Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
adamaclp92 icon

mortgage-mcp-server

by adamaclp92

Sec8

A Node.js MCP server demonstrating a mock mortgage loan application process using UI widgets and protocol tools.

Setup Requirements

  • ⚠️Uses mock data only; not connected to real banking systems.
  • ⚠️Requires Node.js (ESM) and npm to run.
Verified SafeView Analysis
The server uses Zod for schema validation, loads environment variables with dotenv, and defines CSP headers for widgets, which are good practices. There's no evident use of 'eval' or direct command execution based on user input. File system access is limited to loading static HTML assets from a known directory. Input schemas for MCP tools sometimes use `z.any()`, which requires downstream components to handle data securely, but within the server itself, data processing appears safe. The system is explicitly stated to use mock data and not connect to real banking systems, inherently limiting the scope of certain financial security risks.
Updated: 2025-12-13GitHub
0
0
Medium Cost
misho85 icon
Sec8

Provides remote Docker container log and statistics access via SSH, enabling monitoring and debugging of services.

Setup Requirements

  • ⚠️Requires `Bun` runtime to be installed locally.
  • ⚠️Requires `Docker` to be installed on the remote server(s).
  • ⚠️Requires `SSH access` to remote server(s) configured in `~/.ssh/config`.
Verified SafeView Analysis
Input parameters (container names, timestamps, grep patterns, host aliases) are sanitized using regular expressions and character replacement to mitigate command injection risks before executing SSH commands. The server uses the system's SSH client (`ssh`) with `BatchMode=yes` and `ConnectTimeout=10` options. No 'eval' or obvious hardcoded secrets were found in the provided code snippets. Security relies on proper SSH key management and configuration on the host machine.
Updated: 2026-01-17GitHub
0
0
Medium Cost
TAMU-AESL icon

NRC-ADAMS-AI

by TAMU-AESL

Sec9

Provides LLMs and AI agents with tools to search, download, and extract text from documents in the NRC ADAMS repository.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Google API Key and Custom Search Engine ID (GOOGLE_API_KEY, GOOGLE_CX) are optional for hybrid search but necessary for full functionality; Google Custom Search may have usage quotas.
  • ⚠️Requires Docker or Docker Compose for containerized deployment, which is recommended for production and portability.
  • ⚠️Relies on the availability and stability of the external NRC ADAMS API for core functionality.
Verified SafeView Analysis
The server implements good security practices including environment variable usage for secrets (`GOOGLE_API_KEY`, `GOOGLE_CX`), robust path validation for file operations (`summarize_pdf` tool ensures paths are within the designated downloads folder to prevent directory traversal attacks), and proper error handling. No obvious malicious patterns or arbitrary code execution from user input were found. XML parsing from a trusted source (ADAMS API) is generally safe, and input parameters are quoted when building queries. A simple rate limiter is also implemented for API calls.
Updated: 2026-01-06GitHub
0
0
Medium Cost
Ahmed-M-Elevate icon

elevate-mcp

by Ahmed-M-Elevate

Sec8

Provides an AI-powered interface for querying and analyzing AB Testing data stored in MySQL (PlanetScale) and ClickHouse analytics databases.

Setup Requirements

  • ⚠️Requires Go 1.21+ or a pre-built binary.
  • ⚠️Requires database credentials for both MySQL (PlanetScale) and ClickHouse.
  • ⚠️Specific configuration is needed for various AI clients (e.g., Claude Code, Cursor, GitHub Copilot).
Verified SafeView Analysis
The server exposes database query and execution tools. `execute` and `ch_execute` tools allow arbitrary SQL execution (including DDL/DML), which is a high-risk capability if not secured. The `update_test_status` also permits data modification. However, the project strongly recommends using a 'readonly' toolset for production and provides extensive deployment security guidance, including Nginx basic authentication, IP whitelisting, and rate limiting. Crucially, database credentials are loaded from environment variables and must not be committed to version control. The overall security posture is good, provided the deployment guidelines are strictly followed, especially for access control and read-only mode in production.
Updated: 2025-12-03GitHub
0
0
Medium Cost
dariuszkowalski-com icon

zai-mcp-proxy-server

by dariuszkowalski-com

Sec9

Provides an MCP proxy server for Z.AI Web Search Prime API, enabling integration with Forge as a standard MCP server.

Setup Requirements

  • ⚠️Requires Z.AI Web Search Prime API key (likely a paid service)
  • ⚠️Requires Node.js 16+
Verified SafeView Analysis
The server uses HTTPS for communication, validates all input parameters with Zod, and handles API keys via environment variables or command-line arguments (not hardcoded). Error handling and timeouts are implemented. There are no direct uses of `eval` or other highly dangerous functions with untrusted input. The server specifically handles double-escaped JSON by unescaping before parsing, which is a safe approach. Minor risk: API key passed via command line arguments can be visible in process listings, though environment variables are also supported and preferred for secrets.
Updated: 2025-12-03GitHub
0
0
High Cost
thiagofinch icon

BILHON-MCP-ECOSYSTEM

by thiagofinch

Sec2

A comprehensive ecosystem designed to enhance AI agent capabilities through standardized integrations for context management, file system operations, memory, web search, desktop and browser automation, and real-time notifications.

