Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
manyalawy icon

MCP-server

by manyalawy

Sec9

This server provides a Micro-Capability Platform (MCP) exposing simple programmatic tools via an HTTP interface, along with a custom health check endpoint.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer
Verified SafeView Analysis
The code is simple, directly implements basic tools and a health check, and does not contain 'eval', obfuscation, hardcoded secrets, or complex logic that could introduce common vulnerabilities. It leverages the 'fastmcp' framework for API exposure.
Updated: 2025-12-05GitHub
0
0
High Cost
mbarki-abd icon

mcp-agent-server

by mbarki-abd

Sec4

The MCP Agent Server orchestrates a multi-agent AI platform, enabling the creation, management, communication, and real-time monitoring of AI agents, their workspaces, projects, tasks, and secure credentials.

Setup Requirements

  • ⚠️Requires root/sudo privileges for full functionality (agent provisioning, terminal execution).
  • ⚠️Requires a PostgreSQL database instance to be set up and accessible.
  • ⚠️Requires AI CLI tools (e.g., 'claude', 'ollama', 'gemini') to be installed on the host system or within agent environments.
  • ⚠️Critical environment variables (MCP_API_KEY, ENCRYPTION_KEY, DB_NAME, DB_USER, DB_PASSWORD) MUST be configured securely, especially in production.
Review RequiredView Analysis
CRITICAL VULNERABILITIES IDENTIFIED: 1. **Information Leak on Public Endpoints**: The `/ws/dashboard`, `/api/dashboard/state`, `/api/presence/ws`, and `/api/presence/sse` endpoints are explicitly marked as public routes in `auth.ts`. These endpoints expose sensitive system information including server details, a list of all agents, their statuses, active tasks, system metrics, projects, and session metadata, all without any authentication. This allows unauthenticated users to gain comprehensive visibility into the operational state of the entire multi-agent platform. 2. **Secret Master API Key Exposure**: The `/key` endpoint (path configured by `SECRET_KEY_PATH`) returns the master API key. While the code includes a warning to 'keep this path secret', relying on obscurity for access to a critical secret is a significant security risk. If this path is discovered (e.g., through scanning, misconfiguration, or leaks), the master API key is exposed. 3. **Root Privileges Required**: Core functionalities such as agent provisioning (creating Unix users and their home directories), setting file ownership (`chown`), and running commands as other users (`su`) require the server to operate with root privileges or highly permissive sudoer configurations. This introduces a substantial attack surface, as a compromise of the server could lead to full system compromise. RECOMMENDATIONS: Implement robust authentication/authorization for all dashboard and presence endpoints. Remove or severely restrict the `/key` endpoint, ideally replacing it with a secure token issuance/rotation mechanism for master access.
Updated: 2025-12-13GitHub
0
0
Medium Cost
dacionxo icon

mcp-server

by dacionxo

Sec9

This server provides a Model Context Provider (MCP) interface to the Repliers API, enabling natural language access to real estate listings, property data, market analytics, and AI-powered tools.

Setup Requirements

  • ⚠️Requires Repliers API Key (Paid API)
  • ⚠️Requires Node.js v22+ (as specified in package.json and recommended by README)
Verified SafeView Analysis
The server demonstrates strong security practices including explicit environment variable loading from a .env file, mandatory checks for critical API keys (REPLIERS_API_KEY), and robust error handling. All external API calls use the fetch API with properly constructed URLs and headers, minimizing injection risks. There are no evident uses of 'eval' or other dynamic code execution from untrusted input, nor any hardcoded secrets in the provided source.
Updated: 2025-12-14GitHub
0
0
High Cost
physics91 icon

ai-code-review-mcp

by physics91

Sec9

This project provides a Model Context Protocol (MCP) server for AI-powered code analysis, leveraging both Codex and Gemini CLIs to perform and aggregate code reviews.

