Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
chewlabs icon

n8n-mcp

by chewlabs

Sec1

A server component designed to extend or interact with the n8n workflow automation platform, potentially for multi-cloud or specific integration purposes.

Setup Requirements

  • ⚠️Source code not provided for review (CRITICAL)
  • ⚠️Requires a running n8n instance for integration (likely)
  • ⚠️Node.js runtime environment (likely)
Review RequiredView Analysis
Source code for analysis was not provided. Therefore, a comprehensive security audit could not be performed. Running this without reviewing the actual code is highly risky, as it's impossible to identify 'eval', obfuscation, hardcoded secrets, or malicious patterns.
Updated: 2025-11-23GitHub
0
0
Medium Cost
namm163 icon
Sec7

A test server for developers building Model Context Protocol (MCP) clients, demonstrating various MCP features like tools, prompts, resources, and sampling.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx
  • ⚠️Requires an MCP client to interact with
Verified SafeView Analysis
The 'printEnv' tool exposes all server-side environment variables, which can lead to information disclosure if sensitive data is stored in environment variables and accessed by an unauthorized client. The 'zip' tool fetches arbitrary URLs, posing a Server-Side Request Forgery (SSRF) risk if a malicious client provides internal or sensitive URLs. CORS is configured with 'origin: "*"' in sse.ts and streamableHttp.ts, which is insecure for production environments. These issues are noted in the context of a test server; no 'eval', child_process execution, or hardcoded secrets were found.
Updated: 2025-11-24GitHub
0
0
Medium Cost
MCPRUNNER icon

filescrubberMCP

by MCPRUNNER

Sec7

A Model Context Protocol (MCP) server that extends AI assistants with comprehensive file system operations, multi-format data parsing, Scriban template processing, HTTP client operations, and workflow automation.

Setup Requirements

  • ⚠️Requires .NET 10.0 SDK or later.
  • ⚠️The `FILESCRUBBER_FILE_DIRECTORY` environment variable is crucial for sandboxing file operations, especially in Docker or production environments. If not set, it defaults to the current working directory, potentially exposing unintended files.
  • ⚠️The `fscrub_ask_github_copilot` tool requires an active GitHub Copilot context (e.g., within an IDE integrated with Copilot) to function as intended, as the server acts as a proxy to Copilot.
Verified SafeView Analysis
The server provides powerful file system operations and HTTP client capabilities, which inherently carry risks (e.g., path traversal, SSRF) if inputs are not rigorously validated. While the `FILESCRUBBER_FILE_DIRECTORY` environment variable helps restrict file access, its enforcement across all path parameters needs explicit verification. The `fscrub_ask_github_copilot` tool acts as a proxy, shifting prompt injection risks to the GitHub Copilot service rather than server-side code execution. No direct 'eval' or obfuscation found. Standard .NET security practices are followed with dependency injection and structured logging. Overall, reasonable security for an advanced tool, but careful client-side input validation is crucial for an AI assistant scenario.
Updated: 2025-11-27GitHub
0
0
Low Cost
Aryanjstar icon

fi-mcp-server

by Aryanjstar

Sec10

Provides a mock financial data API for the AURA Financial Platform, simulating the Fi Money MCP API for development and demonstration.

Verified SafeView Analysis
The server is a mock data provider and does not interact with real financial systems. All data is hardcoded or generated synthetically based on predefined profiles. There is no dynamic code execution (like eval) from user input, no direct database interactions, and no external API calls to real financial services. The provided phone numbers are for demo purposes only. The session management is minimal and does not store sensitive user data. Overall, it is very safe to run as a development/demonstration tool.
Updated: 2025-12-06GitHub
0
0
High Cost
ry-ops icon
Sec8

Manages Microsoft 365 users, licenses, and groups via Microsoft Graph API, enabling automated M365 administration through AI agents.

