Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
TomsTools11 icon

tomsmcps-v2

by TomsTools11

Sec9

A static directory website for Model Context Protocol (MCP) servers, allowing users to browse, filter, and search through a curated list of tools and their GitHub repositories.

Setup Requirements

  • ⚠️Requires Node.js version 20 (specified in `netlify.toml` and implicitly by `package.json` dev dependencies).
  • ⚠️Data is sourced from `mcp-directory.csv` at build time; changes require re-running `npm run process-csv` and re-building.
Verified SafeView Analysis
The application is a static site generated from a CSV file. Data processing occurs at build time using `scripts/process-csv.ts`, not at runtime with user-supplied data. Client-side search (Fuse.js) is generally safe. External links to GitHub repositories are explicitly labeled and open in new tabs, a standard practice for directories and not a direct vulnerability of the site itself. No obvious dynamic server-side code execution or `eval` calls that process user input.
Updated: 2025-12-02GitHub
0
0
Medium Cost
ex-takashima icon

glm-image-mcp-server

by ex-takashima

Sec9

MCP server and CLI tool for generating images using Z.AI's glm-image model.

Setup Requirements

  • ⚠️Requires Z.AI API Key (Paid service, user responsible for costs).
  • ⚠️Node.js version 18.0.0 or higher is required.
  • ⚠️TypeScript compilation (npm run build) is required before running.
Verified SafeView Analysis
The code explicitly implements path traversal protection using `isPathWithinDirectory` and `getSafeOutputPath` when downloading and saving images, which is a strong security measure. API keys are loaded from environment variables (`process.env.Z_AI_API_KEY`) and checked for existence, preventing hardcoded secrets. No use of `eval` or obvious obfuscation was found. The main network risks are standard API calls and image downloads, handled by the `axios` library with reasonable timeouts. Overall, the server appears to be developed with good security practices.
Updated: 2026-01-17GitHub
0
0
High Cost
phisad icon
Sec3

A system where an LLM can query local research papers/notes through a custom MCP server.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️An LLM model must be configured via the 'agent_model' environment variable (e.g., pointing to an Anthropic model, which would require an ANTHROPIC_API_KEY).
  • ⚠️To use the research assistant CLI (`resi`), the MCP PDF server must be running separately, typically by executing `resi --start-server` in another terminal.
Review RequiredView Analysis
The `read_pdf` tool uses `Path.cwd() / file_name` without proper sanitization of `file_name`. This creates a path traversal vulnerability where an attacker, through LLM prompt injection, could craft `file_name` (e.g., `../sensitive_file.txt`) to read arbitrary files on the system that the running process has permissions to access, as long as the file exists and is recognized as a PDF (the suffix check is simple and could potentially be bypassed or irrelevant if the goal is to read non-PDFs).
Updated: 2026-01-18GitHub
0
0
Medium Cost
ShivamPansuriya icon

MCP-server-Python

by ShivamPansuriya

Sec2

A modular, scalable system for resolving natural language entity names to IDs using Elasticsearch fuzzy matching with disambiguation support, acting as a backend for AI agents.

Setup Requirements

  • ⚠️Requires a running and pre-populated Elasticsearch instance (default: localhost:9200) with specific ITSM entity indices.
  • ⚠️Requires a running external 'Motadata ITSM server' for the Form Schema API (dynamic tool generation) and WebSocket API (real-time cache updates).
  • ⚠️Requires valid OAuth2 client credentials (client ID, client secret, access token) for WebSocket and dynamic tool generation.
  • ⚠️The codebase contains an active SSL certificate verification bypass (`verify=False`) and hardcoded authentication tokens, which are significant security risks for production.
Review RequiredView Analysis
Critical vulnerability: `api_client.py` disables SSL certificate verification (`verify=False`) for `httpx.AsyncClient`, making the system vulnerable to Man-in-the-Middle (MITM) attacks. Hardcoded secret: `websocket_client.py` contains a hardcoded `client_secret` ("IZqQXkqA1tGLIBRpYs"). Active hardcoded test token: `dynamic_tool_middleware.py` uses a hardcoded authentication token for all requests (`on_list_tools`, `on_call_tool`), bypassing normal authentication, which is a major security flaw even if intended for testing. Exposure risk: Elasticsearch and WebSocket server credentials/endpoints are used; their security depends on the external infrastructure.
Updated: 2025-12-01GitHub
0
0
Low Cost
Matcham89 icon
Sec6

This server acts as a management layer for a 'kagent' binary, providing an API to retrieve agent configuration and manage its lifecycle within an ArgoCD or similar Kubernetes control plane environment.

