Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
carlos-dev icon

medium-mcp-server

by carlos-dev

Sec8

An MCP server to search, filter, extract, and summarize articles about AI from Medium for AI agents.

Setup Requirements

  • ⚠️Relies on Medium's website structure, which can break with site updates.
  • ⚠️May encounter rate limiting or IP blocking from Medium without explicit handling (e.g., proxies, backoff strategies).
Verified SafeView Analysis
The server uses Zod for input validation, preventing common injection vulnerabilities. URLs are explicitly checked to ensure they are from medium.com, mitigating SSRF risks. HTML parsing uses cheerio in the local server code to extract content, and regex parsing in the Vercel deployment code. While the scraper attempts to remove script/style tags from extracted content, consumers of this tool should still perform their own sanitization if the content is to be rendered in a browser to prevent XSS. No hardcoded secrets or 'eval' usage found. CORS is set to allow all origins, which is typical for public MCP servers.
Updated: 2025-12-15GitHub
0
0
High Cost
administrativetrick icon

etsy-mcp-server

by administrativetrick

Sec9

Integrates with the Etsy API v3 to enable AI assistants to search for products, shops, listings, trending items, and reviews.

Setup Requirements

  • ⚠️Requires a free Etsy API Key from the Etsy Developer Portal.
  • ⚠️Requires Node.js 18 or higher.
Verified SafeView Analysis
The server correctly uses environment variables for the Etsy API key, preventing hardcoding. It uses `axios` for secure external API calls to Etsy. No `eval` or obfuscation found. As with any tool interfacing with an external API, the security relies partially on the robustness of the external service (Etsy API).
Updated: 2025-12-12GitHub
0
0
Low Cost

OHFMCPServer

by shrubs21

Sec9

This project provides an MCP server designed to interact with an Oracle ATP database.

Setup Requirements

  • ⚠️Requires Oracle ATP database credentials.
  • ⚠️Requires Python 3.13+.
Verified SafeView Analysis
The project seems to be a standard Python application interacting with a database. No obvious security risks like 'eval', obfuscation, or hardcoded secrets are apparent from the provided files. Network risks are inherent to any server but not explicitly highlighted as a vulnerability here.
Updated: 2025-11-24GitHub
0
0
Low Cost
TrueAquarius icon

Hello.MCP

by TrueAquarius

Sec7

A simple demonstration of a Model Context Protocol (MCP) server for basic name setting and greeting functionality.

Setup Requirements

  • ⚠️Requires the .NET runtime to be installed.
  • ⚠️Requires the Hello.MCP.dll to be compiled and its path correctly configured.
  • ⚠️Requires manual configuration in `mcp_settings.json` within the Roo Code global storage.
Verified SafeView Analysis
The provided content is only the README, not the actual C# source code of the .NET console application. A thorough security audit cannot be performed without the source code. Based solely on the description, there are no immediate red flags like 'eval', network operations, or hardcoded secrets mentioned. However, without inspecting the compiled DLL, the actual security posture is unknown.
Updated: 2025-11-30GitHub
0
0
Low Cost
mideind icon
Sec9

Provides Icelandic word inflection lookups for LLMs using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server wraps a well-established linguistic library (BinPackage/islenska) and exposes its functionality via MCP tools. No direct use of 'eval', 'exec', 'subprocess', or other high-risk functions. No hardcoded credentials or significant network vulnerabilities are evident in the provided source code. Relies on the security of the underlying BinPackage and MCP frameworks.
Updated: 2025-12-12GitHub
0
0
Medium Cost
andrewtubman icon

logseq-mcp

by andrewtubman

Sec9

Enables AI assistants to programmatically interact with a Logseq graph for reading, searching, and modifying content.

