Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
tonnguyen icon
Sec6

A Model Context Protocol (MCP) server that provides AI models programmatic access to the Litium e-commerce platform's Admin Web API, enabling natural language interaction for managing products, content, customers, media, and other e-commerce entities.

Setup Requirements

  • ⚠️Requires OAuth2 Client ID, Client Secret, and Litium Base URL from a Litium Admin panel. These must be configured by the MCP client to be sent as HTTP headers (X-Litium-Client-Id, X-Litium-Client-Secret, X-Litium-Base-Url) with every request to the MCP server.
  • ⚠️Relies on an external Litium Admin Web API instance, which must be accessible from where the MCP server is deployed.
  • ⚠️The `manage_media` tool's 'upload' operation expects a `filePath` argument pointing to a local file on the server's filesystem. This makes it unsuitable for direct client-side file uploads when deployed in typical serverless environments (like Vercel) or when the server doesn't have access to the user's local filesystem.
Verified SafeView Analysis
The server relies on client-supplied HTTP headers (X-Litium-Client-Id, X-Litium-Client-Secret) for OAuth2 authentication with the Litium Admin API. While these credentials are not hardcoded, passing sensitive secrets in headers for a publicly deployed server (e.g., on Vercel) carries inherent risks if the communication channel is not secure (e.g., not HTTPS) or if the client itself is compromised. The `Access-Control-Allow-Origin: *` header is broadly permissive. The file upload functionality (`manage_media` tool) is designed to read local file paths on the server, which could pose a security risk in certain deployment scenarios (e.g., if arbitrary file paths could be specified by an attacker, or if deployed in a serverless environment where local filesystem access is not intended for user-uploaded content).
Updated: 2025-12-11GitHub
0
0
Low Cost
silveriogimenez icon
Sec9

Access Chess.com player profiles and statistics.

Setup Requirements

  • ⚠️Requires Python 3.14+
  • ⚠️Requires `uv` or `uvx` to be installed/available
Verified SafeView Analysis
The server acts as a simple wrapper around the public Chess.com API. It uses the `requests` library to fetch data and `raise_for_status` for error handling. No sensitive operations, 'eval' usage, or hardcoded secrets were found. Communication via FastMCP is designed to be secure (typically stdio).
Updated: 2025-12-12GitHub
0
0
Medium Cost
MOK-5-ha icon

MayaMCP

by MOK-5-ha

Sec9

A conversational AI bartender that combines RAG, function calling, and text-to-speech to create an immersive bar experience, including payment processing.

Setup Requirements

  • ⚠️Requires `GEMINI_API_KEY` (Google API Key) and `CARTESIA_API_KEY` for core functionality (LLM and TTS).
  • ⚠️For full Stripe payment functionality, an external Stripe MCP server (using `uvx mcp-server-stripe` via `kiro`) must be configured; otherwise, it defaults to mock payments.
  • ⚠️Python 3.12+ is recommended for deployment (as per `deploy.py` image).
  • ⚠️Full RAG functionality with Memvid requires `qrcode[pil]` and `opencv-python`.
Verified SafeView Analysis
Integrates `llm-guard` for prompt injection and toxicity scanning on both input and output. API keys are managed via environment variables (`.env`). Payment integration with Stripe uses `test_mode` by default, preventing accidental real transactions. Concurrency control for session state uses `threading.Lock`. The actual Stripe MCP server calls are currently *stubbed* in `src/payments/stripe_mcp.py`, deferring real network security to a `kiroPowers` tool which is not provided in the source code. Avatar image is downloaded from a URL, presenting a minor external dependency risk.
Updated: 2025-12-19GitHub
0
0
Low Cost
MihirKosambia icon

CodeCompass

by MihirKosambia

Sec7

Transforms GitHub repositories into an interactive, searchable knowledge base with an AI chatbot for answering questions based on repo content.

Setup Requirements

  • ⚠️Requires a GITHUB_TOKEN environment variable for accessing GitHub repositories, which may need specific permissions.
  • ⚠️The backend requires Python 3.12 or later.
  • ⚠️An internet connection is necessary for fetching GitHub repositories and interacting with the Groq LLM API.
Verified SafeView Analysis
The Flask backend has CORS enabled for all origins ('*') on its '/api/*' endpoints. While common for local development, this could pose a security risk in a public production deployment if not properly restricted to specific frontend origins. The GITHUB_TOKEN is correctly loaded from environment variables, avoiding hardcoded secrets. Input validation is performed on the repository URL, mitigating basic injection concerns. No 'eval' or other obvious remote code execution patterns were found.
Updated: 2026-01-19GitHub
0
0
Low Cost
rosch100 icon
Sec9

Provides a Model Context Protocol (MCP) server for interacting with encrypted SQLite databases (SQLCipher 4), enabling database exploration, querying, and CRUD operations.

