Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
rabqatab icon

LexLink-ko-mcp

by rabqatab

Sec9

This MCP server provides AI agents and LLM applications with access to the Korean National Law Information API (law.go.kr), enabling search, retrieval, and analysis of Korean laws, case law, administrative rules, and AI-powered semantic search.

Setup Requirements

  • ⚠️Requires a 'law.go.kr OC identifier' obtained from open.law.go.kr, which is a specific API key from a Korean government portal.
  • ⚠️For Kakao PlayMCP deployment, a domain name (not a raw IP address), HTTPS, and serving on port 80/443 (typically via Nginx reverse proxy) are required.
  • ⚠️Python 3.10+ is required.
Verified SafeView Analysis
The server uses standard Python libraries (httpx, Starlette, uvicorn) and follows common web development practices. API keys (OC identifier) are handled with a clear priority system (tool argument > session configuration > environment variable) and can be passed via HTTP headers. Input validation is performed for date ranges and article formats, reducing malformed requests. The citation extractor includes a request delay to prevent rate limiting. Logs capture traffic, including client IP and headers, which is useful for auditing. No direct use of dangerous functions like 'eval' or 'exec' was found. Overall, the security posture appears robust for its intended use case.
Updated: 2026-01-13GitHub
0
0
Low Cost
jissac icon
Sec9

Provides a Micro-Copilot (MCP) server for AI applications, offering Bible-anchored theological infrastructure with tools for scripture lookup, search, word studies, and contextual interpretation.

Setup Requirements

  • ⚠️Requires manual pre-population of the SQLite database (`data/bible.db`) by running ingestion scripts (e.g., `scripts/ingest_bible.py`, `scripts/ingest_lexicon.py`, etc.) before the server can function.
  • ⚠️Requires 'uv' (a fast Python package manager) to be installed for dependency management and running the server.
  • ⚠️Requires Python version 3.10 or higher.
Verified SafeView Analysis
The server demonstrates strong security practices: all database connections enforce read-only access (`PRAGMA query_only = ON`), all SQL queries use parameterized statements to prevent injection, and search queries are sanitized. Input validation is robust for all tool parameters, mitigating common attack vectors. No hardcoded secrets or 'eval' usage are present in the core logic. Rate limiting is implemented to prevent basic Denial-of-Service attacks. The explicit 'Protestant theological framing' is a content bias, not a security vulnerability.
Updated: 2026-01-19GitHub
0
0
Medium Cost
IT-Square-Plus icon

Yggdrasil

by IT-Square-Plus

Sec9

Provides a production-ready MCP memory server with persistent semantic memory using Chroma Cloud vector storage, enabling AI agents to store and retrieve contextual information.

Setup Requirements

  • ⚠️Requires Docker (Engine or Desktop) to run the server.
  • ⚠️Requires a Chroma Cloud Account (a paid service, though initial free credits are provided).
  • ⚠️First startup downloads an ~80MB ONNX embedding model from Hugging Face, causing a ~20-120 second delay. During this period, the `/ready` health check endpoint will return 503 (Service Unavailable).
Verified SafeView Analysis
The project uses established frameworks (FastAPI, FastMCP, Pydantic, Uvicorn) and relies on Chroma Cloud for the vector database, offloading significant security concerns. Environment variables are used for sensitive credentials, and required ones are explicitly marked. Input validation is present for settings. Path-based routing input is sanitized using `isalnum` and specific allowed characters. `yaml.safe_load` is used for metadata updates, which is safer than `yaml.load`. No obvious `eval` or obfuscation. Logging levels are configurable. Resource limits are defined in Docker Compose, adhering to 'Context7 Best Practices'. The main risks would come from misconfiguration or vulnerabilities in underlying dependencies (FastAPI, ChromaDB, Uvicorn) which are not directly audited here.
Updated: 2025-11-25GitHub
0
0
Low Cost
cescroca1976 icon

voicemode-windows

by cescroca1976

Sec7

An MCP server enabling real-time voice interaction (Speech-to-Text and Text-to-Speech) for AI agents, integrating local services like Whisper and Kokoro, with configurable cloud fallback (OpenAI).