Setup Requirements

  • ⚠️Requires the 'kagent' binary to be installed and accessible in the system's PATH.
  • ⚠️Requires an `agent-config.yaml` file to be present and correctly configured for the server to operate.
  • ⚠️The Node.js dependencies must be installed (e.g., via `npm install`).
Verified SafeView Analysis
The server uses `child_process.spawn` to execute the `kagent` binary and `fs.writeFileSync` to manage configuration files (`kagent-config.yaml`). While the shown commands for `kagent` are specific (`config validate`, `config generate`, `config get`), the general use of external process execution and file writing with inputs requires rigorous validation to prevent command injection or arbitrary file write vulnerabilities. The `/agentconfig` endpoint exposes the agent's configuration, which could be an information disclosure risk if sensitive data is present in `agent-config.yaml`.
Updated: 2025-12-01GitHub
0
0
Low Cost
yadav-prakhar icon

MCP-Capabilities-Server

by yadav-prakhar

Sec9

An MCP server designed to inform clients about the server's protocol version and reflect the connected client's capabilities in a structured format.

Setup Requirements

  • ⚠️Requires an MCP client to interact with the server, as it communicates exclusively over stdio and is not a standalone web service.
Verified SafeView Analysis
The server's functionality is limited to reporting version information and client capabilities, which are derived from internal state and the initial client handshake. There are no direct usages of dangerous functions like `eval` or `child_process.exec` with unsanitized user input. Input parameters for tools are strictly defined (e.g., 'format' enum). Communication over stdio is typically secure when the client is trusted, but it's not a general network service vulnerability. No hardcoded secrets or sensitive patterns were identified.
Updated: 2025-12-14GitHub
0
0
Low Cost
avalooran icon

prompt-mcp-server

by avalooran

Sec8

Serves as a gateway for managing and retrieving a custom prompt library for AI applications.

Setup Requirements

  • ⚠️Requires a running API server at `CUSTOM_PROMPTZ_API_URL` (default: http://localhost:8000)
  • ⚠️Requires `fastmcp` and `requests` Python packages to be installed
Verified SafeView Analysis
The server acts as a proxy to an external API defined by CUSTOM_PROMPTZ_API_URL. While the current code does not show direct command execution or unsafe `eval` usage, its overall security is heavily dependent on the trustworthiness and security of the `CUSTOM_PROMPTZ_API_URL` backend it interacts with. No hardcoded secrets were found.
Updated: 2025-11-20GitHub
0
0
Medium Cost
aturlov-alta icon

fabric-mcp

by aturlov-alta

Sec9

Facilitates AI assistant interaction with Microsoft Fabric data and resources (workspaces, lakehouses, tables, SQL queries) via a Model Context Protocol server for GitHub Copilot in VS Code.

Setup Requirements

  • ⚠️Requires ODBC Driver 17 (or 18) for SQL Server (external system-level installation, not pip-installable).
  • ⚠️Requires Python 3.12+.
  • ⚠️Service Principal authentication requires Azure AD app registration and administration to grant Fabric permissions.
Verified SafeView Analysis
The server implements robust input validation for SQL identifiers (table names, schema names) to prevent SQL injection in tools that construct SQL queries (e.g., `get_table_schema`, `get_table_sample_data`). The `execute_custom_sql_query` tool explicitly allows execution of arbitrary SQL, placing responsibility for query safety on the user (and the AI crafting the query), but this is a feature, not a vulnerability in the server's parsing. Authentication tokens are handled by MSAL, with interactive mode caching tokens locally (with a warning not to share), and service principal mode requiring secrets via environment variables, which the documentation strongly advises against committing to version control. No 'eval' or malicious patterns were found. The primary security risk lies in the permissions granted to the authenticated user/service principal, rather than vulnerabilities in the server's code itself.
Updated: 2025-12-06GitHub
0
0
Medium Cost
Jaypeg-dev icon

