Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
cutsome icon

gmail-mcp

by cutsome

Sec8

An MCP server that integrates with the Gmail API to provide programmatic email search, retrieval of messages (individually and in batches), and attachment management.

Setup Requirements

  • ⚠️Requires Google Cloud Console setup to enable Gmail API and create OAuth 2.0 credentials (Desktop app type).
  • ⚠️Requires `client_secret.json` file to be downloaded and placed in the project directory or specified via an environment variable.
  • ⚠️Requires Python 3.13 or newer.
Verified SafeView Analysis
The server follows standard practices for Gmail API integration and OAuth2 authentication, relying on `client_secret.json` and `token.json` files for credentials, whose paths can be customized via environment variables. No 'eval' or apparent malicious patterns were found. Network communication is primarily with Google's APIs. Error handling in utility functions (`decode_base64_text`, `parse_date`, `decode_rfc2047_filename`) uses broad `except Exception` clauses and `errors='ignore'` for decoding, which prioritizes robustness over strict error propagation and could silently mask malformed data issues, though it's not a direct security vulnerability. Sensitive tokens are stored locally in `token.json` after the initial OAuth flow.
Updated: 2025-11-28GitHub
0
0
High Cost
jerroldneal icon
Sec3

Fetches YouTube video transcripts and metadata using browser automation to bypass API rate limits.

Setup Requirements

  • ⚠️Requires Docker for recommended deployment, as Puppeteer dependencies (Chromium) are complex.
  • ⚠️Resource-intensive: Puppeteer (Headless Chrome) can consume significant CPU and RAM per request, especially for long videos or concurrent calls.
  • ⚠️Requires outbound network access to YouTube.
Review RequiredView Analysis
The server uses Puppeteer with the `--no-sandbox` argument, which significantly compromises the security of the headless Chrome instance. Since the server processes arbitrary, user-provided URLs, a malicious YouTube video or a compromised YouTube page could exploit vulnerabilities in the browser to potentially escape the container's isolation, if not properly configured, or cause resource exhaustion. This is a critical security risk for any service that processes untrusted input in a browser context without a sandbox.
Updated: 2025-12-03GitHub
0
0
Medium Cost
LLMTooling icon

mdx-mcp-server

by LLMTooling

Sec6

Enables LLMs to process and analyze MDX files within a defined workspace, offering tools for reading, searching, converting, and extracting metadata.

Setup Requirements

  • ⚠️Requires Node.js version 20.19.0 or higher.
  • ⚠️Requires the `WORKSPACE_ROOT` environment variable or CLI argument to be explicitly set, as all file operations are strictly confined to this directory.
  • ⚠️The `convert_mdx_to_md` tool will not overwrite existing files, returning an error if the `outputPath` already exists.
Review RequiredView Analysis
The server implements strong path safety (`PathResolver`) to prevent directory traversal attacks, confining all file operations (`read_mdx`, `search_mdx`, `convert_mdx_to_md`, `get_mdx_frontmatter`) to a designated `WORKSPACE_ROOT`. The `convert_mdx_to_md` tool also prevents overwriting existing files. However, a critical risk exists due to the use of `mdx-bundler` and React's `renderToString` for processing MDX content. If untrusted or malicious MDX files are processed, embedded JavaScript/JSX code within them will be executed in the server's Node.js environment, potentially leading to code execution vulnerabilities.
Updated: 2025-12-09GitHub
0
0
Medium Cost
Sec9

An MCP server enabling seamless, secure integration with Microsoft 365 services (Teams, Outlook, OneDrive, SharePoint) for conversational AI agents.

Setup Requirements

  • ⚠️Requires Microsoft Azure App Registration: Manual setup in Azure Portal, including specific redirect URI (`http://localhost:8003/callback`) and API permissions (e.g., User.Read, Team.ReadBasic.All, Mail.Read).
  • ⚠️Requires critical environment variables: MICROSOFT_OAUTH_CLIENT_ID and MICROSOFT_OAUTH_CLIENT_SECRET must be correctly set from Azure App Registration.
  • ⚠️Requires Python 3.10+ and 'uv' package manager for local development.
Verified SafeView Analysis
The project explicitly prioritizes security with OAuth 2.1 (PKCE support), multi-tenant session management, and automatic token refresh. The `auth_session_analysis.md` details comprehensive security hardening, including removing trust from unverified JWTs, enforcing session-to-user binding, mandatory session expiration, and not persisting `client_secret`. It uses the `msal` library for robust OAuth flows. `MCP_PERSIST_CREDENTIALS` is off by default, and if enabled, credentials are saved with restricted file permissions (`0o600`). `OAUTHLIB_INSECURE_TRANSPORT` (or `OAUTH2_ALLOW_INSECURE_TRANSPORT` in Docker) is configurable, defaulting to `false`, which is good for production but can be enabled for local HTTP development. The security model, documentation, and explicit mitigation of common OAuth risks indicate a strong security posture. Minor risk from `OAUTHLIB_INSECURE_TRANSPORT` if misconfigured in production.
Updated: 2025-11-27GitHub
0
0
Medium Cost
firstdollar icon

fd-mcp-server

by firstdollar

Sec8

Exposes First Dollar Partner APIs to AI agents via the Model Context Protocol (MCP) and provides a web UI dashboard with a chat interface for human interaction.

