Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
kakehashi-inc icon
Sec8

Provides a Model Context Protocol (MCP) server for seamless database access to Laravel applications, automatically parsing .env files and supporting multiple database types.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0
  • ⚠️Database credentials are required for connection (e.g., DB_DATABASE is mandatory, others like DB_USERNAME/DB_PASSWORD are usually needed unless using local files like SQLite or specific auth setups)
  • ⚠️SSH key or password required if SSH tunneling is enabled
Verified SafeView Analysis
The server demonstrates strong security awareness with features like a 'read-only' mode to block write operations, SSH tunneling for secure remote connections, and masking of sensitive information in logs. The 'execute_sql' tool allows direct SQL query input, which inherently carries a risk of SQL injection if the input is not carefully controlled by the calling agent or user, especially in non-read-only mode. However, the explicit recommendation to use '--readonly' and minimal database permissions in the documentation significantly mitigates these risks. Introspection queries use proper escaping to prevent injection.
Updated: 2025-11-27GitHub
0
0
Low Cost
rawe icon
Sec9

An HTTP wrapper for the official Azure DevOps MCP server, enabling remote access to work items via Streamable HTTP transport for local development and integration with agents.

Setup Requirements

  • ⚠️Requires Azure DevOps Personal Access Token (PAT) with specific 'Work Items (Read)' and 'Project and Team (Read)' scopes.
  • ⚠️Requires Docker for recommended multi-server setup and standalone deployment.
  • ⚠️Requires Node.js 20 LTS and TypeScript for local development without Docker.
Verified SafeView Analysis
The server explicitly binds to 127.0.0.1 (localhost) on the host system, significantly limiting network exposure. Secrets (Azure DevOps PAT) are handled via environment variables, not hardcoded. There is no 'eval' or similar dangerous dynamic code execution. It is designed and explicitly stated for local-only use and not for external exposure. Lack of authentication on the /mcp endpoint is acceptable for local use, but would be a critical vulnerability if exposed externally.
Updated: 2025-12-03GitHub
0
0
Medium Cost
agent-matrix icon

catalog

by agent-matrix

Sec3

A public, versioned registry and catalog for discovering and integrating Model Context Protocol (MCP) servers, acting as an ecosystem for AI agents and tools.

Setup Requirements

  • ⚠️Requires various external API keys (e.g., for LLMs, SaaS integrations)
  • ⚠️Demands specific runtime environments (Node.js/npm/npx, Python/pypi/uvx, Docker) based on the server's implementation
  • ⚠️Dependency on external package registries (npm, pypi, oci) for server installation and execution.
Review RequiredView Analysis
The repository primarily consists of manifest files that define how to run various MCP servers. Many of these definitions specify `STDIO` transport, instructing the client to execute external commands or packages (e.g., `npx`, `docker`, `uvx`) on the host machine. This design paradigm inherently introduces significant security risks, as executing arbitrary external code (even if from a known package registry) can lead to supply chain attacks, arbitrary code execution, and privilege escalation if the source or the execution environment is not rigorously sandboxed and audited. While the catalog itself is static, the instructions it provides empower clients to run potentially untrusted code. Several manifests also declare API keys as required environment variables, which necessitates careful handling by end-users to prevent exposure.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Koggitechorg icon
Sec4

An MCP server acting as a proxy for an external RAG engine to understand database schemas and an external API for executing SQL queries based on natural language input.

Setup Requirements

  • ⚠️The README.md describes different tools (`generate_simulator`, `get_info_calculators`, `assign_and_get_last_calculator`) than what is actually implemented in the provided `src/index.ts` (`get_rag_database`, `get_request_database_sql`). This mismatch creates significant confusion about the server's functionality.
  • ⚠️The README mentions 'stdin/stdout (StdioServerTransport)' as the communication method, but the main `src/index.ts` file provided (matching the `package.json` version) implements an HTTP server (`StreamableHTTPServerTransport`) on `/mcp` endpoint.
  • ⚠️Implicitly requires Google Cloud authentication (e.g., via `GOOGLE_APPLICATION_CREDENTIALS` environment variable or default service account) for Vertex AI interaction, as the `keyFilename` option is commented out.
Review RequiredView Analysis
CRITICAL: The `get_request_database_sql` tool takes user-provided `sql_query` and directly forwards it to an external API endpoint (`/api/mcp/run-query-from-rag`). This design makes the server a proxy for a severe SQL injection vulnerability if the downstream API does not rigorously sanitize and validate the incoming SQL. CRITICAL: `src/config/config.ts` includes a hardcoded default `API_TOKEN`. If the `API_TOKEN` environment variable is not explicitly set, this hardcoded secret is used for authentication against an external validation service and subsequent API calls, creating a severe authentication bypass risk. HIGH: The `EXTERNAL_URL` environment variable (configurable by the user) dictates the base URL for all external API calls. If an attacker can manipulate this variable, it could lead to Server-Side Request Forgery (SSRF) by directing the server to make requests to internal or unintended external resources.
Updated: 2025-12-09GitHub
0
0
Low Cost
dv-team icon

php-mcp-server

by dv-team

Sec8

A simple PHP-based MCP Server (JSON-RPC) for handling immediate requests, adaptable for database, prompt, and filesystem tasks.

