Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
haj58326-code icon

mcp-server-node

by haj58326-code

Sec8

Provides a Model Context Protocol (MCP) server that exposes various tools and resources for AI models to interact with.

Setup Requirements

  • ⚠️Requires Node.js version 22 or higher.
  • ⚠️The `TOKEN` environment variable is mandatory for enabling authentication and should be kept secret.
  • ⚠️If running with Docker, the image must be built first using `docker build -t mcp-server-node .`.
Verified SafeView Analysis
The server uses `cors` with `origin: '*'`, allowing requests from any domain. This is mitigated by mandatory Bearer token authentication (via the `TOKEN` environment variable). If `TOKEN` is not set, authentication is disabled, leaving the API publicly accessible which is a significant security risk for production. Assuming the `TOKEN` is always set and kept secret, the overall security posture is good for an API of this nature.
Updated: 2025-12-03GitHub
0
0
Medium Cost
dootask icon

mcp

by dootask

Sec6

Expose DooTask workspace functionalities as a remote HTTP service for AI clients (like Claude) using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Primarily designed for deployment within the DooTask plugin platform; local Docker setup is for development only.
  • ⚠️Requires integration with the DooTask API via the `@dootask/tools` SDK for user authentication and access to workspace data.
  • ⚠️A DooTask account with appropriate permissions is necessary for generating and using API tokens.
Verified SafeView Analysis
The server relies on DooTask token authentication for MCP requests and internal network routing (e.g., `http://nginx`). The `extract_image_text` tool allows an `image_url` parameter, which if supplied by an untrusted source, could lead to Server-Side Request Forgery (SSRF) by fetching arbitrary external URLs. While the OCR service runs locally on an internal port (`7001`), fetching external content directly from user input without robust URL validation remains a risk. Resource consumption for OCR is mitigated by `MAX_SIZE` and `OCR_TIMEOUT` settings.
Updated: 2026-01-18GitHub
0
0
Low Cost
bjornhovd icon
Sec9

Control and query SmartThings devices via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires SmartThings Personal Access Token (PAT) with specific scopes (devices:read/execute, locations:read)
  • ⚠️Docker is the recommended and primary deployment method
  • ⚠️Specific Claude Desktop configuration required to integrate the MCP server
  • ⚠️Python 3.8+ and dependencies from `requirements.txt` are needed for local development
Verified SafeView Analysis
The server code itself demonstrates good security practices: using environment variables for sensitive tokens, comprehensive logging without token exposure, non-root Docker user, and Pydantic for input validation. The `CLAUDE_SETUP.md` initially suggests placing the `SMARTTHINGS_PAT` directly in the Claude Desktop config file, which is less secure, but it also provides an 'Advanced Configuration' section detailing how to use environment variables instead, which is the recommended and more secure approach.
Updated: 2025-11-22GitHub
0
0
High Cost
Sukarth icon
Sec6

Automating VSCode for AI agents to interact with UI, execute commands, inspect DOM, and perform complex automation workflows.

Setup Requirements

  • ⚠️Node.js >= 20.0.0 is required.
  • ⚠️Initial setup requires an internet connection to download a standalone VSCode instance and matching ChromeDriver.
  • ⚠️Requires a graphical display environment (or a virtual display like Xvfb on headless Linux systems).
Verified SafeView Analysis
The `vscode_execute_script` tool explicitly allows executing arbitrary JavaScript code within the VSCode window context, granting full access to the DOM and global objects. This is a core feature for powerful automation but means the server can be instructed to execute potentially malicious code if an untrusted AI agent or compromised prompt is used. Internal `child_process.execSync` calls are used for process management during setup and are not directly exposed to tool inputs. File system operations are confined to the configured storage path or explicit file path inputs.
Updated: 2025-12-05GitHub
0
0
Low Cost
Shawn-Broadhead-Scorpion icon

MonkeyApp

by Shawn-Broadhead-Scorpion

Sec5

A console application designed for managing monkey species data and integrating with GitHub through an MCP server.

