Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
NestorZuno icon

mcp-file-manager

by NestorZuno

Sec8

Allows language models to manage local files, detect duplicates, organize by type, and back up to Google Drive.

Setup Requirements

  • ⚠️Requires Google Drive API `credentials.json` to be placed in the project root and an authorization script (`python utils/drive_handler.py`) to be run for cloud backup features.
  • ⚠️Needs a Python environment (3.x recommended) with all dependencies installed via `pip install -r requirements.txt`.
  • ⚠️Designed as an MCP server to be controlled by an AI model/LLM client (e.g., Cline/Claude Desktop), not a standalone user-facing application.
Verified SafeView Analysis
The server uses `send2trash` for deletions, ensuring files are moved to the recycle bin rather than permanently erased. It explicitly skips critical system files (`server.py`, `venv`, `.git`) during deletion and duplicate detection. Google Drive API integration handles credentials via `credentials.json` and OAuth 2.0 flow. No 'eval' or obfuscation is present. The primary security consideration is the inherent capability of the server to modify user files, but the implementation shows good safety practices.
Updated: 2025-11-27GitHub
0
0
Medium Cost
harshrajsinha icon
Sec6

Generates Model Context Protocol (MCP) servers from REST API specifications (Swagger/OpenAPI) to enable AI clients like Claude Desktop to interact with external APIs as tools.

Setup Requirements

  • ⚠️Requires Redis for Celery background task queue.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json` after server generation.
  • ⚠️Optional LLM-based description generation features require an OpenAI (or Azure OpenAI) API key, which is a paid service.
Review RequiredView Analysis
The project dynamically loads and executes Python code for generated MCP servers and uses subprocess calls for package creation/installation. While necessary for its core functionality, this introduces risks if the input REST API specifications are untrusted or malicious, potentially leading to code injection. Default Django admin user credentials (`admin`/`admin@example.com`) are created during initialization, which must be changed for production environments. Sample API keys are present in example configurations but are intended for user modification.
Updated: 2025-11-19GitHub
0
0
Low Cost
skippr-hq icon
Sec2

Bridges product issues from a browser extension to AI coding agents, enabling automated discovery and fixing of UX, accessibility, and product quality problems.

Setup Requirements

  • ⚠️Requires Node.js >= v22.x
  • ⚠️Requires Skippr Chrome Extension (installed and configured)
  • ⚠️WebSocket server runs on local port (default 4040) without authentication, posing a local security risk.
Review RequiredView Analysis
CRITICAL: The WebSocket server, running locally on port 4040 by default, lacks any authentication or authorization for incoming connections. Any process on the user's local machine (or network if firewalled incorrectly) can connect and send 'write_issue' messages. The `projectId` parameter in these messages is directly used to construct file paths (`~/.skippr/projects/{projectId}/reviews/...`) using `path.join`. Because `projectId` is only validated as `z.string()`, it is vulnerable to path traversal attacks (e.g., passing `/etc/passwd` or `../../../../etc/passwd` as `projectId`), which could allow a malicious client to write, read, or delete arbitrary files on the local filesystem with the permissions of the user running the server. This is a severe local file manipulation vulnerability.
Updated: 2025-12-12GitHub
0
0
Low Cost
swiggy-private icon
Sec4

Manages and deploys Kubernetes manifests to a cluster, likely for internal application deployment within Swiggy's infrastructure.

Setup Requirements

  • ⚠️Requires a PostgreSQL database.
  • ⚠️Requires access to a Kubernetes cluster and a valid kubeconfig file.
  • ⚠️Relies on environment variables for configuration (e.g., POSTGRES_DB_CONNECTION_STR, KUBE_CONFIG_PATH).
Review RequiredView Analysis
The server exposes an API endpoint to apply arbitrary Kubernetes manifests via `k8sClient.ApplyManifest`. Without explicit evidence of robust authentication, authorization, and manifest validation or scoping mechanisms in the provided code, this presents a critical security risk, potentially allowing unauthorized or malicious deployments to the Kubernetes cluster.
Updated: 2025-12-02GitHub
0
0
Medium Cost
Kiruthick7 icon

mcp

by Kiruthick7

Sec9

Publishes blog posts to Dev.to via an MCP-compatible client.

