Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
filiperochalopes icon

esus-pec-mcp

by filiperochalopes

Sec9

Serves as a Model Context Protocol (MCP) endpoint for LLMs to securely query anonymized clinical data from a PostgreSQL-based Prontuário Eletrônico do Cidadão (PEC) database.

Setup Requirements

  • ⚠️Requires access to a specific 'Prontuário Eletrônico do Cidadão (PEC)' PostgreSQL database schema.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Database connection details (host, port, name, user, password) must be configured via environment variables or a .env file.
Verified SafeView Analysis
The server demonstrates strong security practices: all database queries are read-only and use parameterized inputs to prevent SQL injection. It enforces strict limits on returned data rows (typically 50-200, up to 1000 for SOAP notes) and anonymizes sensitive patient identifiers (e.g., full names are converted to initials). Tools require specific filters to prevent broad data sweeps. Hardcoded database credentials are explicitly stated as defaults for development and users are instructed to override them with environment variables or a .env file for production. No 'eval' or other dynamic code execution patterns were found. The most sensitive data (SOAP notes) requires a specific patient ID and is subject to limits.
Updated: 2026-01-19GitHub
0
0
Low Cost
pr0methevs icon

mcp-template

by pr0methevs

Sec9

This server provides a backend implementation for the Model Context Protocol (MCP) using Express.js, enabling real-time communication through Server-Sent Events (SSE) and managing tool execution.

Verified SafeView Analysis
The codebase appears well-structured and follows good practices for a template. It uses environment variables for configuration (PORT, HOST, SERVER_NAME, SERVER_VERSION), preventing hardcoded secrets. Input arguments for tools are validated against a schema, which helps prevent basic injection attacks related to tool arguments. Error handling for MCP messages is in place to avoid leaking internal server details. The default CORS configuration allows all origins, which is common for a template but should be restricted in a production environment. There are no obvious `eval` or dynamic code execution from user input for tool calls. The main minor concern is the lack of explicit connection limiting for SSE, which could be a denial-of-service vector if not managed at a proxy or application level in production.
Updated: 2025-12-09GitHub
0
0
Low Cost
CodexVeritax icon

veritax_analytics

by CodexVeritax

Sec8

A cloud-agnostic analytics SDK for Model Context Protocol (MCP) servers, designed to track tool execution and server health events.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️A valid `api_key` is mandatory for client initialization.
  • ⚠️If loading configuration from a YAML file, `PyYAML` must be installed (`pip install pyyaml`).
Verified SafeView Analysis
The SDK utilizes Pydantic for robust input validation, which is a strong security practice. API keys are handled as standard bearer tokens. No direct 'eval' or 'exec' calls are found. The `file_path` validator automatically creates parent directories, which could be a path traversal vulnerability if the `file_path` is controlled by untrusted input, but for an SDK configured by a developer, this risk is mitigated. Metadata sanitization is basic (removes control characters) but appropriate for analytics data storage rather than direct rendering.
Updated: 2025-12-05GitHub
0
0
Low Cost
Veritrust-VC icon

mcp-trust-framework

by Veritrust-VC

Sec2

The MCP Trust Framework provides an identity and trust layer for Model Context Protocol (MCP) servers, allowing AI agents and hosts to discover, identify, and verify the trustworthiness of external tools and data sources before interaction.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer (for registry reference implementation).
  • ⚠️Registry uses in-memory storage; all data is lost on restart.
  • ⚠️Registry write operations (e.g., POST /mcp/servers) lack authentication and authorization, making it highly insecure for production.
  • ⚠️SDKs do not perform full cryptographic verification of Verifiable Credential signatures.
Review RequiredView Analysis
The provided reference implementation of the MCP Trust Registry is explicitly stated as 'for demonstration and testing' and 'does not implement authentication, cryptographic verification, or persistent storage.' **Critical Vulnerabilities in Reference Implementation (if used in production):** - **Authentication Bypass:** The `POST /mcp/servers` endpoint has no authentication, allowing any unauthenticated client to register, update, or potentially remove registry entries. This is a severe security risk, enabling malicious actors to inject untrusted servers or alter legitimate entries. - **Data Volatility:** It uses in-memory storage (`InMemoryStorage`), meaning all data is lost upon server restart. - **Weak CORS Policy:** Wildcard CORS (`allow_origins=["*"]`) is used, which is typically too permissive for production environments. **Limitations in SDKs:** - The Python and Node.js SDKs explicitly state they 'do not implement full cryptographic verification of Verifiable Credentials.' This is a major limitation for a 'trust framework,' as it means clients cannot cryptographically verify the integrity and authenticity of the credentials received, relying only on structural and simple policy checks. Full VC proof verification is left as a 'production exercise'. While the project includes a `security-considerations.md` outlining best practices, the reference implementation itself currently lacks these critical security controls, making it highly unsuitable for anything beyond isolated local development.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Relampag0 icon

