Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
jeremyhahn icon

go-objstore

by jeremyhahn

Sec7

Provides a multi-protocol object storage client designed for integration with AI tools and LLMs, exposing storage operations as defined tools.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for easy setup and integration tests.
  • ⚠️Requires Go 1.21+ for local development and building the server components.
  • ⚠️For production use with cloud backends (S3, GCS, Azure), proper cloud credentials must be configured securely via environment variables.
Verified SafeView Analysis
The MCP server uses environment variables for sensitive cloud credentials (e.g., AWS, GCS, Azure), which is standard practice but requires secure handling during deployment. The integration tests use insecure configurations (e.g., MinIO/Azurite test credentials, self-signed QUIC certs) which are acceptable for testing but would be security risks in production. There are no immediate signs of 'eval' or similar dangerous patterns in the provided server code snippets. Potential risks exist if the server is exposed publicly without proper TLS certificates and access controls.
Updated: 2026-01-01GitHub
0
0
Low Cost
dprince icon
Sec9

Managing and querying OpenStack Kubernetes custom resources (CRDs) via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Go 1.22 or higher required for building
  • ⚠️Requires access to a Kubernetes cluster with OpenStack operators installed
  • ⚠️Requires valid Kubeconfig or in-cluster Kubernetes configuration
Verified SafeView Analysis
The server interacts with a Kubernetes cluster via the standard Kubernetes API client-go library, requiring valid kubeconfig or in-cluster configuration. Its security relies heavily on the Kubernetes cluster's RBAC setup and the permissions granted to the service account or user associated with the kubeconfig. There are no obvious hardcoded secrets, 'eval' functions, or direct network listeners exposed by the MCP server itself (it communicates over stdio).
Updated: 2025-11-26GitHub
0
0
Low Cost
SethGame icon

mcp_flexsim

by SethGame

Sec3

Control FlexSim simulations using AI assistants via the Model Context Protocol (MCP) for digital twin integration and automated analysis.

Setup Requirements

  • ⚠️Requires Windows OS (FlexSim is Windows-only).
  • ⚠️Requires a local FlexSim installation and possibly an evaluation license.
  • ⚠️Python 3.12 is the default target version for FlexSimPy builds.
  • ⚠️Requires `uv` package manager for dependency management and script execution.
  • ⚠️Requires Microsoft Visual Studio with C++ development tools (MSBuild) to build the FlexSimPy C++ extension.
Review RequiredView Analysis
The `flexsim_evaluate` tool allows arbitrary FlexScript code execution via client requests, which can interact with the file system and FlexSim environment without apparent sanitization or access control. File operation tools (`flexsim_open_model`, `flexsim_save_model`, `flexsim_export_results`) accept arbitrary file paths, potentially leading to directory traversal or arbitrary file read/write vulnerabilities. The `flexsim_set_node_value` tool allows modification of arbitrary FlexSim model nodes, which could corrupt models or lead to unexpected behavior. This high level of client control over server-side actions, including script execution and file system access, presents significant security risks if the MCP client is untrusted or compromised.
Updated: 2025-11-30GitHub
0
0
Medium Cost
ehlowr0ld icon
Sec9

The Scratch Notebook MCP server provides named scratchpads, typed cells, validation, namespaces, and semantic search to organize ideas for AI assistants in any MCP-enabled workspace.

Setup Requirements

  • ⚠️Requires Python 3.12+ (specified in pyproject.toml).
  • ⚠️Semantic search components (e.g., sentence-transformers and its PyTorch dependency) may download large models on first run, impacting initial startup time.
  • ⚠️The `--storage-dir` argument or `SCRATCH_NOTEBOOK_STORAGE_DIR` environment variable is crucial for specifying where persistent data (scratchpads, embeddings) is stored.
Verified SafeView Analysis
The server's source code demonstrates good security practices including explicit optional bearer-token authentication for HTTP/SSE transports (defaulting to local-only binding without auth), safe YAML parsing (`yaml.safe_load`), and validation of configuration inputs. It does not appear to use dangerous dynamic code execution functions like `eval()` on arbitrary user input. The primary security consideration for operators is the `uvx` installation method which fetches code from a Git repository, requiring trust in the specified source to avoid supply chain risks.
Updated: 2025-11-21GitHub
0
0
Medium Cost
oluwaeinstein007 icon

MegaMind

by oluwaeinstein007

Sec1

A content ingestion and processing system for AI applications, capable of crawling web pages, parsing documents, chunking text, generating LLM embeddings, and storing data for semantic search.