Setup Requirements

  • ⚠️Requires PHP 8.2 or higher
  • ⚠️Requires Composer for dependency management
Verified SafeView Analysis
The server demonstrates good practices for JSON-RPC parsing by using JSON_THROW_ON_ERROR and includes explicit checks for property existence and type validation for incoming parameters. It uses a PSR-3 Logger for debugging/error logging, and custom exception handling. The default HTTP binding is to localhost (127.0.0.1), limiting network exposure. No direct 'eval' or 'shell_exec' are present. The primary security consideration for a system like this, not directly visible in the provided code, would be how tools and prompts are registered. If the registration process were exposed to untrusted input, it could lead to arbitrary code execution via the 'handler' callables. However, based on the provided code, registration happens programmatically within the application code, not through user-controlled input.
Updated: 2026-01-17GitHub
0
0
Medium Cost
hadevelopment icon
Sec7

This server acts as a comprehensive AI agent for managing Jira tasks and interacting with the Jira API, including listing, creating, inspecting, and transitioning issues.

Setup Requirements

  • ⚠️Requires a configured Jira instance and a Jira API token for authentication.
  • ⚠️Requires Python 3.11+ (as indicated by CI configuration, despite pyproject.toml stating >=3.14).
  • ⚠️Requires the `uv` package manager to be installed for running and dependency management.
Verified SafeView Analysis
The project uses environment variables (`.env`) for storing sensitive credentials like Jira API tokens, which is good practice. The `update_config` tool allows the agent to modify its own `.env` file, which is a powerful feature for AI self-configuration but could be a risk if the agent's prompts were compromised. The `mcp-manager.py` script uses `subprocess.run` with `shell=True` for system commands (like `git clone`, `uv sync`), which is generally discouraged but appears to be used with controlled inputs from its internal registry, limiting immediate exploitation risks. Input validation is implemented for issue keys, statuses, and limits.
Updated: 2026-01-16GitHub
0
0
Low Cost
BACH-AI-Tools icon

taiwan-holiday-mcp

by BACH-AI-Tools

Sec8

Provides a Model Context Protocol (MCP) server for querying accurate Taiwan national holidays and make-up workdays.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires `npm` (for `npx` execution).
  • ⚠️Requires an active internet connection to `cdn.jsdelivr.net` for initial holiday data fetching.
Verified SafeView Analysis
The server fetches holiday data from `cdn.jsdelivr.net/gh/ruyut/TaiwanCalendar`. While `cdn.jsdelivr.net` is a reputable CDN, it's an external dependency. The server implements robust error handling, circuit breaking, request throttling, and input/data validation (e.g., `validateHolidayData`, `parseDate`) to mitigate risks from external API failures or malformed input. No `eval` or direct `fs` writes are observed. `fs.readFileSync` is used only for reading `package.json` at startup. No hardcoded secrets are found.
Updated: 2025-12-04GitHub
0
0
Low Cost
arnaldo-delisio icon

mcp-oauth-password

by arnaldo-delisio

Sec8

Provides a self-hosted, password-based OAuth 2.1 authentication server for Model Context Protocol (MCP) applications.

Setup Requirements

  • ⚠️Requires a PostgreSQL database connection string, which will be used to automatically create necessary tables (`authorization_codes`, `oauth_clients`, `session`, `auth_logs`).
  • ⚠️Requires several pre-generated credentials for configuration, including a bcrypt hash of the login password, an OAuth client ID and secret, a session secret, and an API key.
  • ⚠️If using the default login page, the host application must configure Express to use EJS as its view engine and specify the path to the login view.
Verified SafeView Analysis
The server implements OAuth 2.1 with Proof Key for Code Exchange (PKCE), bcrypt password hashing (10 rounds), and secure session cookies (httpOnly, secure, sameSite=Lax). Session and authorization codes are stored persistently in PostgreSQL. Redirect URI validation and automatic rate limiting on login, token, and authorize endpoints help mitigate common attacks. Audit logging tracks authentication events for monitoring. The 'secure' cookie flag is correctly enforced based on the NODE_ENV. For its intended use in personal/self-hosted environments, these features provide strong security. However, as noted in the README, features like token expiration with refresh tokens and multi-user support (beyond a single configured password) are still on the roadmap for full enterprise-grade production readiness (v1.0.0). The example provides default credentials for demonstration, but the core library design encourages using environment variables for sensitive data.
Updated: 2025-12-13GitHub
0
0
High Cost
mfatihp icon
Sec1

