Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
fozagtx icon

somnia-mcp

by fozagtx

Sec10

This server acts as a Model Context Protocol (MCP) server, enabling AI agents like Claude to interact with the Somnia blockchain network by exposing a set of specialized tools.

Setup Requirements

  • ⚠️Requires Node.js 18+ and pnpm 10.14.0+ to be installed.
  • ⚠️The `AGENT_SECRET_KEY` (a blockchain private key) is required for signing operations and must be securely provided as an environment variable; never commit it to version control.
  • ⚠️The server can operate in `MAINNET` or `TESTNET` mode, requiring careful configuration to avoid unintended transactions on the mainnet.
Verified SafeView Analysis
The project demonstrates excellent security practices. It explicitly warns against hardcoding `AGENT_SECRET_KEY` and mandates its use via environment variables, with strict format validation. Input validation is rigorously handled using Zod schemas derived from trusted internal tool definitions, effectively mitigating injection and malformed request risks. CORS is enabled with `origin: "*"`, which is appropriate for an MCP server designed to be widely accessible by various agents. The Streamable HTTP transport includes DNS rebinding protection. Network requests to external APIs include timeouts to prevent resource exhaustion. No `eval` or easily exploitable malicious patterns were found with untrusted input.
Updated: 2025-11-26GitHub
0
0
Low Cost
DepStacks icon

tool.aws-ops

by DepStacks

Sec9

Provides multi-account AWS operations for SRE teams, managing services like Secrets Manager, Route53, and S3, with secure cross-account authentication.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for local development.
  • ⚠️Requires AWS credentials (either ~/.aws/credentials mounted via volume or IAM roles for AssumeRole).
  • ⚠️Each target AWS account requires an IAM role with a specific Trust Policy and service permissions.
  • ⚠️MCP_AUTH_TOKEN must be configured (non-default for production).
Verified SafeView Analysis
The server implements robust multi-account authentication using AWS AssumeRole (IRSA in production) and AWS Profiles (for local development), with credentials provided per-request and no stored credentials. It enforces API authentication via a Bearer token. Explicit security best practices are documented, including least privilege and audit trails. The code does not use dangerous functions like 'eval' or contain hardcoded AWS secrets. The default 'dev-token' for MCP_AUTH_TOKEN is a setup risk in production if not changed.
Updated: 2025-12-02GitHub
0
0
Medium Cost
guilhermetechmakers icon
Sec8

A web-based platform for managing and delivering micro-learning video reels for manufacturing training, including content management, course building, user management, and subscription billing.

Setup Requirements

  • ⚠️Requires a fully functional backend API for user authentication, content management (reels, courses), analytics, and billing functionality, as the frontend includes 'TODO' comments for these integrations.
  • ⚠️Actual payment processing requires integration with a payment gateway (e.g., Stripe, hinted by 'payment_token: "token_placeholder"').
  • ⚠️Several core features (Course Builder, Quiz, Admin Dashboard, User Management, Analytics, Settings, Help Page) are explicitly marked as 'coming soon...' or 'TODO', indicating incomplete functionality.
Verified SafeView Analysis
The application uses standard client-side token-based authentication via localStorage, which is common but susceptible to XSS. API endpoints are configured via environment variables (VITE_API_URL), which is good practice. Frontend validation is implemented using Zod and React Hook Form. There are no obvious hardcoded secrets or direct 'eval' patterns in the provided client-side code. Critical security aspects, especially authorization for data access (e.g., downloading invoices, editing reels) and comprehensive input sanitization, heavily rely on the backend API implementation, which is not provided.
Updated: 2025-11-20GitHub
0
0
Medium Cost
paylinkmcp icon

python_sdk

by paylinkmcp

Sec7

A Python SDK for integrating AI-powered payment functionalities by interacting with a PayLink Model Context Protocol (MCP) server, enabling tool calling and monetization for various payment providers like M-Pesa.

