Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
tzDel icon
Sec8

Manages isolated Git worktrees for AI coding agents to provide isolated development environments and context.

Setup Requirements

  • ⚠️Requires Git CLI installed and available in PATH.
  • ⚠️The `-repo` flag must point to an initialized Git repository.
  • ⚠️A SQLite database file (`.orchestragent-mcp.db`) will be created in the specified or default directory (`-db` flag).
Verified SafeView Analysis
The server uses `os/exec` to interact with the Git CLI. While this is a common pattern, it inherently carries a risk of command injection. However, the `SessionID` input is strictly validated using a regular expression (`^[a-z0-9][a-z0-9-]*[a-z0-9]$`), which significantly mitigates the risk of arbitrary command execution by sanitizing user-provided session IDs before they are used in Git commands. Repository and database paths are configured via flags, not user input. The server communicates over `stdio`, limiting direct network exposure.
Updated: 2025-11-26GitHub
0
0
High Cost
KingP0 icon
Sec8

Automates web scraping tasks for structured data extraction and pagination, leveraging Playwright and an AI agent, designed for scalable deployment on Azure.

Setup Requirements

  • ⚠️Requires an `OPENAI_API_KEY` configured as an environment variable (for OpenRouter.ai or compatible OpenAI API endpoint).
  • ⚠️Requires Playwright browser binaries to be installed (e.g., `playwright install`).
  • ⚠️Requires `mcp`, `beautifulsoup4`, and `openai` Python packages.
Verified SafeView Analysis
The server uses `stdio` for communication, reducing direct network exposure. API keys are loaded from environment variables. Playwright handles browser interactions, mitigating direct code injection through selectors. HTML is cleaned with BeautifulSoup before sending to the LLM, reducing token cost and potential rendering issues. The `headless=False` setting in `server.py` is likely for local development and should be set to `True` for production to enhance security and efficiency in containerized environments. The primary operational risk comes from the LLM's ability to navigate to arbitrary URLs or select specific elements, which is inherent to the agent's functionality.
Updated: 2025-12-13GitHub
0
0
High Cost
DylanLamb888 icon

claude-code-config

by DylanLamb888

Sec8

Provides a comprehensive configuration for Claude Code, enabling autonomous AI coding loops to implement Product Requirement Documents (PRDs) and streamline development workflows with integrated feedback loops and performance best practices.

Setup Requirements

  • ⚠️Requires Docker for unattended (AFK) operation.
  • ⚠️Relies on `jq` for PRD parsing and branch management functionality.
  • ⚠️Assumes the `claude` CLI and an Anthropic API key are configured for underlying AI model access.
  • ⚠️Requires Node.js and `npm` for hooks and project feedback loops (e.g., `husky`, `lint-staged`, `prettier`, `eslint`, `typescript`).
Verified SafeView Analysis
The system employs significant security measures, including running autonomous loops within a Docker sandbox (`afk-ralph.sh`) to isolate actions. It uses a `permissions.deny` list to prevent reading sensitive files (e.g., `.env`, `secrets`). Pre-commit hooks (`security-check.sh`) actively scan for and block commits containing common sensitive data patterns. However, the `claude --permission-mode acceptEdits` used in Human-in-the-loop (HITL) mode (ralph-once.sh) grants the agent full editing capabilities, requiring user oversight to prevent unintended code modifications. The broad nature of `Bash(npm run:*)` also carries inherent risks based on project-specific scripts.
Updated: 2026-01-18GitHub
0
0
Low Cost
ExoGameYT icon

claude-hooks

by ExoGameYT

Sec10

Enhance coding experience for Claude users by providing simple desktop notifications for workflow events.

Setup Requirements

  • ⚠️The `notify-send` command is primarily available on Linux desktops and may require additional setup or alternatives for macOS or Windows, despite the README claiming cross-OS support.
  • ⚠️The provided source code (simple bash scripts) does not fully align with the README's description of a downloadable 'application' that is run, implying that the main application logic or executable is not present in the truncated source.
Verified SafeView Analysis
The provided scripts are simple bash scripts for desktop notifications and do not exhibit any obvious security vulnerabilities. They use standard system utilities (`notify-send`, `tmux`) without dangerous patterns like `eval`, obfuscation, or network risks. No hardcoded secrets or malicious patterns were found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
vthunder icon
Sec9

Efficiently synchronize Notion pages with local markdown files and query Notion databases with flattened results.