Setup Requirements

  • ⚠️Requires Ruby 3.4+
  • ⚠️Requires Logseq desktop app with HTTP API enabled and an Authorization token manually configured in Logseq settings.
  • ⚠️Requires Bundler for dependency management.
Verified SafeView Analysis
The project securely handles API authentication via a Bearer token supplied as an environment variable, preventing hardcoded secrets. It acts as a client to the local Logseq API, not exposing additional network surfaces directly. No 'eval' or malicious patterns were found. The README includes an 'Early Build Warning' advising users to back up their graphs, which is a prudent general caution for early-stage software.
Updated: 2025-12-01GitHub
0
0
Low Cost
npelloux icon

jira-mcp-server

by npelloux

Sec9

Provides a basic Model Context Protocol (MCP) server with a 'hello_world' tool, serving as a template for more complex tool integrations, potentially with Jira.

Setup Requirements

  • ⚠️Requires Node.js (version 18+ recommended)
Verified SafeView Analysis
Input validation is performed using Zod, which helps mitigate injection risks for the 'hello_world' tool. The server uses StdioServerTransport, indicating local process communication rather than direct network exposure. No 'eval' or other dynamic code execution found. The server's functionality is minimal, reducing the attack surface.
Updated: 2025-11-22GitHub
0
0
High Cost
ARJ999 icon
Sec9

Provides AI agents with comprehensive control and automation capabilities over the Fivetran data integration platform.

Setup Requirements

  • ⚠️Requires Fivetran API Key and Secret (a Fivetran account is necessary, paid subscription recommended for full functionality).
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Optimal performance and resilience features (L2/L3 caching, Sentry, Prometheus) rely on optional external services like Redis and a database, which need separate setup.
Verified SafeView Analysis
Robust security design with Pydantic input validation, environment variable-based secrets management, structured error handling, and documented prevention for common vulnerabilities (SQL/Command Injection, XSS). HTTPS enforcement and rate limiting are also in place. While documentation mentions OAuth 2.1, the provided API client implementation uses HTTP Basic Auth. No direct 'eval' or malicious patterns were observed.
Updated: 2025-12-03GitHub
0
0
High Cost
WhytcardAI icon
Sec9

A cognitive AI engine acting as an MCP server for IDE integration, designed to enhance developer experience through a triple memory system and continuous learning.

Setup Requirements

  • ⚠️Requires TAVILY_API_KEY for web search capabilities (Tavily is a paid service).
  • ⚠️Requires CONTEXT7_API_KEY for specific library documentation (likely a paid service).
  • ⚠️Initial model download for FastEmbed (BAAI/bge-small-en-v1.5, ~120MB) may be required if not cached, potentially leading to slower startup or reduced functionality if `CORTEX_OFFLINE_MODE` is true and no internet access.
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The project explicitly addresses security concerns such as hardcoded credentials and SQL injection in its `INTERDICTIONS.md`. Sensitive API keys (Tavily, Context7) are loaded via environment variables. Input validation is performed using Pydantic schemas and custom logic for content and tags. The MCP server operates over standard I/O, minimizing direct network exposure for the core server. No obvious 'eval' or other dynamic code execution vulnerabilities are present. Logging uses structured `structlog` which can be configured for JSON output in production to prevent sensitive data exposure.
Updated: 2025-12-03GitHub
0
0
Low Cost
EPortman-Ping icon

remote-mcp-ping-federate

by EPortman-Ping

Sec9

A Cloudflare Workers MCP server secured with PingFederate, enabling AI agents to call protected downstream APIs on behalf of an authenticated end user via OAuth 2.0 token exchange.