Setup Requirements

  • ⚠️Requires Java 21+ JDK to run from source or locally.
  • ⚠️For encrypted passphrases, requires the `MCP_SQLITE_ENCRYPTION_KEY` environment variable to be set, or a key stored in macOS Keychain on macOS.
  • ⚠️Docker is required for containerized deployment, which involves configuring file sharing for database volumes and using absolute paths for mounts.
  • ⚠️The database file path and passphrase must be correctly configured in the MCP client's configuration file or passed as tool arguments.
Verified SafeView Analysis
The server implements robust SQL identifier validation to prevent SQL injection for most database operations. It uses strong AES-256-GCM encryption for passphrases, with secure key management via macOS Keychain or environment variables, and includes checks for weak keys. The `execute_sql` tool is explicitly noted as executing raw SQL without parameterization, carrying a security warning for untrusted input. The server communicates via STDIO, limiting direct network attack surface. Overall, security is a high priority in its design.
Updated: 2025-11-30GitHub
0
0
Medium Cost
0lovesakura0 icon
Sec9

Enables Claude Desktop to perform AI-enhanced search and web grounding using Azure AI Search and Bing Web Search, either directly or via Azure AI Agent Service.

Setup Requirements

  • ⚠️Requires active Azure subscriptions and configured Azure AI Search, Azure AI Project, and Bing Search resources (paid services).
  • ⚠️Setting up Azure AI Agent Service connections and an Azure AI Search index (especially with vectorized data) can be complex.
  • ⚠️Requires `az login` for Azure authentication if using DefaultAzureCredential.
Verified SafeView Analysis
Secrets are loaded via environment variables using python-dotenv and managed by Azure SDKs (AzureKeyCredential, DefaultAzureCredential), which is a secure practice. No 'eval' or obvious malicious patterns found. Network communication is with trusted Azure and Bing services. Requires proper handling of Azure credentials outside the codebase.
Updated: 2025-11-19GitHub
0
0
Low Cost
abhinema icon

LEANN-MCP-Setup

by abhinema

Sec7

A multimodal RAG system for semantic search across documents and images with incremental indexing and cross-platform deployment.

Setup Requirements

  • ⚠️Requires Conda for environment management across all platforms.
  • ⚠️Strict hardware requirements: NVIDIA GTX 1080 (8GB VRAM) with CUDA 11.8 on Ubuntu for indexing, or Apple M-series (16GB RAM) with MPS on macOS for inference.
  • ⚠️Vision models (e.g., ColQwen2 requiring ~6GB VRAM, ColPali ~10GB VRAM) have high VRAM requirements, especially when running on the GTX 1080's 8GB per card.
Verified SafeView Analysis
The system utilizes subprocess calls for hardware detection and index transfer (rsync/scp/aws s3), which are controlled by the system's internal scripts and not directly exposed to untrusted user input via the API. Database interactions with SQLite (`chunk_store.py`) use parameterized queries, mitigating SQL injection. The FastAPI server (`leann_mcp_server.py`) listens on `0.0.0.0:8000` by default, which is common for development but requires network security (firewall, authentication) for production. The vision search endpoint handles file uploads, but its current implementation is a placeholder, so no actual content processing yet; future implementation will require robust validation (MIME type, size) to prevent vulnerabilities. The `config.yaml` explicitly notes the need for an API key authentication layer before production, showing awareness of security concerns.
Updated: 2025-11-28GitHub
0
0
Medium Cost
encodium icon

order-mcp-server

by encodium

Sec8

AI-powered order management for an e-commerce platform by enabling AI agents to interact with comprehensive order details and business logic.

Setup Requirements

  • ⚠️Requires access to RevolutionParts-specific MySQL databases (`slowpoke/feed` and `critdb/cdata`) which are proprietary and not publicly available for development or local testing.
  • ⚠️Requires an AWS account with configured permissions for Lambda, Bedrock (Claude 3 Sonnet), EventBridge, SQS, SNS, ECS, ECR, RDS (for MySQL), and Load Balancers for full deployment.
  • ⚠️Deployment uses Terraform, AWS CLI, and Docker, requiring familiarity with these tools. The AI agent is hardcoded to use Bedrock Claude 3 Sonnet and may require code changes for other LLMs.
  • ⚠️The local development/testing database setup appears incomplete or requires specific configuration, as indicated by skipped tests ('Database not configured for testing').
Verified SafeView Analysis
The server avoids common critical vulnerabilities like hardcoded secrets or direct code `eval`. Dynamic data is primarily handled via Laravel's ORM or JSON serialization before inclusion in AI prompts, mitigating direct code injection risks. However, the system relies heavily on AI agent decision-making based on dynamically generated prompts, introducing a risk of 'prompt injection' if external inputs (e.g., from EventBridge events) are maliciously crafted to manipulate AI behavior. The explicit mention of RevolutionParts-specific databases (`slowpoke`, `critdb`) and the detailed database access configuration in `GetOrderMessageTool` and `GetOrderActivityLogTool` indicate reliance on a specific multi-database setup, raising a potential configuration security risk if not properly locked down at the AWS IAM/network level. There's also a contradiction between the README stating 'does not require any migrations' and the `deploy.sh` script executing `php artisan migrate --force`, which could lead to unexpected database schema changes or conflicts if run against existing production databases.
Updated: 2025-12-05GitHub
0
0
Low Cost
pt247 icon
Sec9