Setup Requirements

  • ⚠️Requires a Notion API Key (`NOTION_API_KEY`) configured via environment variable or a `.env` file.
  • ⚠️Requires manual setup of a Notion integration and sharing pages/databases with it.
  • ⚠️Go runtime is required to install or build from source.
Verified SafeView Analysis
The server appears robust for its intended use. It correctly handles Notion API key loading from environment variables or .env files. File path sanitization is implemented for local file operations. Inputs from the MCP protocol are parsed into structured types (string, map[string]any, []map[string]any) before being used to construct Notion API requests, mitigating direct injection risks. The reliance on an 'undocumented but stable' Notion API feature (`erase_content`) is a potential stability risk if Notion changes its internal API, but not a direct security vulnerability within the server's code itself.
Updated: 2026-01-19GitHub
0
0
Medium Cost
nicholaswilde icon

proxmox-mcp-rs

by nicholaswilde

Sec9

A Rust-based Model Context Protocol (MCP) server for managing Proxmox VE virtualization infrastructure via an LLM client.

Setup Requirements

  • ⚠️Requires a running Proxmox VE instance with network connectivity.
  • ⚠️Requires valid Proxmox authentication credentials (User/Password or API Token).
  • ⚠️For HTTP server mode, HTTP Auth Token is optional but recommended for security.
Verified SafeView Analysis
Handles sensitive credentials (password, API token) via environment variables or config file. Supports disabling SSL verification via a flag, which should be used with caution in production environments. No 'eval' or obvious code injection vulnerabilities identified. Leverages Rust's memory safety.
Updated: 2026-01-18GitHub
0
0
Low Cost
legido-ai icon
Sec6

Provides a Model Context Protocol (MCP) server for GitHub operations, primarily focused on securely obtaining temporary GitHub App authentication tokens for various Git and GitHub API actions.

Setup Requirements

  • ⚠️Requires a pre-configured GitHub App with specific repository permissions (Contents: Read & write, Pull requests: Read & write).
  • ⚠️Mandatory environment variables: `GITHUB_APP_ID`, `GITHUB_PRIVATE_KEY` (PEM format), `GITHUB_INSTALLATION_ID`.
  • ⚠️MCP clients like Claude Desktop/Google Gemini CLI do NOT support environment variable expansion in their configuration files, necessitating an external setup script to write literal credential values into client configs.
Verified SafeView Analysis
The core server logic handles environment variables for credentials and uses `subprocess.run` with list arguments for Git commands, which is generally safe. However, the `mcp_test.sh` script uses `eval "$SERVER_CMD"` where `SERVER_CMD` is constructed using environment variables. This creates a shell injection vulnerability if `GITHUB_PRIVATE_KEY` or other `GITHUB_*` environment variables contain malicious shell metacharacters. While this `eval` is confined to a testing script and not the primary server execution path (e.g., direct `python` execution or the recommended `docker run` from the README), it represents a significant security oversight in the repository's practices. There are no hardcoded secrets or obfuscation found. Network communication relies on standard HTTPS with GitHub API.
Updated: 2025-11-30GitHub
0
0
High Cost
yzhbankov icon

mcp-server

by yzhbankov

Sec2

Orchestrates AI tool interactions via JSON-RPC over WebSocket, enabling AI agents to perform intelligent automation through a pluggable tool registry.

Setup Requirements

  • ⚠️Requires Node.js v25+
  • ⚠️Requires npm v11.6.2+
  • ⚠️Requires an OpenAI API Key (paid service) for the client
  • ⚠️Requires Docker installed for containerized code execution tools
  • ⚠️Requires a MySQL database for database tools (currently hardcoded credentials in `Tools.ts`)
  • ⚠️Requires an SMTP server listening on `localhost:25` for the email tool
Review RequiredView Analysis
CRITICAL security risks identified. Hardcoded MySQL credentials ('dr2_prod' for user/password) in `apps/server/lib/models/Tools.ts` for `db_users` and `sql_query` tools. Direct arbitrary code execution via `run_js_code` (VM2 sandbox, known to have vulnerabilities), `run_docker_code`, `run_docker_command`, and `run_docker_script` (Docker containers, still a large attack surface despite isolation efforts). The `save_html_file` tool writes to a hardcoded path (`./report.html`), posing a risk of overwriting critical files if the server has broad write permissions. The `send_email` tool uses a hardcoded sender and `smtp://localhost:25`, which could be exploited if an SMTP server is exposed. Command injection attempts are made to escape user input for Docker commands, but such mechanisms are historically vulnerable.
Updated: 2025-11-27GitHub
0
0
Low Cost
Muhumuree icon

code-executor-MCP

by Muhumuree

Sec8

A local server that acts as a secure, isolated sandbox to execute TypeScript/Python code, providing a unified interface to access multiple external Model Context Protocol (MCP) tools and significantly reducing token usage for upstream LLMs.

