Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Vinni-Anddrade icon

mcp-server-and-ai

by Vinni-Anddrade

Sec1

A server implementation with integrated AI capabilities, likely for a game or simulation environment.

Review RequiredView Analysis
A comprehensive security audit is impossible due to the complete lack of provided source code for analysis. Without code, no assessment of 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns can be made.
Updated: 2025-11-25GitHub
0
0
Medium Cost
drkhannah icon
Sec8

This server provides an agent-enabled memory system, allowing an MCP agent to save and retrieve information using OpenAI's vector store capabilities.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Python 3.12+ required
Verified SafeView Analysis
The server writes user-provided 'memory' directly to a temporary file and uploads it, and passes 'query' directly to OpenAI's search API. While there's no direct local code execution vulnerability, an attacker could potentially craft malicious inputs to exploit unforeseen vulnerabilities in OpenAI's file processing or search functionality.
Updated: 2025-11-28GitHub
0
0
Medium Cost
46ki75 icon

mcp-rust-docs

by 46ki75

Sec9

This server provides AI agents with tools to search for Rust crates on crates.io and retrieve detailed documentation from docs.rs.

Verified SafeView Analysis
The server primarily performs HTTP GET requests to public APIs (crates.io, docs.rs) and parses the HTML/JSON responses. It uses standard Rust libraries (`reqwest`, `crates_io_api`, `scraper`, `html2md`, `tantivy`). There are no signs of direct command execution, `eval` usage, hardcoded secrets, or obfuscation. User inputs for crate names, versions, and paths are used to construct URLs for docs.rs; while direct injection is mitigated by the nature of HTTP GET and docs.rs's expected handling of invalid paths, it's good practice to ensure inputs are well-formed. The fuzzy search uses a temporary directory for its index, which is a secure practice.
Updated: 2026-01-16GitHub
0
0
Low Cost
dmmulroy icon

opensrc-mcp

by dmmulroy

Sec9

A codemode MCP server for fetching and querying dependency source code, optimized for AI agents.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx installed on the system.
  • ⚠️Requires an OpenCode client (or similar agent framework) configured to use this MCP server locally.
  • ⚠️Fetched source code and metadata are stored in an `opensrc/` directory within your project, consuming local disk space.
Verified SafeView Analysis
The server employs robust sandboxing using Node.js's `vm.createContext` to execute agent-provided JavaScript. Key security measures include: `deepFreeze` of injected API objects to prevent modification, explicit disabling/undefined of dangerous global functions (`setTimeout`, `require`, `process`, `fetch`, etc.) to prevent arbitrary system access or network calls, a 30-second execution timeout to prevent infinite loops, and explicit path traversal prevention in file reading functions. External network operations (fetching packages/repos) are handled by the server's controlled `opensrc` dependency. While `vm` sandboxes are not entirely infallible against sophisticated attacks, this implementation is highly secure for its intended purpose of executing untrusted JavaScript code.
Updated: 2026-01-19GitHub
0
0
High Cost
darkbard81 icon
Sec8

Relays events and messages between LLMs, the MCP server, and Foundry VTT, incorporating AI-powered text-to-speech and image generation.

Setup Requirements

  • ⚠️Requires Node.js 20+ and npm 10+ to run directly.
  • ⚠️MCP_SERVER_API_KEY is an obligatory environment variable for server startup and client authentication.
  • ⚠️GOOGLE_GENAI_API_KEY is required for Text-to-Speech and Image Generation features, which are paid services.
  • ⚠️GitHub OAuth environment variables (GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, GITHUB_REDIRECT_URI, CHATGPT_REDIRECT_URI) are necessary if GitHub authentication is enabled and used.
  • ⚠️FOUNDRY_DATA_PATH needs to be configured for persistent storage of AI-generated audio and image assets.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys (MCP_SERVER_API_KEY, GOOGLE_GENAI_API_KEY, GitHub OAuth secrets), which is good practice. Client connections are authenticated using an API key via WebSocket. It implements a basic OAuth flow for GitHub, storing tokens in a local file (`token-store.json`) which requires secure host system configuration. A payload deduplication middleware is used to prevent replay attacks or accidental duplicate requests. Content Security Policy headers are defined for the UI widgets, limiting resource and connection domains to `https://mcp.krdp.ddns.net`, which enhances client-side security but implies the server needs to run on this specific domain or have the CSP updated. The WebSocket for the A/V widget (`/widget-av`) does not appear to have explicit authentication in its `onConnection` handler, potentially allowing unauthenticated connections, though the `set-av-state` tool still requires MCP authentication. Statically served AI-generated assets (audio, images) require the `FOUNDRY_DATA_PATH` to be securely configured. Wide-open CORS (`*`) is possible if configured, which is a risk.
Updated: 2026-01-01GitHub
0
0
Low Cost
dogkeeper886 icon