Setup Requirements

  • ⚠️Requires an Anthropic API Key for the web UI chat functionality (paid service).
  • ⚠️Requires First Dollar Partner API credentials (clientId:clientSecret) for API key authentication, implying a partnership or access agreement.
  • ⚠️The MCP server and token exchange endpoints are explicitly noted as not yet available in production environments, limiting live deployment for AI agents.
Verified SafeView Analysis
The server employs API key authentication for the MCP endpoint, exchanging it for Firebase ID tokens via a backend service, which is a sound approach. All API interactions (both MCP and Web UI) are performed using GraphQL queries with arguments passed as variables, mitigating direct SQL injection risks. The system leverages Firebase for user authentication in the Web UI, including MFA. While `MCP_HOST` allows binding to all interfaces (0.0.0.0), this is common in containerized deployments like Cloud Run, where network security is managed at the platform level. The `allowedHosts` check is disabled in Cloud Run environments, relying on the platform's security. Potential security relies heavily on the robustness of the upstream First Dollar GraphQL APIs and the security of the API key exchange endpoint. Prompt injection risks for the Claude agent are managed through a detailed system prompt and fallback mechanisms, but remain an inherent concern with LLM integrations.
Updated: 2025-12-12GitHub
0
0
Low Cost
aslanpour icon

mcp-switchboard

by aslanpour

Sec5

Intelligent orchestrator for managing and configuring multiple MCP servers for AI agents, automating setup, credential management, and lifecycle.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires AWS CLI for AWS SSO authentication.
  • ⚠️Requires Node.js/npm for running `npx`-based MCP servers defined in the registry.
  • ⚠️The `manage_servers` tool allows running arbitrary commands, which is a significant security risk if used with untrusted input.
  • ⚠️The HTTP transport (`/mcp` endpoint) does not include built-in authentication and must be secured externally if exposed.
Verified SafeView Analysis
The server's core function involves launching external subprocesses via `asyncio.create_subprocess_exec`. The `setup_mcp_servers` tool uses predefined commands from `registry.yaml` (e.g., `npx @modelcontextprotocol/server-xxx`), which are generally controlled. However, the `manage_servers` tool allows arbitrary `command` and `args` to be executed if provided by the AI agent or user, posing a critical remote code execution risk if input is untrusted or the AI agent is compromised. Additionally, the HTTP transport (created by `http_transport.py`) provides an unauthenticated endpoint for MCP tools, which could be exploited if exposed to an untrusted network without external security measures. Credential management uses system keychain or a permissions-restricted local file, which are generally secure practices.
Updated: 2025-12-14GitHub
0
0
Medium Cost
shilpamadini icon
Sec8

A multi-agent customer support orchestration system that processes tickets end-to-end, integrating knowledge base, account data, and long-term memory.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Python 3.11
  • ⚠️Requires local SQLite databases to be built via provided Jupyter notebooks (`01_external_db_setup.ipynb`, `02_core_db_setup.ipynb`)
Verified SafeView Analysis
The project loads API keys from environment variables, which is good practice. FastMCP servers are configured to use `stdio` transport, limiting direct external network exposure for the microservices themselves. Database paths are configurable. SQL queries leverage SQLAlchemy ORM which generally prevents injection, though dynamically constructed `LIKE` clauses in search tools might warrant extra scrutiny for highly untrusted inputs in a production environment. No `eval` or obvious malicious patterns were found.
Updated: 2025-12-04GitHub
0
0
Low Cost
kevindupas icon

mcp-server-remote

by kevindupas

Sec7

A remote Model Context Protocol (MCP) server for Claude Desktop and other AI clients to access DQoS data via HTTP/SSE, implementing OAuth 2.0 for secure authentication.

