Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Nicky9319 icon

Mcp_servers

by Nicky9319

Sec8

Provides a boilerplate for building custom Model Context Protocol (MCP) servers with support for multiple tools, facilitating tool-based interactions.

Setup Requirements

  • ⚠️Python 3.11+ required
  • ⚠️Requires `pip install -r requirements.txt` for dependencies
  • ⚠️Custom tool implementation is required for specific functionalities beyond the boilerplate examples
Verified SafeView Analysis
The boilerplate provides a robust framework that encourages secure practices (e.g., Pydantic for input validation in `ExampleTool`). There are no direct instances of 'eval' or unsanitized shell commands. The server handles MCP messages and tool calls. Security largely depends on the specific implementations of custom tools registered with the server. The DuckDuckGo example uses a dedicated library (`duckduckgo_search`) which is assumed to handle query sanitization internally. Standard network security measures are advised for deployment, as it's an HTTP server.
Updated: 2025-12-14GitHub
0
0
Low Cost
suren2787 icon
Sec9

Centralized security instruction server for AI-assisted code generation, aiming to eliminate per-repository security instruction files.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed locally.
  • ⚠️Requires building the TypeScript project ('npm run build') before running.
  • ⚠️Involves manual configuration of local file paths (e.g., 'C:\repo\contextpilot-server\dist\index.js') in AI assistant configuration files (e.g., 'claude_desktop_config.json' or '.github/.mcp.json').
  • ⚠️GitHub Copilot MCP support is currently pending, meaning it primarily works with Claude Desktop as of the provided roadmap.
Verified SafeView Analysis
The server uses the Model Context Protocol (MCP) over stdio by default, minimizing network exposure. It loads security instruction markdown files from a local 'rules/' directory and serves their content based on matching logic (file paths, languages, context keywords). The code does not use 'eval' or dynamic code execution on untrusted input. There are no hardcoded secrets identified within the server's own source code. The 'validate_code_security' tool processes code snippets for rule matching but does not execute them. The overall design is security-conscious, focused on providing security guidance rather than executing arbitrary code or handling sensitive user data directly. The security of the instruction content itself is external to the server's code.
Updated: 2026-01-19GitHub
0
0
Low Cost
ankitzaveri icon

nasa-mcp-server-demo

by ankitzaveri

Sec9

Provides a Model Context Protocol server to access NASA's Astronomy Picture of the Day and image/video library APIs.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher
  • ⚠️NASA API Key is optional but recommended due to rate limits of the DEMO_KEY
  • ⚠️MCP Inspector requires npm/Node.js to be installed globally
Verified SafeView Analysis
The server uses standard libraries (httpx, dotenv) and retrieves API keys from environment variables, defaulting to a demo key. No 'eval' or direct shell commands were found. Input schemas for tools provide some validation (e.g., date formats), reducing injection risks for specific parameters. The primary interaction is with known public NASA APIs. Generally safe to run.
Updated: 2025-11-28GitHub
0
0
Low Cost
enving icon

mcpo

by enving

Sec5

A proxy server designed to securely facilitate communication between a Minecraft Protocol (MCP) client/server and an OpenAPI-compliant service.

Setup Requirements

  • ⚠️Requires configuration for the target OpenAPI service endpoints, including authentication if necessary.
  • ⚠️Requires network configuration to properly route and proxy Minecraft Protocol (MCP) traffic.
Review RequiredView Analysis
A comprehensive security audit could not be performed as the source code for `mcpo` was not provided, only the `README.md`. Without access to the implementation details, it's impossible to check for common vulnerabilities such as `eval` usage, obfuscation, hardcoded secrets, or specific network risks. The safety assessment is based solely on the project description, which highlights 'secure' as a feature, but this cannot be verified without a code review.
Updated: 2025-11-30GitHub
0
0
High Cost
simseksem icon
Sec3

