Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Shekhar-Mehla icon

fast_mcp_server_training

by Shekhar-Mehla

Sec8

A basic demonstration server for exposing a simple arithmetic function as an API endpoint using the FastMCP framework.

Setup Requirements

  • ⚠️Python 3.12+ only
Verified SafeView Analysis
The server uses broad CORS settings (allow_methods=['*'], allow_headers=['*']) which, while suitable for a demo, should be tightened in a production environment. No 'eval' or obvious malicious patterns were found in the provided code snippet. No hardcoded secrets detected.
Updated: 2025-12-02GitHub
0
0
Medium Cost
12dit152 icon
Sec8

This server acts as a Spring AI Model Chat Protocol (MCP) server, exposing specific tools for an AI model to interact with external services.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) (typically 17 or newer for modern Spring Boot applications).
  • ⚠️Requires a build tool like Maven or Gradle to compile and run the application.
  • ⚠️While runnable locally, the inclusion of 'LambdaHandler' indicates it's primarily designed for deployment on AWS Lambda, implying AWS account setup and configuration for production use.
Verified SafeView Analysis
The server itself does not contain obvious direct vulnerabilities like arbitrary code execution via 'eval' or hardcoded sensitive secrets. The 'about_samar_dash' tool makes an external HTTP call to 'https://samardash.com'. The primary security risk lies in the trustworthiness and content returned by this external endpoint, as its output is fed directly to the AI model. If 'samardash.com' were compromised or returned malicious/unintended content, it could potentially influence the AI's responses. However, this is a data integrity concern from an external source rather than an inherent code execution vulnerability within the server's codebase.
Updated: 2026-01-07GitHub
0
0
Medium Cost
AdityaShekhawat16 icon

MCP_SERVER_LOCAL_FILES_ACCESS

by AdityaShekhawat16

Sec3

A local server providing AI agents with tools for CRUD operations on files (text, PDF, DOCX) and SQLite databases within a designated workspace.

Setup Requirements

  • ⚠️Requires `fastmcp` library to be installed.
  • ⚠️Requires `pypdf` for PDF file processing functionality.
  • ⚠️Requires `python-docx` for DOCX file processing functionality.
Review RequiredView Analysis
The `run_sql_query` function is critically vulnerable to SQL injection as it directly executes user-provided SQL queries without parameterization. An agent (or attacker) could craft malicious queries to read, modify, or delete database contents beyond intended scope. While directory traversal for file system operations is adequately handled by `_get_safe_path`, this does not protect against the database vulnerability. The ability to delete arbitrary files within the `TARGET_FOLDER` also presents a risk if an agent is compromised, even if confined to the target directory.
Updated: 2025-11-25GitHub
0
0
High Cost
gmoigneu icon

newsblaster-mcp

by gmoigneu

Sec9

A Symfony 8 application that aggregates daily news from YouTube videos on specific topics using AI, generating summaries, and storing reports, with an MCP server to expose this data to AI assistants.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid, for AI summarization)
  • ⚠️Requires YouTube Data API Key (Google Cloud Project, subject to quotas)
  • ⚠️Requires PostgreSQL and Redis to be running for database and message queueing
  • ⚠️Transcript fetching relies on an external, unauthenticated third-party API (yt.lemnoslife.com), which may be unreliable or subject to rate limits.
Verified SafeView Analysis
ANTHROPIC_API_KEY and YOUTUBE_API_KEY are correctly loaded from environment variables. Transcript fetching relies on an external, unauthenticated third-party service (yt.lemnoslife.com), which, while its output is sanitized (`html_entity_decode`, `strip_tags`), introduces a dependency on an external party for data integrity and reliability. No 'eval' or blatant malicious patterns found. Doctrine ORM is used for database interactions, mitigating SQL injection risks.
Updated: 2025-11-28GitHub
0
0
Medium Cost
SilVerBell0109 icon

etirement-planning-mcp

by SilVerBell0109

Sec8

Provides a comprehensive AI-powered retirement planning system, offering services for asset accumulation, investment strategy, and tax-efficient withdrawal planning tailored for the Korean market.

Setup Requirements

  • ⚠️Docker Desktop required
  • ⚠️Claude Desktop required for integration
  • ⚠️Python 3.11+ required
  • ⚠️pykrx library required for real-time market data features (for Tooja server)
Verified SafeView Analysis
The server is designed for local execution within Docker containers and integrates with Claude Desktop, limiting direct external exposure. User data is saved to local CSV files within the container, which is ephemeral. No direct use of 'eval' on untrusted input or hardcoded sensitive credentials are apparent in the provided source code. Reliance on 'pykrx' for market data introduces a third-party dependency; its security is assumed.
Updated: 2025-11-27GitHub
0
0
Low Cost

mcp-server

by nezzeur

Sec7

A placeholder for a server that likely interacts with an API or service, given the name 'mcp-server' and lack of specific implementation.

