Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
andbet39 icon

selenium_mcp

by andbet39

Sec4

Provides web automation capabilities using Selenium WebDriver, enabling an MCP agent to control web browsers for various tasks.

Setup Requirements

  • ⚠️Requires Node.js (version >=18) to be installed on the host machine.
  • ⚠️Requires Chrome, Firefox, or Edge browsers and their respective WebDriver executables to be installed and accessible on the host system.
  • ⚠️When using SSE transport, the default port (3001) must be available and not blocked by a firewall.
  • ⚠️The SSE transport exposes an open API (CORS '*') without authentication, necessitating careful network isolation if deployed beyond a trusted local development environment.
Review RequiredView Analysis
The SSE transport is configured with Cross-Origin Resource Sharing (CORS) set to `origin: '*'`, allowing requests from any domain. This presents a significant security risk if the server is exposed to untrusted networks, as it lacks explicit authentication or authorization, making it vulnerable to unauthorized command execution. The `take_screenshot` tool allows specifying an `outputPath`, which could lead to arbitrary file write vulnerabilities if an attacker can control this path and the server has write permissions to sensitive areas. An unusual debug log string ('QUESTO LOG E' IMPORTANTISSIMO...') is present in the server's main file, which is atypical for production code.
Updated: 2025-11-27GitHub
0
0
Low Cost
pmkhairnarr icon

website-builder-mcp

by pmkhairnarr

Sec6

Automated generation of websites from templates and structured data, including Excel files.

Setup Requirements

  • ⚠️Requires an MCP-compatible client (e.g., VS Code extension, Claude Desktop) to interact with the server's tools.
  • ⚠️Generated websites may contain XSS vulnerabilities if the input data (Excel or explicit HTML content) is untrusted and includes malicious scripts.
Verified SafeView Analysis
The server uses `fs-extra` for file system operations (creating directories, reading/writing files). While `path.join` is used for site and page names, which helps mitigate basic path traversal for output paths, the `excelFile` argument in `build_from_excel` takes an arbitrary path. If the server runs with broad file system permissions, a malicious input for `excelFile` could potentially read sensitive files (e.g., `../../../../etc/passwd`). Additionally, the server uses `Mustache.render` with triple curly braces (`{{{content}}}`) for embedding user-provided HTML content. This means that if malicious HTML (e.g., `<script>alert('XSS')</script>`) is provided as an argument to `add_page` or embedded within Excel data, it will be directly injected into the generated HTML files. While this doesn't directly compromise the MCP server's execution, it enables the generation of websites vulnerable to Cross-Site Scripting (XSS), which then poses a risk to end-users browsing the generated sites. Users should ensure inputs (especially `excelFile` paths and HTML content) come from trusted sources.
Updated: 2025-11-30GitHub
0
0
Medium Cost
AMvdBM19 icon
Sec7

Manages n8n automation workflows using natural language through Claude AI.

Setup Requirements

  • ⚠️Requires a running n8n instance with a valid API key.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️HTTP mode (for remote access) can be unauthenticated by default if MCP_AUTH_TOKEN is not set, posing a security risk.
Verified SafeView Analysis
The HTTP mode's optional authentication token (`MCP_AUTH_TOKEN`) means it can be unauthenticated by default, which is a significant security risk if deployed publicly without configuration. CORS is enabled by default in `aiohttp` for HTTP mode; the documentation recommends restricting this in production via a reverse proxy. No hardcoded secrets or obvious malicious patterns found. All API keys and sensitive configurations are handled via environment variables, which is a good practice.
Updated: 2026-01-19GitHub
0
0
Low Cost
cocolizh icon

consoleapp1-demo

by cocolizh

Sec1

Unable to determine use case as no source code was provided for analysis.

Setup Requirements

  • ⚠️Source code not provided for analysis.
Review RequiredView Analysis
Source code was not provided for analysis. Therefore, a security audit could not be performed. It is NOT safe to run this server without a thorough review of its source code.
Updated: 2025-11-25GitHub
0
0
Medium Cost
ArthurTcs icon

mcp-server-gti

by ArthurTcs

Sec8

This MCP server provides an interface to Google's Threat Intelligence suite, enabling programmatic access to threat data, IOC analysis, and threat hunting capabilities.