Setup Requirements

  • ⚠️Requires paid LLM API Key (OpenAI or Google Gemini) for embeddings.
  • ⚠️Requires a Qdrant vector database instance (self-hosted or cloud-based) if `QDRANT_ENABLED=true`.
  • ⚠️Native C++ build tools required for `better-sqlite3` (e.g., Python, C++ compiler) for persistent storage; otherwise, it falls back to in-memory storage.
  • ⚠️Requires Playwright browsers to be installed (`npx playwright install`) for web crawling.
Review RequiredView Analysis
CRITICAL: The MCP server exposes tools like `INGEST_URL_TOOL` and `INGEST_FILE_TOOL` that accept arbitrary URLs for web crawling and arbitrary file paths for ingestion directly from the MCP client. This creates severe security vulnerabilities: 1. Server-Side Request Forgery (SSRF): An attacker could use `INGEST_URL_TOOL` to force the server to make requests to internal network resources, potentially disclosing sensitive information or exploiting internal services. 2. Local File Inclusion/Disclosure: An attacker could use `INGEST_FILE_TOOL` with paths like `/etc/passwd` or `../../.env` to read and ingest sensitive files from the server's filesystem. These tools lack explicit input validation or sanitization within the provided code, making them highly dangerous if exposed to untrusted input. The `transportType: 'stdio'` might mitigate direct network exposure, but a compromised MCP client or malicious input via the stdio channel still poses these risks.
Updated: 2025-12-11GitHub
0
0
Medium Cost
Brainwires icon

mcp-secure-shell

by Brainwires

Sec8

Enables AI agents to execute shell commands and transfer files on remote hosts via SSH/SFTP, acting as an MCP server.

Setup Requirements

  • ⚠️Requires SSH key-based authentication to be configured for target hosts.
  • ⚠️SFTP must be enabled on remote servers for file transfer (e.g., `Subsystem sftp internal-sftp` in sshd_config).
  • ⚠️Requires Rust toolchain for building/installation.
Verified SafeView Analysis
The server uses standard and robust SSH/SFTP libraries, enforcing key-based authentication and host key verification against ~/.ssh/known_hosts. The primary security consideration is the inherent risk of allowing an AI agent to execute arbitrary commands on remote hosts, which grants it significant power. Users must ensure their SSH configurations, key management, and remote access policies are secure, as the server operates within these established SSH security contexts rather than introducing new vulnerabilities.
Updated: 2025-12-14GitHub
0
0
High Cost
hackersatyamrastogi icon

Cyber_MCPs

by hackersatyamrastogi

Sec3

This project provides a collection of Model Context Protocol (MCP) servers that integrate various security tools, enabling AI assistants to perform security assessments through natural language interactions.

Setup Requirements

  • ⚠️Requires various external security tools (e.g., Nmap, Nuclei, SQLmap) to be installed on the system where the MCP server runs.
  • ⚠️Some tools (e.g., SQLmap, Commix, ScoutSuite) require Python to be installed.
  • ⚠️Specific servers require API keys or credentials configured via command-line arguments (e.g., MobSF) or environment variables (e.g., Nessus if not in mock mode).
  • ⚠️The `scoutsuite` server is vulnerable to arbitrary code execution due to its method of parsing external tool output.
Review RequiredView Analysis
The server explicitly warns about critical security risks including command injection, privilege escalation, network exposure, and data exfiltration. While most tool wrappers use `child_process.spawn` or `node-pty.spawn` with array arguments (which is generally safer against shell injection than string interpolation) and inputs are validated with Zod, a severe vulnerability exists in the `scoutsuite` server. It uses `vm.runInContext()` to execute JavaScript code read directly from a file generated by the external `ScoutSuite` tool. If this external file (`scoutsuite_results_*.js`) were compromised or contained malicious JavaScript, it would lead to arbitrary code execution within the MCP server's Node.js process. No obvious hardcoded secrets were found, but some tools require API keys/credentials as arguments or environment variables. The inherent nature of these security tools involves network interaction and can require elevated privileges, as extensively detailed in the project's `SECURITY.md`.
Updated: 2025-12-05GitHub
0
0
High Cost
33jrdd icon

uc-mcp

by 33jrdd

Sec8

Programmatically interact with the UnknownCheats forum, bypass Cloudflare protection, and extract structured data including thread content and code blocks.

