Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Alston16 icon
Sec5

An accessible, end-to-end platform for creating, running, and sharing AI agents.

Setup Requirements

  • ⚠️Requires `uv` package manager for setup and running
  • ⚠️Python 3.13 or newer required
  • ⚠️Perplexity AI API key likely required for chat functionality (paid service)
Verified SafeView Analysis
The provided source code implements a basic Streamlit UI and a chat interface using Perplexity AI. No obvious direct vulnerabilities like 'eval' or hardcoded secrets are present in this minimal snippet. However, the project's vision, as outlined in the README, involves significant security considerations. Features like 'Custom user-created MCPs' with 'Allow direct execution', 'File system tools', 'Browser automation tools', 'DevOps tools', and 'Custom actions (webhooks, scripts)' introduce substantial risks of arbitrary code execution, privilege escalation, and system compromise if not implemented with extremely robust sandboxing, strict permission models, and input validation. External API calls to Perplexity AI are also made. The framework for these advanced features is present, but the underlying security mechanisms for controlling these powerful actions are not visible in the provided code snippet.
Updated: 2026-01-17GitHub
0
0
Medium Cost
seed-labs icon

seed-mcp-server

by seed-labs

Sec4

The server provides an SDK for emulating network topologies, including Autonomous Systems (AS), BGP routers (BIRD, ExaBGP), DNS servers, and custom network properties, primarily using Docker containers.

Setup Requirements

  • ⚠️Requires Docker to be installed and running on the host system, as it relies heavily on Docker for container management and network emulation.
  • ⚠️Requires `tshark` (or `tcpdump`) to be installed on emulated nodes for traffic capture, with `tshark` being preferred for its JSON output capabilities.
  • ⚠️A compatible Python 3 environment is needed to run the server and SDK.
Review RequiredView Analysis
The server's SDK provides powerful capabilities to interact with and manage Docker containers, including creating/destroying containers, running arbitrary commands inside them via `Node.runCommand`, and copying files to/from containers. These operations inherently carry high security risks. If the server is exposed without robust authentication, authorization, and input sanitization, it could enable remote code execution within containers or potentially lead to host compromise via Docker API abuse or container escape vulnerabilities. The `Node.runCommand` method is a direct command execution interface and susceptible to injection attacks if input is not carefully sanitized. Additionally, the comments about file copy code being 'generated by AI, not tested yet' indicate potential for undiscovered bugs or vulnerabilities in those critical functions.
Updated: 2026-01-18GitHub
0
0
Medium Cost
aksaini2003 icon

rag_mcp_server

by aksaini2003

Sec3

Provides a RAG (Retrieval Augmented Generation) tool as an MCP server endpoint, leveraging Google Generative AI embeddings and FAISS for document retrieval.

Setup Requirements

  • ⚠️Requires a pre-built FAISS vector store directory named 'vector-db' to be present.
  • ⚠️Requires a Google Generative AI API Key configured as an environment variable (e.g., `GOOGLE_API_KEY`).
  • ⚠️Requires Python 3.12 or higher.
Review RequiredView Analysis
The server uses `FAISS.load_local` with `allow_dangerous_deserialization=True`. This is a critical security vulnerability as it allows arbitrary code execution if a malicious `vector-db` file is loaded. The server also exposes itself on `0.0.0.0:8000`, which requires proper network security.
Updated: 2025-12-05GitHub
0
0
Low Cost
mrkingsleyobi icon

f1-nexus

by mrkingsleyobi

Sec8

F1 race strategy optimization and real-time telemetry analysis using AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Rust 1.75+ for compilation.
  • ⚠️Requires Node.js >= 18.0.0 for npm package builds and usage.
  • ⚠️Requires an OpenWeatherMap API key (set via OPENWEATHERMAP_API_KEY environment variable or tool parameter) for weather forecasting functionality.
Verified SafeView Analysis
The project integrates with external APIs (OpenWeatherMap, OpenF1) and exposes network services (WebSocket for telemetry, potential SSE for MCP). While sensitive API keys are configured via environment variables or parameters rather than being hardcoded, proper network security measures (e.g., firewalls, access control) are crucial for deployment. Input deserialization from JSON for MCP tools should be robust to prevent malformed input attacks. No 'eval' or obvious malicious patterns are present.
Updated: 2025-12-17GitHub
0
0
High Cost
neuhausi icon
Sec9

This server provides AI assistants with the ability to generate CanvasXpress JSON configurations for data visualizations from natural language descriptions, utilizing Retrieval Augmented Generation (RAG) and semantic search.

