Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
chwee icon
Sec9

Orchestrates multiple AI agents (story generation, image creation, Google search) using the Model Context Protocol (MCP) to fulfill multi-modal user requests.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid): The OPENAI_API_KEY environment variable is essential for all AI functionalities and is linked to paid services.
  • ⚠️Filename and MCP Server ID Mismatches: The client.py attempts to launch and connect to server scripts named 'write_blog.py', 'image.py', and 'google_search.py' with MCP IDs 'storywriter', 'imagegenerator', and 'googlesearch' respectively. However, the provided source files are 'Server1.py', 'Server2.py', 'Server3.py', which declare MCP IDs 'storywriter', 'image', and 'storywriter'. This requires renaming files, adjusting MCP IDs in the server files, and potentially correcting the IDs in client.py for successful connection and to avoid conflicts (e.g., two servers using the 'storywriter' ID).
  • ⚠️Python environment with specific libraries: A Python environment with 'mcp', 'langchain_openai', 'dotenv', 'googlesearch', 'openai', 'langchain_core', 'langchain_mcp_adapters', and 'langgraph' is required.
Verified SafeView Analysis
The code loads API keys from environment variables (good practice) and does not use 'eval' or other inherently dangerous functions. It relies on standard external API calls (OpenAI) and a third-party search library ('googlesearch'), which are common practices. No obvious malicious patterns were identified.
Updated: 2025-12-04GitHub
0
0
High Cost
tollebrandon icon

agent-browse

by tollebrandon

Sec7

Automate browser interactions and observe web page state for AI agents, providing stateful sessions, console/network observability, and accessibility snapshots.

Setup Requirements

  • ⚠️Node.js 20+ required
  • ⚠️Chrome/Chromium browser required (Playwright will attempt to download one if not found)
Verified SafeView Analysis
The `browser_evaluate` tool allows arbitrary JavaScript execution within the browser's page context. While this is an intended feature for a browser automation tool, it implies that a malicious AI agent could potentially use this to perform client-side attacks (e.g., XSS) on websites. However, this execution is sandboxed within the browser instance (Chromium) and does not directly grant access to the host server's file system or Node.js environment. No other direct 'eval' or critical server-side vulnerabilities were identified in the provided Node.js source code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
sebrinass icon
Sec3

This server augments web search and content reading capabilities for AI models, providing structured thinking, hybrid retrieval, and semantic caching via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running SearXNG instance, configured via SEARXNG_URL.
  • ⚠️If embedding is enabled (ENABLE_EMBEDDING=true), requires Ollama with a compatible embedding model (e.g., nomic-embed-text) or an OpenAI API key/endpoint.
  • ⚠️For browser-rendered URL reading (Puppeteer fallback), requires Chromium to be installed and available at PUPPETEER_EXECUTABLE_PATH, and runs with disabled sandboxing which is a critical security concern.
Review RequiredView Analysis
CRITICAL: The server launches Puppeteer with `--no-sandbox` and `--disable-setuid-sandbox` arguments when falling back for URL reading (src/url-reader.ts). This disables the browser's security sandbox, which is a significant security risk. If the server is used to fetch and render untrusted or malicious web pages, it could lead to arbitrary code execution on the host system. Additionally, the CORS configuration `origin: '*'` in `src/http-server.ts` is too permissive for production environments and should be restricted. Logging includes client IP and user-agent which can be PII.
Updated: 2026-01-19GitHub
0
0
Low Cost
ServiceNow icon

skill-feedback

by ServiceNow

Sec9

This MCP server allows users to submit feedback (bugs, enhancements, new skill requests) about any Claude skill directly from conversations, automatically capturing context and creating ServiceNow SBOs.

Setup Requirements

  • ⚠️Requires an active ServiceNow account on `surf.service-now.com` with SBO creation permissions.
  • ⚠️Browser-based authentication requires user interaction with a browser (Chrome or Safari) during initial setup and credential refresh. Safari may require `sudo safaridriver --enable`.
  • ⚠️Dependencies on Node.js 18+ and Python 3.8+.
Verified SafeView Analysis
The server leverages Python scripts for ServiceNow API interaction and browser automation (Selenium) for authentication. Input parameters for the Python script are validated using Zod, mitigating command injection risks. Credentials are managed via a session manager that stores them in a local file (`~/.servicenow_surf_session.json`) or environment variables, and supports auto-refresh on 401 errors. Browser automation for login requires user interaction and may involve `execute_script` to extract tokens from the authenticated ServiceNow page; this is a controlled use case targeting a trusted domain. While credentials are printed to console during initial setup, this is a standard practice for environment variable instructions. No direct 'eval' or execution of arbitrary user-controlled code is observed.
Updated: 2026-01-16GitHub
0
0
Low Cost
EPortman-Ping icon

remote-mcp-pingone-aic

by EPortman-Ping

Sec9

Cloudflare Workers MCP server enabling AI agents (MCP clients) to call a protected API on behalf of an authenticated end user via PingOne Advanced Identity Cloud (AIC).

