Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost

SerialMemoryServer

by sblanchard

Sec8

A temporal knowledge graph memory system for AI agents, enabling semantic search, multi-hop reasoning, and user persona tracking.

Setup Requirements

  • ⚠️Docker & Docker Compose required for infrastructure (PostgreSQL, Redis, RabbitMQ)
  • ⚠️Python 3.11+ required
  • ⚠️Manual download of spaCy language model (en_core_web_sm)
Verified SafeView Analysis
The project uses parameterized queries for PostgreSQL, mitigating SQL injection risks. Environment variables are used for sensitive configurations (e.g., database credentials), though default values for local development are present. HTTP services for ML inference are exposed locally (ports 8765, 8766 in tools directory) which would require proper firewalling in a production environment. The Ollama-based extraction service (tools/extraction_http_service.py) uses HTTP calls to a local Ollama instance, which is generally safe for local use but could be a vector if configured to a malicious remote endpoint (not the default setup). The Python MCP server itself is STDIO-based, limiting direct network exposure.
Updated: 2025-11-27GitHub
0
0
Low Cost
berserus icon
Sec10

A simple repository likely intended for a Git workshop or tutorial.

Verified SafeView Analysis
Only README.md content was provided in the source code. No executable files were present for security analysis. Thus, no 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could be identified.
Updated: 2025-12-14GitHub
0
0
Medium Cost
MAnders333 icon

mem0-mcp-server

by MAnders333

Sec8

Provides a Model Context Protocol (MCP) server for persistent memory, enabling AI agents to store and semantically search conversational context.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (or compatible LLM API Key via `LLM_API_KEY` or `OPENAI_API_KEY`) for embeddings and LLM calls, incurring paid service costs.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️By default, stores ChromaDB data locally in '/app/data' within the container; ensure appropriate volume mapping for data persistence when using Docker.
Verified SafeView Analysis
The server correctly sources API keys and sensitive URLs from environment variables, avoiding hardcoded secrets. Transport security for FastMCP is configured with DNS rebinding protection and allowed hosts. No direct code injection vulnerabilities (e.g., `eval`, `exec`) were identified. The use of external dependencies like `mem0ai` and LLM providers implies inherent risks that are outside the direct scope of this code analysis.
Updated: 2025-12-08GitHub
0
0
Low Cost
louisburroughs icon

durion-chat

by louisburroughs

Sec7

Provides a Moqui-hosted chat UI for interacting with a backend MCP server, facilitating operational support, diagnostics, and guided workflows.

Setup Requirements

  • ⚠️Requires a running Moqui framework instance for deployment and hosting.
  • ⚠️Requires a separate backend MCP server endpoint to function.
Review RequiredView Analysis
The provided source code only contains the README.md. A full security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns is not possible without the application's actual code. The README states that security policy definition is out of scope and relies on platform authentication/authorization, which is a reasonable design for a UI component. No immediate red flags are present in the provided text.
Updated: 2026-01-17GitHub
0
0
Medium Cost
ShogoOkamoto icon

google-search-mcp

by ShogoOkamoto

Sec9

Enables Large Language Models (LLMs) to perform real-time web searches using Google Custom Search Engine.

Setup Requirements

  • ⚠️Requires a Google Custom Search API key (from Google Cloud Console) and a Custom Search Engine ID (from Programmable Search Engine).
  • ⚠️Google Custom Search API usage can incur costs depending on usage beyond the free tier.
  • ⚠️Windows users integrating with Claude Desktop might need to specify the full path to their Python executable.
Verified SafeView Analysis
The server loads sensitive credentials (Google API Key, CSE ID) from environment variables or a .env file, which is a good practice. It uses `httpx` for network requests to a legitimate Google API endpoint. Input parameters are validated (e.g., `num_results` clamping). The server does not use `eval` or other inherently dangerous functions. The `query` string is passed directly to the Google Custom Search API, relying on Google's API to handle potential sanitization. Error messages expose `response.text` which, in rare cases, could contain sensitive information if Google's API returned such in an error, but this is a minor concern.
Updated: 2025-11-29GitHub
0
0
Medium Cost
annmalavet icon

MCP-SERVER

by annmalavet

Sec8

This server acts as a Model Context Protocol (MCP) tool provider, exposing functionalities like email search, appointment creation, and email sending for consumption by an MCP client or AI agent.

