Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
botdojo-ai icon

mcp-app-proxy

by botdojo-ai

Sec6

Securely sandboxes and renders interactive UI components (MCP Apps) from various sources within a double-iframe architecture for chat conversations, ensuring isolation from the host application.

Setup Requirements

  • ⚠️Requires Node.js and npm/yarn for setup and execution (standard for Next.js).
  • ⚠️Understanding and explicitly configuring Content Security Policy (CSP) is critical, as default settings are permissive for `script-src` and network `connect-src`, requiring host override for sensitive applications.
  • ⚠️CORS configuration might be needed depending on the deployment environment and the host application's origin.
Verified SafeView Analysis
The architecture leverages a double-iframe setup and different origins for strong isolation from the host application. It enforces Content Security Policy (CSP), but the `DEFAULT_CSP` is permissive, including `script-src 'unsafe-inline' 'unsafe-eval'` and `connect-src *`, `frame-src *`. While this is acknowledged and allows for broad widget compatibility, it significantly lowers the default security posture against XSS within the sandboxed app if a stricter CSP is not explicitly provided by the host. Responsibility for message validation and external link approval is shifted to the host application. The caching mechanism through `/api/cache/[key]` appears to handle key decoding robustly for resource identifiers, not file paths.
Updated: 2025-12-28GitHub
0
0
Medium Cost
Kaiohz icon
Sec9

This server acts as a proxy for the Perplexica search API, allowing Large Language Models (LLMs) to perform web searches and receive AI-generated responses with source citations via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a separate, running Perplexica instance (self-hosted or otherwise).
  • ⚠️Requires Python 3.11+.
  • ⚠️Requires configuration of crucial environment variables (e.g., Perplexica URL, model provider IDs) in a `.env` file for proper functionality.
Verified SafeView Analysis
The server's source code does not contain 'eval', code obfuscation, or hardcoded secrets. It relies on standard libraries (httpx, pydantic) and follows a clean hexagonal architecture. Configuration is loaded from environment variables. The primary network risk would stem from misconfiguring 'PERPLEXICA_URL' to point to an untrusted service, or from vulnerabilities within the proxied Perplexica instance itself, which is outside the scope of this server's direct code. Given it is a proxy, its overall security is inherently tied to the security of the Perplexica service it connects to.
Updated: 2025-12-15GitHub
0
0
Low Cost
NaderZniti icon

mcp-server-symfony

by NaderZniti

Sec7

Facilitates AI-powered management and task execution for Symfony applications via GitHub Copilot integration in VS Code.

Setup Requirements

  • ⚠️Requires PHP 8.1+ and Composer.
  • ⚠️Specific Windows OS for optimal HTTP transport (though conceptually usable on other OS with different transport).
  • ⚠️VS Code with GitHub Copilot and manual 'mcp.json' configuration are essential for integration.
Verified SafeView Analysis
The server exposes specific, explicitly defined tools to an AI agent (GitHub Copilot). While this approach limits arbitrary command execution, custom tools require careful implementation to prevent vulnerabilities from malicious input. Secrets are handled via environment variables, and the server binds to localhost by default, reducing external attack surface. No direct 'eval' or obvious arbitrary command injection found in the provided snippets.
Updated: 2025-11-27GitHub
0
0
Medium Cost
chun-wei0413 icon

mcp-registry

by chun-wei0413

Sec4

Provides a RAG-based intelligent knowledge management system for AI assistants to manage development knowledge.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires initial download of a 600MB embedding model (google/embeddinggemma-300m), which takes 5-10 minutes on first run.
  • ⚠️Potential for Local File Inclusion/Arbitrary File Read if AI agent input is not strictly constrained and the server process is not sandboxed.
Review RequiredView Analysis
The `store_document` and `batch_index_folder` tools allow the AI agent to specify `file_path` and `source_dir` respectively, which can be relative or absolute paths on the server's filesystem. If the AI agent (which is controlled by user prompts) is not sufficiently sandboxed or the prompts are not strictly guarded against path manipulation, this creates a critical Local File Inclusion (LFI) or arbitrary file read vulnerability. An attacker could potentially instruct the AI agent to read sensitive files from the server's host system. This necessitates robust external security measures (e.g., Docker volume restrictions, AppArmor profiles, strict LLM prompt engineering, or an intermediary validation layer) beyond the application's default configuration. The server also binds to 0.0.0.0:3031, requiring firewalling in production.
Updated: 2026-01-05GitHub
0
0
Medium Cost
PostIdentity icon

