Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
retention-corp icon

meta-ads-mcp

by retention-corp

Sec8

Interacting with Meta Ads API for AI-powered analysis, management, and optimization of advertising campaigns.

Setup Requirements

  • ⚠️Requires a Meta Developer App setup (App ID, App Secret, and specific permissions) for direct Meta API authentication, which is a multi-step technical process.
  • ⚠️Users must configure either a `PIPEBOARD_API_TOKEN` (recommended for simpler authentication and remote MCP) or `META_ACCESS_TOKEN` environment variable for full functionality. Custom Meta App tokens require refresh every 60 days.
  • ⚠️Requires Python 3.10 or higher. The `uv` package is recommended for dependency management.
Verified SafeView Analysis
The server securely handles credentials using environment variables for sensitive data (API tokens, app secrets). It implements robust token management with `contextvars` for async safety and uses standard HTTP libraries (`httpx`, `requests`) with timeouts for external network requests, mitigating common risks. A default Meta App ID is hardcoded but is explicitly designed to be overridden by environment variables or CLI arguments. The 'duplication' feature (if enabled) relies on an external Pipeboard service (mcp.pipeboard.co), introducing a third-party dependency. Users must configure their authentication tokens securely.
Updated: 2026-01-19GitHub
0
0
Medium Cost
consigcody94 icon

slack-sage

by consigcody94

Sec9

Facilitate AI-powered Slack communication, including message search, thread reading, message posting, channel history browsing, and reminder creation, directly within an AI client.

Setup Requirements

  • ⚠️Requires a Slack workspace with admin access to create and configure a Slack App.
  • ⚠️Requires generating a Bot User OAuth Token by creating a Slack App and granting specific permissions (channels:history, chat:write, search:read, reminders:write, etc.).
  • ⚠️Requires Claude Desktop to run as an MCP server, as per the MCP compatibility badge and configuration instructions.
Verified SafeView Analysis
The server uses the official Slack Web API client. It does not hardcode any sensitive credentials. The Slack bot token is explicitly passed as a `token` argument in each tool call, which is expected to be provided by the MCP client (e.g., Claude Desktop) during configuration. This approach centralizes sensitive credential management outside the server's code, relying on the client's secure handling. Necessary Slack scopes must be granted for the bot to function, which is a standard requirement for Slack applications.
Updated: 2025-11-25GitHub
0
0
Medium Cost
dizzlkheinz icon

ynab-mcp-dxt

by dizzlkheinz

Sec9

Connects YNAB budget to AI assistants for natural language finance management, including receipt itemization and bank reconciliation.

Setup Requirements

  • ⚠️Requires a YNAB Access Token, which must be generated manually from the YNAB web application.
  • ⚠️The default installation method using `npx @latest` can lead to slower startup times as the package is fetched on each run.
  • ⚠️Utilizing advanced features like 'Receipt Itemization' or 'Bank Reconciliation' requires manual input of receipt text or CSV data, potentially adding friction.
Verified SafeView Analysis
The server securely handles sensitive YNAB data by requiring a user-provided access token via environment variable. Input validation (Zod) is used for tool parameters. File system operations for exports are restricted to standard user directories (Downloads/Documents) or a configurable path. No 'eval' or obvious malicious code patterns were found. The use of 'npx @latest' downloads the code each time, which is generally less secure than a fixed version, but this is a client configuration choice rather than a server vulnerability.
Updated: 2025-12-31GitHub
0
0
Medium Cost
anagashima82 icon

mcp-excel-server

by anagashima82

Sec2

Provides Dify with local Excel file manipulation capabilities using openpyxl.

Setup Requirements

  • ⚠️Requires Docker/Docker Desktop, Python 3.10+, and Dify running in Docker.
  • ⚠️Dify must be configured to use `http://host.docker.internal:8000/mcp` to access the host's server.
  • ⚠️The MCP server needs to run continuously on the host machine for Dify to access it.
  • ⚠️The server binds to `0.0.0.0:8080` (all network interfaces) by default, exposing it to the local network.
Review RequiredView Analysis
CRITICAL: The server is vulnerable to arbitrary file system access. The `filepath` arguments to tools like `read_excel` or `write_cell` are not strictly confined to the `OUTPUT_DIR` if an absolute path is provided by the Dify agent. This allows a potentially malicious Dify prompt to read from or write to any location on the host machine where the server process has permissions (e.g., `/etc/passwd`). Additionally, the server binds to `0.0.0.0:8080` by default, exposing it to the local network, which exacerbates the file system access vulnerability by making it network-accessible.
Updated: 2025-11-28GitHub
0
0
Low Cost
pikachusensei icon

