Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
isdaniel icon

mysqltuner_mcp

by isdaniel

Sec3

A Model Context Protocol (MCP) server for MySQL performance tuning and analysis.

Setup Requirements

  • ⚠️Requires `MYSQL_URI` environment variable to be set.
  • ⚠️Requires MySQL 5.7+ or 8.0+.
  • ⚠️Requires `performance_schema` to be enabled in MySQL.
  • ⚠️Requires specific MySQL permissions for the connecting user: `GRANT SELECT ON performance_schema.*`, `GRANT SELECT ON information_schema.*`, `GRANT PROCESS ON *.*`, and `GRANT SELECT ON your_database.*`.
Review RequiredView Analysis
The `UserPrivilegesToolHandler` has a SQL injection vulnerability. Specifically, methods like `_get_user_privileges` construct SQL queries using f-strings to directly embed `username` and `hostname` values into the `WHERE` clause without proper escaping or parameterization (e.g., `WHERE User = '{username}' AND Host = '{hostname}'`). This allows an attacker to inject arbitrary SQL if they can control these inputs, potentially leading to unauthorized data access or manipulation. While most queries use parameterized statements via `SqlDriver`, this specific pattern bypasses that protection. No usage of `eval` or direct obfuscation was found. Database connection configuration, including SSL/TLS, is handled securely via environment variables and standard Python `ssl` module.
Updated: 2026-01-18GitHub
0
0
Medium Cost
PurpleSquirrelMedia icon

watsonx-mcp-server

by PurpleSquirrelMedia

Sec6

Enables Claude Code to delegate text generation, chat, and embedding tasks to IBM watsonx.ai foundation models, supporting a multi-agent AI architecture for specialized workloads and RAG pipelines.

Setup Requirements

  • ⚠️Requires an IBM Cloud account with access to watsonx.ai services, typically a paid plan for substantial usage, although a Lite (free tier) plan is mentioned in the README for basic access.
  • ⚠️Requires configuration of either `WATSONX_SPACE_ID` (recommended deployment space) or `WATSONX_PROJECT_ID` from your watsonx.ai instance.
  • ⚠️Demo scripts (e.g., `document-analyzer.js`, `embedding-index.js`) hardcode local paths like `/Volumes/Virtual Server/_NEW/Documents`, which users must modify to point to their own data storage.
  • ⚠️The IBM Key Protect integration (`key_protect_list_keys`, etc.) is temporarily disabled in `index.js` due to a missing package, meaning these tools are non-functional.
Review RequiredView Analysis
The main server code (index.js) correctly uses environment variables for sensitive API keys. However, the `demo-external-drive.sh` script explicitly hardcodes `WATSONX_API_KEY` and `WATSONX_SPACE_ID`, which is a critical security risk as it exposes credentials if the script is shared or committed publicly. No use of `eval` or intentional obfuscation was found. Interactions are through standard IBM Cloud SDKs, assuming secure HTTPS.
Updated: 2025-12-15GitHub
0
0
Low Cost
abhimulay821 icon

test-remote-mcp-server

by abhimulay821

Sec8

Tracks and manages personal expenses using an SQLite database and exposes functionalities via a FastMCP server.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Database is stored in the system's temporary directory, which might be cleared by the OS.
Verified SafeView Analysis
Uses parameterized SQL queries to prevent injection. The SQLite database is stored in the system's temporary directory, which could potentially be cleared by the OS or be a multi-user accessibility concern in some environments. Error messages directly expose database errors, which is not ideal for production but acceptable for a personal/local tool.
Updated: 2025-11-28GitHub
0
0
Medium Cost
SimoneFassio icon

DOREMUS_MCP

by SimoneFassio

Sec8

A Model Context Protocol (MCP) server for accessing the DOREMUS Knowledge Graph, enabling LLMs to query classical music metadata including composers, works, performances, recordings, and instrumentation using natural language.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose OR Python 3.11+ and Poetry for setup.
  • ⚠️Requires API keys for external LLM providers (OpenAI, Groq, Cerebras) or a local Ollama instance running, depending on 'LLM_SAMPLING_PROVIDER' configuration.
  • ⚠️The system relies on pre-generated graph statistics (`edges_stats.csv`, `node_type_stats.csv`, `ontology_structure.csv`) which must be created by running `python src/analyze_graph_ontology/analyze_graph.py` before full functionality is available.
Verified SafeView Analysis
The project uses environment variables for API keys, which is good practice. It makes outgoing network requests to a public SPARQL endpoint and various third-party LLM providers (OpenAI, Groq, Cerebras, Ollama) for 'sampling' (disambiguation) during query building. This introduces data privacy considerations as user-derived query intents are sent to external services. The 'validate_doremus_uri' function makes POST requests to DOREMUS URIs to detect hallucinations; while checked to be DOREMUS-specific, a highly sophisticated attack might theoretically exploit redirects or vulnerabilities within that domain. No direct 'eval' calls, obfuscation, or obvious malicious patterns were found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
psetiawan icon

mysql_mcp_server

by psetiawan

Sec4

This server allows Continue.dev to interact with a MySQL database by providing resources (tables, rows) and tools (SQL query execution) via the MCP 2024 protocol.