Setup Requirements

  • ⚠️Requires a separate, running PayLink MCP server to interact with.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Sensitive 'WALLET_CONNECTION_STRING' must be securely provided and handled by the user, and properly validated by the MCP server.
  • ⚠️Optional 'langchain-core' dependency if using LangChain integration.
Verified SafeView Analysis
The SDK itself does not contain obvious direct code execution vulnerabilities (e.g., 'eval'). However, it relies heavily on external HTTP services (PayLink MCP server, wallet.paylinkai.app, evaluator.paylinkai.app). The security of the overall system depends critically on the trustworthiness and security of these external services, as well as the secure handling and transmission of sensitive credentials like 'WALLET_CONNECTION_STRING' (e.g., via HTTPS). If the 'PAYMENT_PROVIDER_HEADER' environment variable is maliciously crafted with invalid JSON, it could cause runtime errors, though it's not likely to lead to arbitrary code execution as the parsed data is used for string comparisons. Default external service URLs are hardcoded but can be overridden.
Updated: 2025-11-29GitHub
0
0
Medium Cost
mrcyrilgoud icon

redshift-mcp-server

by mrcyrilgoud

Sec4

This server acts as a Model Context Protocol (MCP) gateway for Amazon Redshift, allowing clients to discover database schemas and tables, describe table structures, and execute read-only SQL queries.

Setup Requirements

  • ⚠️Requires a running AWS Redshift instance and credentials (host, database, user, password).
  • ⚠️Redshift credentials must be provided via environment variables (REDSHIFT_HOST, REDSHIFT_DATABASE, REDSHIFT_USER, REDSHIFT_PASSWORD).
  • ⚠️The Redshift connection disables SSL certificate validation (`rejectUnauthorized: false`), which is a security risk for Man-in-the-Middle attacks.
Review RequiredView Analysis
The server's `execute_query` tool allows arbitrary `SELECT`, `WITH`, or `EXPLAIN` SQL queries from user input. While intended for read-only access, this broad permission can be abused for denial-of-service, resource exhaustion, or sophisticated data exfiltration by crafting complex queries that align with allowed Redshift user permissions. The client-side `startsWith` check is insufficient to prevent all forms of malicious query construction. Additionally, the Redshift connection uses `ssl: { rejectUnauthorized: false }`, disabling SSL certificate validation and exposing the connection to potential Man-in-the-Middle (MITM) attacks. There are no hardcoded secrets or direct `eval` of user input, but the aforementioned issues are significant.
Updated: 2025-12-19GitHub
0
0
Low Cost
JesusDavidQuarksoft icon

MCP_Server

by JesusDavidQuarksoft

Sec10

A .NET 8.0 web service or API designed to run locally, likely serving as an extension or backend component.

Setup Requirements

  • ⚠️.NET 8.0 SDK required
  • ⚠️Git for cloning the repository
Verified SafeView Analysis
The provided `README.md` and `Properties/launchSettings.json` files do not contain any executable code, hardcoded secrets, obfuscation, or malicious patterns. The `launchSettings.json` defines standard local development URLs (http/https localhost) and an environment variable for the development profile, which are safe configurations for a local setup. No network risks or dangerous patterns like 'eval' are present in the truncated source.
Updated: 2025-12-29GitHub
0
0
Medium Cost
subtype-space icon

subspace-api

by subtype-space

Sec9

An Express-based RESTful API and Model Context Protocol (MCP) server that aggregates data from external services like WMATA, weather, and stock markets, also supporting TRMNL plugin integrations.

