Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
shenghuofei icon

eino-mcp-agent

by shenghuofei

Sec8

An intelligent chat agent built on CloudWeGo Eino, designed to integrate with various tools via the Model Context Protocol (MCP), exemplified by a file counting utility.

Setup Requirements

  • ⚠️Requires LLM API Key (e.g., OpenAI, Volcengine ARK) which may incur costs.
  • ⚠️Requires Go 1.21+ to compile and run the main agent.
  • ⚠️Requires Python 3.7+ for the default file counting MCP server (Node.js 16+ is an alternative if using the JavaScript version).
  • ⚠️Conversation history is sent in full with each LLM request, potentially leading to high token costs and exceeding token limits in long dialogues, as no history length management is implemented.
Verified SafeView Analysis
The project uses standard libraries for file operations and JSON parsing, avoiding direct 'eval' or similar dangerous functions. Hardcoded secrets are avoided by using environment variables (e.g., OPENAI_API_KEY, GITHUB_TOKEN). The primary risks involve potential for LLM-generated malicious inputs to tools if not properly constrained, or if the configuration (config.yaml) were to specify a malicious command for an MCP server, which is a configuration-level risk rather than a code vulnerability.
Updated: 2026-01-19GitHub
0
0
Low Cost
Jammy2005 icon
Sec7

Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers, providing custom AI tools (a calculator in this case) accessible via Server-Sent Events (SSE) without authentication.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and execution.
  • ⚠️Deployment is specific to the Cloudflare Workers environment.
  • ⚠️The server is intentionally 'authless', which means no authentication is required to use the tools.
Verified SafeView Analysis
The server is explicitly designed to be 'Authless,' meaning it does not require authentication to access its tools. While this is a stated design choice, it implies that anyone with the URL can invoke the provided calculator tools. No explicit 'eval' or other highly dangerous patterns were found. Cloudflare Workers generally provide a secure execution environment.
Updated: 2025-11-26GitHub
0
0
Low Cost
SalesforceDiariesBySanket icon

mcp-router

by SalesforceDiariesBySanket

Sec8

This server acts as an MCP (Model Context Protocol) Host, bridging Salesforce (Apex/Flow) with remote MCP servers via a REST API, translating requests and managing connections.

Setup Requirements

  • ⚠️Requires `API_KEY` environment variable to be set for production authentication; otherwise, it runs without authentication in 'development mode'.
  • ⚠️For MCP servers configured with OAuth 2.1 (Authorization Code flow), the initial connection will require a manual browser-based authorization step by opening a provided `authorizationUrl`.
  • ⚠️The `MCP_SERVERS` environment variable must be a valid JSON string, which can be challenging to manage with escaping in some deployment environments.
Verified SafeView Analysis
The server employs API key authentication, `helmet` for security headers, and configurable CORS. Sensitive configurations like MCP server URLs and OAuth credentials are managed via environment variables or dynamically registered via API endpoints that are themselves protected by the main API key. OAuth 2.1 with PKCE is implemented for secure authorization flows. A potential concern is the `authMiddleware` explicitly bypassing authentication in development mode if `API_KEY` is not set, which could be a risk if deployed improperly to production. Dynamic server registration with sensitive OAuth secrets in the request body requires the API endpoint to be sufficiently secured.
Updated: 2025-12-10GitHub
0
0
Medium Cost
foyst icon
Sec8

Provides Retrieval Augmented Generation (RAG) capabilities by integrating an AWS Bedrock Knowledge Base with the Model Context Protocol (MCP) for various AI agent clients.

