Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
zq940222 icon

mcp-server-demo

by zq940222

Sec8

A custom Spring AI MCP (Multi-Modal Chat Protocol) server designed for runtime dynamic toolset discovery and routing, bypassing Spring AI's default startup-time tool scanning.

Setup Requirements

  • ⚠️Requires Java (likely 17+) and a compatible Spring Boot environment.
  • ⚠️Requires an MCP-compatible client (e.g., Spring AI client) to interact with the server's custom endpoints.
  • ⚠️Configuration properties like `mcp.toolset.allowed` (for whitelisting toolsets) and cache settings are critical for proper security and performance, though not strictly 'required' for startup.
Verified SafeView Analysis
The application uses reflection (`Class.forName`, `getDeclaredConstructor().newInstance`, `Method.invoke`) for dynamic tool loading and execution. While this inherently adds complexity, the `DynamicToolsetRegistry` restricts class scanning to specific internal packages (`ai.crewplus.mcpserver.tool`) which mitigates the risk of arbitrary code execution from external sources. The `RUNTIME_TOOLSET_ROUTING.md` document also mentions a `mcp.toolset.allowed` whitelist configuration, which is a good security practice to prevent unauthorized toolset loading. No obvious hardcoded secrets or 'eval'-like direct command execution are found. Input arguments for tool calls are typed and converted, reducing direct injection risks, but robust input validation in actual tool implementations remains crucial.
Updated: 2025-11-26GitHub
0
0
Medium Cost
jbandu icon
Sec8

Provides comprehensive maintenance intelligence for airline operations, including predictive maintenance, parts optimization, and compliance tracking.

Setup Requirements

  • ⚠️Requires a PostgreSQL database to be manually set up and migrated with schema (`npm run db:migrate`) and optionally seeded (`npm run db:seed`).
  • ⚠️Neo4j database is optional but recommended for 'get-component-history' and requires separate installation and configuration (`ENABLE_NEO4J=true`).
  • ⚠️Machine Learning (ML) functionalities (e.g., predict-component-failures) can optionally depend on an external Python ML service if `PYTHON_ML_SERVICE_URL` is configured.
  • ⚠️Language Model (LLM) integration can require a local Ollama instance (`LLM_MODE=ollama`) or a Claude API Key (`LLM_MODE=claude`) for full functionality.
Verified SafeView Analysis
The server utilizes environment variables for all sensitive configurations (PostgreSQL, Neo4j, Claude API keys), which is a good security practice. Input validation is performed using Zod schemas for all tool arguments, helping to prevent common injection vulnerabilities. No 'eval' or explicit obfuscation is present. While integrations with external ML/LLM services introduce inherent network risks, these are managed through standard practices (e.g., API keys, URLs). Many tool handlers are currently marked with 'TODO', indicating that the full implementation and thus complete security posture of those features are not yet defined in the provided source.
Updated: 2025-11-28GitHub
0
0
High Cost
morikazu1119 icon

Medical-MCP-Server

by morikazu1119

Sec8

Provides a reproducible Python development environment template with Docker and Docker Compose, optimized for GPU-accelerated workloads.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed on the host machine.
  • ⚠️Requires a host machine with NVIDIA GPUs and appropriate drivers for GPU acceleration.
  • ⚠️If using `docker-run.sh`, the hardcoded `HOST_DATA_PATH="/mnt/c/mnt/data"` must be adjusted for non-Windows hosts or different data locations.
  • ⚠️The default SSH port (2222) on the host must be available or configured otherwise.
Verified SafeView Analysis
No 'eval' or obvious obfuscation detected. Hardcoded defaults for build arguments and `HOST_DATA_PATH` exist but are intended for user configuration or override, not secrets. Exposes SSH port (22) to the host; users must ensure proper host firewall rules. Grants full GPU access to the container, a common but privileged setting for ML development.
Updated: 2025-11-30GitHub
0
0
Low Cost
darrelmiller icon

a2abridge

by darrelmiller

Sec7

Bridges Agent-to-Agent (A2A) protocol agents to Model Context Protocol (MCP) clients, dynamically exposing agent skills as tools.