Setup Requirements

  • ⚠️Requires `DQOS_API_URL` environment variable pointing to an external DQoS API.
  • ⚠️For OAuth, in-memory token storage is used, which is not suitable for production multi-instance deployments or restarts; a persistent store like Redis or a database is required for production.
  • ⚠️Requires secure generation and management of `OAUTH_CLIENT_ID`, `OAUTH_CLIENT_SECRET`, and `JWT_SECRET` environment variables for production.
  • ⚠️HTTPS is strongly recommended and practically required for production deployments, especially when using OAuth.
Verified SafeView Analysis
The OAuth 2.0 implementation relies on in-memory storage for authorization codes and access tokens, making it unsuitable for production environments requiring persistence across restarts or horizontal scaling. All secrets (JWT_SECRET, OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET) have default 'change-me-in-production' values, which must be overridden in a production environment. HTTPS is crucial for production deployments.
Updated: 2025-11-26GitHub
0
0
Low Cost
aszmuda icon

oncp-mcp-server

by aszmuda

Sec8

Hosts an MCP-compatible SSE server for LLM clients to trigger and monitor automated resolution jobs via a downstream FastAPI service.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires 'uv' package manager for running and dependency management
  • ⚠️Requires a downstream FastAPI service to be reachable at the configured 'RESOLUTION_SERVICE_URL'
  • ⚠️Requires a '.env' file configured with 'RESOLUTION_SERVICE_URL'
Verified SafeView Analysis
The server binds to '0.0.0.0' by default, making it network-accessible; restrict access if not intended for public exposure. Ensure 'RESOLUTION_SERVICE_URL' points to a trusted downstream service. Error logs (str(exc)) could potentially expose internal exception details, though inputs are validated.
Updated: 2025-11-29GitHub
0
0
Low Cost
bioanywhere icon
Sec9

This repository provides Docker deployment configurations and scripts for the gitlab-mcp-server, enabling local development, CI/CD, and GitHub Container Registry integration.

Setup Requirements

  • ⚠️Docker required for building and running containers.
  • ⚠️Specific application-level environment variables for the MCP server are not defined in this configuration and must be supplied by the user.
  • ⚠️Authentication to GitHub Container Registry is required if the image is private.
Verified SafeView Analysis
The provided source code for the Docker deployment is straightforward and uses standard Docker practices. There are no apparent uses of 'eval', code obfuscation, hardcoded secrets, or unusual network configurations. The healthcheck uses 'wget', and environment variables are expected to be supplied externally (via .env or docker-compose.yml), which is good practice. The actual security of the MCP server itself would depend on its internal source code, which is not provided here.
Updated: 2025-12-01GitHub
0
0
Medium Cost
bharathRathod23 icon

ORACLE-MCP-SERVER

by bharathRathod23

Sec3

A Model Context Protocol (MCP) server that connects to an Oracle Database, allowing LLM models to interact with the database and retrieve data.

Setup Requirements

  • ⚠️Requires Oracle Instant Client: A native dependency that needs to be installed separately and configured (e.g., Homebrew on macOS, LD_LIBRARY_PATH on Linux).
  • ⚠️Requires Oracle Database: Needs Docker Desktop for local setup or access to an existing Oracle Database instance.
  • ⚠️Environment Variables: Requires precise configuration of Oracle connection details (ORACLE_USER, ORACLE_PASSWORD, ORACLE_HOST, ORACLE_PORT, ORACLE_SERVICE_NAME) either in a `.env` file or directly within the MCP client's configuration.
Review RequiredView Analysis
The `execute_query` tool directly passes the LLM-generated `query` string to the `oracledb.execute` function without robust sanitization or specific bind variable usage for the query itself. This creates a critical SQL Injection vulnerability, allowing a malicious or flawed LLM to execute arbitrary SQL commands (including DDL/DML if the database user has permissions). While the README recommends using a read-only database user, the code does not enforce this, making it inherently unsafe for untrusted input. Hardcoded default Oracle password 'Oracle18' exists in the Docker setup script, but is intended for local dev setup and should be overridden by `.env` for runtime.
Updated: 2025-12-06GitHub
0
0
Low Cost
matthsena icon

my-browser-mcp

by matthsena

Sec2

Programmatic browser control and automation via a Chrome extension and server for web interactions.

Setup Requirements

  • ⚠️Requires Google Chrome browser installation.
Review RequiredView Analysis
No actual source code provided for analysis, only README.md. The project describes itself as an 'MCP server for programmatic browser control and automation,' which inherently involves executing commands and potentially arbitrary code within a browser context based on server input. This type of functionality poses severe security risks (e.g., Remote Code Execution, Cross-Site Scripting, data exfiltration) if not implemented with robust input validation, authentication, and authorization. Without access to the implementation details, it's impossible to verify any security safeguards against 'eval'-like execution, network vulnerabilities, or hardcoded secrets. The lack of code visibility for a high-risk system leads to a very low security score and a recommendation against running it.
Updated: 2025-11-28GitHub
PreviousPage 506 of 713Next