Setup Requirements

  • ⚠️Requires AWS credentials configured for Pulumi/SST deployment.
  • ⚠️Requires deployment of AWS resources (Bedrock Knowledge Base, S3 bucket, IAM roles, OpenSearch Serverless) using SST/Pulumi.
  • ⚠️The `AWS_BEDROCK_KNOWLEDGE_BASE_ID` is a required environment variable derived from the SST deployment output.
Verified SafeView Analysis
The source code appears to be well-structured and does not contain obvious malicious patterns or hardcoded secrets. It correctly distinguishes between local execution (requiring explicit AWS credentials via environment variables) and Lambda execution (relying on IAM roles). However, the default Lambda function URL configuration sets `cors.allowOrigins` to `["*"]`, which permits requests from any origin. While convenient for development, in a production scenario, this should be restricted to known client origins for better security, as explicitly noted in the project's README.
Updated: 2025-11-24GitHub
0
0
Low Cost
ShubhamChougale01 icon

bigquery-mcp-server

by ShubhamChougale01

Sec4

Provides a secure, authenticated, and rate-limited Model Context Protocol (MCP) server for AI agents and clients to interact with Google BigQuery.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with BigQuery enabled.
  • ⚠️Requires creating a Google Cloud Service Account with 'BigQuery Data Editor' and 'BigQuery Job User' roles.
  • ⚠️Requires manual download and placement of the service account JSON key file (`bigquery-credentials.json`) or specifying its path via an environment variable.
  • ⚠️Mandatory `PROJECT_ID` environment variable configuration.
Review RequiredView Analysis
The server allows direct execution of client-provided SQL queries via the `bq.run_query` tool. Given that the required service account roles include 'BigQuery Data Editor', an untrusted or compromised AI agent could potentially perform SQL injection attacks, leading to unintended data modification, deletion, or extraction within the BigQuery project. While authentication, rate limiting, and session management are in place, the direct execution of arbitrary SQL without sanitization by the server itself presents a significant risk with powerful BigQuery permissions.
Updated: 2025-12-11GitHub
0
0
Medium Cost
Sujoy1 icon
Sec2

An AI-driven multi-agent system for web searching, financial analysis, and stock recommendations, leveraging BrightData for real-time web data.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires BrightData API Token (Paid, requires BrightData account)
  • ⚠️Requires Node.js and npm (`npx`) for BrightData MCP client
Review RequiredView Analysis
A critical security risk is present in 'test_neo4j_connection.py' due to a hardcoded Neo4j database password. The project also relies on external 'npx' commands for the BrightData client, introducing a dependency on an external executable, and uses minified JavaScript libraries that are harder to audit for vulnerabilities.
Updated: 2026-01-17GitHub
0
0
Medium Cost
mso-docs icon

Docs-Navigator

by mso-docs

Sec9

An AI-powered documentation assistant that provides intelligent Q&A, search, and analysis capabilities across various document types, including text, PDFs, and images via OCR.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (Paid)
  • ⚠️External installation of Tesseract OCR engine and Poppler-utils for full image and scanned PDF processing on certain operating systems.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The core application (MCP server and Gradio UI) runs locally by default ('127.0.0.1') and is not exposed publicly ('share=False'), which is good for security. Environment variables for API keys are loaded from `.env` files, preventing hardcoded secrets. The `eval` function is present in `tests/test_end_to_end.py` for parsing search results, which is a security risk if this pattern were adopted in production code, but it is contained within a test script.
Updated: 2025-12-03GitHub
0
0
Medium Cost
gufao icon
Sec5

Provides a server-side component for integrating with and managing WhatsApp messaging.

Setup Requirements

  • ⚠️Requires setup of WhatsApp Business API and associated developer account.
  • ⚠️Requires WhatsApp API credentials (e.g., access token, phone ID, app secret).
  • ⚠️Requires proper configuration for webhooks to receive real-time message events.
Review RequiredView Analysis
No actual source code (only a README content) was provided for analysis. Therefore, a full security audit for specific vulnerabilities like 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could not be performed. The score is neutral due to the lack of information. Any server interacting with a messaging platform like WhatsApp should be rigorously audited before deployment, especially concerning data handling and API key management.
Updated: 2025-11-26GitHub
0
0
Low Cost
manelix2000 icon

quickchart-mcp

by manelix2000

Sec8

Generates chart images using QuickChart service, integrated as a tool for Model Context Protocol clients like GitHub Copilot, Cursor, or Claude Desktop.

