Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
oll1y icon
Sec5

Automates infrastructure self-healing by monitoring logs and deploying AI-generated patches to resolve errors.

Setup Requirements

  • ⚠️Requires an LLM API Key (e.g., OpenAI, Google Gemini, Anthropic)
  • ⚠️Requires a running MCP server (or mock equivalent)
  • ⚠️Potentially requires Kubernetes cluster access (or mock equivalent for demo)
Review RequiredView Analysis
The system is designed to automatically write and deploy patches to an MCP server connected to Kubernetes. This functionality inherently carries significant security risks if not properly sandboxed, validated, and controlled. Without access to the full source code, it's impossible to confirm the presence of robust security mechanisms, input validation, or secure deployment practices. Potential for unintended or malicious patch deployment if the AI is compromised or misinterprets data. No 'eval' or hardcoded secrets were visible in the *provided* truncated source, but this doesn't preclude their existence in the full codebase.
Updated: 2025-11-24GitHub
0
0
Low Cost
kazuph icon

mcp-slack

by kazuph

Sec8

A Model Context Protocol (MCP) server for integrating with Slack workspaces, enabling agents to interact with Slack data and actions.

Setup Requirements

  • ⚠️Requires Slack authentication tokens (xoxc/xoxd from browser, xoxp OAuth, or xoxb bot token) which must be set as environment variables.
  • ⚠️The `conversations_add_message` tool for posting messages is disabled by default and must be explicitly enabled via `SLACK_MCP_ADD_MESSAGE_TOOL` environment variable, optionally with channel restrictions.
  • ⚠️Obtaining `xoxc`/`xoxd` tokens requires manual extraction from browser developer tools, or alternatively, setting up a Slack App for an `xoxp` (User OAuth) token with required scopes.
Verified SafeView Analysis
The server handles sensitive Slack authentication tokens (xoxc/xoxd browser tokens or xoxp OAuth tokens) which are passed via environment variables. It implements an optional API key for SSE transport using `subtle.ConstantTimeCompare` to mitigate timing attacks. The 'conversations_add_message' tool is disabled by default and requires explicit environment variable configuration (`SLACK_MCP_ADD_MESSAGE_TOOL`) for safety, with options for whitelisting/blacklisting channels. It supports custom CA certificates and allows explicitly insecure TLS connections (with a strong warning). No obvious 'eval' or malicious obfuscation patterns were found. The use of browser session tokens ('stealth mode') inherently carries a risk as it relies on an active user session, but this is a documented feature and user's choice. Proper handling of `.env` files and secure storage of tokens is paramount.
Updated: 2026-01-18GitHub
0
0
Medium Cost
Aputze icon
Sec4

Integrates with Yahoo Mail to fetch emails and calendar events via MCP.

Setup Requirements

  • ⚠️Requires Yahoo Developer Access and Approval (can take days/weeks).
  • ⚠️Requires manual completion of OAuth2 authorization flow in a browser to obtain initial tokens.
  • ⚠️The CalDAV client's OAuth2 implementation with the 'dav' library might require custom work or switching to a different library.
Review RequiredView Analysis
The IMAP client uses `tlsOptions: { rejectUnauthorized: false }` which disables SSL certificate validation, making the connection vulnerable to Man-in-the-Middle (MITM) attacks. Additionally, OAuth tokens are stored in a local JSON file (`tokens.json`) without encryption, posing a risk if the file system is compromised, even with restrictive file permissions (0o600). The code explicitly notes a 'TODO: Store tokens securely (e.g., encrypted database, secure file storage)' for this reason.
Updated: 2025-12-03GitHub
0
0
Low Cost
stuckaJ icon

Famulor-MCP

by stuckaJ

Sec9

This MCP server enables integration with the Famulor Voice Agent Platform, allowing users to manage AI-powered phone calls, voice assistants, campaigns, leads, and send SMS messages through MCP-compatible clients like ChatGPT or Claude Desktop.

