Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
alpha-hack-program icon

finance-engine-mcp-rs

by alpha-hack-program

Sec9

Provides sophisticated financial calculation functions for business intelligence and strategic decision-making to AI agents through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Rust 1.70+ and Cargo for native compilation and execution.
  • ⚠️For vector store integration, a running LlamaStack instance is required, and specific environment variables (VECTOR_STORE_NAME, LLAMA_STACK_HOST, LLAMA_STACK_PORT, LLAMA_STACK_SECURE) must be correctly configured.
  • ⚠️There is a discrepancy in the `calculate_company_health_score` function description: the README states '5 dimensions' with specific weights, while the source code implements '3 dimensions' with proportionally adjusted weights. Users should be aware the code uses 3 metrics (revenue growth, SLA compliance, customer satisfaction).
Verified SafeView Analysis
Input parsing includes robust sanitization and validation for length, null bytes, and control characters to prevent injection-like issues. Flexible deserializers (`deserialize_flexible_f64`, `deserialize_bool_flexible_opt`) improve resilience to varied input formats. Environment variables for LlamaStack integration (`VECTOR_STORE_NAME`, `LLAMA_STACK_HOST`, `LLAMA_STACK_PORT`, `LLAMA_STACK_SECURE`) are read dynamically and not hardcoded, mitigating credential exposure. External network calls are made to configurable LlamaStack endpoints, not arbitrary user-controlled URLs. No direct `eval` or similar dynamic code execution patterns are identifiable in the Rust source code. The project highlights security practices such as non-root container users and CI/CD security audits. Potential risks primarily reside in the security posture of the external LlamaStack dependency and its configuration, which is outside the scope of this project's code.
Updated: 2026-01-16GitHub
0
0
Low Cost
flexnst icon
Sec7

Sets up a local LLM environment with Ollama, a web UI (Open-WebUI), and integrates Model Context Protocol (MCP) tools for enhanced LLM capabilities, such as web content retrieval.

Setup Requirements

  • ⚠️Docker is required to run the environment.
  • ⚠️NVIDIA GPU is highly recommended/required for optimal Ollama performance, as specified in `compose.yml` for device reservations. Performance will be significantly degraded without it.
  • ⚠️Specific LLM models (e.g., `qwen2.5:7b`) must be manually pulled into Ollama via `ollama pull` command after initial setup.
  • ⚠️The `FETCH_USER_AGENT` environment variable must be set for the `mcp-proxy` service to function correctly.
Verified SafeView Analysis
The project leverages Docker for service isolation. However, several services are configured with broad `*` for CORS origins (`OLLAMA_ORIGINS: '*'`, `CORS_ORIGINS=*`, `--allow-origin=*`). While common for local development, this poses a security risk if the environment is exposed publicly. The `WEBUI_SECRET_KEY` for Open-WebUI is explicitly set to an empty string, which should be configured with a strong secret in a production environment for proper session management and security. No 'eval' or apparent malicious patterns were found in the provided code.
Updated: 2025-12-09GitHub
0
0
High Cost
alienxs2 icon

zapomni

by alienxs2

Sec9

An intelligent memory processing and knowledge management system that uses LLMs and vector databases to chunk text, generate embeddings, extract entities, and build a knowledge graph for semantic search and retrieval.

Setup Requirements

  • ⚠️Requires Ollama server running locally (default: http://localhost:11434) with `nomic-embed-text` and `qwen2.5:latest` models pulled.
  • ⚠️Requires FalkorDB server running (default: localhost:6381).
  • ⚠️Requires Redis server running for semantic cache (default: localhost:6379) if caching is enabled.
  • ⚠️Requires SpaCy English language model: `python -m spacy download en_core_web_sm` for entity extraction.
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The project demonstrates good security practices including explicit input validation, parameterized database queries (Cypher), and the use of Pydantic's `SecretStr` for sensitive configurations like database passwords. It also implements a `DNSRebindingProtectionMiddleware` to mitigate DNS rebinding attacks on its SSE server. While `subprocess.run` is used for git commands, it's done without `shell=True` and with direct arguments, reducing command injection risk. External dependencies like Ollama, FalkorDB, and Redis are assumed to be locally hosted or trusted network services.
Updated: 2025-12-05GitHub
0
0
Medium Cost
holger1411 icon