Setup Requirements

  • ⚠️Requires Python 3.10+ and `uv` package manager.
  • ⚠️Mandatory Microsoft Azure App Registration with specific, broad 'Application' API permissions (User.ReadWrite.All, Directory.ReadWrite.All, Group.ReadWrite.All, Organization.Read.All) and admin consent.
  • ⚠️Manual configuration of Claude Desktop's `claude_desktop_config.json` with an absolute path to the project directory and environment variables.
Verified SafeView Analysis
The server uses `msal` for authentication and `httpx` for API calls, which are standard and secure libraries. Environment variables are correctly used for storing credentials, preventing hardcoding. Broad Azure AD application permissions (User.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All) are required, which is a significant privilege and necessitates careful management of the client secret and adherence to the principle of least privilege. The `install.sh` script uses `curl | sh` for `uv` installation, a common but potentially risky practice. Overall, the code itself follows good security practices, but the security of the deployment relies heavily on proper Azure AD configuration and secret management by the user.
Updated: 2025-12-08GitHub
0
0
Low Cost
wenjiachengy icon

mysql_mcp_server

by wenjiachengy

Sec4

A Model Context Protocol (MCP) server that enables AI assistants to securely interact with MySQL databases for listing tables, reading data, and executing SQL queries.

Setup Requirements

  • ⚠️Requires a running MySQL database instance.
  • ⚠️Requires manual creation and configuration of a highly restricted MySQL user with specific permissions for secure operation (as detailed in SECURITY.md).
Review RequiredView Analysis
The `call_tool` function directly executes arbitrary SQL queries provided by the AI assistant (`cursor.execute(query)`). This is a critical SQL injection vulnerability if the AI's output is not strictly controlled or whitelisted. While the documentation explicitly warns about this and recommends 'query whitelisting for production use' and using a 'database user with minimal required permissions', the server itself exposes this high-risk functionality. The `read_resource` function dynamically constructs table names from the URI (`f"SELECT * FROM {table} LIMIT 100"`), which is also a potential, albeit lower, SQL injection risk if URI parsing is insufficient or an attacker can craft malicious URIs. No hardcoded secrets were found, and configuration uses environment variables, which is a good practice.
Updated: 2025-12-02GitHub
0
0
Medium Cost
ivossos icon

fccs-mcp-server

by ivossos

Sec8

Provides an AI-powered conversational interface for Oracle FCCS (Financial Consolidation and Close Cloud Service) operations, financial planning, analysis, and investment reporting.

Setup Requirements

  • ⚠️FCCS Credentials Required for Live Use: For integration with a real Oracle FCCS instance, the FCCS_URL, FCCS_USERNAME, and FCCS_PASSWORD environment variables must be securely configured. The server defaults to mock mode if these are not provided or FCCS_MOCK_MODE is explicitly set to true.
  • ⚠️Local File System Access for Memo Generation: The generate_investment_memo tool creates a Word document (.docx) and saves it to the local file system (process.cwd()). In serverless or containerized environments, ensuring persistent storage or a mechanism to retrieve this generated file would be necessary.
Verified SafeView Analysis
The server uses dotenv for environment variables, which is good practice for managing secrets. The FccsClient handles sensitive FCCS_URL, FCCS_USERNAME, and FCCS_PASSWORD for external API calls, which is an inherent risk of integrating with financial systems. However, a mock mode (FCCS_MOCK_MODE=true) is provided for safe local development. No 'eval' or other dynamic code execution from user input was identified. The Express.js server with SSE transport exposes the server to the network, requiring standard network security practices in deployment.
Updated: 2025-11-25GitHub
0
0
Medium Cost
OBEDPoP icon

NinjaCode-MCP

by OBEDPoP

Sec3

NinjaCode is an MCP server designed to help AI agents generate high-quality, secure, and maintainable code by providing real-time code quality and security analysis.

Setup Requirements

  • ⚠️Users must download signed executables exclusively from official NinjaMinds channels (ninjaminds.org or official GitHub releases) due to the risk of malware from unofficial sources.
  • ⚠️The server operates as a local executable (stdio-based) started by the IDE; it cannot be configured to use a remote URL directly from IDEs like VS Code (at least not yet).
  • ⚠️To enable automatic enforcement and guidance from NinjaCode, users must manually copy a `copilot-instructions.md` template into their project's `.github` folder and restart their IDE.
Review RequiredView Analysis
A comprehensive security audit of the server's actual implementation code is not possible as the provided 'source code' is solely the project's README.md file. The README emphasizes downloading signed executables only from official channels, indicating that the primary distribution method is pre-compiled binaries whose internal security cannot be verified without access to their source. Therefore, the security score reflects the inability to audit the underlying code for 'eval', obfuscation, or malicious patterns within the server itself.
Updated: 2026-01-16GitHub
0
0
Medium Cost
mouguu icon
Sec9