Setup Requirements

  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Requires a Famulor API Key, obtained from app.famulor.de/api-keys, which is necessary for all interactions with the Famulor platform and incurs Famulor's service costs.
  • ⚠️Requires an MCP-compatible client (e.g., ChatGPT Desktop App, Claude Desktop App) for interaction.
  • ⚠️Configuration (mcp.json) requires an absolute file path to the server's compiled 'dist/index.js' file, with specific path formatting for Windows (forward slashes).
Verified SafeView Analysis
The server correctly handles authentication by requiring a Famulor API key, which is expected to be provided by the user via MCP client configuration (e.g., mcp.json) or environment variables. For online deployments (Vercel), API keys are securely transmitted via HTTPS Authorization headers. All communication with the external Famulor API is over HTTPS. The code does not contain 'eval', obfuscation, or direct execution of arbitrary user-provided commands. It acts as a secure proxy to the Famulor API. A minor consideration is that runtime input validation within the tool handlers themselves is not extensive, relying on TypeScript casting and the assumption of validation by the MCP SDK and the upstream Famulor API.
Updated: 2026-01-19GitHub
0
0
Medium Cost
elevanaltd icon

hestai-mcp-server

by elevanaltd

Sec8

AI-powered Model Context Protocol (MCP) server for orchestrating diverse AI models and specialized tools to facilitate complex development workflows and intelligent agent interactions, with a strong focus on conversation memory and contextual awareness.

Setup Requirements

  • ⚠️Requires API keys for cloud LLM providers (e.g., GEMINI_API_KEY, OPENAI_API_KEY, XAI_API_KEY, OPENROUTER_API_KEY) or a local Ollama instance.
  • ⚠️External CLI tools (e.g., Claude, Codex, Gemini CLIs) may need to be installed and configured separately for the 'clink' tool.
  • ⚠️Requires Python 3.10+ and activation of a virtual environment (`.hestai_venv`) before running directly.
Verified SafeView Analysis
The server employs robust input validation (Pydantic), utilizes environment variables for sensitive data, and includes explicit redaction (RedactionEngine) for session transcripts. Path validation (`is_dangerous_path`) is implemented to prevent traversal attacks. `subprocess.run` is generally used safely (`shell=False`, `shlex.split`) when invoking external CLIs via the `CLinkTool`. Extensive simulator tests actively probe for common vulnerabilities like SQL/command injection (these are test scenarios, not part of core server implementation). The primary security consideration is the `CLinkTool`'s delegation to external, potentially untrusted, CLI clients; their configuration and permissions are critical external factors.
Updated: 2025-12-15GitHub
0
0
Low Cost
BlockSecCA icon

generic-ssh-mcp

by BlockSecCA

Sec8

Execute commands on remote SSH servers with configurable wrappers for sandboxing, timeouts, or direct execution, integrated into Claude Desktop.

Setup Requirements

  • ⚠️Requires manual configuration in Claude Desktop (SSH Host, Username, Private Key Path, Timeout, Wrapper, Tool Name).
  • ⚠️SSH Private Key Path must be a full path to a passwordless key on the Windows machine.
  • ⚠️If using 'srt' wrapper, remote system requires `bubblewrap` and `@anthropic-ai/sandbox-runtime` installed, and critical `~/.srt-settings.json` protection (deny read/write to itself) for secure sandboxing.
  • ⚠️SSH Host should ideally be an IP address, not a hostname.
Verified SafeView Analysis
The server uses the `ssh2` library for persistent connections, and incorporates features like interactive command rejection to enhance security. No 'eval' or obfuscation found. Critical security depends heavily on user configuration, especially when using the `srt` wrapper. The documentation explicitly warns that the default `srt` configuration is vulnerable to sandbox escape if `~/.srt-settings.json` is not explicitly protected (denied read/write access), which is a manual user step. SSH private key management (storage and permissions) is external to the MCP server. Misconfiguration of the `srt` wrapper is the primary potential security weakness.
Updated: 2025-11-21GitHub
0
0
Low Cost
Sec5

A server that provides basic arithmetic calculation functionalities via an API.

Setup Requirements

  • ⚠️Requires a compatible runtime environment (e.g., Node.js, Python, Java)
  • ⚠️Requires an available network port
Review RequiredView Analysis
The source code for 'simple-calculator-mcp-server-v4' was not provided for analysis. Therefore, a comprehensive security audit for 'eval', obfuscation, hardcoded secrets, network risks, or malicious patterns could not be performed. The score reflects an unknown risk profile, as any server handling user input (even for calculations) could be vulnerable to injection or denial-of-service if not implemented with robust input validation and resource management. It is not safe to run without a thorough code review.
Updated: 2025-11-27GitHub
0
0
Medium Cost
lukleh icon
Sec9