Setup Requirements

  • ⚠️Requires a running MySQL database server.
  • ⚠️Database credentials (especially password) are passed as insecure command-line arguments.
  • ⚠️Requires Node.js runtime environment.
  • ⚠️Requires specific YAML configuration for Continue.dev to integrate properly.
Review RequiredView Analysis
CRITICAL: The `tools/call` handler executes user-provided SQL queries (restricted to SELECT) directly via `pool.query(sql)` without parameterization for values. This makes it vulnerable to SQL injection within SELECT statements, allowing for data exfiltration or logic bypass. Additionally, database credentials (especially password) are passed as command-line arguments, which is insecure as they can be exposed in process listings (e.g., `ps aux`).
Updated: 2025-11-22GitHub
0
0
Low Cost
liliangshan icon

mcp-server-mgit

by liliangshan

Sec7

An MCP server for executing `mgit push` operations and managing project configurations across multiple Git repositories.

Setup Requirements

  • ⚠️Requires MGit tool to be installed and configured on the system.
  • ⚠️The `REPO_NAME` environment variable is mandatory and the server will not start without it.
  • ⚠️For the default `CHECK_PUSH_HISTORY=true` setting, the `get_push_history` tool must be called before `mgit_push`.
Verified SafeView Analysis
The server executes external `mgit push` commands via `child_process.spawn`. While user-provided commit messages are sanitized (double quotes replaced) and `shell: false` is used to prevent basic shell injection, the fundamental security relies on the `mgit` command itself being trusted and correctly configured. Environment variables like `MGIT_CMD` and `REPO_NAME` are assumed to be set to trusted values by the server operator, not directly by an external client. Local file I/O is used for logging and push history, which is generally safe given controlled paths. No hardcoded secrets or 'eval' were found.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Zahaawii icon

AssistantAI_MCP

by Zahaawii

Sec8

An MCP server acting as an AI agent backend, integrating with ChromaDB for knowledge management and a blog platform for dynamic content interaction.

Setup Requirements

  • ⚠️Requires CHROMADB_API_KEY environment variable.
  • ⚠️Requires GOOGLE_API_KEY environment variable for embeddings.
  • ⚠️Requires Docker/Docker Compose for easy setup as per `compose.yaml`.
Verified SafeView Analysis
The server correctly uses environment variables for API keys (CHROMADB_API_KEY, GOOGLE_API_KEY), which is good practice. It interacts with external APIs (ChromaDB, zaak.dk blog platform), which introduces dependencies on the security of those external services. It handles JWT tokens for authentication with the blog API; proper handling of these tokens and credentials (username/password for login) is critical for the overall system's security, especially as the login endpoint is an external API.
Updated: 2026-01-10GitHub
0
0
Medium Cost
support318 icon
Sec3

Provides persistent memory and context management for AI coding assistants like Claude Code, tracking projects, tasks, decisions, errors, and conversation history to improve AI-human collaboration.

Setup Requirements

  • ⚠️Requires a specific pre-existing infrastructure: SSH access to '192.168.40.100' and a running Dockerized PostgreSQL container named 'candid-crm-staging-postgres-1' with a 'candid' user.
  • ⚠️The core MCP server component (`mcp-server/src/index.ts`) hardcodes the PostgreSQL database password directly, overriding any environment variables provided, leading to a critical security vulnerability.
  • ⚠️Specifically designed for and requires the 'Claude Code CLI' to function as intended.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The PostgreSQL database password ('Snoboard19') is hardcoded directly in `mcp-server/src/index.ts`. Although a comment suggests using environment variables, the current implementation relies solely on this hardcoded value, making it vulnerable to exposure if the source code is compromised. Additionally, the `setup.sh` script also writes this hardcoded password into a `.env` file, which is then loaded by `backup-to-github.sh` and used for database operations, further increasing its exposure risk. RISK: Database backups are committed to a GitHub repository, potentially including sensitive information (e.g., credentials stored via `store_knowledge` tool, or detailed project/error logs). While the README recommends keeping the repository private, this is not enforced, and committing database dumps to a public repository would lead to significant data exposure. IMPROVEMENT: The `mcp-server/src/index.ts` should be updated to read database credentials from `process.env` variables instead of hardcoding them.
Updated: 2026-01-17GitHub
0
0
Medium Cost
francesca-tabor-ai icon