Setup Requirements

  • ⚠️Requires `RESEND_API_KEY` environment variable for email sending functionality.
  • ⚠️Requires `EMAIL_SEARCH_API_URL` environment variable pointing to an external email search service.
  • ⚠️Requires `APPOINTMENT_SERVICE_URL` environment variable pointing to an external appointment booking service.
Verified SafeView Analysis
The server correctly uses environment variables for API keys and external service URLs, preventing hardcoded secrets. Input validation is performed using Zod schemas for the registered tools. The use of `cors({ origin: true })` allows requests from any origin, which is common for public APIs but could be a concern if strict origin control is needed without relying on the MCP client's authentication/authorization layers. No 'eval' or obvious malicious patterns were found. The security of the external services (Resend, email search API, appointment service) is outside the scope of this code.
Updated: 2025-11-26GitHub
0
0
Low Cost
cayour icon
Sec9

Provides real-time weather forecasts and alerts by integrating with the National Weather Service (NWS) API, primarily intended as a tool for an LLM.

Setup Requirements

  • ⚠️Requires the 'mcp-server' Python library to be installed.
  • ⚠️Requires the 'httpx' Python library for async HTTP requests.
  • ⚠️Designed to be run as a sub-process by an MCP client that handles its standard input/output (stdio).
Verified SafeView Analysis
The server code appears largely safe. It makes external HTTP requests to a known public API (NWS). Inputs (latitude, longitude, state) are used to construct API URLs, with coordinates rounded to prevent obvious injection. Error handling for HTTP requests is present. No 'eval' or other highly dangerous functions are used. There are no hardcoded API keys or sensitive credentials. The server operates via stdio, not exposing network ports directly. The main risk, though minor, would be unexpected behavior from the NWS API due to malformed input if not properly validated, but the current implementation shows reasonable care.
Updated: 2025-12-02GitHub
0
0
High Cost
jph2 icon
Sec6

A Model Context Protocol (MCP) server for basic Universal Scene Description (USD) operations and NVIDIA Omniverse integration.

Setup Requirements

  • ⚠️Requires Pixar USD ('pxr') Python bindings, which can be complex to install and might need specific system configurations or pre-built binaries.
  • ⚠️The project is explicitly marked as 'WARNING totally WIP!!!' and 'not working in any meaningful way!!!' in the README, indicating it is not production-ready and may be unstable.
  • ⚠️Python 3.7+ is required.
Review RequiredView Analysis
The server allows direct file path manipulation for creating, opening, saving, and analyzing USD stages. If exposed to untrusted clients with broad file system permissions, this could lead to directory traversal, arbitrary file creation/overwrites, or resource exhaustion attacks. The project's README explicitly states it's 'totally WIP' and 'needs ~20 hours of polish (tests, CI, error handling) to meet enterprise standards,' indicating security is not yet mature. No obvious 'eval' or hardcoded secrets were found.
Updated: 2025-12-17GitHub
0
0
High Cost
HaolongChen icon

playwright-mcp-vercel

by HaolongChen

Sec3

Provides a REST API endpoint to proxy requests to the Playwright Model Context Protocol (MCP) tool, enabling serverless browser automation.

Setup Requirements

  • ⚠️Requires a Vercel account for serverless deployment.
  • ⚠️During cold starts in the serverless environment, `npx playwright-mcp` will likely download `playwright-mcp` and potentially Playwright browser binaries, leading to increased latency and resource consumption.
  • ⚠️The `package.json` specifies `main: "index.js"` and `start: "node index.js"`, but the provided server logic is in `server.js` and Vercel configuration explicitly points to `server.js` for deployment. This discrepancy could cause confusion for local development if `index.js` is a wrapper file not provided.
Review RequiredView Analysis
The server directly proxies arbitrary JSON payloads to the `playwright-mcp` tool via an unauthenticated API endpoint (`/mcp`). Crucially, the `server.js` code lacks input validation for the incoming MCP payload, which the `README` explicitly recommends as a security consideration. This allows any caller to execute arbitrary browser automation commands, potentially leading to malicious actions (e.g., unauthorized scraping, resource exhaustion, interaction with sensitive web services if the server has network access). Using `spawn` with `shell: true` can introduce shell injection risks, although in this specific case, the command (`npx playwright-mcp`) is static and user input is passed via stdin, reducing the immediate risk from command construction itself. Without authentication and robust input validation, this server is not safe for public exposure.
Updated: 2025-12-12GitHub
0
0
Medium Cost
felixtrz icon

iwsdk-rag-mcp

by felixtrz

Sec8

Provides a Model Context Protocol (MCP) server for AI assistants to perform semantic code search and understand the Immersive Web SDK (IWSDK) codebase using Retrieval-Augmented Generation (RAG) with vector embeddings.