Setup Requirements

  • ⚠️Requires .NET 9.0 SDK to build and run.
  • ⚠️Requires an MCP client (e.g., Claude Desktop) to interact with the server.
  • ⚠️Agents compatible with the A2A protocol specification must be hosted and accessible via a URL.
Verified SafeView Analysis
The server allows registering new agents via the `AddAgent` tool by providing a URL to an agent card. If not properly validated or restricted, this `urlToAgentCard` parameter could be exploited for Server-Side Request Forgery (SSRF) attacks or to interact with malicious external endpoints, potentially leading to data exfiltration, internal network probing, or resource exhaustion. The `A2AClient` making HTTP calls is an inherent part of its function, but the *source* of the URLs is external user input. No direct 'eval' or obvious code obfuscation is present in the provided snippets.
Updated: 2025-11-22GitHub
0
0
Medium Cost
conda-forge icon
Sec8

Acts as a bridge server to facilitate communication between Agent Communication Protocol (ACP) agents and Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Primary installation method is via Conda/Mamba from the conda-forge channel.
Verified SafeView Analysis
The provided source code is for the `conda-forge` feedstock (packaging and build scripts), not the `acp-mcp-server` application logic itself. The feedstock code is clean, using standard build practices without `eval`, obfuscation, or apparent hardcoded secrets. A full security audit of the server's runtime behavior cannot be performed without its internal source code.
Updated: 2025-11-24GitHub
0
0
Medium Cost
tsoguri icon

rss-mcp

by tsoguri

Sec8

Provides an MCP server for LLMs to access, parse, filter, and analyze content from curated RSS feeds, enabling structured news analysis and trend identification.

Setup Requirements

  • ⚠️Python 3.12+ required
  • ⚠️Manual Claude Desktop configuration required
Verified SafeView Analysis
The server uses standard libraries like 'feedparser' and 'BeautifulSoup' for parsing, which are generally safe. There are no obvious signs of 'eval', 'exec', or hardcoded credentials. The primary security consideration arises from the nature of an LLM integration where the model could potentially request arbitrary external URLs via the 'parse_feed' or 'validate_feed_url' tools, which could lead to SSRF if the LLM's inputs are not properly constrained.
Updated: 2025-11-22GitHub
0
0
Medium Cost
ShashankShekhar00 icon

fastmcp-server

by ShashankShekhar00

Sec9

A production-ready Model Context Protocol (MCP) server enabling AI agents to execute secure tools with OAuth 2.0 authentication.

Setup Requirements

  • ⚠️Requires Python 3.12+ for local development.
  • ⚠️Requires Docker 20.10+ and Docker Compose 2.0+ for containerized deployment.
  • ⚠️An Auth0 account (OAuth provider) and an OpenWeatherMap API key are essential for full functionality and must be configured in the `.env` file.
  • ⚠️The `SECRET_KEY` environment variable must be generated and set (e.g., using `openssl rand -hex 32`).
  • ⚠️The `ALLOWED_FILE_PATHS` environment variable requires careful configuration to prevent unintended file access, especially within a Docker container (e.g., `/app/data,/tmp`).
Verified SafeView Analysis
The server demonstrates strong security practices with robust input validation (e.g., path traversal, city name sanitization), OAuth 2.0 JWT authentication, and structured logging with sensitive data redaction. Docker deployment uses non-root users and environment-based secrets. The `SECURITY_FIX.md` explicitly addresses a past critical credential exposure with detailed remediation steps, indicating a proactive stance on security. The `server_oauth.py` currently uses a hardcoded `test_user_id` for OAuth-protected tools, explicitly marked as a TODO, which is a temporary development artifact to be replaced with actual OAuth token extraction.
Updated: 2025-11-26GitHub
0
0
High Cost
KodyDennon icon

mcp-servers

by KodyDennon

Sec7

Provides a remote-friendly testing surface for AI agents to control Xcode's iPhone Simulator, enabling tasks like booting devices, opening URLs, capturing screenshots, performing UI automation, and tapping into WebKit Remote Inspector for web content interaction.

Setup Requirements

  • ⚠️Requires macOS with Xcode and Command Line Tools installed.
  • ⚠️Requires 'ios-webkit-debug-proxy' to be installed (e.g., via Homebrew).
  • ⚠️Requires 'WebDriverAgent' to be checked out locally and configured, involving manual setup and granting macOS accessibility permissions to Terminal and Simulator.
  • ⚠️Safari's 'Develop → Allow Remote Automation' must be enabled in the simulator.
Verified SafeView Analysis
The server relies heavily on executing external binaries (xcodebuild, simctl, ios_webkit_debug_proxy, WebDriverAgent) which are inherent to its functionality. While arguments are passed as arrays to `execFile` or `spawn` (mitigating basic shell injection risks), there's a residual risk if configured paths (e.g., `WEBDRIVERAGENT_PROJECT_PATH`) are pointed to malicious projects, or if the external binaries themselves are compromised. The server does not expose unexpected network interfaces directly. Manual setup of WebDriverAgent and granting macOS accessibility permissions are critical steps for secure operation.
Updated: 2025-11-22GitHub
0
0
Low Cost
DavidGreigQC icon

imessage-mcp-server

by DavidGreigQC

Sec8

Connects Claude Desktop to the macOS Messages app to read iMessage, SMS, and RCS conversations and messages, including mixed-protocol group chats.