mcp-server

by pikachusensei

Sec7

Provides a set of regular expression utility tools for validation, replacement, and matching, designed to be exposed as an external tool for AI agents via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js (version 18+ is recommended due to dependencies of the Model Context Protocol SDK and the use of top-level await).
  • ⚠️Operates within the Model Context Protocol (MCP) ecosystem, meaning it's intended to be connected to and called by an MCP client or agent.
  • ⚠️There's a potential module system conflict: `package.json` declares `"type": "commonjs"`, while `tsconfig.json` targets `"module": "NodeNext"`, which typically transpiles to ES Modules. Running directly from TypeScript (`ts-node`) usually handles this, but a compiled JavaScript output might require specific Node.js flags or adjustments if `type: module` isn't set in `package.json`.
Verified SafeView Analysis
The server directly utilizes user-provided regex patterns and flags for operations like validation, replacement, and matching. This design pattern inherently carries a risk of Regular Expression Denial of Service (ReDoS) if a malicious or overly complex regex is submitted by an untrusted source. Such an attack could consume excessive CPU resources and lead to service unavailability. The provided code does not show explicit safeguards like execution timeouts or resource limits for these regex operations.
Updated: 2026-01-19GitHub
0
0
Low Cost
psbds icon
Sec8

This MCP server sample demonstrates how to build and integrate various tools and knowledge bases (like weather data and company standards) into an extensible AI agent framework.

Setup Requirements

  • ⚠️Requires Node.js (>=18) and npm/npx to run the MCP development blueprints server.
  • ⚠️The Python client (`mcp-client-python/main.py`) requires Python (>=3.13) and specific packages (langchain, langchain-mcp-adapters, langchain-openai, python-dotenv).
  • ⚠️The Python client requires Azure OpenAI API Key, Endpoint, and Deployment Name configured via environment variables (AZURE_OPENAI_ENDPOINT, AZURE_OPENAI_API_KEY, AZURE_OPENAI_DEPLOYMENT_NAME), implying a paid Azure OpenAI service.
  • ⚠️The default `run_command` (using `mcp-dev-blueprints`) starts a 'my-company-kb' server on port 3000, which is different from the 'weather' server on port 1914 that the Python client is currently configured to connect to. The client's `main.py` would need modification (uncommenting the 'my-company-kb' config) to interact with the server started by the recommended `run_command`.
Verified SafeView Analysis
The server code generally follows good practices, using environment variables for sensitive API keys in the client. The HTTP server is configured to run on localhost by default, limiting direct external exposure. External `fetch` calls are made to `wttr.in` for weather data, which is an external dependency but the input `city` is properly encoded. No 'eval', obfuscation, or obvious malicious patterns were found. The use of the Model Context Protocol SDK mitigates some lower-level transport risks.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Sridesh icon

rust-mcp-server

by Sridesh

Sec2

The server provides tools for anomaly detection on time-series data and basic greetings, conforming to the MCP protocol.

Setup Requirements

  • ⚠️Requires Rust toolchain installed.
  • ⚠️The `anomaly_dbscan` tool requires CSV dataset files to exist on the server's filesystem at the specified `dataset_path`.
Review RequiredView Analysis
Critical path traversal vulnerability in `AnomalyTool::call_tool` via the `dataset_path` parameter. An attacker can specify arbitrary file paths (e.g., `../../../../etc/passwd`) to read local files, potentially leading to information disclosure or further exploits. The server runs on a local network interface (127.0.0.1:3001), but this vulnerability is severe even if locally accessible.
Updated: 2025-11-26GitHub
0
0
Low Cost
danny-zent icon
Sec8

This server creates and manages mock scenarios for an Income Tax Refund (ITR) loader project, facilitating testing and development.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires 'uv' or 'pip' for dependency installation.
  • ⚠️Interaction with DynamoDB (local or AWS) is required for scenario assignment/unassignment tools. `DYNAMODB_ENDPOINT_URL` must be configured for this.
Verified SafeView Analysis
The server uses `boto3` to interact with AWS DynamoDB for scenario persistence. While no hardcoded secrets are present in the provided code, the overall security relies on proper AWS credential management and secure configuration of the DynamoDB endpoint (e.g., using a local instance or a secure VPC endpoint). The server itself operates over standard I/O (stdio_server), limiting direct network exposure.
Updated: 2025-11-28GitHub
0
0
Medium Cost
skyinv icon

Seedream_MCP

by skyinv

Sec9

An enhanced tool for AI image generation, offering text-to-image, image-to-image, merging, and grouping, with integrated cloud storage and prompt templating.

