Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
pyaekyaw-dev icon

fattureincloud-mcp

by pyaekyaw-dev

Sec8

Manages Italian electronic invoices by integrating with the Fatture in Cloud API, providing tools for creating, sending, tracking, and analyzing invoices through a conversational interface.

Setup Requirements

  • ⚠️Requires a Fatture in Cloud account and API credentials (FIC_ACCESS_TOKEN, FIC_COMPANY_ID), which may involve a paid service.
  • ⚠️Requires Python 3.10 or later.
  • ⚠️Requires an active internet connection for Fatture in Cloud API integration.
Verified SafeView Analysis
The server uses environment variables (`os.getenv`) for sensitive information like API access tokens, which is a good practice. It does not contain direct usage of `eval` or obvious obfuscation. Input validation is largely deferred to the `fattureincloud-python-sdk`. A generic `except` block for all tool calls could mask specific errors but doesn't introduce direct security vulnerabilities from the server side. It communicates via standard I/O (stdio), which is generally safe when executed locally or in a trusted environment. Overall, the code appears to be a straightforward wrapper around a well-known API.
Updated: 2026-01-19GitHub
0
0
Medium Cost
nhajje icon
Sec9

Provides Claude with access to Hajjefy time tracking analytics and insights for comprehensive overview, user, team, billable, customer, capacity, daily hours, and TAM analysis.

Setup Requirements

  • ⚠️Requires a Hajjefy API Token (implies a paid Hajjefy service subscription).
  • ⚠️Node.js version 18+ is recommended for optimal compatibility.
  • ⚠️Requires careful configuration in Claude Desktop using absolute paths to the built `index.js` file, as highlighted in the installation guide.
Verified SafeView Analysis
The server's source code shows good security practices. It loads the `HAJJEFY_API_TOKEN` from environment variables, preventing hardcoding. The `axios` client includes error interceptors for authentication and access issues. Sensitive Salesforce credentials are noted as being required for the 'main Tempo Dashboard' (presumably the Hajjefy backend), and the MCP server accesses Salesforce data via Hajjefy's Netlify functions (`/.netlify/functions/salesforce-account`), which abstracts direct credential handling from the local server. No `eval` or intentional obfuscation was found. Test scripts include placeholder tokens, but these are clearly separated from the main application logic.
Updated: 2026-01-05GitHub
0
0
Medium Cost
cloudsteak icon

dora-agents

by cloudsteak

Sec1

Acts as a central server (MCP) for managing and orchestrating internal agent microservices.

Setup Requirements

  • ⚠️Docker required
  • ⚠️Python environment setup required
Review RequiredView Analysis
Source code for security analysis (beyond README.md) was not provided. Thus, it's impossible to verify the absence of 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. The score reflects this complete lack of visibility.
Updated: 2025-12-03GitHub
0
0
Medium Cost
Abhuday2709 icon

MCP-SERVER

by Abhuday2709

Sec8

An AI chatbot server integrating Google Gemini with Gmail via Model Context Protocol for intelligent email interaction.

Setup Requirements

  • ⚠️Requires Google Cloud Project setup for OAuth2 credentials and Gmail API enablement.
  • ⚠️Requires a running Redis instance (local or cloud like Upstash).
  • ⚠️Requires a Google Gemini API key.
Verified SafeView Analysis
The server follows good security practices by using environment variables for sensitive data, HTTP-only cookies for JWTs, and Redis for storing OAuth tokens. The MCP client spawns a fixed `node` process, which is safe. CORS is configured correctly to prevent cross-site scripting. The AI prompt engineering attempts to obtain structured JSON, with error handling for parsing. However, explicit Google refresh token handling is not fully detailed in the provided code snippets (though tokens are stored), and rate limiting, while recommended in the README, is not implemented in the main `app.js`.
Updated: 2025-11-23GitHub
0
0
Medium Cost
peacockery-studio icon

outlook-mcp

by peacockery-studio

Sec8

Connects Claude with Microsoft Outlook to manage emails and calendar events via the Microsoft Graph API.

