Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
scottseotech icon

todo-platform

by scottseotech

Sec5

A Model Context Protocol (MCP) server that provides tools for interacting with the Todo API, enabling AI assistants to manage todo items.

Setup Requirements

  • ⚠️Requires a running Todo API service (default: http://localhost:8080)
  • ⚠️Go 1.21+ is required
  • ⚠️No authentication or authorization is implemented, exposing the underlying Todo API functionality to anyone with network access to the MCP server.
Verified SafeView Analysis
The server, in its current state, lacks authentication and authorization for both its MCP and REST API endpoints. This means any client with network access can invoke tools and perform CRUD operations on the Todo API without verification. While the README mentions that REST endpoints are 'for testing' and 'authentication/authorization' is a 'Future Enhancement', this is a critical security vulnerability for any system operating in a non-isolated environment. All traffic to the underlying Todo API is effectively unauthenticated if accessed through this MCP server. Trace context is propagated, which is good for debugging but doesn't inherently add security.
Updated: 2026-01-06GitHub
0
0
Low Cost
Palald icon
Sec9

Develop and deploy Model Context Protocol (MCP) compatible servers that expose tools to AI models, handling communication, session management, and type-safe tool execution.

Setup Requirements

  • ⚠️Requires Bun runtime (v1.0.0+) for optimal performance, though Node.js (v18.0.0+) is also supported as a fallback.
  • ⚠️The client example provided in the README (`MCPClient`) does not directly correspond to the `MCPApp` server source code; the server is implemented using `MCPApp`.
Verified SafeView Analysis
The code does not use 'eval' or obvious obfuscation. Network risks are mitigated by a default 'localhost' binding for the HTTP server and an `isValidOrigin` check (currently allowing only localhost/127.0.0.1) for CORS. There are no hardcoded secrets identified. JSON-RPC message parsing and Zod validation are used, which are generally robust. Proper error handling for tool execution and message parsing is in place. The `sendResponse` method has a fallback mechanism to broadcast if a specific session is not found, which could leak information if not carefully managed in production.
Updated: 2026-01-19GitHub
0
0
Medium Cost
bbonnin icon

openapi-to-mcp

by bbonnin

Sec6

An MCP server that dynamically converts any OpenAPI/Swagger specification into AI-usable tools, allowing AI agents to interact with REST APIs without manual tool coding.

Setup Requirements

  • ⚠️Requires a valid OpenAPI/Swagger specification accessible via a file path or URL, specified by the `openapi.location` property.
  • ⚠️The server provides tools for AI agents; it requires a separate AI agent/LLM (e.g., via LangChain4j MCP client) to consume these tools.
  • ⚠️Running with the 'dev' Spring profile will disable SSL certificate validation for outgoing HTTP calls, which is highly insecure for production environments and should only be used for local development.
Verified SafeView Analysis
The server makes HTTP/HTTPS calls to external APIs based on the provided OpenAPI specification. The primary security risks are: 1. **Untrusted OpenAPI Source**: If the `openapi.location` points to a malicious or untrusted OpenAPI definition, the server could expose dangerous tools to AI agents or make unauthorized calls. 2. **Dev Profile Insecurity**: The `dev` Spring profile in `RestClientConfig` explicitly disables SSL certificate validation and hostname verification. This is a critical vulnerability (Man-in-the-Middle attacks) for any non-development environment where this profile might be accidentally activated. This profile also logs full request/response bodies which could expose sensitive data. 3. **Input Sanitization**: While the server itself doesn't execute arbitrary code, the arguments passed to the `RemoteApiExecutor` are derived from tool calls. Improper handling of these arguments in the OpenAPI definition or the underlying API could lead to injection-like issues.
Updated: 2025-12-05GitHub
0
0
Low Cost
RaheesAhmed icon

flux-protocol

by RaheesAhmed

Sec7

A universal AI connectivity layer enabling AI agents to interact with external APIs and services via highly token-efficient connectors, supporting various transport protocols.

