Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
shawnmcrowley icon

ai_workflows

by shawnmcrowley

Sec3

A comprehensive system for building, managing, and executing AI workflows, intelligent agents, and document processing pipelines leveraging Langflow's visual builder, PostgreSQL for vector database capabilities, and local Ollama models for privacy-focused AI processing.

Setup Requirements

  • ⚠️The project's README mentions N8N, but the codebase (Next.js components, LangflowClient usage, and flow JSON definitions) clearly indicates that Langflow is the intended workflow orchestration engine.
  • ⚠️Requires PostgreSQL 14+ with the `pgvector` extension enabled for document storage and semantic search.
  • ⚠️Requires Ollama installed locally and specific models pulled (`llama3.2`, `snowflake-arctic-embed2`) for local LLM inference and embedding generation.
  • ⚠️Requires a Langflow instance running, accessible by the Next.js application (defaults to `http://localhost:7860`).
Review RequiredView Analysis
The source code presents critical security vulnerabilities. Firstly, a Langflow API key (`sk-AEDsSFO3Lg3H85crq64Co1hmezOIhraCVCvxO8LKeZU`) is hardcoded in `src/app/scripts/index.js`. If this script is exposed client-side, the API key would be immediately compromised. Secondly, the `executeWorkflowAction` server action in `src/app/actions/workflow-actions.js` allows a user-controlled `endpoint` to be used in server-side `fetch` requests (`executeGenericRequest`). This introduces a severe Server-Side Request Forgery (SSRF) vulnerability, enabling potential attackers to make the server request internal network resources, scan internal networks, or trigger unintended actions on other internal services. The Langflow `APIRequest` component within `flows/External API.json` also directly uses a `url_input` for `httpx` requests, presenting another SSRF vector if that specific Langflow flow can be triggered with malicious input.
Updated: 2026-01-16GitHub
0
0
Low Cost
mmaoyu icon
Sec9

Deploys an unauthenticated Model Context Protocol (MCP) server on Cloudflare Workers, providing basic calculator tools for remote AI clients.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment
  • ⚠️Publicly accessible by default due to lack of authentication
  • ⚠️Requires a separate MCP client (e.g., Cloudflare AI Playground) to interact with tools
Verified SafeView Analysis
The server implements simple arithmetic tools with strict input validation using `zod`. It relies on `@modelcontextprotocol/sdk` for safe handling of MCP communication. There is no usage of `eval` or direct execution of arbitrary user input beyond the defined tool parameters. The server is explicitly designed to be "authless" for demonstration purposes, meaning it is publicly accessible, which is a known feature rather than an inherent vulnerability in its code logic.
Updated: 2025-11-20GitHub
0
0
Low Cost
DauQuangThanh icon

sso-mcp-server

by DauQuangThanh

Sec9

Provides development checklists and process documentation to AI coding assistants with Azure Entra ID SSO authentication.

Setup Requirements

  • ⚠️Requires Python 3.11+ and the 'uv' package manager.
  • ⚠️Azure App Registration details (Client ID, Tenant ID, Resource Identifier, Allowed Issuers) are mandatory, varying by authentication mode, and must be correctly configured in a .env file or environment variables.
  • ⚠️Proper setup of content directories (CHECKLIST_DIR and PROCESS_DIR) is critical for the server to find and serve documentation.
Verified SafeView Analysis
The server uses robust OAuth 2.0 PKCE for local authentication and JWT validation with JWKS caching for cloud mode, leveraging well-vetted libraries (MSAL, PyJWT). Configuration relies on environment variables, preventing hardcoded secrets. Input validation is performed for configuration and JWT claims. File system access for content is controlled via specified directories. No 'eval' or other highly dangerous patterns are present.
Updated: 2025-12-15GitHub
0
0
Low Cost
bkbatchelor icon

git-mcp-server

by bkbatchelor

Sec9

A Model Context Protocol (MCP) server for Git, enabling AI agents to interact with repositories safely and efficiently.

Setup Requirements

  • ⚠️Requires Java 21 or later.
  • ⚠️The server needs to be executed from within the Git repository it intends to manage, or the repository path must be passed as an application argument.
  • ⚠️Relies on system-configured Git credentials (e.g., SSH agent, ~/.ssh/config) for authenticated remote operations, as JGit implicitly uses these.
Verified SafeView Analysis
The server communicates via standard input/output (Stdio), which inherently reduces network attack surface compared to a network-exposed service. Git operations are handled by JGit, a pure Java library, which mitigates shell injection risks associated with direct native CLI execution via `ProcessBuilder` (an earlier approach that was refactored out). No hardcoded sensitive credentials were found in the provided source code. The responsibility for implementing user confirmation on potentially destructive write operations is external to the server, typically handled by the MCP client or the overall AI agent workflow, rather than within the server itself.
Updated: 2026-01-19GitHub
0
0
Medium Cost
hitoshura25 icon
Sec9