Provides a secure, read-only SQL query interface to PostgreSQL and ClickHouse databases via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires `uv` (fast Python package installer) and `just` (command runner) to manage the project.
  • ⚠️CLI connectors require `psql` (for PostgreSQL) or `clickhouse-client` (for ClickHouse) to be installed and available in the system's PATH.
  • ⚠️SSH password authentication for CLI connectors requires `sshpass` utility to be installed.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The server implements a robust three-layer security model including database-level read-only enforcement, query timeouts, and result size limits. SQL injection is mitigated by input sanitization (`sql_guard.py`) and explicit multi-statement rejection. Subprocess execution (`psql`, `clickhouse-client`, `sshpass`) avoids `shell=True` for arguments, preventing shell injection. Sensitive data (passwords) are primarily sourced from environment variables, not stored in configuration files. The DBeaver importer contains hardcoded keys for decrypting DBeaver's default encrypted credentials, which is a minor detail for its specific (import) use case and not a general server vulnerability. Overall, the codebase demonstrates a strong focus on security best practices for database access.
Updated: 2025-11-21GitHub
0
0
Low Cost
js-lib-rust icon

mcp-server

by js-lib-rust

Sec9

Serves as a minimal JSON-RPC backend exposing a set of predefined tools, likely intended for integration with AI agents or other systems needing external capabilities.

Setup Requirements

  • ⚠️Requires a Rust development environment (Rustup/Cargo) to build and run.
Verified SafeView Analysis
The server operates exclusively via stdin/stdout, eliminating direct network exposure. It processes JSON-RPC requests without dynamic code execution (e.g., 'eval' functions). Input parameters for tools are treated as strings and used in formatting, not interpreted as code. No hardcoded secrets were found. The primary attack vector would be malformed JSON leading to crashes, which is handled gracefully by skipping invalid requests.
Updated: 2026-01-16GitHub
0
0
Medium Cost
ahmaddanangsyahrijal icon

google-scholar-mcp

by ahmaddanangsyahrijal

Sec8

An MCP server for Google Scholar to provide academic research data (publications, authors, citations) as context for LLMs.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️The web scraping nature means it is susceptible to Google Scholar's anti-scraping measures (e.g., rate limiting, CAPTCHAs, IP bans) which can hinder consistent data retrieval.
Verified SafeView Analysis
The provided source code does not contain 'eval', obfuscation, hardcoded secrets, or directly malicious patterns. Network requests are handled via axios. However, as a web scraper, it is inherently susceptible to being rate-limited, blocked, or encountering CAPTCHAs by Google Scholar, which can disrupt operation.
Updated: 2026-01-17GitHub
0
0
Medium Cost
eagleisbatman icon

edacap-mcp-server

by eagleisbatman

Sec8

Provides climate forecasts and agricultural advisory for Ethiopian farmers via an MCP server, integrating with the Aclimate/EDACaP platform.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher (specified in package.json).
  • ⚠️Functionality is entirely dependent on the availability and data quality of the external Aclimate/EDACaP API.
  • ⚠️The 'get_climate_forecast' tool includes logic to try up to 3 nearby weather stations to find one with active forecast data, indicating potential gaps in data coverage for certain locations.
Verified SafeView Analysis
The server utilizes Zod for robust input validation on its tool parameters, which is a strong security practice. Environment variables are correctly used for sensitive configurations like API base URL and server port, preventing hardcoded secrets. The default CORS configuration allows all origins ('*'), which while flexible for an MCP server, could be overly permissive in some specific production scenarios if not explicitly configured otherwise. It relies on an external API (Aclimate/EDACaP), introducing third-party dependency risks typical of proxy services, but its own implementation appears sound.
Updated: 2026-01-16GitHub
0
0
Medium Cost
LibraxisAI icon

mcp_memex

by LibraxisAI

Sec4

Provides a local Retrieval-Augmented Generation (RAG) toolset with an embedded vector store and local/optional remote embeddings for MCP clients.

Setup Requirements

  • ⚠️Requires a Protobuf compiler (e.g., `brew install protobuf` on macOS, `apt install protobuf-compiler` on Linux) for build-time dependencies.
  • ⚠️Optimal performance for embeddings and reranking requires a separate MLX HTTP server running and configured, otherwise it falls back to slower on-device embeddings.
Review RequiredView Analysis
The `rag_index` function, which allows indexing of arbitrary file paths provided by the client via JSON-RPC, presents a local information disclosure risk. A malicious client could instruct the server to index sensitive system files (e.g., '/etc/passwd', private keys). If these indexed documents are subsequently retrieved via `rag_search`, their content could be exposed. Input path validation or restriction to specific directories is missing. SQL injection into LanceDB queries is mitigated by proper escaping. No direct 'eval' or code injection risks were identified in the RPC handler.
Updated: 2026-01-11GitHub
PreviousPage 501 of 713Next