Setup Requirements

  • ⚠️Requires Node.js 20.0.0 or higher.
  • ⚠️Requires separate installation and configuration of Codex CLI and Gemini CLI, which may involve obtaining API keys for these services.
  • ⚠️Needs an MCP client (e.g., Claude Desktop) to interact with the server after setup.
Verified SafeView Analysis
The project demonstrates a very strong security posture. It employs extensive input validation using Zod schemas, critical CLI path whitelisting for both Codex and Gemini services, utilizes 'execa' with 'shell: false' to prevent shell injection, and implements comprehensive sensitive data redaction (code, API keys, secrets) from logs and error messages. Codex CLI execution is further hardened with '--sandbox read-only' and dangerous argument filtering. Control characters are stripped from inputs for display safety. A test for prototype pollution is present, indicating awareness. Overall, a highly security-conscious design.
Updated: 2025-12-26GitHub
0
0
Low Cost
SachdevaVansh icon

MCP_Server_n8n_

by SachdevaVansh

Sec3

Provides a Python-based Model Context Protocol (MCP) server to bridge an AI client (e.g., Claude Desktop) with a PostgreSQL database hosted on NeonDB and integrate with n8n for workflow automation.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️A NeonDB (PostgreSQL) database instance and its credentials are required.
  • ⚠️The hardcoded `psqlurl` in `postgresql.py` must be manually replaced with your NeonDB connection string, preferably using environment variables for security (though not implemented by default in code).
Review RequiredView Analysis
CRITICAL: The `postgresql.py` file contains a hardcoded PostgreSQL connection string (`psqlurl`) including database credentials (owner username and password). This is a severe security vulnerability. While the README suggests using environment variables, the code does not implement this. Additionally, the project encourages public exposure via ngrok, which, while noted as optional, combined with hardcoded credentials and the direct database query capabilities, poses a significant risk if not handled with extreme care. The `mcp.tool()` functions use parameterized queries, mitigating direct SQL injection for the defined tools, but the general `query_db` function could be misused if new tools are added without proper parameterization.
Updated: 2025-12-04GitHub
0
0
Medium Cost
M0hitMehra icon

mcp-server

by M0hitMehra

Sec1

This server acts as a Model Context Protocol (MCP) provider, exposing MongoDB database operations (CRUD, listing databases/collections, and advanced identifier-aware search) as callable tools for AI agents.

Setup Requirements

  • ⚠️CRITICAL: Hardcoded MongoDB Atlas connection URI (username/password included) in source code; MUST be externalized and secured.
  • ⚠️Requires a running MongoDB Atlas instance (or compatible MongoDB server).
  • ⚠️Client interactions require a Google Gemini API Key (`GEMINI_API_KEY`).
  • ⚠️Requires `tsx` (TypeScript eXecutor) to run directly from source files.
Review RequiredView Analysis
CRITICAL: Hardcoded production MongoDB connection URI with username and password (`finconic-dev:f0WW8QlcQxZwErVq`) is present in both `dserver.js` and `server.ts`. The server exposes an unauthenticated HTTP API (if `TRANSPORT=http` or `HTTP_PORT` is set) with permissive CORS (`*`), allowing any client to invoke MongoDB CRUD and query tools with arbitrary arguments, directly leveraging these hardcoded, high-privileged credentials. The 'query-documents' tool's filter parameter accepts `z.record(z.any())`, enabling arbitrary MongoDB filter objects, which is extremely dangerous without robust authentication and authorization.
Updated: 2025-11-24GitHub
0
0
Low Cost
Sec9

Implements a retail demand forecasting Model Context Protocol (MCP) server that predicts product demand using sales data, seasonal events, and generates AI-powered explanations.

Setup Requirements

  • ⚠️Requires OpenRouter API Key (Paid service likely)
Verified SafeView Analysis
The API key is loaded securely from environment variables. There is no explicit use of `eval` or direct arbitrary code execution from untrusted user input. Data loading is from local, predefined JSON/CSV files. LLM interaction is through the `openai` library, which is a standard and generally secure way to interact with AI services. The input parameter `category` is used for DataFrame filtering and prompt construction, which is a safe pattern.
Updated: 2025-11-26GitHub
0
0
Medium Cost
naumanstafona icon

MCP_server_Playwright

by naumanstafona

Sec1

Automated end-to-end UI testing for a web application using Playwright, including multi-factor authentication (OTP via Gmail).