Setup Requirements

  • ⚠️Requires Docker for easy deployment and persistence of SQLite data.
  • ⚠️Multiple external API keys are required (WMATA, Discord, Auth server client ID/Secret) configured via environment variables.
  • ⚠️Requires an external OAuth/OIDC Authentication Server (e.g., Keycloak) configured with the correct realm and client for MCP security.
Verified SafeView Analysis
The server uses `helmet` for security headers, `express-rate-limit` to prevent abuse, and `better-sqlite3` with prepared statements to prevent SQL injection. OAuth implementation for MCP endpoints relies on external authentication servers for token introspection, with client secrets stored in environment variables. TRMNL integrations use hashed tokens and optionally enforce IP whitelisting based on an external service ('usetrmnl.com/api/ips'), which is a potential single point of failure if that service is compromised or unavailable, and has an explicit bypass (`TRMNL_IP_AUTH_ALLOW_PRIVATE`) that should not be enabled in production. Overall, good practices are followed for environment variable usage and input validation.
Updated: 2026-01-13GitHub
0
0
Medium Cost
liam1472 icon
Sec8

AI-assisted engineering workflows providing comprehensive code analysis, refactoring, security scanning, and session management capabilities for developers.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 to run.
  • ⚠️Requires the Claude Code plugin (VS Code extension or CLI) for full integration and command execution.
  • ⚠️Global npm installation of `mcp-engineering-server` is necessary to make the CLI commands available and to copy plugin slash commands into the Claude environment.
Verified SafeView Analysis
The server itself implements robust security scanning capabilities to identify secrets and sensitive data within the user's codebase. It offers automated remediation (`--fix` flag) with significant safety mechanisms, including `--dry-run` for previewing changes, `--force` for overriding file modification limits, and an `AtomicFileWriter` for transactional file operations with backups and rollback on failure. It explicitly avoids modifying its own source code (`src/` folder) and has defined `PROTECTED_PATHS` to prevent accidental changes to critical directories like `node_modules` or `.git`. No direct use of 'eval', obfuscation, or other obviously malicious patterns were found. The primary security consideration is the inherent risk of any tool that reads and modifies user code, though this server includes strong safeguards.
Updated: 2026-01-17GitHub
0
0
Low Cost
shuvranko icon

mcpserverexample

by shuvranko

Sec9

Provides a simple arithmetic addition tool as a Micro-Cloud Platform (MCP) server.

Setup Requirements

  • ⚠️Python 3.12+ required.
  • ⚠️Requires the 'uv' tool to execute the 'uvx' command for installation and running.
Verified SafeView Analysis
The provided code is minimal and does not contain any obvious malicious patterns, dynamic code execution (like eval), or hardcoded secrets. The core functionality is a basic arithmetic operation. Security largely relies on the underlying 'mcp' framework.
Updated: 2026-01-19GitHub
0
0
Low Cost
Wolfe-Jam icon

xai-mcp-server

by Wolfe-Jam

Sec4

A Rust-native MCP server for Foundational AI-context Format (FAF), providing AI-Readiness scoring and bi-directional synchronization for AI agents to understand project context.

Setup Requirements

  • ⚠️Requires Rust Toolchain (for the MCP server).
  • ⚠️Requires Supabase account and configuration (database, tables, API keys) for the SvelteKit UI/API.
  • ⚠️Requires Resend account and configuration (domain verification, API key) for email functionality.
  • ⚠️Requires Stripe account and configuration (API keys, webhook secret) for payment processing.
  • ⚠️Relies on the 'faf-cli' npm package (for the 'turbo-analyze' endpoint's intelligence processing).
Review RequiredView Analysis
The core Rust MCP server (`src/main.rs`) operates over `stdin`/`stdout` JSON-RPC, limiting direct network attack surface. Its exposed tools (`faf_score_aligned`, `bi_sync`) take structured, basic types (numbers, strings), making the Rust component itself relatively robust against common injection attacks. However, the overall project includes a SvelteKit UI with API endpoints (`svelte-ui/src/routes/api/`) that introduce significant vulnerabilities: 1. **Stripe Webhook (`stripe-webhook/+server.ts`):** Critically, the webhook signature is read (`request.headers.get('stripe-signature')`) but *not verified* against `STRIPE_WEBHOOK_SECRET` before processing payment-related events (`checkout.session.completed`, `customer.subscription.updated`, `customer.subscription.deleted`). This allows an attacker to send forged events, potentially leading to unauthorized license generation, status changes, or other financial fraud. 2. **Subscriber Storage (`subscribe/+server.ts`):** The endpoint writes user email data to a local JSON file (`data/subscribers.json`) using `fs.writeFile` with `process.cwd()`. While less critical in a containerized environment like Vercel, this pattern can be susceptible to path traversal attacks if `process.cwd()` is manipulated or if data input can construct malicious paths. 3. **Turbo Analyze (`turbo-analyze/+server.ts`):** This endpoint accepts `fileContent` and `fileName`, writes them to a temporary file (`tmpdir()`) on the server, and then processes the file using external dependencies (`faf-cli`, `yaml`). This introduces potential risks from vulnerabilities in these third-party libraries (e.g., YAML parsing bombs for DoS, or arbitrary code execution if underlying parsers are exploited). The use of `tmpdir()` mitigates some local file system risks but not parser-level vulnerabilities. No `eval` or explicit `unsafe` blocks were found in the Rust code. Overall, the unverified Stripe webhook is a critical flaw that compromises the system's payment and licensing integrity.
Updated: 2025-11-28GitHub
0
0
Low Cost
blueman82 icon

