Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
mbrt icon
Sec7

Provides tools for Kustomize configuration management, including rendering, diffing, and dependency analysis, primarily for AI models to safely refactor Kubernetes configurations.

Setup Requirements

  • ⚠️Requires `kustomize` and `git` binaries to be available in the execution environment.
  • ⚠️Requires Python 3.13 if not using Docker.
  • ⚠️Requires Docker for the most secure and straightforward setup, which also bundles `kustomize`, `helm`, and `git`.
Verified SafeView Analysis
The server executes `kustomize` and `git` binaries and performs extensive file system operations. While arguments passed to these binaries are generally derived from internal logic or user-provided relative paths, disabling Kustomize's load restrictions via `KUSTOMIZE_LOAD_RESTRICTIONS=false` could potentially expose the server to vulnerabilities in Kustomize itself. It is crucial to run this server in a controlled, isolated environment (like Docker with restricted volume mounts) as recommended in the README to prevent unauthorized file system access or command injection if an underlying vulnerability in Kustomize or Git is exploited.
Updated: 2025-12-15GitHub
0
0
Medium Cost

mcp-server

by denis-rizun

Sec8

A FastAPI backend server implementing the Minimal MCP-Compatible Protocol for integrating and exposing LLM-based tools.

Setup Requirements

  • ⚠️Requires access to an LLM provider (e.g., OpenAI API Key, local LLM setup).
  • ⚠️A JWT secret key is required for the authentication middleware.
  • ⚠️Python environment setup and dependencies from requirements.txt must be installed.
Verified SafeView Analysis
The server includes a JWT middleware for authentication and an SQL validator to check for dangerous constructions, enhancing security for API endpoints and tool interactions. Standard server-side network risks apply.
Updated: 2025-11-22GitHub
0
0
Medium Cost
BACH-AI-Tools icon

excel-mcp-server

by BACH-AI-Tools

Sec8

Provides an AI agent with capabilities to programmatically create, read, update, and manipulate Excel files without needing Microsoft Excel installed.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires `uv` for easy execution (e.g., `uvx` command)
  • ⚠️For SSE and Streamable HTTP transports, `EXCEL_FILES_PATH` environment variable must be set (defaults to `./excel_files`) to specify where Excel files are read/written.
Verified SafeView Analysis
The server explicitly validates Excel formulas to prevent injection of unsafe functions (e.g., INDIRECT, HYPERLINK). File paths are handled using `os.path.join` and in network modes, file operations are restricted to a configurable directory (`EXCEL_FILES_PATH`), defaulting to `./excel_files`. Stdio mode requires absolute paths for security. No obvious direct `eval` or `exec` of user input found. Standard network service considerations apply if exposed publicly.
Updated: 2025-12-04GitHub
0
0
Low Cost
major icon

porkbun-mcp

by major

Sec9

An MCP server for managing Porkbun DNS records, domains, DNSSEC, and SSL certificates, designed for integration with LLM agents.

Setup Requirements

  • ⚠️Requires Porkbun API Key and Secret Key, which must be obtained from the Porkbun website.
  • ⚠️Python 3.14+ is required.
Verified SafeView Analysis
API keys are loaded securely from environment variables (PORKBUN_API_KEY, PORKBUN_SECRET_KEY) via pydantic-settings, preventing hardcoding. The server wraps a legitimate DNS API (`oinker`) and does not appear to contain 'eval', obfuscated code, or other direct malicious patterns. Standard network interaction with the Porkbun API is an expected part of its function.
Updated: 2026-01-19GitHub
0
0
Medium Cost
AdouaniHoussemKhalil icon

skill-valut-mcp-server

by AdouaniHoussemKhalil

Sec5

The MCP server provides web search capabilities via Tavily and retrieves the latest GitHub releases for major technologies, with a unique notification system to avoid duplicate alerts.

Setup Requirements

  • ⚠️Requires Tavily API Key (Paid service)
  • ⚠️Python 3.13+ only
  • ⚠️Core server implementation (`mcp-server-http.py`) is missing from the provided source code, preventing functionality
Review RequiredView Analysis
The core server logic file (`mcp-server-http.py`) is empty in the provided source code, preventing a comprehensive security audit. Cannot verify absence of 'eval', obfuscation, or other malicious patterns within the server's operational code. Relying on external APIs (Tavily, GitHub) introduces third-party risks. Assumes environment variables are properly used for API keys, as suggested by `python-dotenv` dependency and README.
Updated: 2025-11-26GitHub
0
0
High Cost
jrepp icon

