Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
thebigredgeek icon

spotify-mcp-server

by thebigredgeek

Sec9

Controls Spotify playback, search, and device management through natural language prompts via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires manual creation of a Spotify Developer App with a specific Redirect URI (`http://127.0.0.1:8888/callback`).
  • ⚠️Requires running a separate interactive authentication script (`spotify-mcp-server auth`) to obtain and store initial access and refresh tokens.
  • ⚠️Requires Node.js (>=18.0.0) and npm/npx to be installed on the host system.
Verified SafeView Analysis
The server implements robust error handling and token management, prioritizing token integrity. It never invalidates tokens on transient network failures (e.g., 5xx, 429 rate limit, network errors) and explicitly only invalidates tokens upon an 'invalid_grant' error during refresh, indicating a truly revoked refresh token. Credentials are saved using atomic writes to prevent corruption and secured with 0o600 file permissions. OAuth flow includes CSRF protection via state. Logs are correctly directed to stderr to avoid interfering with MCP stdout. No direct 'eval' or malicious patterns are observed. Sensitive credentials (client secret, tokens) are handled with care, either prompted, loaded from secured files, or read from environment variables without being logged in clear text at normal log levels.
Updated: 2025-11-24GitHub
0
0
Medium Cost
Theeshs icon

mcp-adaptors

by Theeshs

Sec8

This project integrates multiple MCP (Multi-tool Communication Protocol) servers, specifically for math operations and weather information retrieval, with LangChain agents to enable LLMs to use these tools for query resolution.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for ChatOpenAI to function.
  • ⚠️Requires Python 3.14 or newer, which is a very recent version and might not be widely adopted yet.
  • ⚠️The 'weather' server (`servers/weather_server.py`) must be manually started (e.g., on port 8000) before running the `langchain_client.py` example.
  • ⚠️Hardcoded absolute file paths (e.g., `/Users/theesh/...`) for server scripts in `langchain_client.py` and `main.py` will need to be adjusted for different environments.
Verified SafeView Analysis
The code uses `load_dotenv()` for environment variables, which is good practice for managing secrets like API keys. The `weather_server.py` operates over SSE (Server-Sent Events) via a network connection, which is a standard approach but would require proper network configuration and access control in a production environment. No 'eval' or other directly exploitable malicious patterns are evident. Hardcoded absolute paths for server scripts in client configurations (e.g., `/Users/theesh/Desktop/.../math_server.py`) could be a minor information disclosure risk or lead to setup issues.
Updated: 2025-12-06GitHub
0
0
Medium Cost
kevinhollande-ai icon

mcp-builder-server

by kevinhollande-ai

Sec3

Manages Model Context Protocol (MCP) servers, allowing creation from OpenAPI specifications, process control, preprompt configuration, workflow orchestration, and Claude Desktop integration.

Setup Requirements

  • ⚠️Requires Node.js (version 18 or higher is recommended based on dependencies in `package-lock.json`).
  • ⚠️The core API endpoints (`/api/servers`, `/api/convert`, `/api/workflow`, etc.) that implement the server's described functionalities are NOT included in the provided `index.js` file. The server, as provided, will not function as described without these missing implementations running on `http://localhost:3000/api`.
Review RequiredView Analysis
The provided source code is incomplete; critical API implementations for core functionalities (e.g., `/api/servers`, `/api/convert`, `/api/workflow`) are missing. These endpoints are targeted by the MCP server's internal `fetch` calls. Without their implementation, a comprehensive security audit is impossible, and the absence itself represents a critical functional defect or vulnerability. A broad `Access-Control-Allow-Origin: *` policy is set for the SSE endpoint, which could be a risk if sensitive data were transmitted or if combined with other vulnerabilities. The `convertOpenAPI` functionality (if fully implemented elsewhere) is highly susceptible to Server-Side Request Forgery (SSRF) or other arbitrary file/URL fetching vulnerabilities if user-provided OpenAPI specifications are not rigorously sanitized and validated.
Updated: 2025-11-27GitHub
0
0
Medium Cost
vitorcalvi icon

cog-mcp

by vitorcalvi

Sec3

Provides AI assistants with semantic code search and code structure analysis using local Metal GPU acceleration on Apple Silicon.