foxess-mcp-server

by holger1411

Sec8

Enables AI assistants to access, analyze, and optimize solar energy data from FoxESS inverters via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️FoxESS API Token must be generated from the legacy v1 portal (foxesscloud.com/login).
  • ⚠️Requires the Claude Desktop application to function as an MCP extension.
Verified SafeView Analysis
The server demonstrates strong security practices including comprehensive input validation, thorough log sanitization, and secure error handling. Disk cache encryption is implemented, but its effectiveness depends on the `cryptography` package being installed and the `FOXESS_CACHE_KEY` environment variable being set; otherwise, it defaults to unencrypted storage. MD5 is used for API signature generation, which is a known cryptographic weakness, but this is a requirement of the FoxESS API and its risk is partially mitigated by the inclusion of a timestamp and HTTPS communication. The internal rate limiter state is not persistent across server restarts, potentially allowing a burst of requests upon reboot.
Updated: 2026-01-18GitHub
0
0
Low Cost
HeathLoganCampbell icon

SQLServer-MCP

by HeathLoganCampbell

Sec9

Exposes safe, read-focused SQL Server database exploration tools via an HTTP-based Model Context Protocol (MCP) server, primarily for consumption by MCP-compatible clients and agents, often for LLM-driven schema prompting.

Setup Requirements

  • ⚠️Requires .NET SDK 9.0 or later.
  • ⚠️Requires access to a Microsoft SQL Server instance.
  • ⚠️Requires an MCP-compatible client to consume the tools.
Verified SafeView Analysis
The server explicitly restricts `SqlRunQuery` to read-only SELECT statements, preventing write/update/delete operations. Connection strings are managed via standard configuration (appsettings.json or environment variables). 'TrustServerCertificate=True' is mentioned for local development, which should be used with caution in production environments. No 'eval' or obvious malicious patterns found in the provided source.
Updated: 2025-11-30GitHub
0
0
High Cost
martin-prillard icon

llm-as-a-teacher

by martin-prillard

Sec6

An intelligent tool that uses Large Language Models (LLMs) to evaluate student GitHub projects against project descriptions.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires `uv` for dependency management (or `pip`)
  • ⚠️Requires `git` installed locally for cloning repositories
Review RequiredView Analysis
The server uses `subprocess.run` to `git clone` arbitrary GitHub repository URLs provided by the user. While `subprocess.run` with a list of arguments is safer than shell injection, cloning and processing code from untrusted external sources (student projects) without a robust sandboxing mechanism poses a moderate security risk to the host system. Malicious repositories could potentially exploit vulnerabilities in the Git client or other tools, or contain harmful files. There are no direct `eval` calls or hardcoded secrets, and API calls are to standard services (GitHub, OpenAI). Input files (project descriptions) are parsed by established libraries, but handling of `description_file.name` in the Gradio app might warrant extra caution depending on Gradio's internal handling of uploaded file paths.
Updated: 2025-12-02GitHub
0
0
Low Cost
scottsappen icon
Sec7

Deploys a MotherDuck Model Context Protocol (MCP) server on AWS EC2, exposing it over HTTPS using NGINX and Let's Encrypt, for validation with MCP Inspector.

Setup Requirements

  • ⚠️Requires an AWS account with permissions to create EC2 instances and Security Groups.
  • ⚠️Requires a registered domain to create a subdomain (e.g., mcp.<your-domain>) and configure DNS.
  • ⚠️Requires a MotherDuck database and a valid MotherDuck token.
Verified SafeView Analysis
The server architecture employs good practices (local binding of the MCP server, NGINX reverse proxy, HTTPS with Let's Encrypt). However, the setup guide directs passing the MotherDuck token directly as a command-line argument within a tmux session, which can expose the secret in process lists. The 'Real-World Considerations' section acknowledges this is a sanity check setup and recommends proper security (e.g., systemd for secret management) for production.
Updated: 2025-12-12GitHub
0
0
Low Cost
robertbergman2 icon

mcp-dnac

by robertbergman2

Sec2

A simple Express.js backend server designed for basic user authentication and API status monitoring.

