Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
AlexKidd727 icon

test_mcp

by AlexKidd727

Sec10

Simple MCP server for testing FastMCP connectivity and demonstrating basic tool functionality.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires 'fastmcp' library to be installed.
Verified SafeView Analysis
The code is simple and directly implements the advertised functionality without any discernible security risks such as dynamic code execution (e.g., 'eval'), hardcoded credentials, or insecure network operations. Functions are basic arithmetic and string manipulation, posing no inherent threat.
Updated: 2025-12-13GitHub
0
0
High Cost
OnboardedInc icon

onboarded-mcp

by OnboardedInc

Sec1

An MCP server enabling AI assistants to interact with the Onboarded platform's APIs, manage entity state, and optionally access local repository files.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires `git` for setup
  • ⚠️Requires `onboarded-cli` for authentication and recommended setup
  • ⚠️Credentials securely stored in macOS Keychain, limiting cross-OS compatibility
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `src/lib/keychain.ts` file uses `child_process.execSync` to run a shell command. The `profile` variable, which is user-controlled input from tool arguments, is directly embedded into the shell command string without sanitization or proper escaping. This creates a shell injection vulnerability (e.g., `profile='myprofile" -d arbitrary-command-injection; echo "'`), allowing an attacker to execute arbitrary commands on the host system where the MCP server is running. While there are path traversal checks for repository tools, this Keychain interaction flaw is severe.
Updated: 2025-12-13GitHub
0
0
High Cost
eztakesin icon

llm-mcp-gateway-rs

by eztakesin

Sec8

An OpenAI Responses API-compatible gateway for LLM applications that integrates local knowledge base (RAG) and database tool-using MCP servers, designed for use with `big-agi.com`.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for upstream LLM and embedding calls.
  • ⚠️Requires Rust 2024 Edition toolchain to build.
  • ⚠️Requires `pdftotext` for PDF indexing (part of Poppler tools) if PDF documents are to be indexed.
  • ⚠️Configuring HTTPS with Caddy and mkcert is recommended for browser compatibility, especially with `big-agi.com`.
  • ⚠️Using the Oracle Database MCP functionality requires Oracle client setup (`TNS_ADMIN`) and a valid connection string.
Verified SafeView Analysis
The server employs robust guardrails for SQL tools, including strict allowlisting of commands (only SELECT/WITH, no DML/DDL/PLSQL) and automatic row limits. It also enforces a tool allowlist for MCP tools. Environment variables for spawning MCP servers (`DOCS_MCP_COMMAND`, `ORACLE_MCP_COMMAND`) could pose a risk if misconfigured to arbitrary executables, but are intended for internal components. Network best practices (CORS, PNA, recommendations for DB network isolation and Caddy/Nginx authentication) are noted in the documentation. No hardcoded secrets or 'eval' equivalents were found in the provided code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
sarramakhlouf icon

smartDoc_mcpServer

by sarramakhlouf

Sec3

This server provides microservice-style tools for document processing (PDF, CSV) and statistical calculations, intended for integration with AI agents.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 17+ to build and run.
  • ⚠️Requires Apache Maven or Gradle for building the project.
  • ⚠️Designed for integration with Spring AI's Microservice Component Platform (MCP), implying a specific deployment context for AI agent tooling.
Review RequiredView Analysis
The SecurityConfig explicitly disables CSRF protection (`csrf().disable()`) and allows any request without authentication or authorization (`authorizeHttpRequests(authz -> authz.anyRequest().permitAll()`). This makes the server highly vulnerable if exposed to untrusted networks or the public internet, as any user can access all endpoints and functionality without any security checks. It is only safe to run in a tightly controlled, trusted, and isolated internal network where external authentication and authorization are handled by an upstream service.
Updated: 2025-12-08GitHub
0
0
Low Cost

mcp-retialops

by sarthaksolow

Sec9

Predicts future demand for retail products using historical sales, seasonal events, and historical surge profiles, providing a narrative explanation.