Setup Requirements

  • ⚠️Requires a Model Context Protocol (MCP) client configured (e.g., GitHub Copilot, Claude Desktop, Cursor).
  • ⚠️Node.js environment is required to run locally (if not using `npx`).
  • ⚠️MCP configuration file (`mcp.json`) needs to be manually edited in VS Code or other clients to add server details.
Verified SafeView Analysis
The server uses `axios` to fetch chart images from `quickchart.io`. The `QUICKCHART_BASE_URL` is configurable via an environment variable. The `download_chart` tool allows saving images to a user-specified path, defaulting to the desktop. While it checks for directory write permissions before writing (`fs.promises.access(dir, fs.constants.W_OK)`), a malicious AI prompt could theoretically instruct the server to write to sensitive but writable locations. No hardcoded secrets or arbitrary code execution vulnerabilities (like `eval`) were identified. Overall, it appears generally safe for its intended use case within a controlled MCP client environment.
Updated: 2025-11-27GitHub
0
0
Low Cost
riccardotornesello icon

mcp-math

by riccardotornesello

Sec10

Provides a comprehensive set of mathematical operations and functions via a Model Context Protocol (MCP) API.

Setup Requirements

  • ⚠️Requires Docker (for recommended setup)
Verified SafeView Analysis
The server implements standard mathematical functions using Go's `math` package. There are no indications of dangerous functions (e.g., `eval`, `exec`), hardcoded secrets, or unusual network activity. Input validation is present for potential error conditions like division by zero or empty arrays. The scope is limited to pure mathematical computation, significantly reducing the attack surface.
Updated: 2025-11-24GitHub
0
0
Low Cost
LinusOlofsson-maker icon

mcp-server-host

by LinusOlofsson-maker

Sec3

A simple API and web interface for high school students to view and sign up for extracurricular activities.

Setup Requirements

  • ⚠️Data is not persistent (in-memory only) and will be lost on server restart.
  • ⚠️The `src/README.md` suggests `python app.py` to run the application, but this will not start the FastAPI server. The correct command requires `uvicorn`.
Verified SafeView Analysis
The application lacks authentication and authorization mechanisms. Any user can sign up or unregister any email for any activity, including other students' emails, through direct API calls or the client-side interface. There is no server-side validation of the 'email' format beyond basic existence checks. This makes the system vulnerable to unauthorized data manipulation for its stated purpose.
Updated: 2025-12-15GitHub
0
0
Low Cost
ivasoom icon

MCP-Server

by ivasoom

Sec3

Facilitate interaction with the Shopify Admin API for product and order management, primarily for AI assistants using Model Context Protocol (MCP) or custom GPT actions.

Setup Requirements

  • ⚠️Requires Shopify Admin API access token with `read_products`, `write_products`, and `read_orders` permissions.
  • ⚠️Requires Node.js 18+ to run.
  • ⚠️The API (when used as `shopify-api-server.js` or `shopify-mcp-server-sse.js` and exposed via HTTP) has no built-in authentication, making it unsafe for public exposure without custom security additions.
Review RequiredView Analysis
The server, when run as a direct API (`shopify-api-server.js`), explicitly lacks any authentication or authorization layer, making it critically vulnerable to unauthorized access and manipulation of Shopify data if exposed publicly. The `README.md` and `CHATGPT_SETUP.md` clearly state this risk, recommending the addition of authentication, rate limits, and HTTPS for production use. While environment variables are used for sensitive credentials (Shopify Access Token), the absence of request-level authentication for the API endpoints is a major security flaw for general deployment. GraphQL queries are structured, which helps prevent direct injection of malicious query structures, but the lack of authentication overrides this mitigation.
Updated: 2025-11-23GitHub
PreviousPage 466 of 713Next