Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
alexrv98 icon
Sec6

This server allows seamless interaction with Google Calendar for managing events (create, retrieve, update, delete, respond, check availability) via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Google OAuth credentials (PROVIDER_CLIENT_ID, PROVIDER_CLIENT_SECRET) set up in a Google Cloud Project with the Calendar API enabled.
  • ⚠️The `isAllowedOrigin` function (src/shared/mcp/security.ts) acts as a placeholder and returns `true` in production mode. This critical vulnerability requires manual configuration of an origin allowlist for secure production deployment.
  • ⚠️For Cloudflare Workers deployment, a KV Namespace named `TOKENS` must be created and bound.
  • ⚠️Storing provider tokens unencrypted in KV is a security risk. Setting the `RS_TOKENS_ENC_KEY` secret (a 32-byte base64url key) is highly recommended for token encryption.
Review RequiredView Analysis
The application uses strong cryptographic practices for token storage (AES-256-GCM) and implements a robust OAuth 2.1 PKCE flow. Secrets are correctly externalized via environment variables. Rate limiting and concurrency controls are in place. However, the `isAllowedOrigin` function in `src/shared/mcp/security.ts` is a placeholder that returns `true` in production mode by default, effectively disabling origin validation. This presents a critical security vulnerability for production deployments if not properly configured with an explicit allowlist, making the server susceptible to attacks from unverified origins.
Updated: 2026-01-19GitHub
0
0
Medium Cost
WidgetA icon

ph_mcp_server

by WidgetA

Sec9

An HTTP JSON-RPC server providing multi-source data access for Product Hunt, GitHub Trending, and US tech stock news to AI assistants.

Setup Requirements

  • ⚠️Requires configuration of 3 separate databases (2 Supabase, 1 PostgreSQL).
  • ⚠️Environment variables must be set globally (e.g., in `.bashrc` or systemd service file); `.env` files are not supported.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
Secrets are managed via environment variables. Database queries for Supabase use structured client methods, and PostgreSQL queries use parameter binding for values, mitigating direct SQL injection risks from user input. Potential, but unlikely, risk exists if environment variables specifying table names or schema are compromised. The server listens on 0.0.0.0:8080, requiring a reverse proxy and firewall for secure production deployment.
Updated: 2025-12-31GitHub
0
0
Low Cost
agiletec-inc icon
Sec8

MCP (Model Context Protocol) server for self-hosted Supabase with RLS-aware PostgreSQL + PostgREST layers, providing LLM access to database schema and data.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0
  • ⚠️Requires a self-hosted Supabase instance (PostgreSQL + PostgREST)
  • ⚠️Requires careful configuration of PostgreSQL read-only user and PostgREST JWT for security
Verified SafeView Analysis
The server employs a 'READ_ONLY' mode by default, which blocks most DML/DDL/DCL operations via regex-based SQL validation. While the regex guard is not foolproof, the default read-only posture and recommendation for a dedicated read-only PostgreSQL user significantly enhance safety. Secrets (PG_DSN, POSTGREST_URL, POSTGREST_JWT) are loaded from environment variables, avoiding hardcoded values in production code. The PostgREST layer is RLS-aware, enforcing access policies. Potential risks arise if 'READ_ONLY' mode is disabled or if a powerful 'POSTGREST_JWT' (e.g., service_role key) is used without proper access control on the Supabase side.
Updated: 2025-11-21GitHub
0
0
Medium Cost
mufradhossain icon

antigravity-youtube-rag

by mufradhossain

Sec8

An MCP server for retrieving, indexing, and performing semantic search on YouTube video transcripts.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed
  • ⚠️Requires running `python setup_model.py` once to download the embedding model locally before starting the server
  • ⚠️Requires Python 3.11+ for setup
Verified SafeView Analysis
The server code itself is clean with no obvious malicious patterns, hardcoded secrets, or misuse of `eval`. It uses `youtube-transcript-api` for transcript fetching and `huggingface_hub` for model download, which are reputable. Network activity is confined to these services and the local MCP server. Minor deductions for `os.system` usage in `setup_model.py` (for installing `huggingface_hub` if missing) and `subprocess.run` in `inspect_docker.py`, though used in a controlled context for setup/inspection scripts.
Updated: 2025-11-21GitHub
0
0
Low Cost
dan-burk icon

btw-mcp-server

by dan-burk

Sec8

Provides Model Context Protocol (MCP) access to the R language and custom R tools, typically for AI agents.

