Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
PugazhTheHacker icon

kali-mcp

by PugazhTheHacker

Sec1

Provides a web-based remote terminal for Kali Linux, integrated with a Gemini AI assistant and full filesystem access for cybersecurity tasks.

Setup Requirements

  • ⚠️Requires Google Gemini API key for AI features.
  • ⚠️Designed for and requires a Kali Linux environment for the backend tools (Nmap, Hydra, Metasploit, etc.).
  • ⚠️Requires running two separate Python servers (`server.py` and `kali-server.py`) simultaneously.
Review RequiredView Analysis
CRITICAL: The `kali-server.py` component uses `subprocess.Popen(self.command, shell=True)` to execute user-provided commands directly. The `command` variable originates from `request.json` and is passed without any sanitization. This allows for arbitrary command injection and full remote code execution by any user who can access the Kali server API endpoint. While the README warns about using it only on trusted networks, the fundamental vulnerability remains in the code. No strong authentication or authorization mechanisms are present for the API endpoints.
Updated: 2025-12-01GitHub
0
0
High Cost
stevenpto icon

MCP

by stevenpto

Sec8

Extracts text from PDF documents, including support for OCR on scanned pages, and summarizes the extracted content using context-aware guidance.

Setup Requirements

  • ⚠️Requires Tesseract OCR installation for image-based PDFs to enable full OCR functionality (optional for text-based PDFs).
  • ⚠️May perform NLTK data downloads (punkt, stopwords) on first run if not already present, which requires internet access.
Verified SafeView Analysis
The server processes local PDF files. Potential risks primarily arise from vulnerabilities within the PyMuPDF or Tesseract libraries when handling malformed or malicious PDF inputs, or if the `file_path` parameter is not properly controlled by the calling agent, potentially exposing unintended local files. The server code itself does not contain 'eval', obfuscation, or hardcoded secrets. NLTK data downloads are handled quietly.
Updated: 2025-12-02GitHub
0
0
Medium Cost
kiki830621 icon

che-duckdb-mcp

by kiki830621

Sec8

Provides an integrated Model Context Protocol (MCP) server for DuckDB documentation search and local database operations.

Setup Requirements

  • ⚠️Requires macOS 13.0+ for operation.
  • ⚠️Requires Swift 5.9+ toolchain for building from source.
  • ⚠️An internet connection is needed for the initial download and refresh of DuckDB documentation.
Verified SafeView Analysis
The `db_query` tool implements a prefix-based validation to restrict query types (SELECT, WITH, SHOW, DESCRIBE, EXPLAIN, PRAGMA) and applies a default row limit (1000). While this prevents direct DDL/DML, it is not a full SQL parser and could potentially allow complex SELECT queries to be resource-intensive or exploit advanced SQL features if not handled by the underlying DuckDB driver. The `db_execute` tool is explicitly for DDL/DML and correctly marked as destructive, requiring explicit intent. Database connections are restricted to local files only, and read-only mode is supported. Documentation is downloaded from a trusted, hardcoded DuckDB URL. No hardcoded secrets or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
vxvomar123 icon

gmail-mcp-server

by vxvomar123

Sec8

Automates Gmail operations like sending, reading, organizing, and filtering emails through an AI assistant like Claude Desktop via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires manual creation and configuration of a Google Cloud Project with OAuth 2.0 Client ID and enabling the Gmail API.
  • ⚠️For personal use, the Google Cloud project's OAuth consent screen must have the user's email address explicitly added as a 'Test User' to avoid '403 Access Blocked' errors.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json` with the absolute file path to the server's `dist/index.js` executable.
  • ⚠️The local port 3000 must be available for the OAuth authentication callback, which can conflict with other running applications.
Verified SafeView Analysis
The server utilizes direct file system operations for attachment handling (reading local files for sending, writing downloaded attachments to specified paths). While tool inputs are validated via Zod schemas, a compromised AI could theoretically direct file operations to sensitive areas or write malicious content. OAuth tokens are stored in plaintext with restricted file permissions (~/.gmail-mcp/credentials.json, chmod 600). However, the project provides comprehensive security documentation (SECURITY.md) detailing these risks, recommending best practices for users and developers (e.g., input validation for file paths, never committing credentials), and outlining a clear vulnerability reporting process. The local web server for OAuth runs only on localhost during authentication and shuts down immediately.
Updated: 2026-01-19GitHub
0
0
Medium Cost
uddin-rajaul icon