An MCP server enabling AI agents to interact with Docker, Kubernetes, and Azure Application Insights for monitoring and management.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires Docker and `kubectl` CLI tools installed and configured on the host machine.
  • ⚠️Azure Application Insights features require Azure SDK dependencies (`pip install mcp-container-tools[azure]`), Azure CLI (for `az login`), and specific environment variables (`AZURE_LOG_ANALYTICS_WORKSPACE_ID`, `AZURE_APP_INSIGHTS_RESOURCE_ID`).
Review RequiredView Analysis
The server directly executes shell commands (e.g., `docker exec sh -c <command>`, `kubectl exec sh -c <command>`) using `subprocess.create_subprocess_exec` with user-provided arguments. This poses a critical command injection vulnerability if the MCP server receives input from an untrusted source, allowing arbitrary code execution on the host or within target containers/pods. Additionally, file operations (`read_file`, `list_directory`) can access arbitrary paths, and Kusto queries are constructed with f-strings, potentially leading to path traversal or query injection. While environment variables are filtered for sensitive patterns, this is a mitigating control, not a complete solution. Running this server requires a high degree of trust in the client interacting with it.
Updated: 2025-11-29GitHub
0
0
High Cost
Flirnz icon

adk-web

by Flirnz

Sec5

UI for developing and debugging agents with the Agent Development Kit.

Setup Requirements

  • ⚠️Requires a separate Agent Development Kit backend to be running and its `backendUrl` property configured (e.g., via `npm config set adk-web:backendUrl <your-backend-url>`).
  • ⚠️The application is distributed as a `.zip` file containing executables hosted directly on `raw.githubusercontent.com`, which may trigger security warnings or be blocked by some systems.
  • ⚠️The Linux installation instructions in the README are syntactically incorrect, attempting to `chmod +x` and execute a URL directly.
Review RequiredView Analysis
The application is a frontend UI that interacts with a backend Agent Development Kit. It uses `bypassSecurityTrustHtml` to render content (e.g., search results) in `ChatPanelComponent`, which could lead to Cross-Site Scripting (XSS) if the backend provides untrusted or unsanitized HTML. User-provided JSON/YAML for agent configurations could also pose a risk if the backend executes this data without proper sandboxing or validation. Minor XSS risks exist with `alert()` calls if message content is fully user-controlled. No hardcoded secrets were found, and `safevalues/dom` is used for certain URL sanitization. The non-standard distribution method (executables from `raw.githubusercontent.com`) may trigger security warnings for end-users.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ILoveJoseM icon

mcp-server

by ILoveJoseM

Sec9

A Laravel-based server implementing the Model Context Protocol for standardized tool calling, resource management, and prompt handling.

Setup Requirements

  • ⚠️Requires PHP >= 7.1.3, Laravel Framework >= 5.6, and Symfony YAML Component >= 5.3.
  • ⚠️Custom tools must be implemented as public static methods in registered classes, with PHPDoc comments used for tool description and parameter schema generation.
  • ⚠️Resource and prompt directories (`storage/mcp_resources`, `storage/mcp_prompts`) must exist and be writable by the server.
Verified SafeView Analysis
The server includes robust path validation (`realpath` and `strpos` checks) to prevent directory traversal vulnerabilities when accessing resources. It relies on standard Laravel security practices for its HTTP endpoints. No 'eval' or other highly dangerous patterns were observed. Overall, it appears to be implemented with security considerations in mind, though the overall security will depend on the host Laravel application's configuration and the nature of custom tools registered.
Updated: 2025-12-06GitHub
0
0
Low Cost
ChristianW-public icon

mcp

by ChristianW-public

Sec1

Demonstrates Model Context Protocol (MCP) server capabilities for providing coding guidelines (read-only) and implementing a simple file versioning system (read-write).

Setup Requirements

  • ⚠️Requires JDK 21
  • ⚠️The 'mcp-simple-versioning' component hardcodes 'C:\Temp' as the base path for revisions, making it primarily functional on Windows systems or requiring manual directory setup on others.
  • ⚠️Requires Apache Maven to build and run the Spring Boot applications.
Review RequiredView Analysis
The 'mcp-simple-versioning' server is highly vulnerable to arbitrary file write and path traversal. The 'createRevision' method writes user-provided file contents to 'C:\Temp\{revision_id}\{relative_path}'. If 'relativePath' contains path traversal sequences (e.g., '../../../'), an attacker can write arbitrary files to any location on the file system, potentially leading to remote code execution, system compromise, or denial of service by filling disk space. This is a critical security risk and makes the application unsafe to run in an untrusted environment.
Updated: 2025-11-22GitHub
0
0
Medium Cost
omazapa icon