Setup Requirements

  • ⚠️Requires macOS (tested on Sonoma/Sequoia).
  • ⚠️Requires Node.js 18+.
  • ⚠️Requires Claude Desktop to be granted Full Disk Access.
Verified SafeView Analysis
The server operates locally, reading from the macOS Messages database (`chat.db`) in read-only mode. Communication is handled via standard I/O (StdioServerTransport), which minimizes external network attack surface. The `extractTextFromAttributedBody` function parses potentially complex binary message data, which could theoretically be a source of obscure bugs or resource exhaustion if malformed data is encountered, but includes sanitization logic to filter out non-content strings. No direct arbitrary code execution vulnerabilities or hardcoded secrets are apparent. A critical setup requirement is granting Claude Desktop 'Full Disk Access', a high privilege that users should be aware of, although this is a dependency on the host application's permissions rather than an inherent flaw in the server's code logic.
Updated: 2025-12-03GitHub
0
0
Low Cost
amir-the-h icon

mcp-hub

by amir-the-h

Sec4

A Go-based hub that aggregates multiple Model Context Protocol (MCP) servers and exposes their tools through a unified HTTP API, facilitating interaction for AI models or development tools.

Setup Requirements

  • ⚠️Requires a `config.json` file, which defines the MCP servers to connect to and their respective transport configurations (stdio, HTTP, Docker).
  • ⚠️If using `stdio` transport, the necessary runtime environments (e.g., Node.js for `npx`, Python for `python3`) must be available on the host or within the `mcp-hub:local` Docker image.
  • ⚠️If using `docker` transport, Docker daemon access is required, typically achieved by mounting `/var/run/docker.sock` to the container, which is a significant security consideration.
Review RequiredView Analysis
The server's core functionality involves executing arbitrary commands (`stdio` transport) or launching Docker containers (`docker` transport) based on the `config.json` file. This is a critical security risk if the configuration file is compromised or contains malicious entries, potentially leading to arbitrary code execution on the host. Furthermore, the typical Docker deployment involves mounting the host's Docker socket (`/var/run/docker.sock`) into the `mcp-hub` container. If the `mcp-hub` container itself is compromised, an attacker would gain full root control over the host's Docker daemon, allowing for arbitrary container execution and privilege escalation on the host. While environment variables are used for sensitive data (e.g., API keys), these can be exposed in logs if not properly managed or if the logging level is too verbose for arguments. There are no clear 'eval' patterns or obfuscation, but the inherent design for flexibility in executing external processes or containers means the trust boundary primarily lies with the configuration and the integrity of the host environment.
Updated: 2025-11-24GitHub
0
0
Low Cost
cardosolucass96 icon
Sec9

A professional template for developing Model Context Protocol (MCP) servers optimized for Cloudflare Workers with TypeScript, enabling rapid development and global deployment of AI-powered tools.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and use of Wrangler CLI (`npx wrangler login`).
  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Familiarity with the Model Context Protocol (MCP) is necessary for developing custom tools.
Verified SafeView Analysis
The template utilizes `@modelcontextprotocol/sdk` for structured communication and input validation via Zod schemas, reducing common injection risks. CORS headers are implemented in the Cloudflare Worker. Hardcoded secrets are not present; environment variables are indicated for user configuration via `wrangler.toml`. Overall security of the deployed server heavily depends on the specific implementation of custom tools, but the template provides a solid secure foundation.
Updated: 2025-11-28GitHub
0
0
Medium Cost
FranciscoAz1 icon

mcp-server-weaviate-ts

by FranciscoAz1

Sec5

An MCP server for Weaviate vector database, providing tools for querying and generating text with Weaviate collections.

Setup Requirements

  • ⚠️Requires a running Weaviate instance.
  • ⚠️The default Weaviate client configuration lacks API key authentication, requiring code modification for secure Weaviate access.
  • ⚠️The `WEAVIATE_HOST` (default `host.docker.internal:8080`) and `WEAVIATE_SCHEME` (default `http`) environment variables often need adjustment for non-Docker or cloud deployments.
Review RequiredView Analysis
The Weaviate client in `src/weaviate.ts` is configured *without* an API key by default (the `apiKey` parameter is commented out). This is a critical security vulnerability if the Weaviate instance contains sensitive data or is publicly exposed, as it allows unauthenticated access. Users must modify the code to include authentication for secure deployments. Log files, if enabled, are written to a `logs/` directory which might not be secure. The configurable `MCP_READ_ONLY` flag is a good security feature but requires explicit enabling.
Updated: 2025-11-29GitHub
PreviousPage 499 of 713Next