Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
mohamedsalahnassar icon

inspector

by mohamedsalahnassar

Sec3

The MCP Inspector serves as a client UI for interacting with and debugging Model Context Protocol (MCP) servers, allowing users to visualize resources, prompts, tools, and monitor API traffic, notifications, and manage OAuth authentication flows.

Setup Requirements

  • ⚠️Requires a running MCP server to connect to, or can run its own proxy.
  • ⚠️If connecting via the 'proxy' connection type (default), the MCP Inspector Proxy needs to be running. This proxy server requires a session token for authentication (displayed in console on startup, or disabled via `DANGEROUSLY_OMIT_AUTH` environment variable).
  • ⚠️For 'direct' connection type, the target MCP server must be configured with Cross-Origin Resource Sharing (CORS) headers to allow requests from the Inspector's origin (e.g., http://localhost:6274).
Review RequiredView Analysis
The server component (Inspector Proxy) allows arbitrary command execution via the 'stdio' transport type if query parameters `command` and `args` are controlled by an untrusted client. The `shell-quote` library is used to parse arguments, which is generally robust, but executing user-controlled strings via `spawn` without strict whitelisting of commands or rigorous sanitization represents a critical remote code execution vulnerability if the proxy is exposed to untrusted networks or users. Session token authentication for the proxy improves security, but the underlying `stdio` transport design carries inherent risk.
Updated: 2025-11-22GitHub
0
0
Low Cost
Diptanshu-Bhardwaj icon

test-remote-mcp

by Diptanshu-Bhardwaj

Sec9

Manages and tracks personal expenses through an API, allowing users to add, list, and summarize financial entries.

Setup Requirements

  • ⚠️Python 3.12+ required
  • ⚠️Database is stored in a temporary directory, meaning data may not persist across system restarts or cleanups. For persistent data, the DB_PATH should be configured to a stable location.
Verified SafeView Analysis
The code uses parameterized queries to prevent SQL injection vulnerabilities, which is a critical security practice. No 'eval' or obvious hardcoded secrets were found. The server listens on 0.0.0.0, which is standard for server applications but means it's accessible from any IP address; appropriate firewall rules or network configuration are recommended for production environments. The database path uses a temporary directory, which could have implications for data persistence but doesn't inherently pose a direct security risk.
Updated: 2025-11-29GitHub
0
0
Medium Cost
mgrandau icon
Sec7

Track AI coding sessions to measure developer productivity and calculate ROI.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Web dashboard charts require `matplotlib` for full functionality (falls back to SVG placeholder if not installed).
  • ⚠️The `create_issues.py` utility depends on the `gh CLI` (GitHub CLI) being installed and authenticated.
  • ⚠️If the web dashboard is run with `--dashboard-host 0.0.0.0`, it will be exposed to the network without authentication.
  • ⚠️Service installation (`ai-session-tracker install --service`) is platform-specific, relying on `systemd` (Linux), `launchd` (macOS), or `Task Scheduler` (Windows).
Verified SafeView Analysis
The project extensively uses `subprocess.run` and `subprocess.Popen` for CLI commands, service management (systemd, launchd, Task Scheduler), and GitHub CLI integration. While the commands are largely constructed from internal module/executable paths or include input validation (e.g., `DANGEROUS_CHARS_REGEX` in `create_issues.py`), the broad use of external processes always introduces a degree of risk. The web dashboard, by default, runs on localhost without authentication. However, if configured to bind to '0.0.0.0' or another network-accessible interface, it exposes analytics data publicly without any access controls.
Updated: 2026-01-15GitHub
0
0
Low Cost
ecsavigne icon

mcp_server

by ecsavigne

Sec9

The server exposes specific functions ('tools') like getting the current time in a city or greeting a person, via the Model Context Protocol over HTTP.