Setup Requirements

  • ⚠️Requires manual intervention for Gmail CAPTCHA or security challenges during OTP retrieval.
  • ⚠️Relies on specific, hardcoded 'nauman@trackstack.app' and 'nauman+autol@trackstack.app' test accounts and their passwords, which will need to be replaced for different environments or users.
  • ⚠️The `@playwright/mcp` package (Managed Continuous Playback) needs to be installed and run to use this as an 'MCP Server'.
Review RequiredView Analysis
CRITICAL: Hardcoded Gmail account credentials (`GMAIL_USER`, `GMAIL_PASS`) and Trackstack login credentials (`TRACKSTACK_EMAIL`) are present directly in the source code (`helpers/login.ts`, `tests/LogintoApplication_New.spec.ts`, `tests/login-to-trackstack-using-gmail-otp.spec.ts`). This is a severe security vulnerability, exposing sensitive information if the repository is publicly accessible or compromised. Credentials must be loaded from secure environment variables or a secrets management system.
Updated: 2025-11-19GitHub
0
0
Medium Cost
BACH-AI-Tools icon

mcp-google-maps

by BACH-AI-Tools

Sec7

This MCP server provides an interface for Google Maps functionalities, enabling programmatic access to places search, geocoding, directions, elevation data, and static map generation through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a paid Google Maps API Key to be configured as `GOOGLE_MAPS_API_KEY` environment variable.
Verified SafeView Analysis
The server uses environment variables for the Google Maps API key, which is good practice. It explicitly includes a caution within the code (`src/services/map-directions.ts`) that static map URLs generated contain the API key and should not be sent directly to clients, indicating developer awareness of a potential exposure vector. No direct 'eval' or malicious patterns were found. DNS rebinding protection is enabled for the HTTP transport. The overall security relies heavily on correct configuration of environment variables and cautious handling of generated URLs by downstream consumers.
Updated: 2025-12-04GitHub
0
0
Low Cost
marc-shade icon

coral-tpu-mcp

by marc-shade

Sec6

Provides fast, local, hardware-accelerated ML inference (image classification, object detection, pose estimation, semantic segmentation, audio classification, keyword spotting) and text embeddings for AI agentic systems using Google Coral TPUs.

Setup Requirements

  • ⚠️Requires dedicated Google Coral Edge TPU hardware (USB or PCIe accelerator) for accelerated inference. Falls back to CPU for text embeddings.
  • ⚠️Requires specific `pycoral` and `tflite-runtime` Python libraries, which often need platform-specific installation steps (e.g., specific wheels or setup procedures for Linux, macOS, or Windows).
  • ⚠️Text embedding functionality requires the `sentence-transformers` library (CPU-based).
  • ⚠️Audio processing (keyword spotting, audio classification) functionality requires the `librosa` library.
Review RequiredView Analysis
The `AGENTIC_SYSTEM_PATH` environment variable is used to dynamically add a directory to `sys.path` for importing the `tpu_monitor` module. If this environment variable is controlled by an untrusted entity, it could lead to arbitrary code execution through Python module injection, posing a Remote Code Execution (RCE) vulnerability. While model file validation (checksums, size, extension) is implemented to mitigate risks during model loading, this does not address the `sys.path` injection vector. The server uses stdio for communication and does not appear to open direct network listeners.
Updated: 2025-12-29GitHub
0
0
Low Cost
angusforeman icon

simple-MCP-harness

by angusforeman

Sec8

A command-line REPL tool for interactively exploring and testing MCP server capabilities.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires an MCP server executable to be running locally, specified in a '.env' file.
  • ⚠️Initial setup involves copying '.env.example' and configuring the MCP_SERVER_COMMAND.
Verified SafeView Analysis
The harness is designed to execute arbitrary user-defined commands (MCP_SERVER_COMMAND) to connect to a server. This is its core function and inherently powerful. Users must ensure the commands specified in their '.env' file are trusted, as this could lead to arbitrary code execution if compromised. The code itself does not contain obvious malicious patterns like 'eval' or hardcoded secrets, and it includes checks for executable existence. Security depends heavily on the user's management of the '.env' file.
Updated: 2025-12-03GitHub
0
0
Low Cost
guilhermetechmakers icon
Sec10

A minimal client-side web application template built with React, TypeScript, and Vite, serving as a boilerplate for frontend development.

Verified SafeView Analysis
The provided source code is a standard client-side React + Vite boilerplate. It contains no server-side logic, direct network requests, hardcoded secrets, `eval` statements, or obfuscation. It is very low risk in its current form.
Updated: 2025-11-25GitHub
PreviousPage 448 of 713Next