Setup Requirements

  • ⚠️Requires a VirusTotal API Key (VT_APIKEY environment variable) which may be a paid service depending on usage limits and features needed.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Designed to run as an MCP server, requiring an MCP client for interaction.
Verified SafeView Analysis
The server uses `os.getenv` for `VT_APIKEY`, which is good practice. No 'eval' or obvious obfuscation is present. All external API calls are handled by the `vt-py` library. The `analyse_file` function allows uploading local files for analysis. If the server or an agent using this tool is exposed to untrusted inputs, providing arbitrary file paths could be a concern, although the tool itself sends the file to an external service (VirusTotal) rather than executing it locally. The `create_collection` and `update_iocs_in_collection` tools modify data on Google Threat Intelligence, implying that the `VT_APIKEY` should have appropriate, least-privilege permissions. Overall, the code follows good security practices, but the security depends heavily on the scope of the provided `VT_APIKEY` and how the tool's file upload/data modification capabilities are managed in deployment.
Updated: 2025-12-03GitHub
0
0
Medium Cost
ralitong icon
Sec6

Provides a framework for building Micro-Communication Protocol (MCP) servers with basic authentication and tool-calling capabilities, primarily for integration with Large Language Models.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for client-LLM interaction (OPENAI_API_KEY environment variable).
  • ⚠️Requires `mcp` Python package and its dependencies (e.g., `uvicorn`, `starlette`, `pydantic`, `python-dotenv`).
Verified SafeView Analysis
Hardcoded credentials in `app/users.json` (e.g., admin:password123, testuser:secret) are a significant security risk. The `BasicAuthMiddleware` uses Base64 encoded credentials, which are not encrypted and require HTTPS for secure transmission in production. Input validation with Pydantic is a positive security practice.
Updated: 2025-12-25GitHub
0
0
Medium Cost
rxxed icon

mamcp

by rxxed

Sec8

Search for torrents on MyAnonamouse and trigger downloads via qBittorrent from an MCP client.

Setup Requirements

  • ⚠️Requires a MyAnonamouse account and a valid session cookie (MAM_COOKIE).
  • ⚠️Requires a running qBittorrent instance with Web UI/API access enabled, along with its URL, username, password, and desired save path.
  • ⚠️The `.env` file is attempted to be loaded from a hardcoded path (`/home/maia/work/mamcp/.env`); users should ensure environment variables are exported directly as specified in the README, rather than relying on a `.env` file in the current directory.
Verified SafeView Analysis
The server handles sensitive credentials (MyAnonamouse session cookie, qBittorrent login) which are loaded from environment variables. No hardcoded secrets or 'eval' patterns were found. Input validation for tool calls uses `mcp-go` library functions. The qBittorrent integration downloads torrent files based on an ID and uploads them; while standard, this implies trust in the source of the torrents and the qBittorrent client's robustness against malicious torrent files. A hardcoded path for `.env` file loading (`/home/maia/work/mamcp/.env`) is present, which is unusual for a deployable server and might lead to setup issues if not managed via exported environment variables. The server provides warnings if required environment variables are not set.
Updated: 2025-12-11GitHub
0
0
Medium Cost
valyushok icon

mcp_speechkit

by valyushok

Sec3

A server application designed to provide speech-to-text or text-to-speech functionalities, likely integrating with external speech APIs or models.

Setup Requirements

  • ⚠️Source code not provided, so specific setup requirements are unknown. Typically, speech applications require API keys for cloud services (e.g., GOOGLE_SPEECH_KEY, AWS_ACCESS_KEY_ID) or local model dependencies.
Review RequiredView Analysis
Source code was not provided for analysis, making a comprehensive security audit impossible. The score is defaulted to low due to an unknown security posture. Potential risks common to server applications (e.g., injection vulnerabilities, insecure dependencies, misconfigurations, or hardcoded secrets) cannot be assessed.
Updated: 2025-11-30GitHub
0
0
Medium Cost
rlyeh-dev icon

yith

by rlyeh-dev

Sec6

An Odin-based MCP Server SDK designed for sandboxed Lua code execution by LLMs to enable code-agent capabilities.