Setup Requirements

  • ⚠️Requires Go programming language installed to build and run.
  • ⚠️Relies on the Model Context Protocol Go SDK.
  • ⚠️The server listens on localhost:8080, which must be available.
Verified SafeView Analysis
The code does not use `eval` or similar dangerous functions. There are no obvious hardcoded secrets. Input to tools ('cityTime', 'greet') is used directly or mapped, but without apparent injection vectors. The 'cityTime' tool validates city names. The server binds to localhost, limiting network exposure. Overall, the logic appears straightforward and safe within its defined scope.
Updated: 2025-12-14GitHub
0
0
High Cost
MavJames icon
Sec8

An interactive AI assistant helping job seekers discover openings, tailor application documents like resumes and cover letters, and track career goals.

Setup Requirements

  • ⚠️Requires OpenAI API Key or Azure OpenAI credentials (paid services).
  • ⚠️Requires Node.js 18+ for the filesystem MCP server.
  • ⚠️The optional 'FILESYSTEM_ROOT' environment variable should be set carefully to limit the filesystem MCP server's access.
Verified SafeView Analysis
The system utilizes environment variables for API keys, which is good practice. MCP servers are run as subprocesses, primarily via `stdio` (standard I/O), limiting direct network exposure for internal communication. However, the `filesystem` MCP server uses `npx @modelcontextprotocol/server-filesystem`, which executes an external Node.js package. While `FILESYSTEM_ROOT` can limit its scope, it inherently grants filesystem access to the AI agent. The `jobspy-server` performs web scraping, relying on the security and stability of the `jobspy` library and external websites. No direct 'eval' or obvious malicious patterns were found, but reliance on external commands (`npx`) and libraries (e.g., `jobspy`) introduces dependency risks.
Updated: 2026-01-13GitHub
0
0
Medium Cost
IT-Square-Plus icon

Argus

by IT-Square-Plus

Sec9

An MCP server that provides comprehensive access to Brave Search API (web, image, video, news, autocomplete, spellcheck) for AI assistants like Claude Code.

Setup Requirements

  • ⚠️Requires Brave Search API Keys (Data for Search is mandatory, others optional, free tiers available but require credit card verification).
  • ⚠️Requires Docker & Docker Compose installed.
  • ⚠️Requires Python 3.13 or newer.
Verified SafeView Analysis
API keys are handled securely by passing them via HTTP headers (per-request, not stored in container) for runtime functionality, and an optional environment variable for initial usage tracking. No 'eval' or similar dangerous functions are used. The `/test/set-usage` endpoint allows modifying in-memory usage counters for testing, which is acceptable for a locally-run development tool.
Updated: 2025-11-26GitHub
0
0
Medium Cost
skenglord icon

akai_mcp

by skenglord

Sec1

Provides voice/text command control for a cloud-hosted analogue drum machine, sampler, and sequencer via an MCP server.

Setup Requirements

  • ⚠️Requires an existing or setup MCP (Master Control Program) server environment.
  • ⚠️Likely requires external API keys for voice-to-text and natural language understanding services (e.g., OpenAI, Google Cloud, AWS Lex/Polly), which may incur costs.
Review RequiredView Analysis
Critical: No source code beyond the README was provided for analysis. Cannot verify security, check for malicious patterns, hardcoded secrets, 'eval', or network risks. Running this without a full code review is highly risky and not recommended.
Updated: 2025-11-18GitHub
0
0
Medium Cost
kzmshx icon
Sec9

An MCP server for querying Markdown frontmatter with DuckDB SQL, supporting optional semantic search for document embeddings.

Setup Requirements

  • ⚠️Requires `FRONTMATTER_BASE_DIR` environment variable to be set to a valid directory path.
  • ⚠️Enabling semantic search (`FRONTMATTER_ENABLE_SEMANTIC=true`) requires large dependencies (~1GB) and may necessitate setting `MCP_TIMEOUT` to '300000' (5 minutes) or higher to prevent installation timeouts.
  • ⚠️Requires Python 3.11 or higher.
Verified SafeView Analysis
The server employs robust path validation using `Path.resolve()` and `Path.relative_to(base_dir)` to prevent directory traversal attacks, ensuring all file operations are constrained to the configured `FRONTMATTER_BASE_DIR`. No hardcoded secrets or obvious malicious patterns were found. The primary security consideration is the `query` tool, which accepts arbitrary DuckDB SQL. While DuckDB operates in-process and primarily on local data within the defined base directory, allowing unvalidated SQL from an untrusted client could potentially expose local system information or be misused for local file manipulation within the DuckDB execution context. However, for a trusted developer environment, this provides flexibility. Semantic search involves downloading models from external sources (e.g., HuggingFace), which assumes the integrity of those sources.
Updated: 2025-12-31GitHub
0
0
High Cost
scionoftech icon