mcp-sql-optimizer

by uddin-rajaul

Sec9

Analyzes, optimizes, and suggests indexes for SQL queries across multiple dialects.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Docker is the recommended installation method for easier setup; otherwise, careful management of a Python virtual environment and PYTHONPATH is necessary.
Verified SafeView Analysis
The server primarily performs static analysis and transformation of SQL queries using the `sqlglot` library. It does not execute arbitrary SQL against a database, nor does it make external network requests from its core logic. User-provided `sql` and `explain_plan` inputs are parsed and processed internally without dangerous execution. No 'eval' or direct shell commands are used. The generated DDL for indexes is returned as a string, not executed.
Updated: 2025-12-05GitHub
0
0
Medium Cost
2AMK icon
Sec9

The server provides an LLM with structured information about a codebase, including file listings, directory trees, and file contents, acting as a context provider for development agents.

Setup Requirements

  • ⚠️Requires `ALLOWED_DIR` (C:\Users\alark\OneDrive\Documentos\GitHub\Procedural-World-Simulation-Engine) to be explicitly configured or changed for deployment on different systems or locations, as it's hardcoded.
  • ⚠️Intended for use with a `FastMCP` client, specifically noted as compatible with 'Continue'.
Verified SafeView Analysis
The server implements robust path sanitization using `resolve_safe_path` to prevent path traversal vulnerabilities, ensuring all file operations are confined within the `ALLOWED_DIR`. File read operations are limited to 200KB, mitigating potential denial-of-service from reading excessively large files. The primary security concern is the hardcoded `ALLOWED_DIR` which, while restricting scope, could expose system information if the repository itself contains sensitive data.
Updated: 2026-01-18GitHub
0
0
Medium Cost
jpkaladjian icon

mcp-server-qobra

by jpkaladjian

Sec9

Enables AI assistants to securely read sales compensation data from Qobra via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Qobra API Key (obtained from Qobra account settings)
  • ⚠️Requires Python 3.10 or higher
  • ⚠️An active Qobra account is necessary to use this server
Verified SafeView Analysis
The server is explicitly designed for 'READ-ONLY MODE', preventing any write, update, or delete operations on Qobra data, which is a significant security control. It uses environment variables (QOBRA_API_KEY) for sensitive credentials, preventing hardcoding. The `qobra_client.py` strictly enforces GET requests only. It uses `httpx` for API communication, which is a modern, secure HTTP client. No `eval`, `exec`, or other high-risk functions are used. Input parameters for tools are type-hinted and processed, reducing injection risks. Error handling for API calls is present. The architecture is straightforward and follows best practices for secure API integration. The only potential risk would be if the Qobra API itself had vulnerabilities or if the API key were compromised externally; the server mitigates risks on its side.
Updated: 2026-01-16GitHub
0
0
Medium Cost
joe-watkins icon

wcag-mcp

by joe-watkins

Sec8

Provides comprehensive WCAG 2.2 guidelines, techniques, glossary terms, and Understanding documentation to agentic systems via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️The data (wcag.json) must be built/updated by running `npm run build` manually after `npm install` if not deploying to Netlify, as `npm install` does not automatically trigger the data build process (despite what the README implies).
  • ⚠️Requires Git to be installed on the system for managing and updating the W3C WCAG git submodule during the data build process.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server primarily performs lookups on pre-loaded static WCAG data, reducing runtime security risks. User input is parsed as JSON, and tool arguments are handled internally without apparent injection vulnerabilities. The 'execSync' command is used in build-time scripts for data acquisition (git submodule updates, fetching W3C JSON, parsing HTML), not at runtime based on arbitrary user input. Cross-Origin Resource Sharing (CORS) is set to allow all origins ('*'), which is typical for a public API but means no origin-based access control is enforced at the server level.
Updated: 2026-01-16GitHub
0
0
High Cost
PolecatWorks icon

chatagent-root

by PolecatWorks

Sec7

Build and deploy an AI-powered conversational bot for Microsoft Teams, leveraging LangChain/LangGraph for LLM interaction and tool execution.