Setup Requirements

  • ⚠️Requires macOS with Apple Silicon (M1/M2/M3) hardware.
  • ⚠️Requires `cog-core` Python backend (a separate repository) to be cloned and installed locally.
  • ⚠️The `PYTHON_CORE_DIR` path is hardcoded in `dreams-mcp.ts` and must be manually updated to the user's `cog-core` installation path. It is not dynamically configured via an environment variable in the provided source code.
  • ⚠️Requires `uv` (a Python package manager) to be installed and used for Python execution.
Review RequiredView Analysis
The server uses `child_process.exec` to run Python scripts constructed from user input. While `query` and `text` inputs are partially escaped (single quotes), the `file_path` argument in the `get_file_structure` tool is directly interpolated into the Python script without proper escaping. This creates a critical path traversal vulnerability, allowing an attacker to potentially read arbitrary files on the system by providing a path like `../../../../etc/passwd`.
Updated: 2026-01-18GitHub
0
0
Low Cost
yanxxcloud icon
Sec8

Orchestrates OpenSandbox functionality (sandboxes, commands, files) via Model Context Protocol for AI agents to interact with isolated execution environments.

Setup Requirements

  • ⚠️Requires Docker to be installed and running.
  • ⚠️Requires OpenSandbox Server to be installed and running (follow OpenSandbox documentation for setup).
  • ⚠️Requires configuration of `OPENSANDBOX_DOMAIN` and optionally `OPENSANDBOX_API_KEY` and `OPENSANDBOX_PROTOCOL` environment variables.
Verified SafeView Analysis
The server correctly implements an MCP interface for OpenSandbox API calls. No direct use of `eval` or obvious obfuscation. Hardcoded secrets are not present; API key is configured via environment variable. Network interactions involve dynamically retrieving an 'embedding-proxy-port' from sandbox metadata for execd operations, which is then used as a temporary base URL for command and file actions. This relies on the OpenSandbox system itself being secure and the metadata being trustworthy. The primary security consideration is that the 'command_run' tool allows arbitrary shell command execution within a sandboxed environment; if an untrusted AI or user has access to this tool, they could potentially execute harmful commands inside the sandbox. The server itself appears robust against external injection and generally follows good practices for handling external API interactions.
Updated: 2026-01-18GitHub
0
0
High Cost
quotentiroler icon

Guido

by quotentiroler

Sec7

Empowers LLMs to manage, validate, and modify configuration templates through structured tool calls.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx for execution.
  • ⚠️LLM provider configuration (API Key for OpenAI/Anthropic/Google, or a local Ollama instance) is required for AI features.
  • ⚠️Designed for integration with AI agents (e.g., VS Code Copilot, Claude Desktop) which manage LLM API keys and tool execution.
Verified SafeView Analysis
The server provides direct file system access (read, modify, delete templates, fields, rules, import/export settings) via structured tool calls from LLMs. Its security relies heavily on the trustworthiness and permissions of the calling LLM agent/framework and the execution environment. API keys for external LLMs are expected to be provided by the client/agent and are not hardcoded in the server logic.
Updated: 2025-12-28GitHub
0
0
Medium Cost
ilidaniys icon

jira-mcp-server

by ilidaniys

Sec9

Allows an MCP client (like Claude Code) to interact with Jira for managing tasks: fetching personal tasks, viewing task details, creating new tasks, and changing task statuses.

Setup Requirements

  • ⚠️Requires manual generation of a Jira API token through the Atlassian security settings.
  • ⚠️Requires manual lookup of your Jira Account ID, either via an API call or browser inspection.
  • ⚠️Jira base URL, email, API token, and assignee account ID must be correctly configured as environment variables (or in the Claude Code config).
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (JIRA_EMAIL, JIRA_API_TOKEN), which is a good security practice. There's no use of 'eval' or obvious code obfuscation. Dependencies are standard and widely used. The construction of JQL queries directly embeds parameters (`projectKey`, `status`, `JIRA_ASSIGNEE_ACCOUNT_ID`), which, in theory, could be vulnerable to JQL injection if the client (LLM) were to provide malicious input. However, in the context of an LLM tool, this risk is generally mitigated by careful prompt engineering and the LLM's adherence to tool parameter schemas. Overall, for its intended use as a private integration, it appears reasonably secure.
Updated: 2025-12-10GitHub
0
0
Medium Cost
mlb0925 icon
Sec7

Develop a custom MCP (Multi-Modal Chat Protocol) server in Python to integrate external tools with LangChain agents, enabling automatic tool registration and invocation for LLMs.