Setup Requirements

  • ⚠️Requires OPENROUTER_API_KEY environment variable (Paid API).
  • ⚠️Requires Python packages: mcp, pandas, openai.
Verified SafeView Analysis
API key loaded from environment variable. No 'eval' or similar dangerous functions observed. Relies on external LLM API (OpenRouter) for narrative generation, which is a controlled network interaction.
Updated: 2025-11-26GitHub
0
0
Low Cost
akutishevsky icon

google-tasks-mcp

by akutishevsky

Sec9

This server acts as a Model Context Protocol (MCP) endpoint, enabling AI clients like Claude to manage Google Tasks (task lists and individual tasks) through natural language conversations.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with the Google Tasks API enabled and OAuth 2.0 Web application credentials (Client ID, Client Secret, Redirect URI) configured.
  • ⚠️A strong, randomly generated `ENCRYPTION_SECRET` environment variable (at least 32 characters) is critical for token encryption and must be set; `npm run generate-secret` is provided to help.
  • ⚠️Utilizes Deno KV for persistence, which means it's primarily designed for Deno environments (e.g., Deno Deploy) and requires Deno CLI for local execution and deployment.
Verified SafeView Analysis
The server demonstrates strong security practices. Sensitive data, specifically Google access and refresh tokens, are encrypted at rest using AES-256-GCM with a PBKDF2-derived key, requiring a secure `ENCRYPTION_SECRET`. Logs are meticulously designed for privacy, automatically redacting tokens, client secrets, and user IDs. It implements OAuth 2.0 with PKCE for secure authentication. Network security includes robust CORS configuration, rate limiting based on IP and path, and the application of various HTTP security headers (e.g., Strict-Transport-Security, Content-Security-Policy). There are no `eval` statements or obvious malicious patterns in the provided source code. Session management includes timeouts and cleanup. Overall, it's very well-engineered for privacy and security.
Updated: 2025-11-20GitHub
0
0
High Cost
Cyronius icon
Sec6

Integrate Claude Code with SQL Server databases for CLI-driven and MCP-based operations, supporting SQL Server authentication.

Setup Requirements

  • ⚠️Requires SQL Server credentials (SQL_SERVER, SQL_DATABASE, SQL_USER, SQL_PASSWORD) to be configured in a .env file.
  • ⚠️Critical Security: To enforce a truly read-only server, both `READONLY=true` (for MCP tool listing) and `READONLY_MODE=true` (for blocking write operations) MUST be set in the server's environment configuration. Failure to set `READONLY_MODE=true` leaves write operations vulnerable to direct invocation even if the MCP server is configured as `READONLY=true`.
  • ⚠️The MCP server integration is explicitly noted as 'experimental' and not fully tested, suggesting potential instability or incomplete features for Claude Code integration.
Verified SafeView Analysis
The server implements strong SQL injection prevention for SELECT queries, using extensive keyword and pattern validation. DML operations (INSERT, UPDATE, DELETE) correctly utilize parameterized queries and enforce safety mechanisms like requiring a WHERE clause for updates/deletes and explicit confirmation for physical deletions. However, a critical security vulnerability exists in the implementation of read-only mode: the MCP server's tool listing relies on `process.env.READONLY`, while the core database operations (e.g., `InsertData`, `DeleteData`) check `process.env.READONLY_MODE`. If `READONLY=true` is set in the MCP server configuration (as per README) but `READONLY_MODE=true` is not also set in the server's `.env` file, the MCP client will only *list* read-only tools, but direct invocation of write tools via the MCP protocol could still succeed, bypassing the intended security restriction. This creates a false sense of security for read-only deployments.
Updated: 2025-12-14GitHub
0
0
Medium Cost
gigitiminkova icon
Sec5

This server facilitates the integration of data and operations between Microsoft Excel and a Frappe ERPNext instance, acting as an intermediary API.

Setup Requirements

  • ⚠️Requires a running Frappe/ERPNext instance with API access.
  • ⚠️Frappe API Key/Secret must be configured as environment variables.
  • ⚠️Specific language runtime (e.g., Node.js or Python) and package manager (npm/yarn/pip) are required for dependencies.
Review RequiredView Analysis
Source code was not provided for analysis. Without access to the actual code, a thorough security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns cannot be performed. Therefore, a comprehensive security assessment and a definitive 'safe to run' judgment are not possible. The score reflects this lack of information, defaulting to a cautious neutral.
Updated: 2025-11-26GitHub
0
0
Medium Cost
vthapar icon

subm-mcp-server

by vthapar

Sec8

Manages Kubernetes resources and ServiceExports across multiple clusters via a unified JSON-RPC API, enabling generic and specialized operations.

Setup Requirements

  • ⚠️Requires Go 1.21 or later for building.
  • ⚠️Requires access to one or more Kubernetes clusters and valid kubeconfig files.
  • ⚠️Kubeconfig files must have appropriate RBAC permissions for the operations the server performs.
Verified SafeView Analysis
The server securely interacts with Kubernetes clusters using client-go and kubeconfig files. It uses URL encoding for label selectors, preventing URL injection. However, the HTTP transport's CORS middleware sets `Access-Control-Allow-Origin: *`, which could be a security risk if the server is exposed publicly without proper authentication/authorization. The inherent power of managing Kubernetes resources means that the server's host environment and the configured kubeconfig files' RBAC permissions must be carefully managed to prevent unauthorized access or privilege escalation.
Updated: 2025-11-26GitHub
0
0
Low Cost
tzDel icon
Sec8

Manages isolated Git worktrees for AI coding agents to enable parallel work, isolated testing, and controlled merging.