Setup Requirements

  • ⚠️Requires a Dev.to API Key (external credential).
  • ⚠️Requires `uv` for Python dependency management.
  • ⚠️Manual update of local paths in `claude-desktop-config.json` is necessary for client connection.
Verified SafeView Analysis
The server loads the Dev.to API key from an environment variable, preventing hardcoding. It uses the `requests` library for external API calls, handling potential errors. No dangerous functions like `eval` or direct filesystem manipulation (beyond `.env` loading) are present. The primary security consideration is the secure handling of the `DEVTO_API_KEY` by the user.
Updated: 2025-11-26GitHub
0
0
Low Cost
zvonano icon
Sec8

A Node.js server that acts as a wrapper or proxy for the EasyBusy simple booking API, likely exposing it via a WebSocket interface.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Likely requires environment variables (e.g., API keys, port configuration) to be set, potentially via a .env file, due to the 'dotenv' dependency.
Verified SafeView Analysis
The provided package.json does not show any direct malicious patterns, 'eval' usage, or obfuscation. Dependencies `dotenv` and `ws` are standard. However, without the `server.mjs` code, a full security audit (especially for the WebSocket implementation, input validation, and API key handling) cannot be performed. A WebSocket server inherently opens a network port, which requires proper security measures.
Updated: 2025-11-24GitHub
0
0
Medium Cost
xtr-dev icon
Sec7

Automated browser interaction (Playwright) with a virtual display (noVNC) for Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires Docker Compose for server setup.
  • ⚠️Disables browser sandbox (`--no-sandbox`), a security risk for untrusted content.
  • ⚠️Resource-intensive (runs a full browser, virtual display, VNC server with 2GB shared memory).
Verified SafeView Analysis
The server uses Playwright's `--no-sandbox` flag for browser launch, which is a known security risk when navigating to untrusted websites as it disables a crucial browser security feature. Ports 3080 (MCP SSE) and 6080 (noVNC) are exposed; they should be firewalled if the service is deployed to an untrusted network. The `mcp-proxy` forwards `stdin` to a configurable SSE endpoint, which could be exploited if `PLAYWRIGHT_SSE_URL` is set to a malicious server, although the default is internal to the Docker network.
Updated: 2025-12-04GitHub
0
0
High Cost
the-Lobbi icon
Sec9

A multi-agent system powered by LangGraph for automating and orchestrating complex DevOps infrastructure tasks, utilizing specialized subagents for IaC, container workflows, and team acceleration.

Setup Requirements

  • ⚠️Requires Harness platform credentials (HARNESS_ACCOUNT_ID, HARNESS_API_URL, HARNESS_API_TOKEN) for full functionality.
  • ⚠️Requires an Anthropic API Key (ANTHROPIC_API_KEY) for the core LLM functionality, which is a paid service.
  • ⚠️If RAG features are utilized, requires Pinecone API Key (PINECONE_API_KEY, paid/free tier) and Voyage AI API Key (VOYAGE_API_KEY, paid service).
  • ⚠️Requires the 'kubernetes' Python package to be installed and proper Kubernetes configuration (kubeconfig or in-cluster) for Kubernetes-related tools.
  • ⚠️A known bug requires manually fixing an import statement in `src/deep_agent/devops/agents.py` as detailed in `SETUP_NOTES.md`.
Verified SafeView Analysis
The project exhibits strong security practices for secret management through its `secrets.py` module, which supports auto-detection for Azure Key Vault, Harness Secrets Manager, and environment variables. It explicitly warns against hardcoding secrets and is designed for zero secret value logging. No 'eval' or obvious obfuscation was found in the provided source code. Network communication uses `httpx.AsyncClient` with timeouts. The system interacts with powerful APIs like Kubernetes and Harness, which inherently require strict Role-Based Access Control (RBAC) on the target systems. The agent's capability to generate and execute configuration (e.g., YAML for Harness pipelines) introduces a potential risk for prompt injection if input is not carefully sanitized, a common challenge in agentic systems, but the core codebase's security practices are sound.
Updated: 2026-01-19GitHub
0
0
Low Cost
mofiaboss icon
Sec9

An Oracle Model Context Protocol (MCP) server providing AI agent access to an Oracle database with robust, production-grade query safety features.

