Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
powlite32 icon
Sec4

Provides a Model Context Protocol (MCP) server to connect Large Language Models (LLMs) with Google Docs for document creation, reading, updating, formatting, and structural manipulation.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with Google Docs API and Google Drive API enabled.
  • ⚠️Requires Google OAuth2 Desktop App credentials (`credentials.json`) to be placed in the project root. This file is manually created and contains your client ID, client secret, and redirect URIs.
  • ⚠️The initial OAuth flow requires opening a browser to authenticate and grants access to your Google Docs and Drive. A local web server on port 3001 is used for the OAuth callback, which might conflict with other services.
  • ⚠️The project's README explicitly states 'Bug #3: Case-Insensitive Search Index Bug (search.ts)' and 'Bug #4: SQL Injection in Query (read.ts)' are '⚠️ REQUIRES MANUAL FIX'. These indicate known, unpatched vulnerabilities that could lead to data corruption or injection.
  • ⚠️Integration tests may hit Google API rate limits or quotas, especially with large-scale operations.
Review RequiredView Analysis
The project's README explicitly lists critical bugs that require manual fixes with security implications: 'Case-Insensitive Search Index Bug (search.ts)' could lead to incorrect deletions, and 'SQL Injection in Query (read.ts)' is marked as vulnerable to injection despite some sanitization attempts. These unaddressed vulnerabilities significantly lower the security score. Additionally, sensitive Google OAuth2 credentials are stored in `credentials.json` and `token.json` files locally; while a common pattern, their security depends entirely on the host environment's file system permissions.
Updated: 2026-01-19GitHub
0
0
Low Cost
pasie15 icon
Sec9

This server provides an MCP interface to the MusicGPT API, enabling AI-powered music generation, voice manipulation, audio processing, and analysis.

Setup Requirements

  • ⚠️Requires a MusicGPT API Key, obtained from the MusicGPT API Dashboard, which is associated with usage-based costs and rate limits.
  • ⚠️Requires Node.js version 18.0.0 or higher to run.
  • ⚠️This server is designed to operate within a Model Context Protocol (MCP) client environment (e.g., Claude Desktop, Cline) and is not intended to be run as a standalone HTTP server.
Verified SafeView Analysis
The server correctly handles API key management via environment variables, preventing hardcoded secrets. It includes robust error handling for external API interactions, which helps prevent sensitive backend details from leaking and provides specific guidance (e.g., for authentication or rate limits). The server operates via stdio, limiting its direct network exposure as it's designed to be run as a child process by an MCP client. Input validation is present for tool arguments. No discernible malicious patterns or unsafe code execution mechanisms (like 'eval' or arbitrary 'child_process' execution) were found.
Updated: 2025-12-13GitHub
0
0
Medium Cost
ShootaOT icon

db-mcp

by ShootaOT

Sec1

Run an SQLite Model Context Protocol (MCP) server that provides secure access via OAuth 2.0, tool filtering, and options for WASM or native SQLite versions to manage databases effectively.

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️OAuth 2.0 setup with an authorization server like Keycloak is complex, requiring realm, client, scopes, and user creation.
  • ⚠️The 'better-sqlite3' native adapter is an optional dependency and may require additional system configuration (e.g., SpatiaLite extension might need to be available).
Review RequiredView Analysis
The server has critical SQL injection vulnerabilities. Numerous tools, such as `sqlite_vector_search`, `sqlite_text_split`, `sqlite_json_extract`, `sqlite_stats_basic`, and many others, accept user-provided SQL fragments like `whereClause` or `orderBy` as direct string inputs. These inputs are then concatenated directly into the SQL queries executed against the database without proper escaping or parameterization. This allows an attacker to inject arbitrary SQL, leading to data exfiltration, modification, deletion, or even full database compromise. While a `validateQuery` method exists, it performs only basic pattern matching and is insufficient to prevent sophisticated SQL injection attacks. The `no-console` ESLint rule is good for MCP's stdio transport, and OAuth implementation uses the `jose` library correctly, but these do not mitigate the core SQL injection risk.
Updated: 2026-01-19GitHub
0
0
Low Cost
Geoff-Robin icon
Sec8

This server provides an API endpoint for detecting whether an input email text is a normal email or a phishing email using a pre-trained ONNX machine learning model.