Setup Requirements

  • ⚠️Requires Windows 11 (as per README for this fork)
  • ⚠️Requires system-level tools: Git, FFmpeg, Chocolatey (for Windows installation), and `uv` (Python package manager).
  • ⚠️Building local STT/TTS services (Whisper.cpp, Kokoro-fastapi) requires system build tools like `gcc`/`g++`, `cmake`, `make`, and development headers (e.g., `python3-dev`, `libasound2-dev`).
  • ⚠️OpenAI API Key (Paid) is required for cloud STT/TTS fallback if local services are not configured or fail.
Verified SafeView Analysis
The server leverages extensive `subprocess` calls for installing and managing external tools (git, cmake, package managers, whisper.cpp, kokoro-fastapi), which broadens the attack surface. Its security heavily depends on the integrity of these external projects and the user's system configuration. The `whisper-server` is configured to bind to `0.0.0.0` by default, which can expose it externally if not properly firewalled. Sensitive `OPENAI_API_KEY`s are handled well via environment variables and masked in logs/outputs. No direct `eval` or malicious patterns were found, and `shlex.split` is used for parsing rules. The testing suite includes measures to prevent dangerous commands, indicating developer awareness of subprocess risks.
Updated: 2026-01-18GitHub
0
0
Medium Cost
rotkonetworks icon

continuity-mcp-server

by rotkonetworks

Sec8

A persistence layer for Claude conversations, designed to provide episodic memory, searchable history, depth tracking, and context bootstrapping to mitigate the problem of LLMs losing past insights.

Setup Requirements

  • ⚠️Requires Node.js environment (npm, tsc)
  • ⚠️Requires SQLite database file (path configurable via CONTINUITY_DB_PATH)
  • ⚠️Requires a static bootstrap.md file (path configurable via BOOTSTRAP_PATH, defaults to a placeholder if not found)
  • ⚠️Primarily designed for integration with Claude Desktop via MCP configuration.
Verified SafeView Analysis
The server uses prepared statements (`db.prepare`) to prevent SQL injection vulnerabilities. Input validation is performed using Zod schemas. Communication is via standard I/O (`StdioServerTransport`), reducing direct network attack surface from the server itself. No hardcoded sensitive information or use of `eval` was identified. The use of SQLite for data storage implies the database file itself might need access controls.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Arshad-13 icon

Market-MCP-Test

by Arshad-13

Sec8

Transforms an LLM into an Autonomous HFT Quant Agent for real-time crypto market surveillance, predictive modeling, and risk assessment.

Setup Requirements

  • ⚠️Requires `mcp` CLI tool to be installed and configured for runtime.
  • ⚠️Requires `CRYPTO_API_KEY` (e.g., CoinGecko Pro, which may be paid) and `ETHERSCAN_API_KEY` for full functionality.
  • ⚠️Requires Python 3.10 or higher and several Python libraries (`ccxt`, `httpx`, `aiosqlite`, `streamlit`, etc.) installed via `requirements.txt`.
Verified SafeView Analysis
The server follows good practices for handling API keys via environment variables and uses parameterized queries for SQLite, mitigating common injection risks. External API calls are directed to known endpoints. Dynamic instantiation of CCXT exchanges uses `getattr`, but is filtered by `ccxt.exchanges`, which generally provides a sufficient whitelist. The 'live trading' functionality is explicitly stated as 'not fully implemented yet' and currently defaults to 'PAPER_TRADING', which is a good safety measure.
Updated: 2026-01-18GitHub
0
0
Medium Cost
geckod22 icon

FeedFlow

by geckod22

Sec9

Manages and fetches articles from RSS feeds through MCP tool calls, using a persistent SQLite database.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Relies on 'uv' for dependency management, which users might not have installed or be familiar with over 'pip'.
Verified SafeView Analysis
The server appears well-structured and uses standard, reputable libraries (`httpx`, `aiosqlite`, `langdetect`). There are no `eval` or `exec` calls, nor any hardcoded secrets. Database paths are handled using `platformdirs` and can be customized via an environment variable, which is good practice. Network requests are made with timeouts. As a `stdio`-based server, its attack surface is limited to its inputs and outputs.
Updated: 2026-01-18GitHub
0
0
Low Cost
rdmpage icon

php-mcp-server

by rdmpage

Sec3

Implements the Model Context Protocol (MCP) to expose SPARQL query capabilities and resource information to an AI client like Claude Desktop.

Setup Requirements

  • ⚠️Requires PHP 7+ installed on the system.
  • ⚠️Requires the PHP cURL extension.
  • ⚠️Requires a running SPARQL endpoint, configured via the `SPARQL_ENDPOINT` environment variable.
Review RequiredView Analysis
The `mcp_sparql_server.php` directly uses user-provided SPARQL queries (via the `sparqlQuery` tool) and URIs (via the `authorsOfWork` tool) without sanitization before passing them to the SPARQL endpoint. This allows for arbitrary SPARQL query injection on the configured `SPARQL_ENDPOINT` if an attacker can control the input arguments. This is a critical vulnerability for the backend SPARQL service. Error reporting is configured to stderr, which is good practice for production servers.
Updated: 2025-12-17GitHub
0
0
Low Cost
moor-sun icon

git-mcp-server

by moor-sun

Sec8

Provides a FastAPI server to expose local Git repository file system operations and build commands for AI agents or automation systems.

