Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
ygorkouzak icon

amigo-mcp-server

by ygorkouzak

Sec2

Exposing a set of specific business functions (tools) as an API endpoint, likely for integration with agents or other systems, focused on patient/system management for an 'Amigo' application.

Setup Requirements

  • ⚠️Requires Python 3.x and the 'FastMCP' library.
  • ⚠️Critical security risk: Core tool endpoints (`/sse`) are not authenticated by default.
  • ⚠️Relies on `uvicorn` for asynchronous server execution.
Review RequiredView Analysis
The core MCP endpoint `/sse`, which exposes all registered tools (e.g., `buscar_paciente`, `agendar_compromisso`, `status_sistema`), is explicitly excluded from the `SecurityMiddleware`'s authentication checks in `server.py`. Additionally, `main.py` exposes `/sse` without any middleware. This means the server's tools are accessible without any authentication, making it highly vulnerable if exposed to untrusted networks. While `MCP_AUTH_TOKEN` is used, it only protects routes *other* than `/sse`, `/health`, and `/`. `host="0.0.0.0"` and `forwarded_allow_ips="*"` further highlight the need for external network security.
Updated: 2025-12-21GitHub
0
0
Medium Cost
NemesisGuy icon

WordPress-MCP

by NemesisGuy

Sec8

Enables local-first LLM agents to create, edit, and organize WordPress content through a Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires WordPress 5.6+ with Application Passwords enabled and configured for a specific user.
  • ⚠️Requires `npm run build` to compile TypeScript source code to JavaScript before running.
  • ⚠️Requires specific configuration within an MCP-compatible client (e.g., Claude Desktop, VS Code extension) to point to the server executable.
Verified SafeView Analysis
The server uses WordPress Application Passwords for authentication, which is a secure method. Communication is primarily over stdio, reducing direct network exposure. Arguments are type-checked and passed to a robust WordPress REST API client (axios). The `wordpress_upload_media` tool allows specifying `filePath` to read local files, which could pose an information disclosure risk if a malicious prompt could trick the LLM agent into requesting unauthorized files from the server's host system. However, this risk is mitigated by the local-first, agent-driven nature of the server where the user implicitly trusts and controls their agent.
Updated: 2025-12-22GitHub
0
0
High Cost
gajda-w icon
Sec9

An MCP (Model Context Protocol) Server for the Beltche BJJ gym management platform, enabling AI assistants like ChatGPT to manage students, trainings, and gym data through defined tools.

Setup Requirements

  • ⚠️Requires full OAuth 2.0 application setup with FusionAuth (Client ID, Client Secret, Authorize URL, Token URL, Redirect URI).
  • ⚠️For production, a Redis instance is highly recommended for persistent token storage; otherwise, tokens are lost on server restart.
  • ⚠️Requires public exposure (e.g., via ngrok or a public URL) for external AI assistant integration, especially for the OAuth callback URL.
Verified SafeView Analysis
The server employs robust security practices including Zod for environment variable validation, Pino for structured logging with redaction of sensitive data (like tokens and authorization headers), `asyncHandler` for consistent error handling, and `express-rate-limit` to prevent abuse. OAuth tokens are managed via a `linkToken` and stored securely (in-memory for dev, Redis for prod), and refreshed as needed. No direct `eval` or unsanitized shell execution from user input was identified. Dependencies appear to be standard and well-vetted. A full audit of the MCP SDK and FusionAuth setup would be needed for a perfect score.
Updated: 2025-12-02GitHub
0
0
Low Cost
Julian-AT icon

datagvat-mcp

by Julian-AT

Sec7

Provides programmatic access, discovery, quality analysis, and management tools for Austrian Open Government Data from the data.gv.at platform via the Piveau Hub API.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Semantic search functionality relies on a FastMCP-configured LLM backend, which may incur costs if using a commercial LLM API (e.g., OpenAI, Anthropic) in production.
  • ⚠️Write operations (creating, updating, deleting, publishing, hiding datasets) require an 'AUSTRIA_MCP_PIVEAU_API_KEY' which may necessitate registration with data.gv.at.
  • ⚠️The data preview functionality (fetching from arbitrary URLs) presents a potential Server-Side Request Forgery (SSRF) risk, allowing the server to make requests to internal networks if not properly isolated.
Verified SafeView Analysis
The server uses Pydantic's SecretStr for API keys, loads sensitive configuration from environment variables, and utilizes standard HTTP client libraries (httpx). LLM interactions for semantic search are designed to parse responses as strict JSON, mitigating direct LLM code injection risks. The `preview_data` and `preview_schema` tools fetch content from arbitrary URLs based on user input. While `MAX_PREVIEW_BYTES` limits data volume, this represents a potential Server-Side Request Forgery (SSRF) risk if the server's network configuration allows access to internal resources. No 'eval' or obfuscation is present, and the codebase follows generally good security practices for an open-source project, but the SSRF aspect of the preview functionality is a notable concern.
Updated: 2026-01-18GitHub
0
0
Medium Cost
SiddhiBagul icon