Setup Requirements

  • ⚠️Requires either a running local Ollama instance or an OpenAI-compatible API key and base URL (currently hardcoded as placeholders in `demo.py`).
  • ⚠️The `mcp.json` file must be present in the execution directory and correctly specify the command and arguments to launch `pymcp.py`.
  • ⚠️The `pymcp.py` server and its `tools/` and `util/` subdirectories must be accessible and runnable by the specified command in `mcp.json`.
Review RequiredView Analysis
The `pymcp.py` server communicates via standard input/output, limiting direct network exposure. However, the `demo.py` agent hardcodes placeholder `OPENAI_API_KEY` and `OPENAI_API_BASE`, which is a security risk if not replaced with actual environment variables or a secure configuration before deployment. Tool invocation in `pymcp.py` directly calls Python functions with arguments, which, while safe for the provided demo tools, could pose a risk with less vetted or more complex custom tools if input schemas are not sufficiently restrictive.
Updated: 2026-01-19GitHub
0
0
Low Cost
Sujeeth-Varma icon
Sec8

Exposes HTTP search providers as dynamic Model Context Protocol (MCP) tools using Spring AI.

Setup Requirements

  • ⚠️Requires Java 17+ and Maven 3.9+.
  • ⚠️Customizing URL template placeholder handling (e.g., named vs. positional) may require modifying the 'RestToolAdapter' or adjusting URL formats in configuration.
Verified SafeView Analysis
The server's core functionality involves making external HTTP calls based on dynamic configuration. While the code itself does not contain obvious vulnerabilities like 'eval' or hardcoded secrets, the dynamic 'url' parameter configured via application.yml or environment variables introduces a potential Server-Side Request Forgery (SSRF) risk if configuration sources are not properly secured. The debug endpoints allowing manual tool execution (guarded by 'debug.enabled') could also be misused if enabled in production. Spring WebClient's URI encoding mitigates direct query parameter injection risks in the default setup.
Updated: 2026-01-17GitHub
0
0
Medium Cost
ibsoft icon
Sec3

A server designed to connect and interact with an MSSQL SQL Database.

Setup Requirements

  • ⚠️Requires an accessible MSSQL SQL Database instance.
Review RequiredView Analysis
Only README.md was provided; no source code was available for security analysis. Cannot determine the presence of 'eval', obfuscation, hardcoded secrets, network risks, or malicious patterns.
Updated: 2025-12-06GitHub
0
0
Low Cost
Yerachmiel-Feltzman icon

Bookmarks-Aware-MCP-Server

by Yerachmiel-Feltzman

Sec9

Provides LLMs with read-only, keyword-searchable access to a user's local Chrome bookmarks to enhance natural language queries.

Setup Requirements

  • ⚠️Requires Python 3.10 or later.
  • ⚠️Relies on the Chrome bookmarks file existing at the default or a specified location.
  • ⚠️Requires manual configuration in the MCP client (e.g., Cursor) with an absolute path to the server's main script.
Verified SafeView Analysis
The server primarily performs read-only operations on a local, predefined Chrome bookmarks JSON file. It uses a standard regular expression for tokenization and does not contain `eval`, `exec`, or similar dangerous functions. No network calls beyond the standard MCP stdio communication are made. The risk is minimal as long as the default bookmark file path is used, and the user's own machine is trusted. Custom bookmark paths could introduce risk if pointed to untrusted locations, but this would be a user-initiated configuration change.
Updated: 2025-12-08GitHub
0
0
Medium Cost
wolverin0 icon

uisp-mcp-server

by wolverin0

Sec1

Automated network and customer relationship management for an Internet Service Provider (ISP), leveraging AI for diagnostics, optimization, and reporting.

Setup Requirements

  • ⚠️Requires `CRM_API_URL`, `NMS_API_URL`, `CRM_API_KEY`, and `NMS_API_KEY` to be set as environment variables.
  • ⚠️Requires `swagger.json` (NMS API documentation) and `unmscrm.apib` (CRM API documentation) files to be present in `./docs/` for the RAG component to function.
  • ⚠️The application explicitly disables SSL/TLS certificate validation for API calls, creating a critical security risk if deployed in any environment where network attackers might be present.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `api-client.ts` explicitly sets `rejectUnauthorized: false` for HTTPS requests. This disables SSL/TLS certificate validation, making the application vulnerable to Man-in-the-Middle (MITM) attacks. Any data exchanged with the UISP CRM and NMS servers (including sensitive customer data, device configurations, and API keys) could be intercepted, read, or modified by an attacker without detection. This is a severe security flaw for any system handling critical infrastructure or private customer information. While input validation using Zod is good, and API keys are loaded from environment variables (good practice), the complete bypass of TLS security makes the entire system highly insecure. In-memory storage for alerts in `NetworkAlertManagerTool` is a functional limitation, not a security one, but can lead to data loss.
Updated: 2026-01-18GitHub
PreviousPage 419 of 713Next