Setup Requirements

  • ⚠️Requires an API key for a paid LLM service (Azure OpenAI or Google Gemini).
  • ⚠️Requires 8GB RAM for local BGE-M3 embeddings or 2GB for cloud-based embeddings.
  • ⚠️Initial setup (`make init`) involves downloading large models (~2GB for BGE-M3) and embedding 132-13,000+ examples, which can take several minutes to complete.
  • ⚠️Requires Python 3.10+ for local virtual environment setup.
Verified SafeView Analysis
The server demonstrates good security practices by externalizing API keys to environment variables and avoiding direct execution of arbitrary user input. It relies on established external LLM and embedding APIs (Azure OpenAI, Google Gemini, HuggingFace for local models). Network access for the HTTP server mode is standard but would require proper authentication and network security in a production environment, which FastMCP supports. The system's parsing of LLM output via regex in `_extract_json_from_response` is a common approach and does not introduce obvious vulnerabilities in this context.
Updated: 2025-12-24GitHub
0
0
Medium Cost
maratsal icon

falco-mcp

by maratsal

Sec4

Exposes the Falcosidekick UI's event search API as a lightweight Model Context Protocol (MCP) server, enabling MCP clients to query Falco security events programmatically.

Setup Requirements

  • ⚠️Requires a running Falcosidekick UI instance to connect to.
  • ⚠️Default HTTP Basic Auth credentials ('admin:admin') must be overridden for security.
  • ⚠️TLS verification for upstream Falcosidekick UI connections is disabled by default (`verify_tls=False`) and needs to be explicitly enabled for secure deployments.
  • ⚠️Python 3.x environment with `mcp`, `httpx`, `boto3` dependencies required.
Review RequiredView Analysis
The server uses HTTP Basic Auth with default 'admin:admin' credentials, which should be changed immediately in any production environment. Critically, the `verify_tls` setting for upstream Falcosidekick UI connections defaults to `False`, disabling TLS certificate verification. This makes the connection vulnerable to Man-in-the-Middle attacks and should be explicitly set to `True` for secure deployments.
Updated: 2025-12-01GitHub
0
0
Low Cost
bioanywhere icon
Sec10

Deployment of a server application using Docker and Docker Compose.

Setup Requirements

  • ⚠️Requires Docker to be installed and running.
  • ⚠️Requires knowledge of specific environment variables needed by the 'gitlab-mcp-server' application, as they are not defined in the provided configuration files.
Verified SafeView Analysis
The provided source code consists of Docker deployment configurations (`docker-compose.yml`, `run.sh`, `README.md`, and references to `Dockerfile` and CI/CD workflows). These files contain standard Docker commands and configurations and do not exhibit any obvious security risks such as 'eval', code obfuscation, hardcoded sensitive credentials within the scripts, or direct malicious patterns. Network exposure is limited to port 3000 locally. The health check uses standard `wget` command. The security of the actual 'gitlab-mcp-server' application code (which is not provided in this truncated analysis) would require a separate audit.
Updated: 2025-12-01GitHub
0
0
Medium Cost
sach91 icon

showcase

by sach91

Sec8

A prototype AI-powered customer support chatbot for TechGear Electronics, demonstrating integration with an MCP server for real-time product, customer, and order management.

Setup Requirements

  • ⚠️Requires `HF_TOKEN` environment variable for HuggingFace Inference API access.
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Relies on an external MCP server (default URL is hardcoded, but configurable via `MCP_SERVER_URL` environment variable).
Verified SafeView Analysis
The code effectively uses environment variables for sensitive tokens (`HF_TOKEN`) and avoids direct `eval()` or `exec()` calls. Input validation for tool arguments relies on the LLM's generated JSON, which is then parsed safely with `json.loads()`. The primary security consideration is the LLM's behavior in tool selection; while the system prompt emphasizes `verify_customer_pin` for sensitive operations, a sophisticated prompt injection could theoretically attempt to bypass this. However, the client code itself passes these tool calls to a backend MCP server, which would ideally enforce its own access controls. The `MCP_SERVER_URL` is configurable, preventing hardcoded external dependencies, but controlling this environment variable is crucial for security. Overall, the client-side code demonstrates good security practices for an LLM agent.
Updated: 2025-12-10GitHub
0
0
Low Cost
kharabiner icon
Sec8

This server enables conversational agents to create, read, update, and delete SimpleMind mind maps stored in iCloud Drive.