Setup Requirements

  • ⚠️Requires Deno runtime installed for TypeScript execution.
  • ⚠️Python execution is disabled by default for security; requires `PYTHON_SANDBOX_READY=true` and Pyodide setup for secure Python execution.
  • ⚠️Initial MCP configuration is required, typically via the CLI setup wizard (`code-executor-mcp setup`).
  • ⚠️API keys (e.g., ANTHROPIC_API_KEY, OPENAI_API_KEY) are required for LLM sampling if not using the MCP SDK as the primary LLM provider.
Verified SafeView Analysis
The Deno-based TypeScript executor operates within a robust sandbox using granular `--allow-` permissions and memory limits, with network requests validated against SSRF patterns. The Python executor defaults to a secure Pyodide WebAssembly sandbox (if `PYTHON_SANDBOX_READY=true`) or is explicitly disabled with a security warning if only the insecure native executor is available. The system explicitly warns that its regex-based dangerous pattern blocking is for 'defense-in-depth only' and 'NOT A SECURITY BOUNDARY', advising reliance on sandbox permissions and process isolation instead. MCP proxy communication is secured with cryptographically strong bearer tokens and constant-time comparison. Content filtering is implemented to redact secrets and PII from LLM sampling responses. Audit logging is comprehensive with content hashing. Overall, the system prioritizes security defaults, but users must understand sandbox limitations when allowing untrusted code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
sandipanchakraborty2016 icon

spring-ai-mcp-demo

by sandipanchakraborty2016

Sec8

Demonstrates the Model Context Protocol (MCP) with Spring AI, showcasing a model-agnostic tool server and AI hosts for OpenAI and Anthropic Claude.

Setup Requirements

  • ⚠️Requires Java 21 JDK and Maven 3.6+
  • ⚠️Docker and Docker Compose are highly recommended for easy setup
  • ⚠️Requires valid OpenAI and/or Anthropic API Keys (paid services) for AI hosts to function
Verified SafeView Analysis
The MCP Server's FileService operates within a sandboxed `~/.mcp-demo-workspace` directory, mitigating arbitrary file access. API keys for AI models are correctly handled as environment variables. The direct exposure of tool calls via REST endpoints in `mcp-client` and `mcp-host` (for demonstration) could pose a risk if not properly secured in a production environment, as it bypasses LLM safety layers. However, for a demo, this exposure is intentional for illustrative purposes. No 'eval' or obfuscation found.
Updated: 2025-11-25GitHub
0
0
Low Cost
Bencockin icon

highcharts_mcp

by Bencockin

Sec7

Generates interactive Highcharts dashboards from provided data URLs and specifications using AI agents.

Setup Requirements

  • ⚠️Requires Claude Desktop to be installed and configured.
  • ⚠️Uses `stdio` for inter-process communication, requiring local execution.
  • ⚠️User must manually update absolute file paths in Claude Desktop configuration.
Verified SafeView Analysis
The server itself primarily acts as a JSON configuration generator and does not execute user-provided code directly. Communication is via `stdio`, limiting network exposure of the server process. However, the generated Highcharts configuration includes a `data_url` which the client (Claude Desktop) will fetch. A malicious `data_url` could lead to client-side issues (e.g., DoS from large files, or potential vulnerabilities in client-side data processing). Additionally, the `filter_column` value, if provided by a malicious prompt, is embedded directly into a JavaScript string within the output HTML/JS component without explicit sanitization, posing a potential client-side Cross-Site Scripting (XSS) risk if crafted to break out of the string context.
Updated: 2025-11-25GitHub
0
0
Low Cost
valentynfaychuk icon

amadeus-mcp

by valentynfaychuk

Sec8

MCP server enabling AI agents to interact with the Amadeus blockchain and its smart contracts.

Setup Requirements

  • ⚠️The `AMADEUS_TESTNET_SK` environment variable is required and must be a valid 64-byte Base58-encoded private key for the testnet faucet (`claim_testnet_ama`) to function.
  • ⚠️The `MCP_DATABASE` D1 binding and its `faucet_claims` table migration (`CREATE TABLE faucet_claims (ip TEXT PRIMARY KEY, address TEXT, claimed_at INTEGER);`) are required for the `claim_testnet_ama` tool.
  • ⚠️Transactions are not signed by the server; an external BLS12-381 signing process is required after `create_transaction` and before calling `submit_transaction`.
Verified SafeView Analysis
The server uses environment variables for sensitive configurations like blockchain RPC URLs and the testnet faucet's secret key (`AMADEUS_TESTNET_SK`), which is good practice. Input validation is performed on incoming API parameters using `validator`. Transaction creation returns an unsigned blob, requiring external signing (BLS12-381) before submission, which enhances security by keeping private keys off the server. The testnet faucet (`claim_testnet_ama`) implements an IP-based 24-hour cooldown using Cloudflare D1, which provides a basic level of abuse prevention for a testnet resource. No obvious `eval` or malicious code patterns were found. Network requests include retry logic. Overall, the security practices appear solid for its stated purpose.
Updated: 2026-01-09GitHub
PreviousPage 415 of 713Next