Setup Requirements

  • ⚠️Requires Azure App Registration: Users must register an application in the Azure Portal, configure permissions (Mail.Read, Mail.Send, Calendars.ReadWrite, Contacts.Read), and obtain client ID/secret.
  • ⚠️Node.js version: Requires Node.js 18.0.0 or higher.
  • ⚠️Separate Authentication Server: The OAuth authentication process requires running a separate local server (`npm run auth-server`) on port 3333 to handle authentication callbacks from Microsoft. This server must be active during the initial authentication step.
Verified SafeView Analysis
The server correctly uses environment variables (MS_CLIENT_ID, MS_CLIENT_SECRET, OUTLOOK_CLIENT_ID, OUTLOOK_CLIENT_SECRET) for sensitive credentials, avoiding hardcoded secrets in the main application logic. Tokens are stored locally in the user's home directory (`~/.outlook-mcp-tokens.json`), which is a common practice for local applications. The OAuth authentication flow uses a localhost callback, mitigating some network risks. However, utility scripts (`find-folder-ids.js`, `move-github-emails.js`, `create-notifications-rule.js`) contain hardcoded folder IDs, which, while not a direct server vulnerability, is poor practice and could lead to misconfiguration or data targeting issues if those scripts are reused blindly. The `outlook-auth-server.js` uses a simple `Date.now().toString()` for the OAuth `state` parameter, and the `oauth-server.js` includes a mandatory check for the *presence* of the state parameter but explicitly notes that full state *validation* (comparing the received state value to a stored one for CSRF protection) is the responsibility of the integrating application, as this module does not manage sessions. This means the integrating application needs to correctly implement CSRF protection. Debug logs using `console.error` in `auth/token-manager.js` may expose token details if not handled carefully in production.
Updated: 2025-12-05GitHub
0
0
Low Cost
nikydobrev icon
Sec9

Specialized Model Context Protocol (MCP) server for Azure DevOps, providing multi-organization support and LLM-optimized responses.

Setup Requirements

  • ⚠️Requires Azure DevOps Personal Access Tokens (PATs) with appropriate permissions (Code Read, Build Read & Execute, Project and Team Read) for each organization.
  • ⚠️Requires a `config.json` file in the root directory, mapping Azure DevOps organization names to their respective PATs.
  • ⚠️Requires Node.js v18 or higher for local execution, or Docker for containerized deployment (which then requires building the Docker image).
Verified SafeView Analysis
Personal Access Tokens (PATs) are externalized to a `config.json` file, which must be secured by the user. The server itself does not expose PATs in its output or allow dynamic code execution from untrusted input. Interactions with Azure DevOps APIs are handled via a well-established SDK. The `pipelines_update_build_stage` tool is explicitly noted as not fully implemented, reducing potential risks from incomplete write operations.
Updated: 2025-12-11GitHub
0
0
High Cost
riddhigupta135 icon
Sec8

Autonomous stock trading system utilizing multiple AI agents and specialized MCP servers for real-time market analysis, news sentiment, risk management, and simulated trade execution.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Polygon API Key (Paid or with usage limits)
  • ⚠️Requires Brave API Key (Paid or with usage limits)
  • ⚠️Requires Pushover User Key and API Token (Paid)
  • ⚠️Requires outbound internet access for all API calls
Verified SafeView Analysis
API keys are properly managed via environment variables ('.env') to prevent hardcoding. Standard network calls (requests library with HTTPS and timeouts) are used for external services. No 'eval', 'exec', 'pickle', `os.system` or direct shell command injection points were found. LLM output parsing with `json.loads` is safer than `eval` but relies on LLM integrity and robust downstream handling of potential non-JSON output or unexpected structures.
Updated: 2026-01-18GitHub
0
0
Medium Cost
CASTResearchLabs icon

mcp_scan_server_imaging

by CASTResearchLabs

Sec1

A server component for a scanning system likely involved in image acquisition, processing, or management, inferred from the repository name 'mcp_scan_server_imaging'.

Review RequiredView Analysis
No source code was provided for analysis, therefore a comprehensive security audit could not be performed. The score of 1 indicates that the safety of running this server is unverified and potential critical risks like 'eval', hardcoded secrets, or malicious patterns cannot be ruled out.
Updated: 2025-12-03GitHub
0
0
Medium Cost
nik-kale icon
Sec8

A security-first gateway for AI agents to interact with external tools and infrastructure, enforcing policies, human approvals, and comprehensive auditing.