Setup Requirements

  • ⚠️Requires Node.js (version 18 or higher) and pnpm (preferred due to the monorepo setup) for development from source.
  • ⚠️Specific connectors built with the SDK may require environment variables (e.g., `API_TOKEN`) for authentication or configuration, as indicated by the `@config` decorator.
Verified SafeView Analysis
The CLI commands `dev` and `build` utilize `child_process.spawn` with `shell: true`. This approach, while common in CLI tools for developers, presents a potential command injection vulnerability if user-provided file paths are not thoroughly sanitized to prevent inclusion of shell metacharacters. While `path.resolve` is used, it does not guarantee complete shell sanitization. On the server side, the `FluxServer.callTool` method directly passes `Object.values(args)` as positional arguments to connector methods. There is no explicit runtime type or schema validation within the SDK's core execution based on the generated schema. This design choice delegates the responsibility for robust input validation to the individual connector developers (e.g., using the `zod` dependency for schema validation), which could lead to unexpected behavior or runtime errors if connector methods receive malformed or untyped data.
Updated: 2025-12-11GitHub
0
0
Low Cost
mohfarro icon
Sec8

A remote Model Context Protocol (MCP) server deployed on Cloudflare Workers, providing a set of calculator tools without requiring authentication, designed for integration with AI clients like Cloudflare AI Playground or Claude Desktop.

Setup Requirements

  • ⚠️Requires a Cloudflare account and configured KVNamespace (OAUTH_KV), DurableObjectNamespace (MCP_OBJECT), and Fetcher (ASSETS) bindings for full deployment on Cloudflare Workers.
Verified SafeView Analysis
The server is explicitly designed to be authless, meaning it does not require authentication to use its tools. While this is a stated feature, it implies that anyone with the deployed URL can access the calculator tools. Input validation using Zod for tool arguments helps prevent injection within the tool logic itself. No 'eval' or direct command execution patterns are found within the provided source code, making its internal implementation safe for its stated purpose.
Updated: 2025-11-20GitHub
0
0
High Cost
k984530 icon
Sec8

Generate App Store and Play Store screenshots with iPhone/iPad mockups, text overlays, and gradient backgrounds for app marketing.

Setup Requirements

  • ⚠️The 'sharp' image processing library relies on native system dependencies (libvips) which might require manual installation on some operating systems or specific environments if pre-built binaries are not suitable.
  • ⚠️Subscription verification relies on external network calls to the Gumroad API (if GUMROAD_ACCESS_TOKEN is provided) or a default public webhook server, which introduces external dependencies and potential points of failure.
  • ⚠️Requires local file system write permissions for saving generated screenshots and subscription/usage information (in ~/.store-screenshot-mcp).
Verified SafeView Analysis
The server interacts with the local file system (reads/writes user-specified screenshot and output paths, and stores licensing info). It also makes external network calls to Gumroad API or a default webhook server for subscription verification. Secrets (Gumroad access token) are handled via environment variables. While direct eval/command injection are not apparent, the handling of user-provided file paths could pose a risk if the calling agent is malicious, though this is mitigated in a local MCP context where the Claude agent mediates requests.
Updated: 2026-01-07GitHub
0
0
Medium Cost

01cloud-mcp

by Ashutosh-Baral

Sec9

Provides a Model Context Protocol (MCP) server that acts as a proxy for the 01cloud API, enabling external clients (like Claude Desktop) to manage cloud resources through a defined tool interface.

Setup Requirements

  • ⚠️Requires a valid 01cloud API Token (API_TOKEN environment variable is mandatory).
  • ⚠️Requires a Go development environment to build the 'server' and 'host' executables.
  • ⚠️The 'host' executable must be run from the root directory or have the 'server' executable accessible in its path.
Verified SafeView Analysis
The project correctly uses environment variables for sensitive API tokens, preventing hardcoding. It runs an internal MCP server as a subprocess, communicating via stdio, which is a controlled environment. The HTTP host listens only on 127.0.0.1 by default, limiting external exposure. The use of 'Access-Control-Allow-Origin: *' for SSE is noted but acceptable for a local integration host. No 'eval' or similar dangerous patterns were found. Proper error handling and context-aware HTTP clients are used.
Updated: 2025-11-24GitHub
0
0
Medium Cost
HaolongChen icon

playwright-mcp-server

by HaolongChen

Sec7

Provides a Docker-based Model Context Protocol (MCP) server for automating web browser actions using Playwright.