Setup Requirements

  • ⚠️Requires a PingOne Advanced Identity Cloud tenant with complex configuration steps (DCR, grant types, OAuth2 scripts).
  • ⚠️Requires a Cloudflare account and Wrangler CLI for deployment and environment variable management.
  • ⚠️Depends on a separate Todo API deployment, which also has its own setup requirements.
Verified SafeView Analysis
The server leverages standard OAuth 2.0 Token Exchange and JWT validation for robust authentication and authorization. Secrets are loaded from environment variables, preventing hardcoding. Scopes are filtered to enforce least privilege during token exchange for downstream API calls. Error handling for authentication failures provides generic 'Unauthorized' or 'Forbidden' messages without leaking sensitive information. The architecture inherently benefits from Cloudflare's serverless security features and Durable Objects for isolated session state. Detailed PingOne AIC configuration steps are provided to ensure secure delegation and client onboarding, although incorrect configuration could introduce vulnerabilities.
Updated: 2025-12-31GitHub
0
0
Medium Cost
lewis-king icon

fpl-mcp-server

by lewis-king

Sec9

Manages Fantasy Premier League teams using an LLM to provide data-driven decisions, competitor analysis, and strategic planning.

Setup Requirements

  • ⚠️Requires 'uv' package manager to be installed.
  • ⚠️Requires Playwright's 'chromium' browser to be installed locally via 'uv run playwright install chromium'.
  • ⚠️Requires manual configuration in Claude Desktop's 'claude_desktop_config.json' with the absolute path to the project directory.
Verified SafeView Analysis
The server employs a robust 'Out-of-Band Login' mechanism. User FPL credentials are input into a local web server (FastAPI), which then uses Playwright to automate login on the official FPL website and capture a session token. Crucially, the credentials themselves never leave the local machine to the LLM. The session token is stored locally for API calls. This is a strong security pattern for sensitive data. No direct 'eval' or malicious patterns were found. The use of Playwright for scraping is generally safe but relies on the stability of the external website's HTML structure.
Updated: 2025-12-03GitHub
0
0
Low Cost

mcp-manager

by goeiespullen

Sec8

Access NS TeamCentraal OData API to retrieve team, member, organization, and DORA metrics for internal tools and dashboards.

Setup Requirements

  • ⚠️Requires TeamCentraal credentials (username/password) which must be obtained through a manual process involving an email request to TeamCentraal@ns.nl and a signed Data Leveringsovereenkomst (DLO).
  • ⚠️Requires Python 3.8 or higher and the `requests` library (install via `pip install -r requirements.txt`).
  • ⚠️Intended to be run as a subprocess managed by the `mcp-manager` C++ gateway, not as a standalone application for production use.
Verified SafeView Analysis
Credentials for the TeamCentraal API (username/password) are loaded from environment variables, which is a good security practice, preventing them from being hardcoded. The parent `mcp-manager` application utilizes a robust C++ keystore with AES-256 encryption and HMAC for storing user-specific credentials. The gateway enforces fine-grained, auto-detected tool permissions, ensuring that only authorized operations are performed. The server's `_make_request` method sets a custom `User-Agent` to bypass an Azure App Gateway, which is an unusual workaround but not a direct vulnerability. No `eval` or other obvious code injection patterns were found in the provided server code.
Updated: 2025-11-27GitHub
0
0
Low Cost
Dineshseervi icon