Setup Requirements

  • ⚠️.NET 9 SDK required
  • ⚠️GitHub account/token likely required for integration
Review RequiredView Analysis
Source code provided is limited to README.md only. Cannot perform a thorough security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns without the actual application code.
Updated: 2025-11-24GitHub
0
0
Low Cost
druellan icon
Sec9

Integrate Productive.io into AI workflows by providing LLM-optimized read-only access to projects, tasks, pages, comments, and team members.

Setup Requirements

  • ⚠️Requires Python 3.10+ (as per pyproject.toml)
  • ⚠️Requires a Productive API key (paid service)
  • ⚠️Requires a Productive organization ID
Verified SafeView Analysis
The server securely handles API keys by loading them from environment variables and uses HTTPS for all API requests. Output is sanitized with `bleach.clean` to strip HTML, reducing potential injection risks if output were rendered. It implements robust error handling and retry mechanisms for network stability. No 'eval' or other directly dangerous functions were found. The 'productive_client.py' includes clear error parsing and retry logic for API calls. Overall, the codebase shows good security practices for an API proxy.
Updated: 2026-01-07GitHub
0
0
Medium Cost
AteetAgarwal icon

mcp-explore

by AteetAgarwal

Sec8

A Streamlit chat application integrating multiple MCP servers (local and remote) to orchestrate LLM tool calls.

Setup Requirements

  • ⚠️Requires 'uv' for dependency management and running the application.
  • ⚠️Requires Python 3.13+ for the client and `expense-tracker-mcp-server`.
  • ⚠️Requires an Azure OpenAI API Key and Endpoint (paid service) for the GPT-4o-mini model.
  • ⚠️The 'expense' MCP server is configured to connect to a specific remote FastMCP Cloud instance (https://ateet-blush-marten.fastmcp.app/mcp), which may not be generally available or stable for prolonged use.
Verified SafeView Analysis
The code generally follows good security practices for a demo application. API keys are loaded from environment variables (.env). SQL queries for the expense tracker use parameterized statements, preventing common SQL injection vulnerabilities. Direct execution of external processes via `uv run` in the `SERVERS` configuration uses hardcoded command arguments, limiting risks from user input-driven arbitrary command execution. Tool arguments from the LLM are expected to be JSON or dicts, and `json.loads()` is used, which is generally safe within this context. No explicit `eval` or `exec` on user-controlled input was found.
Updated: 2025-11-26GitHub
0
0
Low Cost
yyualvin icon
Sec1

Demonstrates or provides a server using the Microservice Communication Protocol (MCP) within bioinformatics applications.

Review RequiredView Analysis
Source code was not provided, preventing a security audit. Critical analysis for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could not be performed. Running this code without review is not recommended due to unknown risks.
Updated: 2025-12-05GitHub
0
0
High Cost
ahump20 icon
Sec2

Deploys an unauthenticated Model Context Protocol (MCP) server to Cloudflare Workers, providing a calculator agent and a file reading tool for AI clients.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires Cloudflare Wrangler CLI for local development and deployment.
  • ⚠️Requires a compatible Model Context Protocol (MCP) client (e.g., Cloudflare AI Playground, Claude Desktop with mcp-remote proxy) for interaction.
Review RequiredView Analysis
The 'read_file' tool in 'src/index.ts' allows fetching content from arbitrary URLs without any input validation or domain restrictions on the 'path' parameter. This constitutes a severe Server-Side Request Forgery (SSRF) vulnerability. An attacker could exploit this to access internal network resources, perform port scanning, interact with cloud metadata APIs to retrieve sensitive credentials, or make the worker perform requests to external malicious sites, potentially aiding in DDoS attacks or data exfiltration. This is a critical security risk.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Cronos402 icon

mcp-gateway

by Cronos402

Sec4

Acts as an x402 monetization wrapper and proxy for existing Micro-Credential Protocol (MCP) servers, enabling payment-gated access and management capabilities.