android-wifi-mcp

by dogkeeper886

Sec4

Provides remote WiFi and network control for Android devices via ADB, primarily intended for automation and integration with agents like Claude.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run the server.
  • ⚠️Requires Android SDK Platform Tools (adb) installed and in PATH on the host PC.
  • ⚠️Requires an Android device with Android 11 (SDK 30) or higher, USB Debugging enabled, and connected via USB.
  • ⚠️Enterprise WiFi features (802.1X/EAP) require a companion Android app to be built and installed on the device.
Verified SafeView Analysis
The server executes ADB shell commands directly based on user-provided input for tools like `network_ping` and `network_dns_lookup`. This pattern is vulnerable to shell injection if the 'host' or 'hostname' parameters are crafted to include shell metacharacters (e.g., '8.8.8.8; rm -rf /'). While `wifi_connect` attempts to quote SSID and password, it's still susceptible to sophisticated injection attacks. The `enterprise-wifi.ts` component uses a more robust quoting mechanism for JSON payloads written to device files, but this best practice is not universally applied across all shell command constructions. Running this server implies a high level of trust in both the client (e.g., Claude agent) and the execution environment, as a malicious client could exploit these vulnerabilities to execute arbitrary commands on the connected Android device.
Updated: 2025-11-26GitHub
0
0
High Cost
mbarki-abd icon

claude-mcp-server

by mbarki-abd

Sec4

A server for orchestrating multiple AI agents (e.g., Claude) to manage projects, tasks, filesystem access, and inter-agent communication, featuring real-time dashboard monitoring.

Setup Requirements

  • ⚠️Requires root privileges to create/manage Unix users for agent isolation.
  • ⚠️Requires external AI CLI tools (e.g., Anthropic Claude CLI) to be installed and configured in the system's PATH.
  • ⚠️Requires a PostgreSQL database to store agents, tokens, credentials, and other system state.
  • ⚠️AI API keys (typically paid services) are generally needed for non-Ollama AI engines.
  • ⚠️If using the Ollama engine type, a local Ollama server must be running and the required AI models pulled.
Review RequiredView Analysis
- **Critical: Command Injection Vulnerability**: The `agent-provisioner.ts` service's `generateBootstrapScript` concatenates `additionalTools` directly into a shell script without proper escaping, leading to a command injection vulnerability during agent provisioning. - **High: API Key Exposure**: The `/lina/key` endpoint exposes the master API key and relies solely on path obscurity for security, making it vulnerable to discovery. - **High: Privilege Escalation Risk**: Multiple powerful MCP tools (e.g., `create_agent`, `delete_agent`, `create_agent_token`) are exposed via the `/mcp` endpoint. The `handleToolCall` in `mcp.ts` does not consistently and explicitly verify master token or granular permissions, potentially allowing non-master agents to execute privileged actions. The `api-agents.ts` route for agent creation has checks, but the MCP tool handler might bypass them. - **Medium: Default Credentials**: In development mode, default API keys and encryption keys are used. While `requireEnv` is used for production, these defaults pose a significant risk if deployed incorrectly. - **Medium: `su` Command Usage**: Services like `agent-manager.ts` and `agent-provisioner.ts` heavily rely on `su` to execute commands as specific Unix users, requiring root privileges for the server. Any flaw in command construction or user input sanitization could lead to full system compromise.
Updated: 2025-12-13GitHub
0
0
Low Cost
graphcs icon

TaskPilot

by graphcs

Sec7

A minimal MCP server demonstrating task management and a Crunchbase-style company database for ChatGPT Apps, featuring interactive UI widgets.

Setup Requirements

  • ⚠️Requires an HTTPS tunnel (ngrok or Cloudflare Tunnel) to expose to ChatGPT.
  • ⚠️Requires ChatGPT Plus or Team subscription to enable Developer Mode and create connectors.
  • ⚠️Tasks are stored in memory and a local JSON file, resetting if the JSON file is deleted or if there's no persistence setup outside the local file.
Verified SafeView Analysis
The server uses in-memory and local JSON file storage (`tasks.json`, `companies.json`) which is fine for a personal/demo app but not suitable for multi-user or production deployments without significant modifications (e.g., persistent database, proper authentication/authorization). There are no direct `eval()` calls or obvious command injection vulnerabilities. Input parameters for tools are handled safely (e.g., integer IDs, string comparisons). Potential client-side XSS risk if the UI widgets (`task_list.html`, `company_widget.html`) do not properly sanitize data received via `structured_content` before rendering, but this is a client-side concern, not a server-side vulnerability within the provided Python code.
Updated: 2025-11-30GitHub
0
0
Medium Cost
nodeshift-nigeria icon

paylo-mcp-server

by nodeshift-nigeria

Sec7

Empowers AI models to act as shopping assistants, enabling them to browse storefronts, search for products, manage orders, and facilitate transactions within the Paylo commerce ecosystem.