Review RequiredView Analysis
The server contains critically hardcoded administrator credentials (`admin`/`password123`) in `routes/auth.js`, making it highly vulnerable to unauthorized access. It also uses a hardcoded fallback for `API_KEY` in `config.js`, which is poor practice for production environments.
Updated: 2025-11-18GitHub
0
0
Low Cost
Clivern icon

Moose

by Clivern

Sec8

Provides a Model Context Protocol (MCP) server boilerplate in Go for integration with Cursor AI IDE, supporting STDIO and Server-Sent Events modes.

Setup Requirements

  • ⚠️Requires Go language installed to build and run from source.
  • ⚠️The 'moose' executable must be in the system's PATH for Cursor AI IDE to find it in STDIO mode.
  • ⚠️When using SSE mode, the 'moose' server must be started manually and running before Cursor AI IDE attempts to connect.
Verified SafeView Analysis
The provided source code is a boilerplate and does not contain obvious critical vulnerabilities like 'eval' or hardcoded secrets. The 'hello_world' tool handler uses safe string formatting. Running in SSE mode exposes an HTTP endpoint; while the boilerplate itself doesn't include authentication/authorization, this would be a consideration for production deployments if exposed externally.
Updated: 2026-01-16GitHub
0
0
Low Cost
Originate-Group icon

common-mcp-submodule

by Originate-Group

Sec9

Provides a production-ready framework for building HTTP Model Context Protocol (MCP) servers with FastAPI, supporting OAuth 2.1 and Personal Access Token authentication.

Setup Requirements

  • ⚠️Docker is the recommended deployment method, though local Python installation is an alternative.
  • ⚠️OAuth 2.1 authentication requires prior setup with an OIDC provider (e.g., Keycloak) and specific environment variables.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server employs robust authentication mechanisms, including OAuth 2.1 token validation via JWKS and configurable PAT verification using a user-provided asynchronous function, promoting secure handling of credentials. External network requests (e.g., to Keycloak) utilize `httpx` with explicit timeouts. Configuration relies on environment variables, preventing hardcoded secrets. The `Access-Control-Allow-Origin: *` header is used for specific OAuth discovery and proxy endpoints, which is common for public OAuth providers and custom connectors, but could be restricted further if all client origins are known.
Updated: 2025-12-12GitHub
0
0
Medium Cost
jeremyhahn icon

go-keychain

by jeremyhahn

Sec9

Provides a secure JSON-RPC interface (Model Context Protocol) for cryptographic key and certificate management, including threshold signatures, designed for integration with AI assistants and other clients across on-prem, hybrid, and cloud environments.

Setup Requirements

  • ⚠️Requires specific Go build tags to enable non-PKCS#8 cryptographic backends (e.g., TPM2, PKCS#11, Cloud KMS) beyond the default software backend.
  • ⚠️Initial server setup requires an administrator account linked to a FIDO2-compatible security key (hardware requirement).
  • ⚠️Integration with various hardware (TPM2, PKCS#11, YubiKey, CanoKey) or cloud KMS (AWS, GCP, Azure, HashiCorp Vault) backends requires corresponding hardware, emulators, or cloud credentials and proper configuration.
Verified SafeView Analysis
The project demonstrates a strong awareness of security best practices, including robust error handling, panic recovery, authentication and authorization via WebAuthn/FIDO2 and RBAC, and explicit guidance on secure key handling (e.g., keys never leave HSMs, encryption during transport). Build tags are used to minimize attack surface. Extensive testing (92.5% coverage) further supports code quality. Default weak passwords/PINs for some backends, though documented as defaults, are a minor initial vulnerability if not changed.
Updated: 2026-01-17GitHub
0
0
Low Cost
alex-gecraft icon

mcp-server

by alex-gecraft

Sec1

Unable to identify the specific use case as no source code was provided for analysis. The repository name 'mcp-server' suggests a server implementation, possibly related to Minecraft Protocol.

Setup Requirements

  • ⚠️CRITICAL: No source code was provided for analysis. Cannot identify any specific requirements or friction points.
  • ⚠️Without source code, installation and operation steps are unknown.
Review RequiredView Analysis
CRITICAL: No source code was provided for analysis. It is impossible to perform a security audit, check for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns without the code. Therefore, the security score is the lowest possible, and it is considered unsafe to run due to unknown risks.
Updated: 2025-11-24GitHub
PreviousPage 441 of 713Next