Setup Requirements

  • ⚠️Requires a paid API key for Volcano Engine Seedream 4.0 (ARK_API_KEY).
  • ⚠️Python 3.8 or later is required.
  • ⚠️A dedicated GPU with at least 2 GB of VRAM is recommended for optimal performance.
  • ⚠️Qiniu Cloud Storage account and credentials are required for cloud storage integration (optional feature).
Verified SafeView Analysis
The project demonstrates good security practices by externalizing API keys (ARK_API_KEY, QINIU_ACCESS_KEY, QINIU_SECRET_KEY) into .env files and explicitly validating `ARK_API_KEY` to prevent use of placeholders. Path traversal and file size limits are implemented for local file operations (reading input images, saving generated images), reducing local file system risks. The `FileManager` includes checks for unsafe paths. No usage of `eval` or obvious obfuscation was found. The core functionality involves making HTTP requests to external AI APIs and cloud storage, which are standard operations for such a tool.
Updated: 2026-01-19GitHub
0
0
Medium Cost
SynTaek icon

code-trajectory

by SynTaek

Sec9

Provides Large Language Models (LLMs) with a persistent memory of a developer's coding history by tracking code evolution in a shadow git repository across AI chat sessions.

Setup Requirements

  • ⚠️Requires `uv` package manager to be installed.
  • ⚠️The target project must be an initialized Git repository.
  • ⚠️Requires `git` command-line interface to be installed and available in PATH.
Verified SafeView Analysis
The server primarily uses `gitpython` to interact with Git, which wraps native `git` commands. Inputs for file paths are sanitized with `os.path.abspath` and `os.path.relpath`, and checked against the project root. The use of a dedicated shadow repository (`.trajectory`) isolates its operations from the main project's git history, significantly reducing risk to the primary codebase. No direct `eval()` or `exec()` of user input found. The implementation appears to use `gitpython` responsibly, but any interaction with external commands carries an inherent, albeit low, risk.
Updated: 2025-12-05GitHub
0
0
Low Cost
mkmlab-hq icon
Sec8

An optimized and self-evolving rules system for Cursor AI development environments, enhancing productivity and reducing AI token costs through intelligent rule management.

Setup Requirements

  • ⚠️Requires Cursor AI installed and running
  • ⚠️Requires Python 3.8+ for utility scripts
  • ⚠️Requires PowerShell 5.1+ for utility scripts (Windows only)
  • ⚠️Requires Git installed and configured for repository management scripts
Verified SafeView Analysis
The project's internal rules (`security-rules.mdc`, `layer1-security.mdc`) aim to enforce security best practices within the AI development environment, such as API key protection. Utility scripts for Git operations (`auto_push_with_security_agent.py`) attempt to integrate with a security agent for managing sensitive information like `GITHUB_TOKEN`. However, if the agent is unavailable, manual authentication or embedding tokens directly in URLs for Git operations are documented as fallback methods, which can be less secure. File system operations are local and for repository management, without apparent malicious patterns or `eval` usage.
Updated: 2025-11-29GitHub
0
0
Low Cost
barwalgayatri02 icon

Convert_FastAPI_MCPTool

by barwalgayatri02

Sec4

Integrates a MCP server to expose selected FastAPI application routes as MCP tools.

Setup Requirements

  • ⚠️Requires 'fastapi' library to be installed.
  • ⚠️Requires 'mcp' library to be installed.
Verified SafeView Analysis
The application uses `CORSMiddleware` with `allow_origins=["*"]`, `allow_methods=["*"]`, and `allow_headers=["*"]`. This is a critical security risk for any production application, as it permits cross-origin requests from any domain, making it highly vulnerable to Cross-Site Request Forgery (CSRF) and other attacks if not properly restricted to specific origins. While the current exposed routes are simple math operations, this configuration promotes insecure practices.
Updated: 2026-01-17GitHub
PreviousPage 418 of 713Next