Manage the lifecycle of custom Python Micro-Computational Program (MCP) servers using Docker and interact with them via an AI-powered chat interface.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for deployment.
  • ⚠️Requires PostgreSQL and Redis databases.
  • ⚠️HuggingFace API Key (HF_API_KEY) is necessary for the LLM service.
  • ⚠️Requires downloading large LLM models from HuggingFace, which can consume significant disk space and bandwidth.
Review RequiredView Analysis
The application allows arbitrary Python code and Dockerfile commands to be executed via user input in the `func_body`, `server_name`, and `pkgs` fields when creating a new server. This leads to severe remote code execution (RCE) vulnerabilities. Additionally, the FastAPI services (`mcp_manager_core`, `llm_chat_service`) use `CORSMiddleware(allow_origins=["*"])`, making them vulnerable to cross-site request forgery (CSRF) and other attacks if deployed in a public-facing manner. Direct Docker daemon interaction from `DockerHandler` based on user-supplied container IDs poses a high risk if the application itself is compromised.
Updated: 2025-12-12GitHub
0
0
Medium Cost
jegelstaff icon

formulize-mcp

by jegelstaff

Sec9

Enables AI assistants to interact with and manage data within a remote Formulize open-source data management platform.

Setup Requirements

  • ⚠️Requires Node.js to be installed on the system.
  • ⚠️A Formulize instance must be running and accessible via a URL.
  • ⚠️An API key from your Formulize system is required and must be configured as an environment variable.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API keys (FORMULIZE_API_KEY) and does not hardcode them. It acts as a proxy, forwarding requests to a remote Formulize instance using standard HTTP fetch. There is no evident use of 'eval' or unsafe direct command execution within the proxy's core logic. The security of the overall system largely depends on the remote Formulize server's configuration and the careful management of API keys by the user. The 'query_the_database_directly' tool, if exposed by Formulize, would be a remote security concern for the Formulize instance itself, rather than a direct vulnerability in this proxy server's implementation.
Updated: 2026-01-12GitHub
0
0
High Cost
eslaim icon
Sec9

The MCP server generates various AI-powered diagrams (architecture, flowcharts, user journey/story maps, empathy maps, pyramid diagrams), infographics (Feynman learning method, posters), and UI/UX prototypes (general HTML, Apple Mobile, WeChat MiniApp) in DrawIO XML, HTML, SVG, or JSON formats based on user descriptions.

Setup Requirements

  • ⚠️Requires an API key for ZhipuAI, OpenAI, or Gemini (Paid Service) to function.
  • ⚠️Python 3.10 or newer is required as per `pyproject.toml`.
  • ⚠️Installation of Python packages `mcp`, `openai`, `zhipuai`, and `python-dotenv` is necessary.
Verified SafeView Analysis
API keys for AI providers are loaded from environment variables (.env file), which is a secure practice. The server includes functions (`svg_clear`, `xml_drawio_clear`, `json_clear`, `html_clear`) to sanitize AI-generated output, mitigating potential injection risks if output were rendered directly. No use of `eval` or obvious malicious patterns was found. The primary security consideration is the secure handling of AI API keys by the user.
Updated: 2026-01-19GitHub
0
0
Low Cost
EPS-AI-SOLUTIONS icon

GeminiHydra

by EPS-AI-SOLUTIONS

Sec8

Lightweight MCP server for integration with Ollama and Gemini CLI, providing AI text generation, multi-agent task execution, task queuing, caching, and prompt optimization.

Setup Requirements

  • ⚠️Requires a local Ollama server instance running and accessible at OLLAMA_HOST.
  • ⚠️Requires the Gemini CLI tool to be installed and configured with GOOGLE_API_KEY or GEMINI_API_KEY for cloud AI integration.
  • ⚠️Project setup uses pnpm for dependency management (`pnpm install`).
Verified SafeView Analysis
The server includes a `run_shell_command` tool, which inherently carries security risks if exposed to untrusted input. However, significant efforts have been made to mitigate these risks through a `CommandSanitizer`, `SecurityEnforcer`, `AuditLogger`, and the use of `DANGEROUS_PATTERNS` to block or warn about potentially malicious commands and path traversals. The `HYDRA_RISK_BLOCKING` environment variable allows administrators to control this exposure. Cache encryption is optional via `CACHE_ENCRYPTION_KEY`, with a warning issued if not configured. No obvious hardcoded secrets were found; API keys are expected via environment variables or standard config files.
Updated: 2026-01-19GitHub
PreviousPage 477 of 713Next