Setup Requirements

  • ⚠️Requires the 'tfidf_logistic_regression.onnx' model file to be manually placed in the 'models/' directory relative to the executable path.
  • ⚠️'onnxruntime-node' is a native dependency which might require specific system build tools or pre-built binaries for the target OS/architecture, potentially complicating local setup outside Docker.
Verified SafeView Analysis
The server uses Express with 'morgan' for logging and handles JSON input. It implements an MCP server with a single tool for phishing detection. The core logic involves loading an ONNX model and performing inference. There are no obvious 'eval' calls, obfuscated code, or hardcoded secrets found in the provided snippets. The input 'emailText' is passed to 'onnxruntime-node' as a string tensor, which is generally safe against command injection for the ONNX runtime itself. Network risks are typical for any exposed API endpoint, but no specific vulnerabilities are introduced by the code itself beyond standard web server concerns (e.g., DoS, input validation where applicable, though 'z.string()' provides basic type validation). The server correctly handles unsupported HTTP methods (GET, DELETE) with a 405 response.
Updated: 2025-11-19GitHub
0
0
Low Cost
KennethCarlos icon

fabric-atelier

by KennethCarlos

Sec9

This repository provides a collection of Python programming examples and exercises, demonstrating fundamental concepts, data structures, simple algorithms, and basic machine learning techniques, primarily for educational purposes.

Setup Requirements

  • ⚠️Requires scikit-learn library (pip install scikit-learn)
Verified SafeView Analysis
The codebase consists of standalone Python scripts primarily for learning purposes. It does not expose any network services, use 'eval', or contain hardcoded sensitive information. User input is taken directly via `input()` in several scripts, which is acceptable for local console applications but would require sanitization in a more robust application context (e.g., web server). Overall, it is safe for its intended use.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ctrimm icon
Sec8

Provides an MCP (Model Context Protocol) server for AI-assisted guidance on the USWDS design system, offering tools to list, describe, compare, validate, and generate code for USWDS components in React, vanilla HTML, or Tailwind CSS.

Setup Requirements

  • ⚠️Requires an AWS account and configured credentials for deployment.
  • ⚠️Uses AWS SST CLI for deployment and local development (`npx sst deploy`, `npx sst dev`).
  • ⚠️Requires a Resend API key (`RESEND_API_KEY`) if email features (signup, API key reset notifications) are enabled.
  • ⚠️Custom domain setup for the router requires a Cloudflare API Token (`CLOUDFLARE_API_TOKEN`) if using Cloudflare for DNS.
Verified SafeView Analysis
Authentication uses API keys stored in DynamoDB, with secrets managed by AWS Secrets Manager via SST. Origin validation middleware is in place for CORS protection. Rate limiting is implemented in-memory per Lambda instance, offering basic protection but lacking global coordination without further integration (e.g., WAF, API Gateway usage plans, which are mentioned as future enhancements in ARCHITECTURE.md and RATE_LIMITING.md). The admin API has custom authentication via middleware, which needs to be carefully secured in production. No `eval` or blatant obfuscation found.
Updated: 2026-01-04GitHub
0
0
Medium Cost
becksclair icon

rescreenshot-mcp

by becksclair

Sec9

Cross-platform screenshot capture for coding agents, enabling programmatic visual interaction with applications.

Setup Requirements

  • ⚠️Linux Wayland: Requires `xdg-desktop-portal` and `pipewire` runtime dependencies to be installed.
  • ⚠️Windows: Requires Visual Studio C++ Build Tools for compilation and Windows 10 (version 1803 / build 17134+) at runtime.
  • ⚠️macOS: The ScreenCaptureKit backend is currently not implemented and is planned for Q1 2026.
Verified SafeView Analysis
The server demonstrates strong security practices for its context. Sensitive Wayland restore tokens are encrypted using ChaCha20-Poly1305 with HKDF-SHA256 and stored in a keyring or an encrypted file with appropriate permissions. Regex pattern matching includes size and DFA limits to prevent ReDoS attacks. All necessary unsafe blocks for OS interaction (Win32 API) include explicit comments and buffer handling. The project actively tracks and manages dependency vulnerabilities. Communication is strictly via stdio JSON-RPC, limiting network attack surface. Known inherent security limitations of the X11 protocol (no consent for capture) are clearly documented rather than introduced by the application.
Updated: 2025-12-16GitHub
0
0
Low Cost
andriyshevchenko icon

secrets-mcp-server

by andriyshevchenko

Sec9

Enables AI agents to securely store and retrieve secrets cross-platform using native operating system credential management systems.

Setup Requirements

  • ⚠️Requires Node.js 18.x or later to run.
  • ⚠️On Linux, specific system libraries like `libsecret-1-dev` (or equivalent) need to be installed for the Secret Service API to function.
  • ⚠️In containerized Linux environments (e.g., Docker), the `list_secrets` operation may fail due to restrictive DBus/Secret Service configurations, though individual secret storage and retrieval will still work.
Verified SafeView Analysis
The server utilizes native operating system secret management APIs (Windows Credential Vault/DPAPI, macOS Keychain, Linux Secret Service) via the `@napi-rs/keyring` library, which is a strong security practice as it leverages OS-level encryption and access controls. Communication is restricted to standard I/O (stdin/stdout) using the Model Context Protocol, eliminating direct network exposure for the server itself. Input validation for all tool parameters is performed using Zod schemas, reducing the risk of malformed inputs or injection attacks. No 'eval', code obfuscation, or hardcoded sensitive credentials were found in the application logic. The primary security risk would lie in potential vulnerabilities within the underlying native OS keyring implementations or the `@napi-rs/keyring` bindings, which are external dependencies.
Updated: 2026-01-19GitHub
0
0
Medium Cost
portalsprotocol icon

mcp-server

by portalsprotocol

Sec8

MCP server that allows AI agents to discover and access decentralized APIs (Portals) on the Solana blockchain, paying autonomously in USDC per use.