mcp-server

by PostIdentity

Sec9

The PostIdentity MCP server enables AI assistants to generate, refine, and manage social media posts using user-defined personas and content from the PostIdentity platform.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run locally.
  • ⚠️Requires a PostIdentity account.
  • ⚠️Requires a PostIdentity API Key (or legacy access token) obtained from the PostIdentity website for authentication.
Verified SafeView Analysis
The server uses token-based authentication (API keys or access tokens) with a Supabase backend. API keys are exchanged for short-lived JWTs, which are then used for all authenticated requests. Data access is enforced with Row Level Security (RLS) by explicitly filtering queries by user_id and requiring a valid Authorization header. There is no usage of 'eval' or obvious code obfuscation. The Supabase anonymous key is hardcoded, which is typical for client-side applications connecting to Supabase and is not a security risk as it grants only anonymous, public access. All sensitive operations are guarded by the user's authenticated token.
Updated: 2026-01-14GitHub
0
0
Low Cost
ankitpal181 icon

toon-parse-mcp

by ankitpal181

Sec8

Optimizes LLM token usage by stripping non-essential context from code files and converting various data formats to compact TOON (Token-Oriented Object Notation).

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Manual configuration in JSON files is required for several AI agents (e.g., Cursor, Windsurf, Antigravity, Claude Desktop).
  • ⚠️Requires `mcp` and `toon-parse` Python libraries to be installed in the environment where the server runs.
Verified SafeView Analysis
The server includes a tool (`read_and_optimize_file`) that processes user-provided file paths. While the code for optimization itself appears safe (no direct `eval` or shell execution), an unconstrained or malicious LLM could potentially instruct the server to read sensitive local files from the filesystem. The server relies on the `toon-parse` library for its core optimization logic; its security is assumed. No hardcoded secrets or direct network risks were identified.
Updated: 2026-01-17GitHub
0
0
High Cost
w2112515 icon

cpso-mcp-server

by w2112515

Sec8

Enterprise-grade recursive multi-agent orchestration framework for strategic planning and decision support, leveraging large language models for complex business processes.

Setup Requirements

  • ⚠️Requires either ANTHROPIC_API_KEY or OPENAI_API_KEY (paid services) to be configured as environment variables.
  • ⚠️Redis is used for state persistence if REDIS_URL is configured; otherwise, state persistence is disabled, which might be an unexpected behavior if not explicitly aware.
  • ⚠️PDF/DOCX ingestion requires optional libraries (PyPDF2/pdfplumber for PDF, python-docx for DOCX) which are not explicitly listed in `api/requirements.txt` but are mentioned as conditional imports.
Verified SafeView Analysis
No 'eval' or malicious patterns found. API keys are handled via environment variables. The server uses a broad CORS policy (allow_origins=['*']), which is common for public APIs but could be tightened depending on deployment context. External web searches (DuckDuckGo) are performed, which is an expected function but relies on external services.
Updated: 2025-12-04GitHub
0
0
Medium Cost
small-xiexu icon
Sec8

An AI agent tool server implementing Model Context Protocol (MCP) to provide various functionalities for AI models, such as system information retrieval, database exports, weather queries, and CSDN article publishing.

Setup Requirements

  • ⚠️Requires a MySQL database for the database export functionality to work.
  • ⚠️CSDN article publishing requires manual setup of API keys/signatures via environment variables (CSDN_CA_KEY, CSDN_CA_NONCE, CSDN_CA_SIGNATURE) and a local cookie.json file.
  • ⚠️The Druid monitoring UI (http://localhost:8080/druid) is inaccessible by default because the Spring Boot web server type is set to 'none' to avoid interfering with MCP's STDIO communication.
Verified SafeView Analysis
The server implements robust multi-layered security for database operations, including a business-layer SQL validator and a Druid SQL firewall, explicitly blocking write/DDL operations and SQL injection vectors. File path validation prevents path traversal attacks during CSV export. CSDN API authentication secrets (cookies, x-ca-* headers) are externalized to local files and environment variables, avoiding hardcoding. The `ComputerService` executes fixed system commands (`systeminfo`, `system_profiler`, `lshw`) which inherently carry environmental risks but are not directly exploitable via user input in this implementation. The default 'admin'/'admin123' credentials for the Druid monitoring page are a minor weakness, though the web server and thus the monitoring UI are disabled by default in `application.yml` for MCP server's STDIO communication model.
Updated: 2026-01-19GitHub
0
0
Medium Cost
danialiscool icon
Sec9