Setup Requirements

  • ⚠️Requires Odin compiler for development and execution.
  • ⚠️Designed for standard I/O (stdio) communication only; no HTTP server provided.
  • ⚠️Relies on a specific Lua 5.4 runtime environment.
Review RequiredView Analysis
The core functionality involves LLM-provided code execution in an 'in-process Lua sandbox'. While Lua sandboxing can be robust, an in-process sandbox is generally less secure than containerized solutions (e.g., Docker) against sandbox escapes. The security relies heavily on correct configuration by the developer to limit exposed Lua APIs and prevent access to sensitive system resources. No obvious network risks from the server itself as it uses stdio, but exposed Lua functions could potentially introduce them.
Updated: 2025-11-28GitHub
0
0
High Cost
Satyampant icon
Sec8

An autonomous multi-agent AI equity trading system for diverse investment strategies.

Setup Requirements

  • ⚠️Requires Groq API Key (free tier available, but usage limits apply; paid tier recommended for sustained use).
  • ⚠️Requires Polygon.io API Key (free tier provides End-Of-Day data, paid/real-time tiers offer more current data).
  • ⚠️Requires either Brave Search API Key OR Serper API Key for the researcher agent's web search capabilities.
  • ⚠️Requires Pushover API Key and User Key for push notifications.
  • ⚠️Requires Python 3.12+ and Node.js (for npx commands used by some MCP servers).
  • ⚠️Requires the `uv` package manager for installation and running scripts.
Verified SafeView Analysis
The system utilizes `uvx` and `npx` to dynamically fetch and execute external MCP server binaries from remote repositories (e.g., GitHub, npm). While this is part of the MCP framework, it introduces a dependency supply chain risk if external sources are compromised. Secrets (API keys) are properly externalized via environment variables, and the system uses a local SQLite database for persistence.
Updated: 2025-11-30GitHub
0
0
High Cost
carglezfer icon

MaxKB

by carglezfer

Sec3

An enterprise-grade agent platform for building AI applications, offering RAG, workflow orchestration, and integration with various large language models and knowledge bases.

Setup Requirements

  • ⚠️Requires Docker for deployment.
  • ⚠️Requires PostgreSQL/pgvector for database and vector store.
  • ⚠️Requires configuration of LLM and embedding models, potentially involving API keys for third-party services (e.g., OpenAI, AWS Bedrock, Tencent Cloud, etc.) or local model deployment.
  • ⚠️Default admin credentials (username: admin, password: MaxKB@123..) are insecure and must be changed immediately after deployment.
Review RequiredView Analysis
Critical vulnerabilities identified: The backend uses `exec_code` for user-defined tools, a highly dangerous function that is extremely difficult to secure against malicious code injection, even with attempted sandboxing. The default admin password 'MaxKB@123..' is hardcoded in the README, posing a severe risk if not immediately changed. Potential SQL injection vectors exist in `common/db/search.py` due to 'native' SQL query construction without clear input sanitization. Dynamic `baseURL` from `window.MaxKB?.prefix` in frontend requests, if not strictly controlled on the server, could introduce risks. While there is extensive use of permission decorators, the complexity of fine-grained access control can sometimes lead to bypasses if not implemented perfectly.
Updated: 2026-01-19GitHub
0
0
Medium Cost
zanderthuo icon

MCP_SERVER_PRAC

by zanderthuo

Sec8

The MCP (Multi-Agent Communication Protocol) server provides a robust framework for building and interacting with AI-powered agent services. It supports various transports (SSE, HTTP, Stdio, WebSocket), incorporates authentication and transport security, and offers functionalities for resource management, tool execution, prompt elicitation, and AI sampling. It serves as a foundational layer for developing complex, intelligent agent systems.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Potential dependency on external AI models (e.g., OpenAI API Key for `OpenAISamplingHandler`, which is a paid service).
  • ⚠️Requires networking/port availability (e.g., `http://localhost:8080`).
  • ⚠️Some CLI commands (`mcp dev`, `mcp run`) may leverage `uv` (a fast Python package installer/resolver), potentially implying a dependency on `uv` being installed and configured in the environment.
Verified SafeView Analysis
The project extensively uses well-vetted libraries like Uvicorn, httpx, websockets, Authlib, and Pydantic, which significantly enhances security. It implements robust authentication (OAuth2, JWT) and transport security mechanisms (trusted hosts, allowed origins). A potential concern is the use of `eval` within the `jaraco.functools.except_` decorator. While typically controlled by the developer using the decorator and not directly exposed to untrusted external input within the application layer, `eval` always carries inherent risks if misused or if input sanitization fails elsewhere. Overall, the architecture shows a strong focus on security best practices.
Updated: 2025-11-24GitHub
PreviousPage 457 of 713Next