root_mcp_server

by omazapa

Sec1

Execute Python and C++ code with PyROOT for scientific data analysis via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a full installation of ROOT (6.x or later) with PyROOT enabled, which is a complex scientific software framework and not a simple Python package.
  • ⚠️Requires sourcing the `thisroot.sh` script from the ROOT installation to set up the environment correctly before running the server.
  • ⚠️Python 3.10+ is required.
Review RequiredView Analysis
The server explicitly allows arbitrary Python code execution via `exec()` and C++ code execution via `ROOT.gInterpreter.ProcessLine()`/`Declare()`. It states 'All code runs in the same process (no subprocess isolation)', which means there is no sandboxing. If the code input can be controlled by an untrusted source, this poses a critical vulnerability, allowing full system access with the server's permissions. An embedded HTTP server (THttpServer) for graphics can also be enabled, potentially exposing network services.
Updated: 2025-11-23GitHub
0
0
High Cost
msekoranja icon

rt-mcp

by msekoranja

Sec9

Provides read-only access to Request Tracker (RT) via its REST2 API for Large Language Models to query ticket information and attachments.

Setup Requirements

  • ⚠️Requires Node.js >= v18.0.0 (for TypeScript version) or Python >= 3.10 (for Python version).
  • ⚠️Requires an RT authentication token, which must be created via Settings > Auth Tokens in the RT web interface.
  • ⚠️Requires the RT REST2 API base URL (e.g., https://rt.example.com/REST/2.0).
Verified SafeView Analysis
The server explicitly handles authentication tokens (via environment variables or CLI arguments) and warns against hardcoding them. It's read-only, which significantly reduces the attack surface. Error handling returns structured error objects rather than raw exceptions. No 'eval' or obvious malicious patterns were found. Uses `fetch` with a timeout. The primary risk would be exposing a valid RT token, which the documentation warns against.
Updated: 2026-01-14GitHub
0
0
Medium Cost
sandraschi icon

mcp-studio

by sandraschi

Sec1

MCP Studio serves as a comprehensive dashboard and management platform for Model Context Protocol (MCP) servers, allowing users to discover, configure, manage, and analyze MCP clients and servers, including features like working set management, SOTA compliance analysis for repositories, and development/debugging tools.

Setup Requirements

  • ⚠️Python 3.11+ is required for the backend.
  • ⚠️The client configuration paths (e.g., for Claude Desktop) are Windows-specific by default, implying a Windows environment for full client integration.
  • ⚠️Node.js and npm are required for developing/building the React-based frontend.
  • ⚠️Ollama is an implied dependency for AI-related features and local LLM inference.
Review RequiredView Analysis
CRITICAL security vulnerabilities are present. The JWT `SECRET_KEY` is hardcoded to 'your-secret-key-here', making authentication tokens easily forgeable. Password hashing is temporarily set to `plaintext`, meaning user passwords are not securely stored or verified. These two issues render the authentication system fundamentally insecure. Furthermore, the `/api/v1/dev` and `/api/v1/data` endpoints utilize dangerous functions like `exec()` and `eval()` for code profiling, debugging, and data transformations. While these are behind the compromised authentication, they pose severe Remote Code Execution (RCE) risks if an attacker bypasses or compromises authentication. The `/api/v1/files` endpoints expose powerful filesystem operations (list, upload, create, delete) which, despite path sanitization attempts, could be exploited given the weak authentication. CORS is also set to allow all origins (`*`), which is too permissive for production.
Updated: 2026-01-01GitHub
0
0
Medium Cost
DevSkillsIT icon

Skills-MCP-Hudu

by DevSkillsIT

Sec9

Integrate AI assistants with Hudu IT documentation for management, search, and automation.

Setup Requirements

  • ⚠️Requires Hudu API Key and Base URL.
  • ⚠️For secure multi-user deployments, requires Azure AD App Registration and OAuth2-Proxy setup.
  • ⚠️Requires Node.js 18+ or Docker/Docker Compose.
Verified SafeView Analysis
The project demonstrates a strong focus on security, actively patching high-severity CVEs (like Axios DoS), implementing robust CORS restrictions for local network access, and applying rate limiting to prevent abuse. It uses environment variables for all sensitive configurations. Crucially, for multi-user production deployments, it integrates with an OAuth2-Proxy (Azure AD) for comprehensive authentication and user context injection into the server. Detailed logging for security events, Docker non-root user, and explicit security checklists are commendable. One point off due to a historical note in `SECURITY_IMPROVEMENTS.md` about authentication being 'not yet implemented' (though the current deployment files like `docker-compose.existing-traefik.yml` show it fully addressed).
Updated: 2025-12-20GitHub
PreviousPage 470 of 713Next