Setup Requirements

  • ⚠️Requires a PingFederate server with extensive manual configuration steps (IdP Adapters, Policy Contracts, OAuth Scopes, Access Token Managers, Token Processors, etc.).
  • ⚠️Dependent on a separately deployed 'Todo API' Cloudflare Worker, which itself requires specific environment variables and Cloudflare KV storage setup.
  • ⚠️Requires a Cloudflare account and Wrangler CLI for deployment and managing environment variables, including updating `wrangler.jsonc` with KV namespace IDs after creation.
Verified SafeView Analysis
The server implements robust OAuth 2.0 and OIDC practices, including JWT validation using the `jose` library (fetching JWKS from the issuer), and secure token exchange. All sensitive configurations are managed through environment variables, preventing hardcoding. A least-privilege approach is used by filtering scopes during token exchange. Cloudflare Durable Objects provide secure and isolated session state. While debugging tools exposing tokens exist in this demo, they would require strict access controls or removal in a production environment.
Updated: 2025-12-15GitHub
0
0
Medium Cost
takeshy icon

mcp-gatekeeper

by takeshy

Sec9

MCP server enabling AI assistants to securely execute shell commands with granular access control and sandboxing.

Setup Requirements

  • ⚠️Requires '--root-dir' option to be explicitly set and point to an existing directory, otherwise the server will not start.
  • ⚠️The 'bubblewrap' sandbox mode requires the 'bwrap' utility to be installed on the system for full process isolation. If not found, it falls back to 'none' mode, which offers less security.
  • ⚠️For 'wasm' sandbox mode, pre-compiled WebAssembly binaries (e.g., ruby.wasm, python.wasm) must be available and configured via 'wasm_binary' and potentially '--wasm-dir'.
Verified SafeView Analysis
The server's primary function is shell command execution, which is inherently high-risk. However, mcp-gatekeeper implements robust, multi-layered security controls to mitigate these risks. Key measures include: - **Mandatory directory sandboxing (`--root-dir`)**: All operations are restricted to a specified root directory, with symlink resolution to prevent escapes. - **Glob-based argument restrictions**: Fine-grained control over allowed command arguments, crucial for preventing command injection. - **Multiple sandbox modes (bubblewrap, WASM, none)**: - `bubblewrap` provides strong namespace isolation, making it highly secure for native binaries. - `wasm` mode uses wazero runtime for maximum isolation, preventing system calls and network access. - The `none` mode is acknowledged as less secure, offering only path validation. - **API Key-based Access Control**: API keys are generated with strong randomness, stored as bcrypt hashes, and displayed only once at creation. - **Environment Variable Filtering**: Allowed environment variables are configurable per API key, preventing sensitive information leakage. - **Network Access Restriction**: Both `bubblewrap` and `wasm` sandboxes explicitly block network access for executed commands. - **Audit Logging**: All command requests and their execution results are logged for review, regardless of policy decisions. - **Rate Limiting**: Configurable rate limiting for the HTTP API adds another layer of protection against abuse. No 'eval' or malicious patterns were identified in the provided source code. The implementation uses standard and secure Go practices for command execution (`os/exec`) and cryptographic hashing (`bcrypt`).
Updated: 2026-01-19GitHub
0
0
Medium Cost
Ev3lynx727 icon
Sec6

A containerized suite of Model Context Protocol (MCP) servers providing various development utilities like code analysis, browser automation, and Docker management.

Setup Requirements

  • ⚠️Requires Docker and docker-compose to be installed.
  • ⚠️Requires API keys for remote services like Context7 (`CONTEXT7_API_KEY`) and potentially GitHub (`GITHUB_TOKEN`).
  • ⚠️Requires updating local MCP client configuration to connect to the container's exposed ports.
Verified SafeView Analysis
The `start_mcp_servers.sh` script utilizes `eval` for command execution, which is generally a security risk, though in this context, the commands are hardcoded within the script itself rather than derived from untrusted input. The Docker socket (`/var/run/docker.sock`) is mounted read-only, which, while safer than read-write, still grants significant access to the host's Docker daemon. The VS Code server data mount (`~/.vscodeserver`) could expose sensitive VS Code configurations or extensions if the container is compromised. Ports 3000-3005 are exposed on the host, increasing the network attack surface if the host is publicly accessible.
Updated: 2025-12-15GitHub
PreviousPage 510 of 713Next