Setup Requirements

  • ⚠️Requires Google Chrome installed locally.
  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Opens a visible Chrome browser window (due to `headless: false`).
Verified SafeView Analysis
The server uses `puppeteer-real-browser` to control a local Chrome instance, which introduces dependency on Chrome's security and the websites it navigates. The `performLogin` function handles sensitive credentials (username/password) provided by the LLM, but these are not hardcoded. Session cookies are saved locally to `cookies.json`, which could be a sensitive file if not properly secured on the host system. No direct use of `eval` or malicious patterns observed in the provided core source code, though `pac-resolver` (a dependency) uses `degenerator` which can dynamically generate functions for PAC file processing.
Updated: 2026-01-19GitHub
0
0
Medium Cost
eagleisbatman icon

agrivision-mcp-server

by eagleisbatman

Sec9

AI-powered plant disease and health diagnosis using vision models via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Google Gemini API Key (Paid service)
  • ⚠️Requires Node.js runtime (>=18.0.0)
  • ⚠️Relies on an external Crops API for dynamic crop lists (with fallback)
Verified SafeView Analysis
The server demonstrates good security practices. It loads API keys from environment variables, performs robust input validation (image format, size, guardrails for content safety), configures CORS, and implements timeouts for external API calls to prevent hanging. Error handling is structured to avoid exposing internal details. There is no evidence of 'eval', obfuscation, or direct command injection vulnerabilities in the provided source code.
Updated: 2025-12-05GitHub
0
0
Low Cost
mobilebiz icon

vonage-mcp-server

by mobilebiz

Sec3

Provides Vonage SMS, CSV bulk SMS, and voice call functionalities as a Model Context Protocol (MCP) server for AI assistants.

Setup Requirements

  • ⚠️Requires Node.js version 22.0.0 or higher.
  • ⚠️Requires manual setup of Vonage Application ID, Private Key file, and Voice Call From Number as environment variables.
  • ⚠️The HTTP API wrapper, if exposed publicly, has a critical authentication vulnerability as it uses the non-secret Vonage Application ID as an API key.
Review RequiredView Analysis
The HTTP wrapper (`src/http-server.ts`), designed for integration with external applications like Dify, uses `process.env.VONAGE_APPLICATION_ID` as the API key for authentication (`X-API-KEY` header). As the `VONAGE_APPLICATION_ID` is an identifier and not a secret, it can be easily discovered or exposed, leading to unauthorized access and control of Vonage services (SMS sending, voice calls) through the server's HTTP endpoints. While private keys are loaded from files and other secrets via environment variables, this weak authentication for HTTP exposure is a critical vulnerability. No signs of 'eval', obfuscation, or other overt malicious patterns were found. For local usage via StdioServerTransport (e.g., with Claude Desktop), the immediate network exposure risk is significantly lower.
Updated: 2025-12-10GitHub
0
0
Medium Cost
ishtiaque05 icon

rubocop-mcp-server

by ishtiaque05

Sec9

Provides Ruby RuboCop and Rails linting capabilities to AI assistants via the Model Context Protocol (MCP) for code quality and auto-correction.

Setup Requirements

  • ⚠️Requires RuboCop and rubocop-rails gems to be installed via `gem`.
  • ⚠️Requires Node.js version >= 20.17.0.
  • ⚠️Requires Yarn package manager for installation.
Verified SafeView Analysis
The server executes external `rubocop` commands using `child_process.execFile`. Arguments passed to `rubocop` (like file paths, cop names) are constructed from user input. `execFile` is generally safer than `exec` as it prevents shell injection by not interpreting arguments as shell commands. The risk of command injection is low, assuming the `rubocop` binary itself is trusted and the arguments passed are treated as literal strings by `rubocop`. No hardcoded secrets or direct network listen ports are identified, as it primarily communicates via standard I/O.
Updated: 2025-12-18GitHub
0
0
Low Cost
arunkumar-maker icon

test-remote-mcp-server

by arunkumar-maker

Sec9

This server provides a simple calculator API for basic arithmetic operations and random number generation.

Setup Requirements

  • ⚠️Python 3.12+ only
  • ⚠️Requires fastmcp library
Verified SafeView Analysis
The server's source code is simple and performs basic arithmetic and random number generation. There are no obvious signs of 'eval' or similar dangerous functions, obfuscation, or hardcoded secrets. The 'os' module is imported but not utilized, minimizing potential system-level risks. The server binds to 0.0.0.0, which is standard for accessibility but implies it will be reachable from external networks if deployed without proper firewalling. Given its limited functionality, the attack surface is minimal.
Updated: 2026-01-19GitHub
PreviousPage 427 of 713Next