merge-god

by jrepp

Sec8

A Python library and MCP server for autonomously syncing GitHub repository data (PRs, branches, CI status, comments) to a local SQLite database, and enabling LLM-driven automation of Git/GitHub workflows (merging, rebasing, PR reviews, CI fixes) through a structured tool-calling system and git worktree management.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires Git to be installed and available in PATH.
  • ⚠️Requires GitHub CLI (gh) for GitHub authentication (falls back to GITHUB_TOKEN/GH_TOKEN environment variables).
  • ⚠️Requires Claude API access, configurable via Anthropic direct API key or AWS Bedrock credentials, and an Anthropic model name.
Verified SafeView Analysis
The server executes external 'git' and 'gh' commands via subprocess, which carries an inherent risk if inputs are not perfectly sanitized, though the codebase demonstrates efforts in handling arguments and resolving file paths. Sensitive API keys are explicitly configured to be provided via environment variables, preventing hardcoding. No direct 'eval' or obvious malicious patterns were found. Running in a controlled environment is advisable due to subprocess calls.
Updated: 2025-11-27GitHub
0
0
Medium Cost
l4b4r4b4b4 icon

fastmcp-template

by l4b4r4b4b4

Sec9

Provides a FastMCP server template with reference-based caching and private computation for AI agent tools handling large datasets efficiently.

Setup Requirements

  • ⚠️Python 3.12+ is required.
  • ⚠️The 'uv' tool is recommended for dependency management and local execution, requiring installation if not present.
  • ⚠️Running the server in 'sse' or 'streamable-http' mode will automatically select a Redis backend for caching, implicitly requiring a running Redis server at `redis://localhost:6379` by default.
Verified SafeView Analysis
The server is designed with strong security considerations, particularly for protecting data from AI agents via granular access control and private computation features. Environment variables are used for configuration (e.g., Langfuse keys, Redis URL), preventing hardcoded secrets. The default `is_admin` function returns `False`, requiring explicit implementation for administrative access. The use of `0.0.0.0` for host binding in Docker environments is standard but necessitates proper external network security. No critical runtime vulnerabilities like `eval` or command injection were found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
qduc icon

code-rag

by qduc

Sec7

Semantic code search for your entire codebase, enabling natural language queries to find relevant code snippets and source locations.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Optional dependencies for local (code-rag-mcp[local]) or cloud (code-rag-mcp[cloud]) models, specified during setup.
  • ⚠️OpenAI or other cloud provider API keys (e.g., OPENAI_API_KEY) are required for cloud embedding models.
  • ⚠️Local embedding and reranker models download large files (~500MB+) on first use, which can take time and consume disk space.
Verified SafeView Analysis
The primary security consideration is the 'codebase_path' argument. The server is designed to read and process files from the specified path. If a malicious or untrusted path is provided, the tool will attempt to access and index those files, which could lead to unauthorized data access or processing. While the CLI mode offers a validation callback, the MCP integration sets 'validate_codebase=False' for seamless operation, assuming the path is trusted. There are no obvious 'eval' or direct code injection vulnerabilities. Network communication for the shared embedding server is primarily local (127.0.0.1).
Updated: 2026-01-11GitHub
0
0
Low Cost
G3sparky icon

claude-paste-mcp

by G3sparky

Sec7

Allows users to paste images, Excel tables, rich text, and plain text from their Windows clipboard directly into Claude via a popup interface.

Setup Requirements

  • ⚠️Requires Windows 10/11 operating system.
  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Manual configuration of `~/.claude/config.json` with an absolute path to the `index.js` file is required and prone to user error.
Verified SafeView Analysis
The server invokes a PowerShell script (`PastePopup.ps1`) using `child_process.spawn` with `-ExecutionPolicy Bypass`. This grants the script full local system access without requiring it to be signed. While necessary for its intended functionality (clipboard interaction, file system operations, UI popup), it relies heavily on the user trusting the source code of the PowerShell script. There are no obvious `eval` calls or external network risks directly from the Node.js wrapper, but a compromised PowerShell script could lead to arbitrary code execution.
Updated: 2025-11-23GitHub
0
0
Low Cost
bishnubista icon

vulnerable-notes-mcp

by bishnubista

Sec1

A deliberately vulnerable MCP server for testing security scanning tools and training developers to recognize common security anti-patterns in AI agents.

