Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
xbgmsharp icon
Sec9

Provides AI agents with read-only access to marine vessel data from PostgSail, enabling them to search logs, moorages, and monitor vessel systems for daily briefings and historical analysis.

Setup Requirements

  • ⚠️Requires a Model Context Protocol (MCP) compatible AI platform (e.g., Claude App, Claude AI, OpenAI GPT with remote connectors).
  • ⚠️Requires a PostgSail API instance accessible via POSTGSAIL_URL.
  • ⚠️Requires a PostgSail authentication token (POSTGSAIL_TOKEN) or username/password (POSTGSAIL_USER and POSTGSAIL_PASS) for API access.
  • ⚠️Using remote AI connectors may require a paid plan on the AI platform.
Verified SafeView Analysis
The server handles sensitive PostgSail authentication tokens, which are properly configured via environment variables and marked as sensitive in the manifest, reducing direct exposure risks. It operates over STDIO, which is generally more secure than exposing network ports. No usage of 'eval' or obvious obfuscation was found. The primary external dependency for data is the PostgSail API itself, and security largely depends on the integrity and configuration of that upstream service and the provided POSTGSAIL_URL. Input validation is present in tool schemas.
Updated: 2026-01-07GitHub
0
0
Low Cost
rkumarus040599 icon

prk-mcp-weather-matcher

by rkumarus040599

Sec9

This project demonstrates converting a function to an MCP server, integrating it with an MCP client like Claude Code Desktop to fetch weather information.

Setup Requirements

  • ⚠️Python 3.12+ required
  • ⚠️Requires 'uv' for package management (as specified in README)
Verified SafeView Analysis
The code properly sanitizes user input (location) using `strip()`, `replace()`, and `urllib.parse.quote()` before constructing the URL for the external API call, significantly reducing URL injection risks. No 'eval' or similar dangerous patterns were found. The use of `urllib.request` is standard. No hardcoded secrets were identified in the provided code.
Updated: 2025-11-20GitHub
0
0
Medium Cost
mari2020 icon
Sec8

This Spring Boot application provides a natural language interface, powered by an AI chat model and tool calling, for querying and managing employee information.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 17+.
  • ⚠️Requires a running Ollama server or compatible LLM API endpoint.
Verified SafeView Analysis
No 'eval' or similar dangerous patterns were found. No hardcoded secrets. The primary concern is that the 'seedDatabase' tool, although described as 'Dev-only', is exposed via the AI model, allowing data modification (insertion of sample employee data) through a prompt. While this is less critical for a development/demo setup with a local LLM like Ollama, it could be a security vulnerability in a production environment if not properly restricted. The use of Spring Data R2DBC helps mitigate SQL injection risks.
Updated: 2025-11-22GitHub
0
0
Low Cost
jmfrank63 icon

vscode-mcp-windbgX

by jmfrank63

Sec8

Integrates the mcp-windbgX MCP server into VS Code for Windows debugging, supporting CDB, WinDbg, and Time Travel Debugging (TTD).

Setup Requirements

  • ⚠️Requires Windows 10 or later.
  • ⚠️Requires Windows Debugging Tools (part of Windows SDK) to be installed.
  • ⚠️Requires Node.js for running the managed MCP server.
  • ⚠️The mcp-windbgX server artifact is downloaded from GitHub releases, requiring network access for initial setup.
Verified SafeView Analysis
The extension automatically downloads and manages the mcp-windbgX server from GitHub releases. This introduces a supply chain risk, as a compromised GitHub repository could lead to the execution of malicious server code. The extension utilizes `execAsync` and `spawn` for system tool detection and server process management, which are necessary for its core functionality but increase the attack surface. Environment variables like `GITHUB_TOKEN` can be used optionally for GitHub API authentication, primarily for rate limits, but are not strictly required for basic functionality.
Updated: 2026-01-19GitHub
0
0
Medium Cost
GaijinEntertainment icon

pararam-nexus-mcp

by GaijinEntertainment

Sec7

This MCP server provides a programmatic interface for interacting with the Pararam.io communication platform, enabling message, chat, file, and user management.