MCP-oura

by SiddhiBagul

Sec9

Integrate with the Oura API to retrieve and transform user health data, including sleep, readiness, and resilience metrics, for use by language models.

Setup Requirements

  • ⚠️Requires an Oura API Token, which must be obtained from the Oura developer portal.
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️The primary 'README.md' is generic and provides confusing instructions for downloading a '.zip' file and installing a desktop application, which contradicts the project's actual nature as a Python package described in 'pyproject.toml' and 'README_zh_CN.md'.
Verified SafeView Analysis
The server uses environment variables (OURA_API_TOKEN) for API authentication, which is a good security practice. It makes external HTTP requests to the Oura API over HTTPS. No 'eval', obfuscation, or obvious malicious patterns were found in the provided source code. Error handling is present for API responses.
Updated: 2026-01-19GitHub
0
0
Low Cost
ajafry icon
Sec7

A FastAPI backend demonstrating the Azure AD On-Behalf-Of (OBO) token exchange flow to securely call an internal FastMCP server with user context.

Setup Requirements

  • ⚠️Requires significant Azure AD application registration and configuration for at least two applications (one for the FastAPI backend, one for the FastMCP server), including API permissions and scopes.
  • ⚠️A comprehensive set of environment variables (e.g., AUTH_TENANT_ID, API_CLIENT_ID, API_SECRET, MCP_CLIENT_ID, MCP_SECRET, MCP_SERVER_URL, API_SCOPES, MCP_SCOPES) must be correctly configured in `.env` files.
  • ⚠️For the full On-Behalf-Of flow to function, both the `backend.py` (FastAPI client) and `mcp_server.py` (FastMCP server) must be running concurrently, likely on different ports (8000 and 8001 respectively).
Verified SafeView Analysis
The application correctly uses environment variables for sensitive configuration (client IDs, secrets, tenant ID). Authentication via Azure AD (fastapi-azure-auth) and fine-grained authorization (AuthorizationMiddleware) are well-implemented. However, the FastAPI backend uses `CORSMiddleware` with `allow_origins=["*"]`, which is a significant security risk in production environments as it allows cross-origin requests from any domain.
Updated: 2025-11-20GitHub
0
0
Low Cost
Yousaf-rao icon
Sec6

An API server for managing personal expenses, allowing users to add, list, and summarize expense entries.

Setup Requirements

  • ⚠️The database ('expenses.db') is stored in a temporary directory, meaning all data will be lost on server restart or system temporary file cleanup.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires 'aiosqlite' and 'fastmcp' Python packages to be installed.
Verified SafeView Analysis
The server uses parameterized SQL queries, effectively preventing SQL injection. There are no hardcoded secrets or 'eval' statements. However, the database is stored in a temporary directory (`tempfile.gettempdir()`), which means data is not persistent across restarts and could potentially be exposed or deleted depending on the host system's temporary directory configuration and cleanup policies. This is a significant data integrity and privacy concern for a financial application. The FastMCP server listens on all network interfaces (`0.0.0.0`), and the provided code does not include explicit authentication or authorization, suggesting the API endpoints are publicly accessible by default.
Updated: 2025-12-11GitHub
0
0
High Cost
Trigi-Digital icon

mcp-banana-image

by Trigi-Digital

Sec9

AI-powered server to generate, edit, analyze, and process images using Google's Gemini-3-Pro model through a Model Context Protocol interface, offering 16 specialized tools.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (Paid API usage is likely).
  • ⚠️Node.js 20+ must be installed.
  • ⚠️MCP_API_KEY environment variable is required for HTTP transport mode for API authentication.
Verified SafeView Analysis
The server features comprehensive input validation and path sanitization, actively preventing SSRF, path traversal, and null byte injection attacks. Sensitive data is robustly redacted from logs. Explicit error handling for API content safety blocks and rate limits is implemented. The security architecture demonstrates a strong focus on preventing common vulnerabilities.
Updated: 2026-01-17GitHub
0
0
Medium Cost
ahays248 icon

code-atlas-mcp

by ahays248

Sec8

An MCP server that generates Mermaid diagrams for code visualization (call graphs, control flow, project structure) for TypeScript, JavaScript, and Python codebases.