Setup Requirements

  • ⚠️Requires access to a local iCloud Drive directory for SimpleMind documents.
  • ⚠️User must manually configure the `SIMPLEMIND_ICLOUD_PATH` environment variable if different from the default macOS path.
  • ⚠️Requires a client like Antigravity/Claude Desktop configured to connect to MCP servers.
Verified SafeView Analysis
The server primarily performs file operations (read/write ZIP archives containing XML) within a user-defined iCloud path. Filename sanitization is applied for new mind maps, mitigating path traversal risks. The `path.join` method is used for constructing file paths. No direct 'eval' or shell command injection vulnerabilities are apparent. Potential, but low, risks might exist if underlying `adm-zip` or `fast-xml-parser` libraries have unknown vulnerabilities when processing extremely malformed inputs, or if `path.join` can be bypassed on specific OS configurations.
Updated: 2025-12-02GitHub
0
0
Medium Cost
anaskhaann icon

MCP_Tutorials

by anaskhaann

Sec3

This repository demonstrates the creation of MCP (Microservice-compatible Protocol) servers and clients using FastMCP and Langchain, exemplified by an expense tracker application.

Setup Requirements

  • ⚠️Requires OpenAI API Key for client examples (Paid).
  • ⚠️Strict Python requirement: `requires-python = ">=3.13"` as specified in `pyproject.toml`, which means it might not run on stable Python versions.
  • ⚠️Hardcoded local paths for server files in client configurations (e.g., `/Users/anas/Desktop/mcp-math-server/main.py`), requiring manual modification for portability.
  • ⚠️The `uv` command-line tool is a dependency required for running the servers as shown in the README.
Review RequiredView Analysis
The README explicitly states a critical flaw: 'there is not authentication for users, we just have a centralized database for all user which is not good because all expenses will get merged into one another.' This means any client (local or remote) can perform all database operations without validation, making it highly insecure for any real-world, multi-user, or sensitive data scenario. While SQLite queries are parameterized against basic SQL injection, the lack of authentication is a fundamental security bypass.
Updated: 2025-12-01GitHub
0
0
High Cost
TanaboonJew icon

mcp-server-office

by TanaboonJew

Sec6

Enables AI assistants to read and extract structured content from Microsoft Office documents (Word, Excel, PowerPoint).

Setup Requirements

  • ⚠️Requires Docker for recommended deployment or a local Python 3.8+ environment.
  • ⚠️Users must correctly configure Docker volume mounting (`-v /path/to/your/documents:/documents:ro`) to allow the server access to documents, replacing `/path/to/your/documents` with their actual folder path.
  • ⚠️Requires an MCP client (e.g., Windsurf, Codeium) or custom integration to interact with the server.
Verified SafeView Analysis
The server directly uses `file_path` arguments without explicit path sanitization or validation within the application code (e.g., checking for path traversal sequences like `../`). While the recommended Docker deployment uses a read-only volume mount (`/documents:ro`), a malicious `file_path` could potentially read sensitive files outside the intended `/documents` directory if path traversal (e.g., `../../etc/passwd`) is not prevented by the underlying OS/filesystem or Docker's volume mounting semantics.
Updated: 2025-11-25GitHub
0
0
Medium Cost
lightyoruichi icon

datagovmy-mcp

by lightyoruichi

Sec9

Provides AI assistants programmatic access to Malaysian government open data from OpenDOSM and Data Catalogue APIs.

Setup Requirements

  • ⚠️Requires Node.js 18 or newer
Verified SafeView Analysis
The server uses public APIs and does not handle sensitive credentials directly. User-provided 'filters' are parsed as JSON but then converted to string query parameters for external API calls, mitigating direct code injection risks within the server. No 'eval' or direct 'child_process' usage identified that would execute arbitrary user input. The primary risk is reliance on the security and availability of the external government APIs themselves.
Updated: 2025-12-11GitHub
PreviousPage 437 of 713Next