forensic-log-mcp

by Relampag0

Sec4

This server acts as a forensic tool to intercept, log, and analyze network traffic (likely Minecraft Protocol, given the 'mcp' context) by operating as a Man-in-the-Middle proxy.

Setup Requirements

  • ⚠️Requires Node.js environment.
  • ⚠️Requires generation and installation of MITM root certificates on client devices for HTTPS/TLS interception to function without security warnings (this is a significant security override).
  • ⚠️May require administrative privileges for DNS proxy (port 53).
Review RequiredView Analysis
The core functionality is a Man-in-the-Middle (MITM) proxy, which inherently carries significant security risks including intercepting and potentially exposing sensitive network traffic. It uses `execSync` for certificate generation, which is a powerful command, although seemingly used securely for its intended setup purpose. Requires explicit trust of self-signed certificates for HTTPS/TLS interception. Prone to misuse if not handled responsibly.
Updated: 2026-01-19GitHub
0
0
Medium Cost
EarthTan icon
Sec9

A simplified local file system MCP server designed for managing Obsidian note libraries and Markdown files, enabling AI assistants to securely interact with and manipulate knowledge bases.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires MCP SDK to be installed (`pip install mcp[cli]`).
  • ⚠️Obsidian must be installed and accessible in the client's environment for 'open_file_with_obsidian' and other Obsidian-specific features.
  • ⚠️The root directory for file operations needs to be configured via the `MCP_FILESYSTEM_ROOT` environment variable, or it defaults to the script's directory.
Verified SafeView Analysis
The server implements strong security measures for file operations, including root directory restriction via `resolve_path`, a file type whitelist (e.g., '.md', '.json', '.txt', '.canvas') via `_has_allowed_extension`, and file size limits (10MB) for reads. All file paths provided to tools are rigorously validated against these constraints. The `open_file_with_obsidian` tool uses `subprocess.run` to open files, which is controlled by the validated file paths, mitigating direct command injection risks. The `mcp` SDK's HTTP transports include DNS rebinding protection, enhancing network security if HTTP is enabled. No 'eval' or obvious hardcoded secrets were found.
Updated: 2025-11-25GitHub
0
0
High Cost
itsablabla icon

garza-os-github

by itsablabla

Sec2

Automatically indexes voice memos from VoiceNotes, extracts entities using Claude, and syncs to Craft for knowledge management.

Setup Requirements

  • ⚠️Requires a paid Anthropic API key.
  • ⚠️Requires Cloudflare account setup and `wrangler` CLI for deployment.
  • ⚠️Needs VoiceNotes application webhook configured and an API key to fetch recordings.
  • ⚠️Requires a pre-existing Craft workspace and API key for syncing.
Review RequiredView Analysis
Multiple critical security risks identified across the repository: numerous hardcoded API keys/tokens are present in various Node.js servers (e.g., `cf-mcp/server.js`, `beeper-rest-api/server.js`, `desktop-commander-mcp/worker.js`), shell scripts (`scripts/daily-bible.sh`), and Cloudflare Worker files. The system's own documentation (`docs/security-checklist.md`) explicitly flags plaintext secrets in Craft and unproxied MCP endpoints as immediate concerns. The orchestrator's use of `shell=True` in some `subprocess` calls also poses a potential risk if inputs aren't perfectly sanitized. Widespread use of hardcoded credentials makes the overall system highly vulnerable.
Updated: 2026-01-19GitHub
0
0
Low Cost
mkaiho icon
Sec1

To provide a sandbox environment for developing, testing, or experimenting with an MCP (Minecraft Protocol) server.