Setup Requirements

  • ⚠️Requires local setup (Node.js or Docker) and integration with an AI agent configuration (e.g., Claude Desktop or similar MCP-compatible client).
  • ⚠️Relies on an external Paylo Backend API (https://usepaylo.com/api/mcp/checkout) for payment link generation, which must be operational for checkout functionality.
  • ⚠️The public tool definitions (as seen in `docker-registry-submission/paylo-mcp-server/tools.json` and the README's 'Available Tools' table) have significant discrepancies with the server's internal implementation logic (Zod schemas in `src/handlers/tools.ts`). This will likely lead to AI agent confusion and tool execution failures. Specific issues include: `list_merchants` and `search_products` omit optional filtering arguments; `get_product_details` uses argument name `productId` in the public definition but expects `id` internally; `generate_payment_link` publicly requires `email` and `amountKobo` as arguments, but the server derives these internally from `orderId`; `check_payment_status` publicly requires `reference` as an argument, but the server expects `orderId`.
Verified SafeView Analysis
The server uses Supabase ORM for database interactions, which generally provides protection against SQL injection. However, specific `ilike` usage with template literals in `ProductService.searchProducts` (e.g., `ilike('name', %${query}%)`) should be confirmed for complete sanitization against potential payload manipulation. The server logs verbose error messages and stack traces to `console.error`, which could expose internal file paths or system details to consumers of the MCP server. Hardcoded default public Supabase keys are provided in `src/services/supabase.ts` if environment variables are not set, which is convenient for quick starts but not ideal for production security practices as it might bypass explicit permission configurations.
Updated: 2025-12-06GitHub
0
0
Medium Cost
JeffResc icon
Sec9

Provides AI assistants with access to the UDS (Unicorn Delivery Service) Registry for browsing packages, retrieving metadata, SBOM, and CVE data.

Setup Requirements

  • ⚠️Requires a Cloudflare account and Wrangler CLI for deployment and local development.
  • ⚠️Requires `REGISTRY_URL` environment variable to point to a UDS-compatible registry (defaults to `https://registry.defenseunicorns.com`).
  • ⚠️The `sbom` and `cves` tools require specific version tag formats (e.g., x.y.z-uds.a) that must be adhered to by the calling AI assistant.
Verified SafeView Analysis
The server runs on Cloudflare Workers, providing a secure sandboxed environment. It uses Zod for input validation on all tool parameters, which helps prevent malformed requests. There are no obvious hardcoded secrets. The `fetchJson` utility constructs URLs based on an environment-configured base URL (`REGISTRY_URL`) and internally defined paths, preventing SSRF to arbitrary external sites. The risk is primarily limited to potential vulnerabilities in the downstream UDS Registry itself if specific parameters (e.g., `organizationName`, `packageName`) are crafted to exploit its API, but the server code does not introduce new injection points.
Updated: 2026-01-05GitHub
0
0
Medium Cost
brendon92 icon

agent-mcp-server

by brendon92

Sec9

A Model Context Protocol server providing a unified toolkit and integrations for agentic AI workflows, including file operations, code execution, web browsing, and various third-party services, controllable via a web UI.

Setup Requirements

  • ⚠️Docker is highly recommended and enabled by default for secure code execution sandbox. Running without it (sandbox_enabled=False) offers no isolation and is explicitly warned as unsafe.
  • ⚠️`MCP_AUTH_TOKEN` environment variable is required; if not set, a random one is generated at backend and/or frontend startup but must be logged in to.
  • ⚠️Node.js and npm/npx must be installed for many integrations (e.g., MarkItDown, Git, Puppeteer, CodeRunner, Multi-Engine Search) which use external `npx` packages. These are typically bundled in Docker.
  • ⚠️Specific Python packages (`paramiko` for SSH, `playwright` for native browser tools, `duckduckgo-search` for DuckDuckGo) might need manual installation if running Python directly without Docker.
Verified SafeView Analysis
The server demonstrates a strong focus on security, implementing `BoxedPath` for robust filesystem sandboxing, `atomic_writer` for safe file operations with size quotas, and a `DockerExecutor` that isolates arbitrary code execution with network disabled by default. Authentication is token-based via `MCP_AUTH_TOKEN`. However, the server explicitly allows a `LocalExecutor` which provides NO sandboxing if Docker is disabled, and many integrations rely on `npx` to run external JavaScript programs, which could introduce supply chain risks or host-level vulnerabilities if the `npx` packages themselves are compromised or misconfigured.
Updated: 2025-12-16GitHub
0
0
Low Cost
ALTIBASE icon

altibuddy

by ALTIBASE

Sec1

Provides a custom Minecraft server environment, likely for modding, development, or specific gameplay features, based on the Minecraft Coder Pack (MCP).

Review RequiredView Analysis
Source code was not provided for analysis. Therefore, it's impossible to check for security risks like 'eval' usage, obfuscation, network vulnerabilities, hardcoded secrets, or malicious patterns. Without code review, the project is assumed to be high risk. Running any software without reviewing its source code is inherently unsafe.
Updated: 2025-12-02GitHub
PreviousPage 409 of 713Next