Setup Requirements

  • ⚠️Docker is required for recommended deployment and easy browser setup.
  • ⚠️Minimum 2GB RAM is recommended for the server due to Playwright's resource usage, especially with multiple browsers.
  • ⚠️Playwright browsers (Chromium, Firefox, WebKit) need to be installed, typically handled by the Docker image but manual for local non-Docker runs.
Verified SafeView Analysis
The server uses `helmet` for basic security headers and `cors` (all origins allowed, which might be overly permissive for some use cases). It explicitly mentions non-root container execution and resource limits in Docker Compose, which are good practices. There's no use of `eval` or direct `child_process` execution. However, user-provided `url` and `selector` parameters are passed directly to Playwright methods. While Playwright's APIs generally handle this safely, a malicious or overly complex selector could potentially be exploited for resource exhaustion or unexpected behavior, despite the README's claim of 'Input validation' which isn't explicitly visible in the `server.js` snippet beyond basic existence checks.
Updated: 2025-12-12GitHub
0
0
Medium Cost
AndrewMusser icon

br-automation-mcp

by AndrewMusser

Sec6

Enables AI assistants to interact with B&R Automation Studio projects for tasks like building projects, running simulators, and reading/writing OPC UA variables.

Setup Requirements

  • ⚠️Requires Windows 10/11 with B&R Automation Studio 4.x installed (proprietary software).
  • ⚠️Requires Python 3.10+ on Windows.
  • ⚠️Requires Claude Code (AI assistant) for invocation.
  • ⚠️Requires manual configuration of B&R tool paths and OPC UA credentials in `server.py`.
Verified SafeView Analysis
The server uses `subprocess.run` and `subprocess.Popen` to invoke external B&R Automation Studio tools. While arguments are passed explicitly, reliance on external executables and user-provided paths (e.g., project_file, ruc_package) always introduces a potential for command injection if inputs are not sanitized or validated carefully. The server hardcodes default OPC UA credentials ('Admin'/'password'); while the README instructs users to change them, their presence as defaults is a security risk if not updated to match project-specific secure settings. No 'eval' or obvious malicious patterns were detected.
Updated: 2026-01-19GitHub
0
0
Low Cost
walteru icon
Sec9

Provides operating system information and diagnostic capabilities for an MCP client, enabling LLMs to query system status and execute whitelisted commands.

Setup Requirements

  • ⚠️Python 3.10+ required
  • ⚠️Memory information tool (`get_memory_info`) is only available on Linux systems.
Verified SafeView Analysis
The `run_command` tool strictly adheres to a predefined whitelist of commands, effectively preventing arbitrary command injection. Logging is correctly configured to `stderr` to maintain JSON-RPC protocol integrity, avoiding stdout corruption. No hardcoded secrets or direct 'eval' patterns found. Access control for system information is implicit through the OS's user permissions.
Updated: 2025-11-26GitHub
0
0
Low Cost
qmzp93 icon

mcp-server

by qmzp93

Sec1

The specific use case for this 'mcp-server' cannot be determined as no source code was provided for analysis.

Setup Requirements

  • ⚠️Source code not provided, unable to identify specific setup requirements or dependencies.
Review RequiredView Analysis
Source code was not provided for analysis, making it impossible to perform a security audit. Without inspecting the code, we cannot identify 'eval' usage, obfuscation, network risks, hardcoded secrets, or malicious patterns. Any uninspected code carries significant security risks. Therefore, it is considered unsafe to run without thorough code review.
Updated: 2025-12-01GitHub
0
0
Low Cost
NatKacz99 icon
Sec10

Provides a simple FastMCP server for agents to retrieve the current date.

Setup Requirements

  • ⚠️Requires 'mcp' Python library (e.g., pip install mcp)
Verified SafeView Analysis
The code is extremely simple, performs a local datetime operation, and does not process any external input in a way that could lead to vulnerabilities. No dangerous patterns (eval, arbitrary file access, network requests based on input, hardcoded secrets) are present.
Updated: 2025-12-06GitHub
PreviousPage 455 of 713Next