nextcloud-mcp

by Jaypeg-dev

Sec9

Enables AI models to interact with Nextcloud services (tasks, calendar, notes, email) via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires specific Nextcloud apps installed: Tasks, Calendar, Notes, and optionally Mail.
  • ⚠️Mandates the use of a Nextcloud 'app password' for security, not the main user password.
  • ⚠️Nextcloud URL, username, and app password must be provided as environment variables (NEXTCLOUD_URL, NEXTCLOUD_USERNAME, NEXTCLOUD_PASSWORD).
  • ⚠️When configuring for Claude Desktop, the path to the `build/index.js` file must be an absolute file system path.
Verified SafeView Analysis
The server correctly uses environment variables for Nextcloud credentials and explicitly recommends using app passwords, not main user passwords. It communicates via stdio, avoiding direct network exposure. Requests to Nextcloud use HTTPS and basic authentication. Input schemas for tools provide a degree of validation against malformed inputs. Basic XML parsing for CalDAV responses is used, which, while not a full XML parser, is applied to expected structured data.
Updated: 2025-11-23GitHub
0
0
Low Cost
sumit1612 icon

yt-obsidian-mcp

by sumit1612

Sec9

Archives YouTube videos to an Obsidian vault, extracting metadata and transcripts, generating summaries, and applying hierarchical, semantic tags for structured knowledge management.

Setup Requirements

  • ⚠️Requires absolute path for 'VAULT_ROOT' environment variable or in 'config.toml' (critical for server startup).
  • ⚠️Requires manual configuration in Claude Desktop's 'claude_desktop_config.json' with absolute paths to the repository and vault.
  • ⚠️Python < 3.11 requires 'tomli' package for TOML configuration (handled by dependencies, but notable).
Verified SafeView Analysis
The system includes strong path traversal protection within its FilesystemAdapter, ensuring all file operations are constrained to the configured Obsidian vault root. It communicates via stdio (standard input/output), which inherently limits direct network attack surfaces. Configuration is handled through TOML or environment variables, avoiding hardcoded secrets. Standard and well-maintained external libraries (yt-dlp, youtube-transcript-api) are used. No 'eval' or other dangerous patterns were detected.
Updated: 2025-12-12GitHub
0
0
Low Cost
sebetc4 icon
Sec8

A scalable Rust MCP (Model Context Protocol) server template for AI model integration.

Setup Requirements

  • ⚠️Requires Rust 2024 edition or later and Cargo package manager.
  • ⚠️TCP transport requires raw JSON-RPC messages (not HTTP) and a specific `initialize` and `notifications/initialized` handshake sequence.
  • ⚠️For production use, TCP and HTTP transports require external authentication/TLS mechanisms as they are not built-in.
Verified SafeView Analysis
The server's architecture appears robust with good isolation (Tokio tasks per connection) and structured input parsing (`serde`, `schemars`). It explicitly warns that TCP and HTTP transports lack built-in authentication and encryption, advising users to add these layers for production or bind to localhost. This transparency and explicit documentation are positive. There are no obvious 'eval'-like constructs or hardcoded secrets. Input validation for tools is present, reducing injection risks. The HTTP transport enables CORS by default, which is convenient for development but might require stricter configuration in production.
Updated: 2025-12-11GitHub
0
0
Low Cost
bioanywhere icon

mcp-base-mcp

by bioanywhere

Sec5

Provides on-chain interaction capabilities for AI applications with the Base network and Coinbase API, enabling direct financial and blockchain operations.

Setup Requirements

  • ⚠️Requires Coinbase Developer Platform API keys (Key Name and Private Key) for core functionality, which must be obtained from the Coinbase Developer Portal.
  • ⚠️Requires a wallet seed phrase for performing any wallet-related operations (e.g., transfers, contract deployments, NFT transfers). This sensitive phrase is stored locally in plaintext within configuration files or the `.env` file.
  • ⚠️Specific functionalities require additional API keys: Alchemy API Key for NFT features, Coinbase Project ID for onramp functionality, OpenRouter API Key for buying credits, and Neynar API Key for Farcaster username resolution.
Verified SafeView Analysis
The server handles highly sensitive information including Coinbase API keys (Key Name and Private Key) and a wallet seed phrase. The `base-mcp --init` command writes these credentials in plaintext to local client configuration files (e.g., `claude_desktop_config.json` for Claude Desktop, `mcp.json` for Cursor) or directly into the `.env` file. This storage method poses a significant risk if the user's local machine or these configuration files are compromised, as it could lead to unauthorized access and control over financial assets. While the code itself does not contain obvious malicious patterns or arbitrary code execution vulnerabilities like `eval`, it performs direct `sendTransaction` calls based on AI-generated requests, which can lead to irreversible financial operations. Users must exercise extreme caution and maintain strong local machine security. The server also integrates with several third-party APIs (Alchemy, OpenRouter, Neynar, Morpho GraphQL), inheriting their respective security postures.
Updated: 2025-12-10GitHub
PreviousPage 430 of 713Next