meta-mcp-server

by blueman82

Sec4

A meta Model Context Protocol (MCP) server that acts as a proxy to multiple backend MCP servers, optimizing AI tool discovery and interaction for token efficiency via lazy loading and a two-tier discovery mechanism.

Setup Requirements

  • ⚠️Requires Node.js installed globally.
  • ⚠️Default configuration uses `~/.meta-mcp/servers.json`; manual creation/management or VS Code extension is needed.
  • ⚠️If Docker-based backend servers are configured, a running Docker daemon is required.
  • ⚠️Many backend servers (both curated and custom) require external API keys or credentials, typically configured via environment variables.
Review RequiredView Analysis
The server's design inherently involves executing external commands and arbitrary code. While `stdio-transport.ts` whitelists base commands (e.g., 'node', 'docker', 'npx'), it does not sanitize or restrict arguments. A compromised `servers.json` file could therefore be used to execute arbitrary commands with a whitelisted binary, posing a significant local privilege escalation risk. The `mcp-exec` package, designed for arbitrary code execution, uses a sandbox runtime. However, its default `allowNetworkAccess: true` setting means code executed within the sandbox can make unrestricted network requests, creating a pathway for data exfiltration or external attacks if an RCE is achieved. Additionally, `cursor-token-reader.ts` uses `execFileSync` to retrieve sensitive tokens from OS password stores, introducing a complex and potentially vulnerable attack surface. While there are some security best practices like environment variable filtering and path validation for env files, the fundamental reliance on executing dynamic code/commands from configuration necessitates extreme caution regarding the integrity of configuration sources.
Updated: 2025-12-30GitHub
0
0
Medium Cost
smspgh icon

winproc_mcp

by smspgh

Sec8

Provides AI-assisted and direct command-line management for Windows processes and services.

Setup Requirements

  • ⚠️Requires Windows OS (10/11 or Server)
  • ⚠️Requires Python 3.8+
  • ⚠️PowerShell 7.x recommended (Windows PowerShell 5.1 may have limitations)
  • ⚠️Requires 'mcp' and 'pydantic' Python packages (install via requirements.txt)
  • ⚠️PowerShell execution policy might need to be set to 'RemoteSigned' (Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser)
Verified SafeView Analysis
The server executes PowerShell scripts via subprocess calls, including operations that require UAC elevation. While inputs for PowerShell commands are generally quoted or validated (e.g., PIDs are integers), direct string interpolation in f-strings for script generation carries an inherent, albeit low, risk of command injection if not meticulously handled for all possible user inputs. The UAC elevation mechanism is correctly implemented, prompting the user for destructive actions, which enhances security by preventing silent elevated operations.
Updated: 2025-12-03GitHub
PreviousPage 420 of 713Next