Setup Requirements

  • ⚠️Requires Node.js 18+ and pnpm 8+.
  • ⚠️Redis is required for persistent approval storage and is configured via `REDIS_URL`.
  • ⚠️For production, the `JWT_SECRET` must be changed from its placeholder value, and external TLS termination (e.g., via a load balancer) is required for secure communication as the gateway itself does not handle TLS.
Verified SafeView Analysis
The project emphasizes a 'security-first' design with comprehensive input validation (Zod), automatic PII/secret redaction in logs, policy-based access control, human-in-the-loop approvals, and structured audit logging. It utilizes security middleware like Helmet.js and `express-rate-limit`. Authentication with JWT and API keys is implemented, alongside OIDC integration. Key security considerations for deployment include an explicitly noted placeholder `JWT_SECRET` that *must* be changed in production, and a statement in `SECURITY_MODEL.md` that internal TLS/encryption is out of scope, relying on external transport (e.g., a reverse proxy). The provided Docker Compose setup for Redis lacks explicit authentication configuration, which can be a risk if not deployed in a trusted network or with additional Redis security measures.
Updated: 2025-12-27GitHub
0
0
High Cost
robbgatica icon

memory-lane

by robbgatica

Sec9

AI-powered memory forensics analysis using Volatility 3 and an LLM.

Setup Requirements

  • ⚠️Requires Python 3.8+
  • ⚠️Requires Volatility 3 installed and accessible
  • ⚠️Requires a separate LLM runtime (e.g., Ollama server or Claude Code) to be installed and running.
  • ⚠️Initial processing of memory dumps is time-consuming (5-15 minutes for 2-3 GB) and may require significant temporary disk space.
Verified SafeView Analysis
The server integrates Volatility 3 for memory analysis and exposes its capabilities via the Model Context Protocol (MCP). It handles memory dumps (potentially malicious data) for analysis. No direct 'eval' or 'exec' calls were found in the provided source. Network communication from the Ollama client to the Ollama server is localhost by default, reducing external network risks. Sensitive configurations like API keys are expected as environment variables. Provenance tracking (`provenance.py`) provides an audit trail. The primary security considerations involve the inherent risks of handling potentially malicious memory dumps in a forensic context, and the security of the underlying Volatility 3 framework. The parsing of LLM responses for tool calls introduces a potential, but mitigated, risk if the JSON parsing or tool argument mapping is flawed. Recommendations for running in isolated environments are present in the documentation.
Updated: 2025-12-14GitHub
0
0
Medium Cost
sepal7 icon

mcp-ado

by sepal7

Sec9

An MCP server enabling AI assistants to access and manage Azure DevOps services, including wikis, repositories, work items, pull requests, builds, releases, and test plans, with multi-project support and WIQL queries.

Setup Requirements

  • ⚠️Requires an Azure DevOps Personal Access Token (PAT) with specific read/write scopes for various services (Code, Work Items, Wiki, Build, Pull Requests, Release, Test Plans).
  • ⚠️Requires Node.js version 18 or higher to run locally.
  • ⚠️Requires specific configuration within an MCP-compatible IDE (e.g., Cursor, VS Code with GitHub Copilot Chat) by modifying its settings.json to point to the server and provide environment variables.
Verified SafeView Analysis
The server's design explicitly addresses sensitive data handling, particularly Azure DevOps Personal Access Tokens (PATs). It leverages environment variables, which are recommended for local setup, and Azure Key Vault for cloud deployments, preventing hardcoding secrets in the repository. Extensive documentation guides users on secure PAT management, including required scopes and updating expired tokens. No direct use of 'eval' or other highly dangerous functions was found. Network interactions are confined to Azure DevOps APIs via HTTPS, which is inherent to its function.
Updated: 2025-12-11GitHub
0
0
Low Cost
Azure-Samples icon
Sec9

Provides a remote Model Context Protocol (MCP) server implemented with Azure Functions in Java to enable custom AI tool integrations, such as saving/retrieving code snippets and executing simple commands.

Setup Requirements

  • ⚠️Requires JDK 17 (or newer)
  • ⚠️Requires Azure Developer CLI (azd) for deployment
  • ⚠️Requires Docker (or VS Code Azurite extension) for local storage emulation (Azurite)
  • ⚠️Requires Azure Functions Core Tools v4 (≥ 4.0.7030) for local execution
Verified SafeView Analysis
The Java source code is straightforward and does not contain 'eval', code obfuscation, or immediately apparent malicious patterns. Input parameters are handled via annotations and Java types. The infrastructure uses Azure's native security features, including Managed Identities for storage and monitoring access, HTTPS, and supports VNet isolation with private endpoints for the storage account, avoiding hardcoded credentials. It also allows for OAuth via EasyAuth or API Management as next steps.
Updated: 2025-12-10GitHub
PreviousPage 465 of 713Next