag and overly permissive AWS credentials or database connection strings, it could perform destructive actions.
Updated: 2025-12-06GitHub
0
0
Medium Cost
onoda4480 icon
Sec9

Efficiently deliver project documentation to AI agents (e.g., Claude) on demand to optimize token usage.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️The `MCP_DOCS_DIR` environment variable must be set, pointing to the directory containing documents, or ensure documents are in `./docs` relative to the server.
  • ⚠️Integration with Claude Desktop requires manual configuration of `claude_desktop_config.json`.
Verified SafeView Analysis
The server implements robust security measures including explicit path traversal attack prevention via `SafeFileHandler`, file size limits, and input validation for document paths and encodings. Logging is properly configured to `stderr` and files to avoid corrupting STDIO-based JSON-RPC communication. The core MCP server runs on STDIO, which is generally safer for local integration. An optional HTTP API adds a network surface but includes error handling. No 'eval' or obvious malicious patterns were found.
Updated: 2025-12-14GitHub
0
0
Medium Cost
llamasearchai icon

OpenMCPAgent

by llamasearchai

Sec8

An AI agent that controls a Minecraft bot to perform tasks within the game, leveraging Large Language Models (LLMs) for decision-making and task execution.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or Azure OpenAI Service credentials (Paid)
  • ⚠️Requires a running Minecraft server
  • ⚠️Requires Node.js environment
Verified SafeView Analysis
The project uses environment variables for sensitive API keys (OpenAI/Azure) and configurable options for Minecraft server connection details. No 'eval' or obvious malicious patterns found. The primary security considerations involve how the user secures their environment variables and the Minecraft server configuration.
Updated: 2025-11-23GitHub
0
0
High Cost
T3chFreak13 icon

XcodeDocsMCP

by T3chFreak13

Sec8

Provides a local server for accessing and searching Xcode documentation and SDK symbols efficiently on macOS.

Setup Requirements

  • ⚠️Requires macOS (10.15 Catalina or later).
  • ⚠️Requires Xcode or Command Line Tools for Xcode to be installed and configured for access to SDKs and documentation tools like `swift-symbolgraph-extract`.
  • ⚠️The source code implements a JSON-RPC server communicating via standard input/output (stdin/stdout), not a network-bound HTTP server as suggested by the README's mention of `http://localhost:8080`. A separate wrapper application would be needed to expose it over HTTP or open it in a web browser.
Verified SafeView Analysis
The server uses `Process` to execute system commands (`mdfind`, `grep`, `xcrun`, `sh`). User-provided query parameters (`query`, `symbol`) are sanitized for shell special characters (e.g., single quotes) before being interpolated into shell commands, which is a good practice. Paths used for `grep` commands are derived internally from the SDK path, limiting direct user path injection. No direct outbound network connections or hardcoded secrets were found. The primary risk would be if the sanitization were incomplete or if the system tools themselves had exploitable vulnerabilities, but the current implementation shows reasonable care for its intended local, command-line usage.
Updated: 2026-01-19GitHub
0
0
Medium Cost
digitalxenon98 icon

sendify-dbschenker-mcp

by digitalxenon98

Sec9

Tracks DB Schenker shipments by reference number, providing structured shipment information including sender/receiver details, package information, and complete tracking history.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️The `run_command` uses `tsx` to run directly from TypeScript source. This implies `tsx` is available globally via `npx` or locally in `node_modules`.
  • ⚠️The `run_command` requires replacing `/absolute/path/to/sendify-dbschenker-mcp` with the actual absolute path to the project directory.
Verified SafeView Analysis
The server's core functionality involves interacting with an external DB Schenker API that employs a browser-bound CAPTCHA challenge. The server includes a reimplemented, pure JavaScript proof-of-work algorithm to automatically solve these CAPTCHAs. There are no indications of 'eval', code obfuscation, or hardcoded sensitive secrets in the provided source code. Network requests are handled with retries, exponential backoff, and clear error differentiation (rate limiting vs. CAPTCHA challenges). An in-memory cache is used for CAPTCHA-blocked results to prevent redundant API calls. The primary security consideration is the ongoing reliability of the reverse-engineered CAPTCHA solving algorithm if the upstream API's challenge mechanism changes, requiring updates to the server.
Updated: 2026-01-09GitHub
0
0
Medium Cost
sedoglia icon
Sec9

Enables Claude Desktop to access and analyze FreeStyle Libre continuous glucose monitoring (CGM) data.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires an active LibreLinkUp account with shared data from a FreeStyle Libre 2 or 3 sensor.
  • ⚠️Requires `keytar` for maximum security, which may need additional system dependencies on Linux (e.g., `libsecret-1-dev`, `gnome-keyring`). A file-based fallback exists if Keytar is unavailable.
  • ⚠️Initial setup requires running a CLI configuration tool (`npm run configure`) to provide LibreLinkUp credentials and preferences.
  • ⚠️Requires Claude Desktop for integration, with manual configuration steps if not using the precompiled bundle.
Verified SafeView Analysis
The server employs robust security measures, including AES-256-GCM encryption for credentials and JWT tokens, with encryption keys stored in the OS keychain (Keytar) or a permission-restricted fallback file. It communicates only with official LibreLinkUp API endpoints, enforces API version 4.16.0+, and includes explicit privacy considerations. No hardcoded secrets or arbitrary network calls were found. The primary security risk is the dependency on `keytar` which requires system libraries on Linux, though a file-based fallback is provided.
Updated: 2026-01-16GitHub
0
0
Low Cost
asume21 icon
Sec9

Facilitates real-time communication, task management, and shared context exchange between AI agents like Cascade and Codex within an MCP ecosystem.

Setup Requirements

  • ⚠️Requires an existing MCP host environment (e.g., Windsurf) to integrate and run.
  • ⚠️Requires the 'mcp' Python library and its dependencies (`pip install -r requirements.txt`).
Verified SafeView Analysis
The server runs via standard I/O, does not expose network ports, uses in-memory storage, and lacks direct execution of arbitrary user-provided code. Input schemas are defined for tools, reducing injection risks. No hardcoded secrets or 'eval' calls found. It's generally safe for its intended internal use.
Updated: 2025-11-25GitHub
0
0
Low Cost
Csmally icon

ai-mcp-server

by Csmally

Sec8

The server implements a simple tool service based on the Modular Capabilities Protocol (MCP) for performing basic arithmetic operations (sum).

Setup Requirements

  • ⚠️Requires Node.js runtime.
Verified SafeView Analysis
The server directly parses JSON input from stdin and dynamically dispatches method calls based on the 'req.params.name' field. While the currently defined 'tools' (sum, initialize) are safe and deterministic, this pattern could pose a risk if malicious or unintended functions were added to the 'tools' object in the future, or if the input was not strictly controlled. No 'eval', obfuscation, hardcoded secrets, or direct network risks (as it uses stdin/stdout) are observed.
Updated: 2025-11-27GitHub
0
0
Low Cost
colinterface icon

bay-wheels-mcp

by colinterface

Sec9

Provides realtime Bay Wheels bikeshare data through an MCP server.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires `uv` or `uvicorn` package for local execution/development
  • ⚠️Requires Docker for containerized deployment options
Verified SafeView Analysis
The codebase appears generally secure. No use of dangerous functions like 'eval' or 'exec' was found. It makes external HTTP requests to a public, well-known GBFS endpoint, which is expected for its functionality. There are no hardcoded secrets. Input validation relies on type hints and the underlying FastMCP framework, with internal error handling for exceptions during API calls or data processing. The dependencies are standard and widely used.
Updated: 2025-12-07GitHub
PreviousPage 403 of 713Next