Setup Requirements

  • ⚠️Requires Node.js version 20.19.0 or higher.
  • ⚠️pnpm is the recommended package manager for installation and development.
  • ⚠️The first run involves downloading a ~420MB embedding model (`jinaai/jina-embeddings-v2-base-code`) from Hugging Face, which can cause a slow initial startup.
  • ⚠️This is an MCP server designed for integration with tools like Claude Code/Desktop, not a standalone web service.
Verified SafeView Analysis
The ingestion pipeline uses `child_process.execSync` to clone the Immersive Web SDK repository from a hardcoded trusted URL (facebook/immersive-web-sdk) and to install/build its dependencies. While these commands are executed in a controlled build environment, any compromise of the IWSDK repository or its dependencies could theoretically lead to arbitrary code execution during the ingestion phase. The live server itself does not expose these powerful functionalities to external input. The embedding model is downloaded from Hugging Face on first run, from a specified and generally trusted model source (`jinaai/jina-embeddings-v2-base-code`). No hardcoded secrets or arbitrary `eval` usage were found.
Updated: 2026-01-16GitHub
0
0
Low Cost
JeanmarcoLujan icon

MCP-Server-y-SAP-B1

by JeanmarcoLujan

Sec3

Acts as a Smart Connector for SAP Business One (B1) by exposing a subset of its data via the Model Context Protocol (MCP), enabling integration with AI models or other MCP-compatible clients.

Setup Requirements

  • ⚠️Requires an active SAP HANA database instance with specified schema and valid credentials.
  • ⚠️Environment variables (HANA_HOST, HANA_PORT, HANA_USER, HANA_PASSWORD, HANA_DB_SCHEMA) must be configured for the application to connect to SAP HANA.
  • ⚠️The server is designed to be consumed by a Model Context Protocol (MCP) client or an LLM, not a generic HTTP client, requiring specific client-side integration.
Review RequiredView Analysis
CRITICAL: Hardcoded SAP HANA database credentials (username and password) found in 'test-hana.js'. This file should not contain sensitive information, especially if it could be accidentally deployed. CRITICAL: 'sslValidateCertificate' is set to 'FALSE' for SAP HANA connections in both the test file and the main HanaService, disabling essential SSL/TLS certificate validation. This makes the database connection highly vulnerable to Man-in-the-Middle (MITM) attacks and should be 'TRUE' in production. Positive: Uses environment variables for main service configuration, and parameterized queries in B1QueryService to prevent SQL injection. The SAP_SCHEMA whitelist is a good security practice for controlled data access.
Updated: 2025-12-01GitHub
0
0
High Cost
sanjanb icon

mcp-agent

by sanjanb

Sec9

A production-ready HR Assistant that answers HR policy questions using RAG, performs resume screening, and tracks onboarding tasks.

Setup Requirements

  • ⚠️Requires OpenAI or Gemini API Key (Paid) for AI responses, otherwise falls back to basic retrieval.
  • ⚠️Requires Streamlit for the user interface.
  • ⚠️Optional: Redis server for conversation caching; otherwise, an in-memory fallback is used.
  • ⚠️Python 3.8+ required.
  • ⚠️Embedding models (e.g., 'all-MiniLM-L6-v2') are downloaded on first use, which may cause an initial delay.
Verified SafeView Analysis
API keys are consistently retrieved from environment variables, which is good practice. Tool functions are called directly (no 'eval' or similar dynamic code execution). File handling for PDFs and text seems robust, relying on established libraries. The onboarding tool uses a threading lock for atomic JSON file writes, improving data integrity. Minor note on `sys.path.append` which is common in Python project setups but could pose a risk if the root path were untrusted. Overall, the project demonstrates a strong focus on secure coding practices.
Updated: 2025-12-03GitHub
PreviousPage 425 of 713Next