Setup Requirements

  • ⚠️Requires API keys for LLM providers (e.g., Google GenAI, Azure OpenAI), which are typically paid services.
  • ⚠️Requires registration and setup in Azure Bot Services for MS Teams integration (App ID, App Secret, Tenant ID, Messaging Endpoint).
  • ⚠️Deployment primarily targets Kubernetes using Helm charts, requiring kubectl and helm CLI tools.
  • ⚠️Python 3.12+ is required for the application.
  • ⚠️Local development with MS Teams requires a reverse proxy like ngrok.
Verified SafeView Analysis
The project uses Pydantic's SecretStr for API keys and integrates with Kubernetes secrets for deployment, which are good practices. There are no obvious hardcoded secrets or direct uses of 'eval' or 'exec' on user input. The primary security consideration for this type of LLM agent is the inherent risk of prompt injection leading to unintended tool execution. Tools like 'delete_record_by_id' (even if mocked in the provided code) highlight the need for robust access control and careful sandboxing of real-world tool implementations. The 'interactivedebugger' in CLI is opt-in and primarily for development.
Updated: 2026-01-18GitHub
0
0
Medium Cost
brynsp icon

mcp-ynab

by brynsp

Sec9

Integrates the YNAB API for read-only budgeting data access via Model Context Protocol, allowing AI assistants to query YNAB data.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher
  • ⚠️Requires a YNAB Personal Access Token (obtained from YNAB developer settings)
  • ⚠️Docker recommended for containerized deployment
Verified SafeView Analysis
The server is explicitly designed for read-only access to the YNAB API, minimizing risks of data modification. The YNAB API token is securely handled via environment variables, not hardcoded. Good container security practices are mentioned in the documentation, including running as a non-root user and installing only necessary dependencies. No obvious malicious patterns or unsafe functions like `eval` were found in the provided source code. Input arguments for tools are passed directly to the YNAB client, relying on the YNAB API for input validation.
Updated: 2025-11-26GitHub
0
0
Low Cost
edgarlopezcalomarde icon

mcp-for-sql-server

by edgarlopezcalomarde

Sec3

This server provides tools for an AI agent to interact with and manage a SQL Server database, enabling schema querying, table creation, data insertion, and execution of raw SQL queries.

Setup Requirements

  • ⚠️Requires Docker to run the SQL Server database container.
  • ⚠️Requires Bun runtime for development scripts and building, though the compiled output can be run with Node.js.
  • ⚠️Requires environment variables: DB_USER, DB_PASSWORD, DB_HOST, DB_NAME, DB_PORT.
Review RequiredView Analysis
The `compose.yml` uses a hardcoded default SA password ('PassSegura777') for the SQL Server database, which is insecure for production environments. More critically, the `create-table` and `insert-data` tools are vulnerable to SQL injection: they construct SQL queries by directly interpolating user-provided `tableName` and column names (e.g., `campos.nombre`) into the SQL string via `prisma.$queryRawUnsafe` without proper sanitization or escaping. This allows an attacker to execute arbitrary SQL commands by manipulating these input parameters. The `execute-raw-queries` tool explicitly allows raw queries, making its security dependent on the trustworthiness of its caller.
Updated: 2025-11-24GitHub
0
0
High Cost
alkampfergit icon
Sec8

An MCP server demonstrating Semantic Kernel integration for AI-powered task management, exposing intelligent tools to AI clients like GitHub Copilot.

Setup Requirements

  • ⚠️Requires .NET 10.0 SDK (preview 6 or higher).
  • ⚠️AI features (natural language processing, agent conversation) require a paid OpenAI or Azure OpenAI API Key.
  • ⚠️Primarily designed for integration and testing with VS Code and the GitHub Copilot extension.
Verified SafeView Analysis
The project uses environment variables for API keys in its detailed guides, which is good practice. However, a quick start section suggests directly hardcoding API keys in `SemanticKernelAgentTools.cs`, which is a security risk if committed to version control. The server primarily communicates via stdio (local process), reducing network exposure. No 'eval' or obfuscation found.
Updated: 2025-11-27GitHub
PreviousPage 492 of 713Next