keyword-automation

by francesca-tabor-ai

Sec7

Builds a cost-effective, ManyChat-style keyword-triggered chatbot automation system with multi-channel support, AI-powered intent detection, flow automation, CRM, and analytics via MCP servers.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid) for all AI functionalities (intent detection, dynamic content generation, email personalization).
  • ⚠️Requires Python 3 and the `anthropic-mcp` package (install via `pip install anthropic-mcp`) for running the MCP Python servers.
  • ⚠️Requires setup and configuration of external messaging platforms (WhatsApp, Telegram, Slack, Discord) and CRM (HubSpot) to enable full functionality, including obtaining API keys/tokens and setting up webhooks.
Verified SafeView Analysis
The system generally follows good practices for handling secrets via environment variables and uses parameterized queries for SQLite to prevent SQL injection. However, the `src/server.js` webhook receiver, as provided, does not explicitly implement signature validation for platforms like WhatsApp or Slack, which is a critical security measure against spoofed messages, despite `.env` variables (`WHATSAPP_VERIFY_TOKEN`, `SLACK_SIGNING_SECRET`) indicating it's intended. Direct execution of Python MCP servers via `child_process.exec` (as seen in `src/services/emailOrchestrator.js`) could pose a risk if commands were constructed with unsanitized user input, but in the provided code, input is `JSON.stringify`'d and piped, which mitigates simple injection attacks. The `scripts/simple-encrypt-env.js` for `.env` file encryption is a positive security feature.
Updated: 2025-11-23GitHub
0
0
Medium Cost
rahulvramesh icon

rytnow-mcp

by rahulvramesh

Sec9

Exposes Rytnow project management capabilities as tools and resources for AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Rytnow API Token.
  • ⚠️Requires Bun runtime for building or running from source.
Verified SafeView Analysis
The server securely processes requests using Zod for input validation and communicates with the Rytnow API via environment-variable-configured URL and token. No 'eval', code obfuscation, or hardcoded secrets were found in the provided source code. URI parsing in 'read_resource' is structured and safe. The primary security considerations are the integrity of the Rytnow API endpoint and the secure management of the Rytnow API token by the user and the AI assistant.
Updated: 2025-12-05GitHub
0
0
Low Cost
coalsi icon

HomeMCPBridge

by coalsi

Sec7

Integrates macOS HomeKit, Govee, and Scrypted devices with AI assistants (like Claude) using the Model Context Protocol for natural language control and real-time event broadcasting.

Setup Requirements

  • ⚠️Requires macOS 14.0 (Sonoma) or later.
  • ⚠️Requires HomeKit-enabled devices configured in the Apple Home app.
  • ⚠️Requires an MCP-compatible AI assistant (e.g., Claude Code, Claude Desktop).
  • ⚠️Govee plugin requires obtaining an API key from the Govee app.
  • ⚠️Scrypted NVR integration requires a separate, self-hosted Scrypted instance with the MQTT plugin configured, and credentials provided.
Verified SafeView Analysis
The core Swift application uses secure practices like storing credentials in Apple's Keychain (`CredentialManager`). Inter-process communication via stdin/stdout for the MCP server is generally secure. However, connections to Scrypted (both directly in Swift for snapshots and in the `scrypted_bridge.py` utility) explicitly disable SSL certificate validation (`ssl.CERT_NONE` or `InsecureURLSessionDelegate`). While this is a common necessity for local-only Scrypted instances that often use self-signed certificates, it introduces a vulnerability to Man-in-the-Middle (MITM) attacks if the local network is compromised. The `scrypted_bridge.py` HTTP server listens only on `127.0.0.1` (localhost), which limits its network exposure. No obvious malicious patterns or hardcoded sensitive secrets were found outside of the expected configuration points.
Updated: 2026-01-19GitHub
0
0
Medium Cost
echoes-io icon

mcp-server

by echoes-io

Sec9

Model Context Protocol (MCP) server for AI-powered storytelling, providing narrative knowledge graph features, semantic search, consistency checks, and dynamic prompt management for narrative content.

Setup Requirements

  • ⚠️Requires Node.js 20+
  • ⚠️Requires Gemini API key (Paid) for entity extraction
  • ⚠️Requires cloning the 'echoes-io/.github' repository for prompt templates as a sibling directory to the project for prompt generation tools
Verified SafeView Analysis
The codebase appears well-structured with no immediate critical vulnerabilities like 'eval' or hardcoded secrets. API keys (GEMINI_API_KEY) are correctly fetched from environment variables. File system operations are scoped to content and database paths, which is expected for its functionality. The custom YAML parser in `review-apply.ts` could be a point of concern if not rigorously tested against unexpected input, but it appears designed for a specific internal format. Overall, it seems safe to run in its intended context (local client-server interaction via STDIN/STDOUT).
Updated: 2026-01-09GitHub
PreviousPage 480 of 713Next