Setup Requirements

  • ⚠️Requires Docker for building and running.
  • ⚠️Must be registered with Claude Desktop and/or Claude Code (CLI) to be used.
  • ⚠️Significant architectural complexities when running R on ARM64, especially for package compilation from source, leading to longer build times.
Verified SafeView Analysis
The provided source code consists primarily of documentation and Docker build instructions. There is no executable server-side code (R scripts, API endpoints, etc.) available for review, so a full security audit of the MCP server's runtime behavior is not possible. Based solely on the provided files, there are no obvious hardcoded secrets, `eval` usage, or malicious patterns. The security risk would reside in the unseen server implementation and how it handles user input when executing R code and the safety of the 'btw' R package itself, which is not provided.
Updated: 2025-12-19GitHub
0
0
Low Cost
yuezhang23 icon
Sec8

Provides a Model Context Protocol (MCP) server to expose OpenReview API functionalities (profile, notes, reviews, groups, invitations) as tools for AI models.

Setup Requirements

  • ⚠️Requires OpenReview credentials (OPENREVIEW_USERNAME, OPENREVIEW_PASSWORD)
  • ⚠️Python 3.9+ required
Verified SafeView Analysis
The server uses environment variables (or .env file) for OpenReview credentials, which is good practice. It wraps the standard OpenReview Python SDK for API calls. Input parameters to API calls are passed to the SDK; potential injection vulnerabilities would typically depend on the SDK's handling. The `search_notes` function constructs a query string by joining terms, which could theoretically be a weak point if the underlying OpenReview SDK doesn't robustly escape search inputs. However, no direct `eval` or blatant malicious patterns were found. File uploads or code execution through the MCP server itself are not apparent. The broader `paper_chat_app` (also in the repository) includes file upload and PDF processing, which are handled with reasonable precautions (e.g., path traversal checks for serving files) but inherently carry more risk. This security score specifically pertains to the `openreview_mcp.py` file.
Updated: 2026-01-19GitHub
0
0
Medium Cost
rcx86 icon
Sec2

An MCP server for shell tools, allowing an agent to run shell commands and edit files via the Model Context Protocol.

Setup Requirements

  • ⚠️Python 3.10+ required
Review RequiredView Analysis
The `run_shell_command` tool uses `subprocess.run(shell=True)`, which is a severe security vulnerability if the `command` argument can be influenced by untrusted input, allowing arbitrary command injection. The file manipulation tools (`file_edit`, `file_multi_edit`, `file_read`, `file_replace`) allow operations on arbitrary `file_path` inputs, potentially leading to unauthorized file access, modification, or data exfiltration if the server is exposed or receives malicious path inputs. No input sanitization or path validation beyond `os.path.isfile` is present for file paths. Running the server over HTTP (especially on `0.0.0.0` if configured) would expose these highly privileged operations over the network.
Updated: 2025-12-06GitHub
0
0
Low Cost
getprobo icon

mcpgen

by getprobo

Sec9

A code generator that builds type-safe Model Context Protocol (MCP) servers in Go from JSON Schema definitions of tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires the Go toolchain installed to build and run the generator, and to compile the generated server.
  • ⚠️Requires users to define their MCP API specification using JSON Schema (in YAML or JSON format).
  • ⚠️Generated code provides handler stubs; users must implement the actual business logic for tools, resources, and prompts.
Verified SafeView Analysis
The `mcpgen` tool itself is a code generator, primarily performing schema parsing (YAML/JSON) and Go code templating. It leverages standard Go libraries for file I/O and code formatting, with no direct execution of arbitrary external code or `eval`-like functions found in its core logic. The generated server code relies on the `modelcontextprotocol/go-sdk` and user-implemented handler logic, which would require separate security audits for runtime safety. As a generator tool, it is designed with type safety in mind, reducing common runtime errors for developers.
Updated: 2025-11-24GitHub
0
0
Low Cost
aiscibe-mcp-deployment icon