Setup Requirements

  • ⚠️Requires Node.js version >= 18.0.0.
  • ⚠️Requires the `code-atlas` CLI tool to be installed at a specific relative path. The `code-atlas-mcp` server expects the `code-atlas` CLI's `dist/cli.js` file to be located in a `code` directory that is a sibling to the installed `code-atlas-mcp` package's root directory (e.g., if `code-atlas-mcp` is at `/repo/node_modules/code-atlas-mcp`, it expects the CLI at `/repo/code/dist/cli.js`). This setup is not typically handled by a standard `npm install` and likely requires manual placement of the `code-atlas` CLI or a specific monorepo project structure.
Verified SafeView Analysis
The server uses `child_process.spawn` to invoke an external `code-atlas` CLI tool for analysis. Arguments passed to `spawn` are resolved to absolute paths and handled as an array of strings, which is generally safer against shell injection than direct shell execution (`exec`). Input schemas are validated using `zod`. The server itself uses `StdioServerTransport`, meaning it does not expose network ports directly, reducing the network attack surface. No `eval` or hardcoded sensitive credentials were found. The primary security consideration would be potential vulnerabilities within the external `code-atlas` CLI itself, which is outside the scope of this MCP server's code.
Updated: 2026-01-19GitHub
0
0
Low Cost
Ekestfa icon
Sec8

This server acts as a Model Context Protocol (MCP) gateway, providing a standardized HTTP interface for AI assistants and language models to interact with various Retrieval-Augmented Generation (RAG) microservices, facilitating query routing and context aggregation.

Setup Requirements

  • ⚠️Requires a .env file to configure `KODABI_BASE_IP` and `KODABI_BASE_PORT`.
  • ⚠️Full functionality, as per documentation, will require `RAG_API_TOKEN` and `RAG_BASE_URL` environment variables for authentication with downstream RAG services.
  • ⚠️Requires the Rust toolchain (Cargo, Rustc) to build and run the application from source.
Verified SafeView Analysis
The provided `src/main.rs` implements a minimal Axum web server with a single `/health` endpoint, using environment variables for configuration (`KODABI_BASE_IP`, `KODABI_BASE_PORT`). No 'eval', obfuscation, or hardcoded secrets are present in the truncated source code. The `rag_config.json` stores internal service configuration, not sensitive data. While the full authentication and complex routing logic described in the MVP documentation (which outlines API token validation and security auditing) is not yet visible in the provided source code, the architectural design principles indicate a strong security posture. The current implementation is safe for its minimal scope.
Updated: 2026-01-19GitHub
0
0
Low Cost
SamMorrowDrums icon

mcp-kotlin-starter

by SamMorrowDrums

Sec9

A starter template for building Model Context Protocol (MCP) servers in Kotlin, demonstrating core features.

Setup Requirements

  • ⚠️JDK 17+ is required
  • ⚠️Gradle is required
Verified SafeView Analysis
The server uses Ktor with `CORS().anyHost()` in its HTTP transport, which is open by default. While common for development, it requires careful consideration for production deployments to restrict allowed origins. No 'eval' or direct dynamic code execution from user input observed. Input parsing for arguments appears robust, using Kotlin's type-safe JSON deserialization methods.
Updated: 2026-01-19GitHub
0
0
Low Cost
abhisheksinghbhadouria icon

expense-tracker-mcp-server

by abhisheksinghbhadouria

Sec9

An MCP server designed for tracking, listing, and summarizing personal or small-scale expenses.

Setup Requirements

  • ⚠️Python 3.11+ required
  • ⚠️Requires fastmcp library to be installed
Verified SafeView Analysis
The code uses parameterized SQL queries, effectively preventing SQL injection. No 'eval', 'exec', or hardcoded secrets are present. The database is stored in a temporary directory, which is generally safe for local applications but could be a minor concern on multi-user systems if permissions are not strictly controlled, though sqlite3 usually handles file permissions reasonably. Overall, it demonstrates good security practices for its scope.
Updated: 2025-12-02GitHub
PreviousPage 467 of 713Next