Setup Requirements

  • ⚠️Requires Java 21+ (OpenJDK recommended) and Python 3.12+.
  • ⚠️Manual download and placement of Oracle JDBC driver (ojdbc11.jar) and JSON library (json.jar) is required.
  • ⚠️Manual compilation of Java `OracleQueryServer.java` into `.class` files is necessary.
  • ⚠️Paths to Java Home and JDBC driver in `oracle_jdbc.py` need to be manually updated.
  • ⚠️Relies on external authentication (StrongDM proxy) for production deployment; does not implement its own user authentication.
  • ⚠️Environment variables ORACLE_HOST, ORACLE_PORT, ORACLE_SERVICE_NAME, ORACLE_USER, ORACLE_PASSWORD, and JAVA_HOME must be explicitly set.
Verified SafeView Analysis
The server implements comprehensive defense-in-depth, including strict input validation, comment stripping, keyword blocking, query complexity scoring, result set limits, read-only enforcement, rate limiting, connection pooling, circuit breaker, and detailed audit logging. Credentials are securely handled via environment variables. Crucially, it relies on client-side authentication (StrongDM) and Python-side query validation for SQL injection prevention due to the architectural decision of not using Java PreparedStatements for dynamic queries. All critical vulnerabilities identified in a brutal security audit were fixed, earning it an 'Approved for Production Deployment' status.
Updated: 2025-11-25GitHub
0
0
Low Cost
leandroblandi icon
Sec9

A lightweight demo server exposing simple CRUD tools for 'Person' data via STDIO, integrated with AI models using Spring AI's Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Java 21 (or compatible) JVM.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) to interact with its STDIO-based tool interface.
  • ⚠️Operates without an HTTP layer, communicating solely via standard input/output for tool exposure.
Verified SafeView Analysis
The source code provided is a minimal Spring Boot application. It exposes simple in-memory CRUD operations as AI tools via STDIO. There are no direct network listeners (e.g., HTTP server) within the provided code. No 'eval' functions, obfuscation, hardcoded secrets, or direct system calls are present. The primary security consideration would be the secure operation of the MCP-compatible client (e.g., Claude Desktop) and the context in which the AI model interprets and invokes the tools, but the server's code itself appears robust and safe within its defined scope.
Updated: 2025-11-26GitHub
0
0
Medium Cost
0xBigBoss icon

tilt-mcp

by 0xBigBoss

Sec9

Integrates Tilt development workflows with AI assistants via the Model Context Protocol (MCP) for real-time status, resource management, and log access.

Setup Requirements

  • ⚠️Requires Bun 1.3+ runtime to be installed.
  • ⚠️Requires Tilt CLI v0.35.0 or later to be installed and in PATH.
  • ⚠️The TILT_PORT environment variable is mandatory and must be configured (e.g., in .mcp.json or shell).
Verified SafeView Analysis
The server employs robust security practices. CLI interactions use `node:child_process.spawn` with argument arrays, explicitly avoiding shell interpolation to prevent command injection. All user inputs (resource names, filters, Tiltfile args, regex search queries/flags) are rigorously validated using Zod schemas with strong regex patterns to disallow malicious characters and patterns. Connection details (TILT_PORT, TILT_HOST) are configured via environment variables and not exposed as tool parameters, mitigating cross-instance attack vectors. The `tilt_dump` tool, which could expose large raw engine state, is intentionally not registered for MCP use. Regex flags in `tilt_logs` are validated, and the global flag is disallowed to prevent stateful matching issues. Overall, strong focus on preventing common injection and abuse vectors.
Updated: 2025-11-22GitHub
0
0
Medium Cost
buddl icon

tamina-mcp

by buddl

Sec1

Enables AI assistants to search for local businesses and make reservations/bookings through the Tamina platform via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an active account on Tamina.app and valid authentication credentials.
  • ⚠️Users must provide a verified credit card on Tamina.app for contact information verification (no charge incurred).
  • ⚠️Requires an AI platform that supports the Model Context Protocol (MCP).
Verified SafeView Analysis
The provided 'SOURCE CODE' is limited to the `README.md` file. Without access to the actual server-side code for the Tamina MCP server, it is impossible to perform a meaningful security audit for vulnerabilities such as `eval` usage, obfuscation, network risks, hardcoded secrets, or malicious patterns. The score reflects the complete lack of visibility into the server's implementation.
Updated: 2025-12-14GitHub
PreviousPage 438 of 713Next