Setup Requirements

  • ⚠️Requires Git CLI (version 2.27.0+ recommended) to be installed and accessible in the system's PATH.
  • ⚠️Operates on a local Git repository, which must exist. By default, it uses the current working directory, but a specific path can be provided via the `-repo` flag.
  • ⚠️If running from source, a Go environment (Go 1.18+ or similar) is required for building and execution.
Verified SafeView Analysis
The server executes Git CLI commands using `os/exec`. While this inherently carries a risk of command injection, the `sessionId` (which forms part of branch and worktree names) is strictly validated via regex (`^[a-z0-9][a-z0-9-]*[a-z0-9]$`), significantly mitigating this risk. No direct 'eval' or arbitrary command execution is observed. Configuration values like repository paths are passed via flags, not directly from untrusted user input within tool arguments, further reducing risk. There are no hardcoded secrets or network listeners beyond stdio interaction.
Updated: 2025-11-26GitHub
0
0
Medium Cost
tejas-borate-wai icon

python-mcp-server

by tejas-borate-wai

Sec2

A dual-mode server (MCP protocol and REST API) providing LLMs and applications with tools for SQL database operations, weather information, file management, web requests, and system diagnostics.

Setup Requirements

  • ⚠️Requires 'uv' for package management and running.
  • ⚠️Requires 'ODBC Driver 17 for SQL Server' to be installed for database functionality.
  • ⚠️Requires a local SQL Server database named 'IntimeProDB' accessible at 'localhost' for database tools.
  • ⚠️Integration with Claude Desktop requires manual configuration in 'claude_desktop_config.json'.
Review RequiredView Analysis
The server has critical security risks. The `read_file` and `write_file` tools allow arbitrary file system access (read/write to any path the server process has permissions for), posing a significant threat of data leakage or corruption. The `web_request` tool can make arbitrary HTTP GET requests, which could be exploited for Server-Side Request Forgery (SSRF) or to interact with internal network resources. Crucially, the FastAPI REST API server (`api_server.py`) has no authentication implemented (`allow_origins='*'` and no API key enforcement), making all its powerful tools accessible to anyone who can reach the server's endpoint. While SQL queries are restricted to 'SELECT', direct execution of raw query strings could still be vulnerable to injection without robust input sanitization by the ODBC driver. The `DB_CONFIG` is hardcoded, which is generally poor practice but not a direct security flaw in this specific 'trusted connection' setup.
Updated: 2025-11-19GitHub
0
0
High Cost
majidraza1228 icon

local-mcpserver

by majidraza1228

Sec3

Converts various document types (PDF, DOCX, XLSX, images, etc.) and URLs to Markdown format, offering AI assistant integration, a web interface, and file system automation.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Manual configuration of `~/.config/mcp/config.json` with absolute paths is needed for AI assistant integration, which can be error-prone.
  • ⚠️Deployment to OpenShift requires Docker/Podman and OpenShift CLI (`oc`) installation, along with registry authentication.
Review RequiredView Analysis
CRITICAL VULNERABILITIES IDENTIFIED: 1. Local File Disclosure/Arbitrary File Read: The `convert_file` and `convert_batch` MCP tools (exposed via both STDIO and HTTP APIs) accept an arbitrary `path: str` argument. A malicious actor could specify paths like `/etc/passwd` to read sensitive server files, or other system files, leading to unauthorized information disclosure. 2. SQL Injection: The `db_preview` tool in `db_server/server.py` constructs SQL queries via f-strings with a user-controlled `table` name (`f"SELECT * FROM {table} LIMIT {limit}"`). This is vulnerable to SQL injection if `table` contains malicious input. Other Concerns: - CORS policy set to `allow_origins=['*']` is overly permissive for production environments. - Hardcoded API key example (`'your-secret-token'`) in `MCP_HTTP_GUIDE.md` might be overlooked and used as-is in deployments. - File uploads are saved to `tempfile.NamedTemporaryFile` before processing, which is standard, but the overall lack of input validation on file paths for conversion tools remains a severe risk.
Updated: 2025-11-27GitHub
PreviousPage 404 of 713Next