Assists developers in setting up automated Google Play Store deployment for Android applications using GitHub Actions.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) installed and configured in PATH for keystore generation and local build testing.
  • ⚠️Requires a Google Play Console developer account with appropriate permissions set up for API access.
  • ⚠️GitHub Personal Access Token with 'repo' scope is needed for validating GitHub secrets.
Verified SafeView Analysis
The project demonstrates a very strong commitment to security, including comprehensive input validation, path traversal protection, secure command execution (using subprocess.run with shell=False and temporary files for sensitive data), extensive sensitive data redaction, rate limiting, and audit logging. It explicitly documents security best practices, anti-patterns, and provides secure implementation examples. No 'eval' or similar dangerous patterns were found without clear justification. Passwords for keytool are handled via secure temporary files. Workflows recommend pinning GitHub Actions to specific commit SHAs. The only minor area for potential edge cases could be the regex-based modification of build.gradle.kts, though it operates on trusted project files.
Updated: 2025-12-03GitHub
0
0
Low Cost
bioanywhere icon

chivas

by bioanywhere

Sec9

This repository provides Docker deployment configuration for a world-news-api-clients MCP server.

Setup Requirements

  • ⚠️Requires `GCP_PROJECT_ID` and `GCP_PROJECT_NUMBER` to be set as GitHub secrets for CI/CD.
  • ⚠️Requires Docker for local development and running the server locally.
Verified SafeView Analysis
Only README.md was provided as source code. Based on the README, deployment uses secure practices like Workload Identity Federation for GCP. Required GCP credentials are handled as GitHub secrets, not hardcoded. No 'eval' or malicious patterns observed in the README. A full security audit would require the actual application code and Dockerfile.
Updated: 2025-12-13GitHub
0
0
High Cost
ngotruong09 icon

mcp-server

by ngotruong09

Sec1

Provides two distinct services: a file writer for local storage and a comprehensive Oracle database management tool, allowing for data querying and manipulation.

Setup Requirements

  • ⚠️Requires the 'oracledb' Python package to be installed for database connectivity.
  • ⚠️Requires access to an Oracle database and appropriate user permissions for the Oracle DB server.
  • ⚠️Requires the ORACLE_USER, ORACLE_PASSWORD, and ORACLE_DSN environment variables to be set for the Oracle DB server to connect.
Review RequiredView Analysis
CRITICAL: The Oracle DB server (`src/oracle_server.py`) is highly vulnerable to SQL injection. All database interaction tools (`query_data`, `insert_data`, `update_data`, `delete_data`, `inspect_table`, `inspect_package`, `inspect_procedure`) construct SQL queries by directly concatenating user-provided input via f-strings. This allows an attacker to execute arbitrary SQL commands by injecting malicious code into parameters such as `sql`, `table`, `columns`, `values`, `set_clause`, `where_clause`, `table_name`, `package_name`, or `procedure_name`. This could lead to unauthorized data access, modification, deletion, or even database compromise. The file server (`src/file_server.py`) uses `os.path.basename` to sanitize filenames, which is good for preventing directory traversal attacks. However, it allows writing arbitrary content to files without validation, which could be misused to store malicious scripts or fill up disk space. No hardcoded secrets were found as database credentials are sourced from environment variables.
Updated: 2025-12-07GitHub
0
0
Medium Cost
tyson-swetnam icon

airnow-mcp

by tyson-swetnam

Sec4

Provides an MCP server to query the AirNow API for current, historical, and forecast air quality data by zip code or geographic coordinates.

Setup Requirements

  • ⚠️Requires an AirNow API key (`AIRNOW_API_KEY`) to be provided as an environment variable.
  • ⚠️Requires Node.js and npm to be installed for building and running.
  • ⚠️The example API key in `PLAN.md` should NOT be used in production; always use a real key and keep it secure.
Verified SafeView Analysis
The runtime code (`src/index.ts`) correctly retrieves the `AIRNOW_API_KEY` from environment variables, which is a good practice. However, the `PLAN.md` file, included in the source code analysis, explicitly lists a placeholder API key, which is a significant security risk as it could lead to accidental exposure of a real key if not handled with extreme care (e.g., if copied into a public repository). No direct `eval` or arbitrary code execution from user input was found, and API parameters are safely handled.
Updated: 2025-12-03GitHub
0
0
High Cost
guilhermetechmakers icon
Sec8

A web-based platform for building and managing AI conversational forms, integrating knowledge bases, and handling user sessions with administrative and analytical capabilities.