Review RequiredView Analysis
Insufficient source code provided (only README title). Cannot perform a meaningful security audit for executable code, potential vulnerabilities, or dangerous patterns like 'eval' or hardcoded secrets.
Updated: 2025-11-19GitHub
0
0
Low Cost
RyutaSuzuki77 icon

mcp-server-write-log

by RyutaSuzuki77

Sec7

An MCP server designed to store conversation logs as text files in a specified local directory.

Setup Requirements

  • ⚠️Requires the LOG_BASE_DIR environment variable to be set, pointing to the desired directory for log storage.
  • ⚠️Requires Node.js runtime environment.
  • ⚠️Requires TypeScript and ts-node for direct execution from source files.
Verified SafeView Analysis
The server writes user-provided 'text' directly to a file within a directory specified by the 'LOG_BASE_DIR' environment variable. While the filename is internally generated with a timestamp, preventing direct path traversal via filename, an insecurely configured 'LOG_BASE_DIR' (e.g., pointing to a sensitive system directory or one with limited space) could allow arbitrary content to be written to files in that location, potentially filling up disk space or overwriting non-critical data if the server process has broad write permissions. There are no obvious signs of 'eval', obfuscation, hardcoded secrets, or direct network vulnerabilities in the provided code, beyond its intended function of writing user-supplied data to the file system.
Updated: 2026-01-17GitHub
0
0
Medium Cost
acuvity icon

maxibridge

by acuvity

Sec3

Maxibridge acts as a policeable dynamic gateway for Multiple Context Protocol (MCP) servers, allowing external agents to connect, discover, and interact with various backend MCP services with security and policy enforcement.

Setup Requirements

  • ⚠️The backend can execute arbitrary commands (`-- command [args...]`) on the host system. This requires significant operational expertise to securely sandbox and ensure only trusted binaries are ever executed.
  • ⚠️Secure deployment requires extensive TLS configuration, including server certificates, client certificates, and Certificate Authorities for both frontend and backend components.
  • ⚠️If policy enforcement is desired, a separate Policer (either a Rego policy file or an external HTTP service) must be configured and maintained.
Review RequiredView Analysis
The backend component of Maxibridge directly executes arbitrary commands passed via command-line arguments (e.g., `maxibridge backend -- <command> [args...]`). This is an extreme security risk (G204 identified) as it allows the execution of any binary on the host if an attacker gains control over these arguments, even indirectly. While `setCaps` and `chroot` (on Linux/Darwin) are used to attempt sandboxing, fully securing arbitrary command execution is exceptionally difficult. The `cmd_others.go` build tag does not enable `chroot`, leaving non-Linux/Darwin systems even more exposed. Input validation and policy enforcement via `policer` exist at a higher level, but do not mitigate the underlying risk of spawning unsandboxed processes. The `pkgs/scan/sbom.go` uses `os.ReadFile` (G304 flagged) to load SBOMs, which could be vulnerable to path traversal if the SBOM file path is user-controlled. Hardcoded secrets are not evident; credentials are managed through environment variables or flags.
Updated: 2025-12-03GitHub
0
0
Medium Cost
viraljetani icon

mcp-servers

by viraljetani

Sec9

A collection of micro-servers for local caching and searching of AWS CloudWatch logs, providing contextual data for debugging and analysis.

Setup Requirements

  • ⚠️Requires Node.js (v18 or later)
  • ⚠️Requires AWS CLI configured with credentials and at least one profile
  • ⚠️Requires the AWS_PROFILE environment variable to be set when running the server
Verified SafeView Analysis
The server uses AWS CLI profiles for authentication and does not expose secrets or hardcode credentials. It runs on localhost, limiting network exposure. The `.env` and `log_cache/` directories are correctly gitignored to prevent accidental exposure of configuration or downloaded logs. While the local endpoint does not have explicit authentication, it's designed for local debugging and relies on secure AWS profile configuration.
Updated: 2025-11-30GitHub
0
0
Low Cost
wangdruk icon
Sec5

This project provides a comprehensive security research report analyzing AI Agents (MCP Servers) for privacy, data residency, and national security implications.

Review RequiredView Analysis
Only README.md was provided; no executable source code was available for analysis. Therefore, a comprehensive security audit of the project's implementation for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could not be performed. The score is neutral due to lack of information.
Updated: 2025-11-24GitHub
PreviousPage 497 of 713Next