Interact with 200+ AI models via OpenRouter directly from the Gemini CLI, providing a standardized interface for model exploration and prompting.

Setup Requirements

  • ⚠️Requires an OpenRouter API Key, which may incur costs depending on selected models.
Verified SafeView Analysis
The server demonstrates good security practices: API keys are handled securely via environment variables and Gemini CLI's native keychain integration, robust input validation (`MAX_PROMPT_LENGTH`) is applied, and network calls include resilient error handling with timeouts, retries, and rate limit awareness (429 status code handling). No 'eval' or malicious patterns were found. Caching is handled locally with error recovery for corrupted files.
Updated: 2026-01-16GitHub
0
0
Low Cost
pawneetdev icon

binance-mcp

by pawneetdev

Sec9

Enables Claude Desktop to interact with the Binance Spot API for market data, account management, and trading operations.

Setup Requirements

  • ⚠️Requires Binance API credentials (API Key and Secret) which involve real money trading risks.
  • ⚠️Manual configuration of Claude Desktop is required, including correctly identifying and specifying absolute paths to the Python interpreter and server script.
  • ⚠️The 'rest-to-mcp-adapter' package is a core dependency but is not explicitly listed in the 'Installation' `pip install` steps in the README, implying it needs to be installed separately or is a known prerequisite.
Verified SafeView Analysis
The server uses standard HMAC-SHA256 authentication for Binance API, handling API keys and secrets via environment variables (.env file) which is a good practice. It explicitly warns against committing credentials and outlines security best practices like API key restrictions and IP whitelisting. No obvious malicious patterns or unsafe functions like 'eval' were found in the provided code. The reliance on external API interactions and proper credential management by the user are the primary security considerations.
Updated: 2025-11-25GitHub
0
0
Medium Cost
sathishkannan162 icon

simple-mcp-server

by sathishkannan162

Sec2

An MCP server that exposes PostgreSQL table schemas as resources and provides a tool to execute read-only SQL queries against the database.

Setup Requirements

  • ⚠️Requires a PostgreSQL database instance to be running.
  • ⚠️Requires DATABASE_URL environment variable to connect to PostgreSQL.
Review RequiredView Analysis
The 'execute-read-queries' tool directly executes user-provided SQL queries using `client.query(sql)`. While it attempts to wrap queries in a `READ ONLY` transaction, this is a critical security risk. A malicious actor could craft complex read queries to perform denial-of-service (e.g., resource-intensive queries, long-running operations), extract large volumes of sensitive data, or otherwise exploit database-specific read vulnerabilities. Additionally, the server exposes access to `information_schema` tables, which could provide valuable reconnaissance for an attacker.
Updated: 2025-11-19GitHub
0
0
High Cost
openpharma-org icon

opentargets-mcp

by openpharma-org

Sec9

Accessing Open Targets platform data for gene-drug-disease associations research via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js (version 18+ recommended by SDK dependencies).
  • ⚠️The TypeScript project must be built (`npm install && npm run build`) before the server can be run.
Verified SafeView Analysis
The server uses Zod and custom type guards for input validation, which helps mitigate injection risks. GraphQL queries are structured and use variables, preventing direct arbitrary query injection. There are no hardcoded secrets, and the external API is specified as requiring no authentication. No 'eval' or malicious patterns were identified. A minor efficiency concern exists for search methods as they fetch all hits from the Open Targets API before client-side slicing, potentially retrieving more data than necessary over the network for the specific tool call, but this is not a direct security vulnerability.
Updated: 2025-12-22GitHub
PreviousPage 432 of 713Next