Setup Requirements

  • ⚠️Requires 'PORTALS_WHITELIST' environment variable to be set with comma-separated Portal IDs.
  • ⚠️Requires manual funding of the auto-generated Solana wallet with SOL (for gas) and USDC (for payments).
  • ⚠️Node.js version >=18.0.0 is required.
Verified SafeView Analysis
The server stores a Solana wallet locally (`~/.portals/wallet.json`) with mode 0600 permissions, which is good practice. It explicitly requires a `PORTALS_WHITELIST` to prevent agents from accessing arbitrary portals. Input validation for tool arguments is performed against fetched OpenAPI schemas using Ajv. The fetching of OpenAPI schemas via `axios.get` from whitelisted portal URLs (which are retrieved from on-chain registry) introduces a potential, though mitigated, risk if a whitelisted portal were to serve a malicious or extremely large schema designed to exploit `axios` or `ajv` parsers. The `refreshPortals` function, which includes these network calls, is invoked on every tool request, adding a slight performance overhead but no immediate critical security flaw.
Updated: 2025-11-25GitHub
0
0
Medium Cost
RLRyals icon
Sec9

A modular AI-powered writing assistance suite that provides comprehensive tools for narrative development, story management, world-building, character arcs, plot threads, and workflow automation, with built-in database administration capabilities.

Setup Requirements

  • ⚠️Requires a PostgreSQL database instance to be running.
  • ⚠️The `DATABASE_URL` environment variable must be set for PostgreSQL connection.
  • ⚠️Initial database setup requires running SQL migration files (e.g., `024_update_npe_schema.sql`) to create the necessary schema.
  • ⚠️Requires a Node.js runtime environment (version 14.17.0+ for `randomUUID` and ESM support is implied).
Verified SafeView Analysis
The project demonstrates strong security practices, including extensive use of parameterized SQL queries to prevent injection attacks across all database interactions. The `database-admin-server` specifically implements whitelisting for tables and columns, and enforces access control for database operations. Controlled use of `child_process.spawn` for `pg_dump` and `psql` (for backup/restore) is carefully managed with configurable paths and validated arguments. File path handling uses `path.join` and `path.resolve` to mitigate directory traversal. However, utility scripts like `run-migration.js` and `load-series-data.js` execute raw SQL files directly from disk, which, while intentional for their purpose, relies on the absolute trust of these files and their source. Deployment should ensure these scripts are only run with trusted inputs in controlled environments.
Updated: 2026-01-19GitHub
0
0
Low Cost
NyanDanKun icon
Sec9

Manage OpenCode Model Context Protocol (MCP) servers by toggling their enabled state via a graphical user interface.

Setup Requirements

  • ⚠️Requires Python 3.8+ for running from source.
  • ⚠️The `.exe` is specific to Windows 10/11.
Verified SafeView Analysis
The application primarily reads and writes local JSON configuration files (`opencode.json`). It does not execute the `command` fields directly, nor does it perform network operations or use dangerous functions like `eval()`. There are no hardcoded secrets found. The security risk from this tool itself is minimal; any potential risks would stem from what the OpenCode platform does with the enabled MCP server commands, which is outside the scope of this manager.
Updated: 2026-01-16GitHub
0
0
Low Cost
godson2607 icon

MCP-Server

by godson2607

Sec9

Provides examples of Minimal Context Protocol (MCP) servers in Python for basic arithmetic operations and RSS feed searching, demonstrating different transport mechanisms (STDIO, HTTP) and FastAPI integration.

Setup Requirements

  • ⚠️Dependency `fastmcp` might not be directly available on PyPI.
  • ⚠️Dependency `fastapi_mcp` might not be directly available on PyPI.
  • ⚠️Python 3.8+ required (3.10+ recommended).
Verified SafeView Analysis
The code primarily uses well-established libraries (`fastmcp`, `fastapi`, `feedparser`). Arithmetic operations correctly handle division by zero. RSS parsing relies on `feedparser`, which is generally robust, but fetching external content always carries inherent risks. No direct `eval()` or similar dangerous functions, no obvious injection vulnerabilities, and no hardcoded secrets were found. HTTP examples bind to `localhost` by default, which is safe for development; the README provides good advice regarding `0.0.0.0` binding for external access.
Updated: 2025-11-28GitHub
PreviousPage 405 of 713Next