pg_mcp

by scionoftech

Sec2

Enables natural language querying of PostgreSQL databases using AI.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid)
  • ⚠️Docker and Docker Compose are required
  • ⚠️Python 3.11 or higher is recommended for local development
Review RequiredView Analysis
The server has critical security vulnerabilities. The `execute_sql` tool directly executes user-provided SQL queries without sanitization, allowing for SQL injection and arbitrary database operations. The `describe_table` tool uses f-strings to embed the `table_name` parameter directly into SQL queries (e.g., `SELECT * FROM {table_name} LIMIT 3;`), making it vulnerable to SQL injection. Additionally, while the `query` tool uses AI to generate SQL, the generated SQL is executed directly, posing a risk if the AI can be prompted to generate malicious queries. The project also uses default PostgreSQL credentials in the example setup, which should never be used in production.
Updated: 2025-11-19GitHub
0
0
Low Cost
Harikrishnan46624 icon

WHATSAPP-MCP-CLIENT

by Harikrishnan46624

Sec9

Orchestrate an AI agent to send WhatsApp messages by connecting to a Multi-Cloud Platform (MCP) server.

Setup Requirements

  • ⚠️Requires a Multi-Cloud Platform (MCP) server running locally (defaults to http://127.0.0.1:2001/mcp).
  • ⚠️Requires an OpenAI API Key for the 'gpt-4o-mini' agent model (paid service).
  • ⚠️Requires Python 3.14 or higher.
Verified SafeView Analysis
No hardcoded secrets, 'eval' usage, or obfuscation. Sensitive credentials (WhatsApp API token, MCP API token) are loaded from environment variables and sent as headers to a local (default) or specified MCP server. The agent utilizes an external OpenAI model ('gpt-4o-mini'), implying data transfer to OpenAI for processing. The overall security relies on a trusted local MCP server and secure configuration of external APIs.
Updated: 2026-01-19GitHub
0
0
Low Cost
stevenwall icon
Sec5

Manages or streams data for a restaurant platform, potentially related to a Master Control Program or Multi-Channel Platform.

Review RequiredView Analysis
Cannot perform a security audit due to the extreme truncation of the source code. Only a README title was provided. A score of 5 indicates 'unknown' rather than 'safe' or 'unsafe'.
Updated: 2025-12-14GitHub
0
0
Low Cost
KaiserUndGott icon

FBW-MCP-iCal

by KaiserUndGott

Sec8

Manages iCloud, local, and subscribed calendars on macOS by listing, creating, updating, and deleting events.

Setup Requirements

  • ⚠️Requires macOS 12.0 or newer.
  • ⚠️Requires Node.js 18+.
  • ⚠️Requires manual configuration in Claude Desktop's config file (`~/.claude/claude_desktop_config.json`).
  • ⚠️Needs explicit user permission via macOS System Settings for 'Automation' to allow Claude to control the 'Calendar' application.
Verified SafeView Analysis
The server executes dynamically constructed AppleScript via 'osascript'. While user inputs are escaped using `escapeForAppleScript` to prevent injection within string literals (e.g., in event titles or calendar names), the inherent nature of running AppleScript with system automation permissions on macOS requires a high level of trust. The server itself communicates via stdio, reducing network attack surface. The primary risk is a flaw in the AppleScript escaping logic or an unforeseen vulnerability in the macOS Calendar app's AppleScript API that could allow privilege escalation or unintended actions, though the current escaping appears robust for preventing direct command injection into the interpreted string literals.
Updated: 2025-12-03GitHub
PreviousPage 412 of 713Next