Provides a production-ready Model Context Protocol (MCP) server on Cloudflare Workers, offering tools to search and retrieve Hono documentation for AI models.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run locally.
  • ⚠️A Cloudflare account is needed for deployment.
Verified SafeView Analysis
The server uses Zod for input validation and fetches documentation from specific, hardcoded Hono.dev and GitHub URLs, limiting arbitrary external resource access. No 'eval' or obvious hardcoded secrets found in the provided source. Deployment on Cloudflare Workers adds platform-level security benefits.
Updated: 2025-12-14GitHub
0
0
Medium Cost
bvirfollet icon

MCP_server

by bvirfollet

Sec9

The MCP Server enables AI models to securely interact with local system resources through a defined protocol, offering granular control over file access, code execution, resource usage, and various communication transports.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️The default JWT_SECRET_KEY is 'changeme-32-chars-minimum-for-development-only!!!!' and MUST be set via an environment variable or configuration for production environments.
  • ⚠️Aiohttp is required for WebSocket transport and may need to be installed separately.
  • ⚠️For network transports (TCP/WebSocket), specific run methods (e.g., run_with_tcp, run_with_websocket, run_multi_transport) must be called instead of the default `server.run()` which uses Stdio.
Verified SafeView Analysis
The server demonstrates an exceptionally strong focus on security. It implements a multi-layered defense-in-depth architecture covering authentication (JWT, bcrypt), fine-grained authorization (RBAC with explicit permissions and wildcard matching), input validation (JSON Schema), and extensive sandboxing. Code execution is isolated in subprocesses with restricted Python namespaces (blocking dangerous imports/builtins like 'os', 'sys', 'eval'), resource quotas, and dedicated client directories to prevent path traversal and cross-client access. All significant operations are meticulously logged to an append-only audit trail. The use of a default 'changeme' JWT secret is noted as a development fallback but actively encourages environment variable usage for production.
Updated: 2025-11-23GitHub
0
0
Low Cost
ronibandini icon

HuskyLens2MCP

by ronibandini

Sec8

Provides a command-line interface to interact with a DFRobot HuskyLens 2 MCP Server, leveraging Google Gemini AI for visual reasoning and natural language processing of sensor data.

Setup Requirements

  • ⚠️Requires DFRobot HuskyLens 2 with 1.1.6+ firmware (or later)
  • ⚠️Requires a Google Gemini API Key (available on free tier)
  • ⚠️Requires HuskyLens MCP Server to be enabled and its IP address configured in the script
  • ⚠️Requires `google-genai` Python package (`pip install google-genai`)
Verified SafeView Analysis
The script is a client and connects to a user-specified HuskyLens MCP server. Hardcoded placeholders for `GEMINI_API_KEY` and `SERVER_URL` require manual modification by the user, which is a minor security anti-pattern but acceptable for a local CLI utility. Input for LLM prompts (from HuskyLens sensor data and user queries) introduces inherent prompt injection risks, common in LLM applications. No `eval` or `exec` found. `os.system('cls')` is used for clearing the console, not a security risk.
Updated: 2025-11-29GitHub
0
0
Low Cost
Incredibuild-RND icon

incredibuild-mcp-server

by Incredibuild-RND

Sec9

An MCP server enabling AI assistants to query IncrediBuild build history from local SQLite databases.

Setup Requirements

  • ⚠️Requires Docker to be installed and running for standard AI client integration.
  • ⚠️The environment variable 'IB_DB_DIR' must be set and point to an existing directory.
  • ⚠️The specified 'IB_DB_DIR' must contain the 'BuildHistoryDB.db' SQLite file.
Verified SafeView Analysis
The server operates using stdio transport, reducing direct network exposure from the application itself. It performs read-only operations on a local SQLite database, and database file path resolution includes basic validation. No 'eval' or hardcoded secrets were found. SQL queries are parameterized for timestamps, reducing injection risk. The primary security concern would be ensuring the integrity of the `BuildHistoryDB.db` file and the `IB_DB_DIR` environment variable.
Updated: 2025-12-10GitHub
PreviousPage 503 of 713Next