MCP_Server_Tools

by Dineshseervi

Sec9

This application provides a backend API for a shopping list, enabling an AI assistant (specifically Claude desktop version) to manage shopping items through defined tools.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 17+ for modern Spring Boot applications.
  • ⚠️Requires Maven or Gradle to build and run the application.
  • ⚠️Requires 'Claude desktop version' to be running and configured for integration, as indicated by the README.
Verified SafeView Analysis
The provided source code is a simple Spring Boot application. It uses standard Java practices, includes basic input validation for adding and removing items, and utilizes `ConcurrentHashMap` for thread-safe data storage. There are no indications of 'eval' or similar dangerous dynamic code execution, obfuscation, hardcoded secrets, or direct network risks beyond the implicit Spring AI framework operations. The code appears robust for its intended purpose.
Updated: 2025-11-24GitHub
0
0
High Cost
totallyGreg icon

claude-mp

by totallyGreg

Sec1

No MCP server source code provided for analysis. The repository README states 'No MCP servers available yet.' and the provided truncated source code consists of various 'skills' (skill-planner, terminal-guru, skillsmith, obsidian-pkm-manager, swift-dev, omnifocus-manager, helm-chart-developer, ai-risk-mapper) and not actual MCP server implementations.

Setup Requirements

  • ⚠️No MCP server code found in the provided input.
Review RequiredView Analysis
No MCP server source code provided for analysis. Therefore, a security audit cannot be performed.
Updated: 2026-01-19GitHub
0
0
Low Cost
Vanblerkh icon

mcp-test

by Vanblerkh

Sec6

Provides a RESTful API for basic user management and fetching context data, likely for an application's backend.

Setup Requirements

  • ⚠️Requires a MySQL/MariaDB database.
  • ⚠️Database connection configuration must be provided via environment variables (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME, DB_CONNECTION_LIMIT) or a 'db-config.yaml' file specified by DB_SECRETS_PATH.
  • ⚠️Requires Node.js and npm to install dependencies and compile TypeScript.
Verified SafeView Analysis
The server correctly uses parameterized queries via the `mysql2` library, which is crucial for preventing SQL injection vulnerabilities. However, the handling of `password_hash` in `addUser` and `modifyUser` is ambiguous; the server directly stores the received hash without explicitly demonstrating strong server-side hashing (e.g., bcrypt, scrypt) and salting. If plain text passwords or weakly hashed passwords are sent from the client, they would be stored as such, posing a significant risk. Additionally, the server uses open CORS (accepts requests from any origin), which can be a security risk in production environments if not restricted to specific trusted origins.
Updated: 2025-12-02GitHub
0
0
High Cost
HarjjotSinghh icon

vps-mcp

by HarjjotSinghh

Sec4

Enables an AI agent to connect to and control a Virtual Private Server (VPS) via SSH for remote command execution and file system operations.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to be installed on the machine running the MCP server.
  • ⚠️SSH private keys must be provided as a string argument directly to the `connect_vps` tool, which means the raw key content is handled by the AI agent and client, rather than using an SSH agent or file paths.
Review RequiredView Analysis
The server's primary function is to execute arbitrary shell commands (`execute_command`) and perform powerful file system operations like recursive deletion (`delete_item` using `rm -rf`) on a connected VPS. While the server's code itself does not appear to have internal vulnerabilities like 'eval' or hardcoded secrets (SSH credentials are passed as arguments to tools), the capabilities it exposes are inherently high-risk. If a malicious or unconstrained AI agent interacts with this server, it could lead to complete compromise, data loss, or unauthorized access on the target VPS. The server wraps commands with the current working directory, but an agent can bypass this by explicitly providing absolute paths or changing the directory first. The method of passing raw private key content as a string via tool arguments is also a security concern for handling sensitive credentials.
Updated: 2026-01-18GitHub
0
0
Medium Cost
ToxicTolerance icon

unraid-mcp

by ToxicTolerance

Sec7

Provides a Model Context Protocol (MCP) server to interact with and manage an Unraid server's GraphQL API, offering comprehensive tools for system, storage, Docker, VM, and other Unraid functionalities.

Setup Requirements

  • ⚠️Requires an Unraid server with its GraphQL API enabled for core functionality.
  • ⚠️Docker and Docker Compose are the recommended deployment methods; otherwise, Python 3.10+ with `uv` is required for development.
  • ⚠️Explicitly requires `UNRAID_API_URL` and `UNRAID_API_KEY` environment variables to connect to the Unraid API.
Verified SafeView Analysis
The `dev.sh` script executes Python code from strings, which, while controlled by the script itself, could be a concern if the script were tampered with or if executed in an untrusted environment. The `UNRAID_VERIFY_SSL` environment variable allows disabling SSL certificate verification (if set to `false`), which is a significant security risk if used in production, as it can expose communication to Man-in-the-Middle attacks. `UNRAID_API_KEY` is handled appropriately via environment variables.
Updated: 2025-11-23GitHub
PreviousPage 473 of 713Next