Setup Requirements

  • ⚠️Requires Python 3.9+
  • ⚠️Requires Maven or Gradle (and optionally their wrappers) to be installed and accessible in the system PATH or project directory.
  • ⚠️The `GIT_LOCAL_REPO` environment variable must be set to the desired repository root, otherwise it defaults to a specific Windows path.
Verified SafeView Analysis
The server implements strong path traversal prevention for file access and project paths. Crucially, it validates and whitelists extra arguments passed to build commands, mitigating command injection risks when using `subprocess.run` with `shell=False`. No hardcoded secrets or `eval` usage found. CORS is set to allow all origins, which is acceptable for an internal/local automation tool but would be a vulnerability if exposed publicly without authentication.
Updated: 2025-12-14GitHub
0
0
Low Cost
ariefalabbasi icon

mcp-audit

by ariefalabbasi

Sec9

Analyzes and tracks token usage, costs, and efficiency of AI coding sessions across multiple CLI platforms (Claude Code, Codex CLI, Gemini CLI, Ollama CLI).

Setup Requirements

  • ⚠️Python 3.11+ is recommended for `tomllib` (otherwise `tomli` package is required for older Python versions to support TOML config files).
  • ⚠️For accurate Gemini CLI token estimation, `sentencepiece` and the Gemma tokenizer model are required. If not installed/downloaded, it falls back to `tiktoken` (approx. 95% accuracy) or character-based estimation.
  • ⚠️Downloading the Gemma tokenizer from HuggingFace requires a HuggingFace account with an accepted Gemma license and an `HF_TOKEN` environment variable or argument. Downloading from GitHub Releases is a preferred, authentication-free alternative.
Verified SafeView Analysis
The tool makes external network requests to LiteLLM's public pricing API and HuggingFace/GitHub for tokenizer downloads. These are standard and widely used public services. Critical security measures like tarball member validation (`_validate_tarball_member`) are implemented to prevent path traversal attacks during asset extraction. `subprocess` calls are used to interact with `git`, `defaults`, and `codex` commands, and appear to be used defensively within the application's intended scope. No hardcoded secrets were found; HuggingFace authentication relies on environment variables or explicit arguments.
Updated: 2026-01-19GitHub
0
0
Medium Cost
knrerikh icon

eva-mcp-server

by knrerikh

Sec8

Integrate AI assistants with Eva-project API for task, project, and document management via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️An Eva API access token (`EVA_API_TOKEN`) is mandatory for the server to function.
  • ⚠️The server's default operation (without `EVA_READ_ONLY` explicitly set) allows write operations. Users must explicitly set `EVA_READ_ONLY=true` in their environment or configuration for read-only mode, contradicting some documentation indicating read-only by default.
  • ⚠️When integrating with AI assistants like Cursor, it is crucial to provide an absolute path to the `src/server.py` file in the `mcp.json` configuration.
Verified SafeView Analysis
The server uses environment variables for API tokens, which is a good practice for secrets management. It implements a 'read-only' mode to prevent accidental data modifications. However, the server's default behavior (if `EVA_READ_ONLY` environment variable is not explicitly set) is to allow write operations, which directly contradicts statements in some documentation (e.g., `QUICK_START.md`) that imply read-only mode is enabled by default. Users must explicitly configure `EVA_READ_ONLY=true` to enforce read-only safety. No 'eval' or other directly exploitable malicious patterns were found. Network requests use `httpx` with configurable timeouts. Robust error handling is present for API calls.
Updated: 2025-12-15GitHub
0
0
Low Cost
zv-louis icon

updsts

by zv-louis

Sec8

A command-line tool and local MCP server for retrieving and updating AWS STS temporary credentials in local AWS credential files.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Uses uv for package management
  • ⚠️Requires AWS credentials configured in ~/.aws/credentials with MFA device ARN
  • ⚠️When running as an MCP server, an external agent must interact via stdio
Verified SafeView Analysis
The project directly handles AWS credentials files, which are highly sensitive. The implementation includes masking of secret keys and session tokens for output/logging. It runs as a local MCP server using stdio transport, limiting direct network exposure to external agents. The README explicitly warns against sending sensitive information to LLMs when integrating with agents. No 'eval' or obvious shell injection points found. File operations are handled using 'pathlib' and 'os.chmod', which are generally safe but require careful permission management by the user for the credentials file itself (as noted in section 9 of the README).
Updated: 2025-12-19GitHub
PreviousPage 462 of 713Next