mcp-cf7b72a7-27e74bd9-todo-list-mcp

by aiscibe-mcp-deployment

Sec9

This MCP server exposes a Todo List API as tools for AI models like Claude.

Setup Requirements

  • ⚠️Requires OPENAI_API_KEY environment variable.
  • ⚠️Requires Python 3.9.
Verified SafeView Analysis
The server uses httpx to make external API calls. While the current API_CONNECTIONS is hardcoded to a safe endpoint, dynamic configuration of 'base_url' without validation could introduce SSRF vulnerabilities. No 'eval' or obvious malicious patterns were found. Environment variables are used for sensitive keys (like OPENAI_API_KEY, though not directly used in provided server code) which is good practice.
Updated: 2025-12-01GitHub
0
0
Low Cost
522jack icon
Sec9

This server provides current currency exchange rates for a given country code, integrating with an external exchange rate API.

Setup Requirements

  • ⚠️Requires Java 17 or higher
  • ⚠️Requires an active internet connection to fetch exchange rates from the external API
  • ⚠️Gradle is needed for building the project
Verified SafeView Analysis
The server uses structured JSON-RPC for communication and a hardcoded map for country-to-currency lookups, reducing injection risks. External API calls (to exchangerate-api.com) are constructed safely. No obvious hardcoded secrets or 'eval'-like constructs. The primary security consideration is the reliability and integrity of the external currency exchange rate API.
Updated: 2025-11-23GitHub
0
0
High Cost
acartag7 icon

glm-orchestrator

by acartag7

Sec9

Provides a Model Context Protocol (MCP) server interface to orchestrate AI models (Claude, GLM) for coding tasks, including delegation, spec writing, and review within an AI-assisted development platform.

Setup Requirements

  • ⚠️Requires the 'opencode' server to be running on localhost:4096 for GLM execution (default endpoint).
  • ⚠️Requires the 'claude' CLI tool to be installed and accessible in the system's PATH for Claude model interactions.
  • ⚠️Requires Node.js version >=20.9.0.
  • ⚠️Requires pnpm as the package manager.
Verified SafeView Analysis
The MCP server implements robust path validation (`validateWorkingDirectory`) and secure command execution practices (`spawn` with array arguments, `shell: false` for git/gh calls). This mitigates common vulnerabilities like path traversal and command injection for its internal operations. The primary remaining risk is inherent to the AI coding agent paradigm: if the underlying AI models (Claude, GLM) generate malicious code, that code could still be executed within the designated working directory. However, the system's proactive security measures for its own code are exemplary.
Updated: 2026-01-19GitHub
0
0
Low Cost
RishithaAppikonda icon

Weather-Agent-with-MCP-Servers

by RishithaAppikonda

Sec9

Integrates National Weather Service (NWS) API alerts and forecasts into an MCP-compatible server, providing weather data as tools for applications like SSE clients and AI chat agents.

Setup Requirements

  • ⚠️Requires `GROQ_API_KEY` (potentially paid/rate-limited) for the chat client functionality.
  • ⚠️The `server/weather.json` configuration file contains an absolute path to `server/weather.py` (`/Users/rishitha.appikonda/...`) which will need to be manually updated for other environments.
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The code uses standard Python libraries (httpx) for API interactions and handles external API keys via environment variables (GROQ_API_KEY), which is good practice. There are no visible dangerous patterns like 'eval' or obfuscated code. Broad 'except Exception' blocks could hide specific errors but do not introduce direct vulnerabilities.
Updated: 2025-12-12GitHub
PreviousPage 484 of 713Next