Setup Requirements

  • ⚠️Requires a pararam.io account.
  • ⚠️Requires `PARARAM_LOGIN` and `PARARAM_PASSWORD` environment variables to be set for authentication (and optionally `PARARAM_2FA_KEY` for 2FA).
  • ⚠️Requires `uv` package manager (or Python 3.11+ and standard `pip` installation).
  • ⚠️File download size limit of 1MB.
Verified SafeView Analysis
The server uses Pydantic for robust input validation on chat and post IDs, and URL patterns, which is a strong positive for security, mitigating common injection risks. Credentials (`PARARAM_LOGIN`, `PARARAM_PASSWORD`, `PARARAM_2FA_KEY`) are correctly loaded from environment variables. Session cookies are persisted securely. However, the `upload_file_to_chat` and `download_post_attachment` tools accept `file_path` and `output_path` parameters, respectively, which allow an agent to specify arbitrary local file paths. While `file_content` uploads use safe temporary files, direct `file_path` usage in uploads and `output_path` in downloads, without strict path sanitization or restriction to a dedicated agent-controlled directory, could lead to information disclosure or unauthorized file overwrites if the server is run with elevated permissions in a vulnerable environment. The 1MB file size limit on downloads is a good defense against resource exhaustion.
Updated: 2025-12-05GitHub
0
0
Low Cost
dataML007 icon

simple_local_rag

by dataML007

Sec7

A multi-modal Retrieval-Augmented Generation (RAG) system for querying PDF documents with conversation memory via a Streamlit UI, FastAPI backend, and MCP server integration.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service) for embeddings and LLM.
  • ⚠️Requires Python 3.9+ and the UV package manager.
  • ⚠️Requires running three separate services (backend, frontend, MCP server) concurrently.
Verified SafeView Analysis
The system uses `os.getenv` for API keys and recommends storing them in a `.env` file excluded from version control, which is good practice. File uploads are handled with temporary files and explicit `.pdf` extension checks, reducing direct path traversal risks. The `VectorStore` uses `pickle.dump` and `pickle.load` for chunk metadata. While typically used for internal data, if an attacker could tamper with the `chunks.pkl` file, this could lead to a deserialization vulnerability. For a 'local' RAG system, this risk is mitigated by assuming trusted local file access. The FastAPI backend uses `allow_origins=["*"]` for CORS, which is noted as acceptable for local development but a security risk for production deployments.
Updated: 2025-12-06GitHub
0
0
Low Cost
vishnusrinivas00 icon
Sec8

Analyzes Cloudflare Worker logs stored in DuckDB, providing error summaries and performance metrics via a FastAPI server with MCP compatibility.

Setup Requirements

  • ⚠️Requires Cloudflare API Token, Account ID, and Worker Name to be configured as environment variables for data ingestion.
  • ⚠️Requires a local DuckDB file (cloudflare_logs.duckdb) to be pre-populated with data; the `miletech/fetch_logs.py` script is used for this.
  • ⚠️Python dependencies listed in `requirements.txt` must be installed.
Verified SafeView Analysis
Sensitive credentials (Cloudflare API Token, Account ID, Worker Name) are correctly handled as environment variables via `os.getenv` and `dotenv`. SQL queries in analytics endpoints (`query_error_summary_range`, `query_performance_range`, `query_summary_range`) use parameterized queries, which prevents SQL injection. The `/db/inspect` endpoint uses f-strings for `DESCRIBE` and `SELECT` statements; while the table names are internally derived from `SHOW TABLES`, which limits external injection risk, robust input validation or parameterization would be ideal if table names could ever be influenced by untrusted input. No 'eval' or malicious obfuscation patterns were found. Standard web server security practices should be applied for deployment.
Updated: 2025-12-13GitHub
0
0
Low Cost
Dipesh600 icon

esewa-mcp-server

by Dipesh600

Sec4

This server acts as a Model Context Protocol (MCP) wrapper for eSewa payment gateway, enabling creation of payment sessions, transaction verification, refunds, and status checks.