Verified SafeView Analysis
The provided source code is extremely minimal and appears to be a basic HTTP server setup without any complex logic or external dependencies that would immediately suggest security vulnerabilities. However, the lack of any actual implementation makes a thorough security audit impossible. Future additions should be carefully reviewed.
Updated: 2025-11-22GitHub
0
0
High Cost
Occams-Om icon

AICFO-MCP-SERVER

by Occams-Om

Sec1

The project enables AI agents to perform comprehensive financial analysis and generate board-level CFO reports, utilizing both pre-built metrics and dynamic Python code execution on financial CSV data.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid service)
  • ⚠️Python 3.10+ required
  • ⚠️Report generation takes 2-3 minutes due to code execution and extensive analysis
Review RequiredView Analysis
The `code_interpreter` tool directly uses Python's `exec()` function with `__builtins__` enabled, allowing access to potentially dangerous functions like `import os`, `subprocess`, `open()`, `socket` etc. The stated security measures ('no network access', 'no file system write access') are claims and not enforced by the `exec` environment itself. An attacker or a misaligned AI could generate malicious code to perform arbitrary file system operations, execute shell commands, or establish network connections, posing a severe risk to the host system.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Dengpei1688 icon

mcp-server

by Dengpei1688

Sec1

To provide an unidentified server-side component, potentially for network communication or management, given its name 'mcp-server'.

Review RequiredView Analysis
Source code was not provided for analysis. Therefore, a comprehensive security audit could not be performed. Running this project without source code review is highly risky as it could contain arbitrary malicious code, hardcoded secrets, severe vulnerabilities, or resource-intensive operations without any visibility.
Updated: 2025-12-11GitHub
0
0
Medium Cost
pqsoccerboy17 icon

ecosystem-mcp-server

by pqsoccerboy17

Sec8

Orchestrates personal automation tools, allowing an AI (Claude) to act as an operator for tasks like file organization, context synchronization, tax document processing, and system health monitoring.

Setup Requirements

  • ⚠️Requires several other local repositories (downloads-organizer, treehouse-context-sync, notion-rules, monarch-mcp-server) to be cloned and installed at specific `~/Documents/` paths.
  • ⚠️Requires `NOTION_TOKEN` environment variable for Notion integration.
  • ⚠️Monarch Money features require separate authentication via the `monarch-mcp-server`.
Verified SafeView Analysis
The server primarily orchestrates local tools by executing subprocesses. While `subprocess.run` is used with a safe list-of-strings approach to prevent shell injection within this server, the overall security depends on the robustness of the *wrapped* local scripts (downloads-organizer, notion-rules, etc.). No 'eval' or obvious hardcoded secrets were found; sensitive tokens like `NOTION_TOKEN` are expected from environment variables.
Updated: 2026-01-18GitHub
0
0
Low Cost
PuneetUdhayan icon

wxgov_mcp_server

by PuneetUdhayan

Sec9

The watsonx.governance MCP Server enables AI assistants to interact with IBM watsonx.governance APIs for AI model lifecycle management, governance, and compliance tracking.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires an IBM Cloud API key with appropriate watsonx.governance access.
  • ⚠️Requires access to watsonx.governance catalogs.
Verified SafeView Analysis
API keys are securely read from environment variables and are hashed using SHA-256 before being stored in an in-memory cache, preventing plain-text storage. The `WxGovClient` implements robust retry logic with exponential backoff for network errors, timeouts, and specific HTTP status codes (401, 429, 5xx). Tool functions include input validation to prevent common errors. No 'eval' or malicious patterns were found in the provided source code. The HTTP client `httpx` is used, which is a secure and modern library.
Updated: 2025-11-21GitHub
0
0
Low Cost
BlockRunAI icon
Sec10

A curated list and directory of Model Context Protocol (MCP) servers designed for integrating various productivity tools with AI agents.

Verified SafeView Analysis
The repository itself contains only Markdown files and no executable code, thus posing no direct security risks from 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Security of linked third-party MCP servers is not assessed here.
Updated: 2026-01-18GitHub
0
0
Medium Cost
rahulmeena0912 icon

icore_mcp_server

by rahulmeena0912

Sec4

The iCore MCP Server acts as a Model Context Protocol (MCP) gateway to execute SQL queries on AWS Athena and provide data schema information for AI agents.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires AWS credentials (either `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables or an IAM role for authentication).
  • ⚠️Requires an existing AWS Athena setup including a specified region, database, catalog, workgroup, and an S3 bucket for query output.
Review RequiredView Analysis
The `query_athena` tool directly executes SQL statements provided in its arguments on AWS Athena without explicit sanitization or validation beyond basic type checking. This poses a significant SQL injection risk if the invoking AI agent or any upstream client can provide arbitrary or malicious SQL, potentially leading to data exfiltration, modification, or deletion depending on the AWS permissions granted. While AWS credentials can be managed via IAM roles (good practice), the direct execution without input filtering is a critical vulnerability. Additionally, static data files (`tableDescriptions.json`, `columnDescriptions.json`) are loaded using `process.cwd()`, making the server susceptible to misconfiguration if not deployed with the correct working directory. The server does implement basic web security with `helmet`, `express-rate-limit`, and robust error/logging practices.
Updated: 2025-11-24GitHub
PreviousPage 433 of 713Next