Setup Requirements

  • ⚠️Requires a separate backend API server to function, which is expected to provide all data and AI functionalities (e.g., LLMs, databases, vector stores).
  • ⚠️Requires a Node.js environment (npm/yarn) to install dependencies and run the development server.
  • ⚠️The backend for AI functionalities implies dependencies on external LLM providers (e.g., OpenAI, Anthropic) and potentially a vector database for knowledge retrieval.
Verified SafeView Analysis
The project is a frontend client that uses localStorage to store authentication tokens, which is a common practice for SPAs but is susceptible to XSS attacks if not properly mitigated by the backend. All API calls are made to a configurable backend URL using standard fetch operations. No 'eval' or obvious malicious patterns are present. Data handling on the client side appears standard, and no hardcoded secrets were found.
Updated: 2025-11-20GitHub
0
0
Medium Cost
alopez3006 icon

snipara-mcp-server

by alopez3006

Sec8

Optimizes and delivers relevant context from documentation to LLMs via the Model Context Protocol (MCP), aiming to reduce token cost and extend context windows.

Setup Requirements

  • ⚠️Requires a PostgreSQL database for document storage, sessions, and usage tracking. `DATABASE_URL` environment variable must be configured.
  • ⚠️Requires a Redis instance for rate limiting and optional query caching. `REDIS_URL` environment variable is needed, or a local Redis must be running.
  • ⚠️Semantic search features (Pro+ plans) involve downloading a `sentence-transformers` model (`all-MiniLM-L6-v2`) on first use, which can be time-consuming and requires internet access.
  • ⚠️The README states `OPENAI_API_KEY` is required for embeddings (semantic search) on Pro+ plans, however, the provided source code for `EmbeddingsService` primarily uses `sentence-transformers` and does not directly reference `OPENAI_API_KEY`. This may indicate a discrepancy or an intended future integration not present in the current code.
Verified SafeView Analysis
The server implements several security measures: - **ReDoS Mitigation:** For the `rlm_search` tool using regex, it includes a maximum pattern length, checks for dangerous regex patterns (e.g., nested quantifiers), and runs regex searches with a timeout in a separate thread to prevent Regular Expression Denial of Service (ReDoS) attacks. It also truncates lines before regex processing. - **API Key Handling:** API keys are hashed using SHA-256 for storage and validation, enhancing security against direct key compromise. - **SQL Injection Prevention:** It primarily uses Prisma ORM for database interactions, which is generally robust against SQL injection. Raw SQL queries are parameterized, preventing injection vulnerabilities. - **Error Handling:** Error messages are sanitized before being returned to clients to prevent sensitive information disclosure. - **CORS Configuration:** CORS settings are configurable and issue a warning if a wildcard origin is used in non-debug environments. Overall, the code demonstrates a good understanding of common web security risks and implements appropriate mitigations.
Updated: 2026-01-19GitHub
0
0
Low Cost
AkashR9702 icon
Sec9

An asynchronous MCP server for tracking personal expenses, providing tools to add, list, and summarize expenditures.

Setup Requirements

  • ⚠️Data stored in a temporary directory (expenses.db) will not persist across server restarts or system reboots.
  • ⚠️Requires Python 3.11 or newer.
Verified SafeView Analysis
The server uses parameterized SQL queries, which protects against SQL injection. No 'eval' or other highly dangerous functions are present. The database path uses a temporary directory, which is generally safe but means data is not persistent. Error messages from database operations are generic, minimizing information disclosure.
Updated: 2025-11-27GitHub
0
0
Medium Cost
tunjiadeshina icon

mcp

by tunjiadeshina

Sec4

Provides a collection of reference implementations for the Model Context Protocol (MCP), enabling Large Language Models (LLMs) with secure, controlled access to external tools and data sources like web content, filesystems, Git repositories, persistent memory, and time utilities.

Setup Requirements

  • ⚠️Filesystem and Git servers require explicit host directories/repositories to be mounted or specified (e.g., via Docker `--mount` or command-line arguments) to operate on local files, failing if not provided.
  • ⚠️The Fetch server can access local/internal IP addresses, posing a security risk if not used with caution, as it can be directed to ignore `robots.txt`.
  • ⚠️Servers have specific runtime requirements: Python 3.10+ for `fetch`, `git`, and `time` servers, and Node.js for `filesystem`, `memory`, and `everything` servers.
Review RequiredView Analysis
The 'filesystem' server implements robust path validation (symlink resolution, path traversal prevention, atomic writes) which is highly commendable. However, the 'git' server lacks explicit path validation for `repo_path` and `files` arguments, making it a critical security risk where an LLM could be directed to operate on arbitrary paths or repositories on the host system. The 'fetch' server introduces network access capabilities, including the option to ignore `robots.txt`, which poses a risk if misused or misconfigured. The 'memory' server allows `MEMORY_FILE_PATH` to be configured via an environment variable, which could lead to writes to arbitrary locations if set to an unsafe path. The 'everything' server, while a demo, exposes environment variables and network transports, requiring careful deployment. Overall, critical security omissions in some core tools significantly lower the score.
Updated: 2026-01-19GitHub
PreviousPage 410 of 713Next