Setup Requirements

  • ⚠️Requires Node.js runtime environment.
  • ⚠️Relies heavily on local file system access, requiring specific permissions for directories like './notes', './exports', and '/tmp/mcp-shared-state'.
  • ⚠️Configuration is heavily influenced by environment variables (e.g., NOTES_DIR, EXPORT_DIR, REMOTE_CONFIG_URL) and external configuration files, which are also sources of intentional vulnerabilities.
Review RequiredView Analysis
This server is intentionally designed with numerous critical security vulnerabilities, as explicitly stated in its README. Key risks include: - **Hardcoded Secrets (SAFE-T1601):** API keys (OpenAI, AWS, Stripe) are directly embedded in `src/tools/export.ts`. - **Overly Broad OAuth Scopes (SAFE-T1602):** OAuth configurations in `src/tools/export.ts` request excessive permissions (e.g., full Google Drive, Gmail modify, full repo access for GitHub). - **Path Traversal & Unvalidated File Operations (SAFE-T1101, SAFE-T1201):** Functions like `readFile`, `writeFile`, `listFiles` in `src/utils/helpers.ts` and file writes in `src/tools/export.ts` (e.g., `writeToSharedLocation`) lack path sanitization, allowing arbitrary file system access and writes outside intended directories. Filenames are also not sanitized, leading to further path traversal. - **Direct Prompt Injection (SAFE-T1301):** User-provided `customPrompt` in `notes_summarize` (`src/tools/notes.ts`) is directly concatenated into the LLM prompt without sanitization. - **Hidden Instructions & Schema Poisoning (SAFE-T1001, SAFE-T1002, SAFE-T1402):** Zero-width characters and malicious instructions are embedded in tool descriptions and input schemas in `src/tools/search.ts`, designed to manipulate agent behavior. - **Unauthorized Execution (SAFE-T1701):** `notes_delete` and `notes_cleanup` in `src/tools/notes.ts` perform sensitive and destructive file operations without confirmation. - **Sensitive Data Leakage (SAFE-T1801, SAFE-T1802):** Error messages (`src/tools/notes.ts`, `src/utils/helpers.ts`) and debug logs (`src/index.ts`) expose full file paths, working directories, system information, environment variable keys, and even memory usage. Backups also include hardcoded credentials (`src/tools/export.ts`). - **Configuration Poisoning (SAFE-T1401):** The server loads configuration from unvalidated environment variables, local files, and remote URLs, allowing attackers to inject dangerous settings like `ALLOW_SYSTEM_COMMANDS` or `WEBHOOK_URL`. - **Supply Chain Vulnerabilities (SAFE-T1501):** Dependencies are pinned to `latest` without integrity hashes in `src/config/settings.ts`, enabling potential 'tool rug pull' or supply chain attacks. - **System Instruction Bypass (SAFE-T1302):** The primary system prompt can be fully overridden via the `OVERRIDE_SYSTEM_PROMPT` environment variable (`src/index.ts`). - **Multimodal Prompt Injection (SAFE-T1303):** Image URLs are processed without validation in `src/index.ts`, trusting embedded instructions. - **Cross-Agent Resource Access (SAFE-T1102):** Shared state mechanisms (`getSharedState`, `setSharedState`, `deleteSharedState`, `broadcastToAgents` in `src/utils/helpers.ts`) lack authentication or authorization, allowing any agent to read/write/delete other agents' data and receive sensitive broadcasts.
Updated: 2025-12-20GitHub
0
0
High Cost
AndreiT0 icon
Sec7

Simplifies industrial IoT connections by unifying various devices (MQTT, Modbus) into a single API for real-time monitoring, alarms, time-series storage, and actuator control.

Setup Requirements

  • ⚠️Requires external MQTT broker, Redis, and InfluxDB instances to be set up and accessible.
  • ⚠️Requires `iot_config.yaml` or extensive environment variables (e.g., MQTT_BROKER, INFLUX_TOKEN, REDIS_HOST) for full configuration.
  • ⚠️The `pyserial` dependency for Modbus RTU might require platform-specific setup or drivers.
Verified SafeView Analysis
The server loads sensitive configurations (MQTT, InfluxDB, Redis credentials) from environment variables or a YAML file, which is a good practice to avoid hardcoding. It does not use 'eval' or other inherently dangerous functions. However, as an IoT/Edge server interacting with industrial protocols (MQTT, Modbus), its overall security heavily depends on the secure deployment and configuration of the underlying network, the MQTT broker, Modbus devices, InfluxDB, and Redis instances. The FastAPI server listens on '0.0.0.0', requiring proper firewall rules to restrict access.
Updated: 2026-01-19GitHub
0
0
High Cost
Dhruv-Limbani icon

puddle-mcp

by Dhruv-Limbani

Sec2

An AI assistant for the Puddle data marketplace, designed to help data buyers discover, evaluate, and manage inquiries for datasets.

Setup Requirements

  • ⚠️Requires `uv` (Python package and environment manager) to be installed separately.
  • ⚠️Requires a PostgreSQL database to be running and accessible.
  • ⚠️Requires a Google Gemini API Key for AI features, which is a paid service.
  • ⚠️Requires Python 3.13 or newer.
Review RequiredView Analysis
The APIKeyMiddleware responsible for authenticating requests using the `API_KEY` environment variable is present but commented out in `server.py`. This means the server, as provided, runs without any API key authentication, allowing anyone to access its endpoints. For production deployment, this middleware must be uncommented and a strong API_KEY configured. Additionally, `uvicorn --reload` is intended for development and should not be used in a production environment.
Updated: 2025-12-09GitHub
PreviousPage 469 of 713Next