This server demonstrates the efficiency of sharing a single Model Context Protocol (MCP) server instance for inventory management.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires `uv` package manager (or pip for dev dependencies)
Verified SafeView Analysis
The server uses an in-memory database, reducing external data access risks. Input validation is present for toy names. The HTTP server defaults to localhost binding, which is secure for local development. No 'eval' or direct file system manipulation is apparent. While `asyncio.sleep` simulates latency, it doesn't introduce a security vulnerability. The codebase appears clean and focuses on a controlled demonstration environment.
Updated: 2025-11-30GitHub
0
0
High Cost
Srinivs-p icon

aiAgents_database

by Srinivs-p

Sec2

Intelligent database querying system enabling natural language interaction with Oracle databases via AI agents, vector search, and Retrieval-Augmented Generation (RAG).

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid service) for LLM and embeddings.
  • ⚠️Requires Oracle Database access, and credentials must be manually hardcoded into the `db_engine.py` file, as they are not loaded via environment variables by the configuration system.
  • ⚠️The MCP Server (`example_mcp_server.py`) must be run separately from the main application (`main.py`) for full database interaction.
  • ⚠️The `config.validate()` method in `settings.py` explicitly requires `VECTOR_DB_URL`, even though the default `VECTOR_DB_TYPE=chroma` (which runs locally) doesn't typically need it, leading to potential setup confusion or requiring an unnecessary placeholder.
Review RequiredView Analysis
CRITICAL: The MCP server in `mcp/server.py` contains severe SQL injection vulnerabilities in `_handle_query_database` and `_handle_execute_sql` methods. User-provided `query` and `sql` parameters are directly executed via `cursor.execute()` without sanitization or proper parameterization, allowing arbitrary SQL code execution. Additionally, Oracle database credentials are expected to be hardcoded into `db_engine.py` (copied from `db_engine.example.py`), which is a significant security anti-pattern for secret management. The `config/settings.py` also validates for `VECTOR_DB_URL` as required, but the default `chroma` setup in `.env.example` does not provide it, indicating a potential configuration discrepancy or security oversight if other vector DBs are used without proper URL validation.
Updated: 2025-11-18GitHub
0
0
High Cost
jontolof icon

xcode-build-mcp

by jontolof

Sec8

Provides a token-efficient Model Context Protocol (MCP) server to enable AI assistants to interact with Xcode for build, test, and simulator management on macOS.

Setup Requirements

  • ⚠️Requires Go 1.24.4 or higher
  • ⚠️Requires Xcode 14.0 or higher
  • ⚠️Requires macOS 12.0 or higher
Verified SafeView Analysis
The server executes external `xcrun simctl` and `xcodebuild` commands using Go's `os/exec.CommandContext`. While this method generally prevents shell injection by separating commands from arguments, invoking powerful system tools always carries an inherent risk. Input parameters, particularly file paths and arguments to `xcodebuild` and `simctl`, must be rigorously validated to prevent unintended command execution or file system manipulation on the host machine. No `eval`-like functions, hardcoded secrets, or direct network listening are evident; primary interaction is via standard I/O (stdio).
Updated: 2025-12-03GitHub
0
0
Low Cost
sergiuiacob1 icon

mcp

by sergiuiacob1

Sec8

Provides a Flask-based JSON-RPC 2.0 server implementation for the Model Context Protocol (MCP), enabling AI clients to discover and execute external tools.

Setup Requirements

  • ⚠️Requires Python 3.14 or higher as specified in `pyproject.toml`.
  • ⚠️Requires `flask` dependency, which needs to be installed (e.g., `pip install flask`).
  • ⚠️Integration with AI clients (e.g., Cursor) requires client-side configuration (e.g., `~/.cursor/mcp.json`) to register the server URL.
Verified SafeView Analysis
The `call_tool` function directly unpacks `arguments` into tool handlers using `**arguments`. While the current tools (`random_number`, `random_sentence`) are simple and do not pose an immediate risk, this pattern could be exploited if new tools with unsafe implementations or vulnerable dependencies were added, potentially allowing for arbitrary code execution if inputs are not strictly validated. No `eval` or hardcoded secrets found.
Updated: 2025-12-02GitHub
PreviousPage 481 of 713Next