Setup Requirements

  • ⚠️Requires secure configuration of `ESEWA_MERCHANT_CODE`, `ESEWA_SECRET_KEY`, and `ESEWA_TOKEN` environment variables, as the provided defaults are test credentials and hardcoded values are a security risk.
  • ⚠️Requires a valid eSewa merchant account for actual payment processing beyond testing.
  • ⚠️The deployed server URL specified in `mcp.json` (`https://YOUR-SERVER-URL.com`) implies a requirement for HTTPS to be configured on the server.
Review RequiredView Analysis
The `smithery.yaml` file hardcodes sensitive environment variables like `ESEWA_SECRET_KEY` and `ESEWA_TOKEN`. Additionally, `services/esewa.js` provides hardcoded fallback values for `ESEWA_MERCHANT_CODE` and `ESEWA_SECRET_KEY` if environment variables are not set. This is a critical security vulnerability as it exposes credentials that should be securely managed and never committed to version control, especially for production deployments. While the code uses `crypto` for HMAC-SHA256, the static keys undermine this security measure.
Updated: 2025-11-28GitHub
0
0
Medium Cost
vpro1032 icon
Sec2

Provides a standardized Model Context Protocol (MCP) interface for AI assistants to interact with and manage PostgreSQL databases.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to run the server and its PostgreSQL dependency.
  • ⚠️Database connection details and other configurations must be set via environment variables in a `.env` file.
  • ⚠️Requires an MCP client (e.g., Claude Desktop, VS Code with MCP extension) for interaction.
Review RequiredView Analysis
The server has critical SQL injection vulnerabilities. Table names, schema names, column names, and SQL fragments (like WHERE clauses) are often directly interpolated into SQL queries without proper escaping or identifier quoting. For example, `export_table`, `vacuum_table`, `analyze_table`, `insert_data`, `update_data`, and `delete_data` tools are susceptible. An attacker or a malicious/uncontrolled AI agent could craft inputs to these tools (e.g., in `table`, `schema`, `data` keys, `where`, or `returning` arguments) to execute arbitrary SQL commands like `DROP TABLE` or `DELETE` sensitive data. While `pg` parameterization is used for *values*, it does not protect against injection of SQL identifiers or clauses themselves. No direct use of `eval` or obfuscation was found, and credentials are handled via environment variables, but the SQL injection risk is severe.
Updated: 2025-12-07GitHub
0
0
Low Cost
takanoriyanagitani icon

rs-cel-mcp

by takanoriyanagitani

Sec8

Provides a Model Context Protocol (MCP) server that enables AI clients to evaluate Common Expression Language (CEL) expressions.

Setup Requirements

  • ⚠️Requires Rust toolchain for building and running.
  • ⚠️Requires an MCP-compatible client (e.g., Gemini CLI, ollmcp) to interact with its tools.
Verified SafeView Analysis
The core functionality involves evaluating user-provided CEL expressions. While CEL is designed for safe, sandboxed evaluation, any evaluator inherently carries a risk if the underlying CEL library has vulnerabilities. The server is designed for local or trusted network usage (e.g., binding to 127.0.0.1 as shown in examples), which mitigates exposure risks. There is no explicit authentication/authorization for the MCP endpoint, which is acceptable for local tools but would be a critical vulnerability if exposed publicly.
Updated: 2025-11-30GitHub
0
0
Medium Cost
kritsanan1 icon
Sec1

A server component likely designed to manage and process data for a social media application, possibly handling user posts, interactions, and content delivery.

Review RequiredView Analysis
Source code was not provided for analysis. Without the actual source code, it's impossible to perform a security audit for 'eval', hardcoded secrets, network risks, or malicious patterns. Running this server without reviewing its code is extremely risky and strongly discouraged.
Updated: 2025-12-14GitHub
0
0
Medium Cost
LackOfMorals icon

unofficialMcp

by LackOfMorals

Sec7

The Neo4j MCP server enables LLM clients (e.g., VSCode Copilot Chat, Claude Desktop) to interact with a Neo4j graph database by introspecting its schema and executing Cypher queries.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance with the APOC plugin installed.
  • ⚠️Requires Go 1.25+ to build and run from source.
  • ⚠️Docker is required if running integration tests with the default `USE_CONTAINER=true` configuration.
Verified SafeView Analysis
The server includes a 'write-cypher' tool that allows the execution of arbitrary Cypher queries with write access, which inherently carries the risk of LLM-generated queries causing harm. This is explicitly noted in the documentation, and a 'NEO4J_READ_ONLY=true' environment variable is provided to disable write tools as a mitigation. No other critical vulnerabilities like 'eval' or hardcoded production secrets were identified; default credentials are for local development and are overrideable.
Updated: 2025-12-07GitHub
PreviousPage 493 of 713Next