Setup Requirements

  • ⚠️Requires Upstash Redis credentials (UPSTASH_REDIS_REST_URL, UPSTASH_REDIS_REST_TOKEN) configured as environment variables.
  • ⚠️Requires an upstream MCP server to be registered via the `/register` endpoint for its core proxying functionality to be useful.
Review RequiredView Analysis
The server has a potential Server-Side Request Forgery (SSRF) vulnerability. The `resolveTargetUrl` function, used by the `/mcp` proxy endpoint, can derive the upstream target URL from the `x-cronos402-target-url` header or `target-url` query parameter if no server ID is provided or found. This allows an attacker to direct the gateway to an arbitrary URL, potentially probing internal networks or accessing sensitive internal services. Additionally, the `/register` endpoint, if not properly secured, could allow an untrusted user to register a server with an internal `mcpOrigin` URL, leading to a persistent SSRF vector. There is no explicit validation or allowlisting of target URLs in the code. Therefore, it is not recommended for deployment in environments where untrusted users can access these endpoints without additional security measures.
Updated: 2026-01-19GitHub
0
0
Low Cost
MagicTurtle-s icon

claude-code-mcp-bridge

by MagicTurtle-s

Sec7

Bridge Claude Desktop to Claude Code CLI for enhanced orchestration and domain-specific MCP tool delegation.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires Claude Code CLI installed and authenticated (`claude --print 'test'` or `/mcp` command)
  • ⚠️Requires Claude Desktop installed and configured with the bridge MCP server. Manual configuration of `claude_desktop_config.json` is needed, including full paths to the bridge's build output and optionally the Claude Code CLI executable.
  • ⚠️Initial setup for session-based MCPs (like Asana, HubSpot) requires a browser OAuth flow, which the bridge will attempt to auto-open. Authentication state persists across Desktop restarts but requires re-authentication if refresh tokens expire (days/weeks).
Verified SafeView Analysis
The server spawns subprocesses (`child_process.spawn`, `child_process.exec`) based on user prompts, which can be a risk if not properly sanctioned. The `dangerouslySkipPermissions` flag is used, bypassing critical security checks for subprocesses, which could allow arbitrary file access or tool execution if the prompt is not carefully constrained by the upstream AI or user. The `mcp-session-manager.ts` handles sensitive session files (like `.claude-mcp-sessions.json`) in user profile directories, which are protected by OS permissions, but not encrypted by default on all platforms (e.g., Windows DPAPI not used). Hardcoded paths like `C:\Users\jonat\hubspot-mcp-railway\.mcp-config.json` pose a risk if the orchestrator prompt were to guide the AI to arbitrary paths. However, the system is designed to delegate authentication to the Claude Code CLI and not handle tokens directly, which is a good security practice. The use of `axios` for external API calls is standard but relies on the security of the target MCP servers. Overall, the system's security depends heavily on the robustness of the Claude Code CLI's sandboxing and the trustworthiness of the prompts it's given, especially when `dangerouslySkipPermissions` is enabled. The `spawn_code_subprocess_direct` tool is introduced to specifically avoid stdio deadlock, highlighting the architectural complexity which often comes with security challenges.
Updated: 2025-11-23GitHub
0
0
Medium Cost
alepoblador icon

mcp-demo

by alepoblador

Sec5

An AI-powered recruiting assistant that automates fetching applications, evaluating them against job descriptions, drafting emails, and updating a tracker spreadsheet.

Setup Requirements

  • ⚠️Requires a Google Service Account configured with 'credentials.json' containing appropriate permissions for Google Forms (read) and Google Sheets (read/write).
  • ⚠️Requires the Google Forms API and Google Sheets API to be enabled in your Google Cloud Project.
  • ⚠️The application_form_id, sheet_id, and various question IDs for the Google Form are hardcoded in the script and must match your actual Google Form and Sheet setup.
Review RequiredView Analysis
The primary security risk is the direct reliance on a 'credentials.json' file for Google API access, hardcoded in the script ('credentials.json'). This file contains sensitive service account keys. If compromised or improperly secured (e.g., committed to a public repository), it could grant unauthorized access to Google Forms and Sheets. For production use, a more secure method of secret management (e.g., environment variables, KMS, or secure vaults) should be used instead of a direct file path. The prompt instructions for the LLM could potentially lead to data quality issues if the LLM hallucinates or deviates from the expected output format for 'initial_evaluation', although input validation in 'sheets.py' helps mitigate direct exploitation.
Updated: 2025-12-02GitHub
PreviousPage 490 of 713Next