Setup Requirements

  • ⚠️Requires a running N8N instance for workflow automation.
  • ⚠️Requires numerous API keys and environment variables for external services (OpenAI, GitHub, Supabase, ClickUp, Exa, Ntfy, Hetzner, etc.).
  • ⚠️The `desktop-commander` component implies a Windows operating system for its configured paths, despite CI/CD suggesting a Linux environment, indicating potential OS-specific setup complexities.
  • ⚠️The `WF_DNA_INGESTAO_VIDEO` workflow requires `yt-dlp` to be installed on the n8n host and can consume significant local storage for downloaded videos.
Review RequiredView Analysis
The system presents significant security risks. The `desktop-commander` server grants extensive system-level control (file system, processes, clipboard, screenshots, mouse/keyboard control) which, if compromised, allows full control over the host. A critical vulnerability lies in the `WF_DNA_INGESTAO_VIDEO` n8n workflow, where the `executeCommand` node uses `{{ $json.videoUrl }}` directly in a shell command, making it highly susceptible to command injection. This allows an attacker to execute arbitrary commands on the n8n host by crafting a malicious `videoUrl`. Additionally, the reliance on AI for task classification and 'sub-agent' auditing (`WF_SUBAGENTE_AUDITORIA`) introduces risks like prompt injection and AI hallucination, which could lead to bypassing safeguards or unintended actions. Sensitive credentials for numerous third-party services (GitHub, Supabase, ClickUp, Exa, OpenAI, Ntfy, Hetzner, n8n) are required, and their secure management is paramount. Deployment via GitHub Actions uses SSH keys, granting administrative access to servers. Without significant hardening, input validation, and secure operational practices, this system is highly vulnerable.
Updated: 2026-01-19GitHub
0
0
Medium Cost
howtobearealprogrammer icon

cc-mysql-mcp

by howtobearealprogrammer

Sec3

A Model Context Protocol (MCP) server enabling Claude Code to directly interact with local MySQL or MariaDB databases, primarily designed for Windows environments.

Setup Requirements

  • ⚠️Requires a local MySQL 5.7+ or MariaDB instance to connect.
  • ⚠️No built-in SQL query validation or safety measures; users must ensure the configured database user has restricted permissions to prevent destructive operations.
  • ⚠️Requires manual Node.js project setup (clone, `npm install`, `npm run build`) before running.
Review RequiredView Analysis
The server directly executes arbitrary SQL queries provided via the `execute_query` tool without any internal sanitization or validation. This poses a significant SQL injection vulnerability if the input is not strictly controlled by a trusted source. The `mysql2` library's `connection.query` is called with a raw query string, allowing for any SQL statement (including destructive ones like `DROP TABLE` or `DELETE FROM`) to be executed. The README explicitly warns about 'No safety rails' and recommends using a restricted database user, which is crucial but does not mitigate the code's inherent vulnerability to malicious or erroneous AI-generated SQL. No hardcoded secrets were found; configuration uses environment variables.
Updated: 2025-12-14GitHub
0
0
Medium Cost
Shounak-Ghosh icon

fin-mcp

by Shounak-Ghosh

Sec8

Provides an AI-powered multi-agent system to analyze SEC 10-K filings for strategic risks, management tone, and financial summaries, exposed via an MCP server.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires SEC API Key (as specified in README, though direct use in sec_tools.py is for user-agent)
  • ⚠️Python 3.11 or higher
Verified SafeView Analysis
The project uses standard libraries and practices for fetching public data and interacting with LLMs. No 'eval' or obvious malicious patterns found. API keys are handled via environment variables, which is good practice. The primary security considerations would be prompt injection for the LLM agents and proper access control if the MCP server is exposed publicly, which is a general concern for any API. The current setup focuses on local execution for the demo.
Updated: 2025-12-05GitHub
0
0
Medium Cost
domdomegg icon
Sec9

Facilitates AI access to Google Maps Places API for searching locations, obtaining business information, and retrieving place photos for various applications like meeting coordination, local recommendations, and address validation.

Setup Requirements

  • ⚠️Requires manual creation and configuration of Google OAuth credentials (Google Cloud Project, enabled Places API (New), OAuth consent screen, and Web application client ID/secret).
  • ⚠️Requires specific environment variables: GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET for HTTP transport, or GOOGLE_ACCESS_TOKEN for stdio transport. Failure to provide them will result in server termination.
  • ⚠️The underlying Google Maps Places API is a paid service, incurring costs per request which are separate from any LLM token costs.
  • ⚠️The MCP_TRANSPORT environment variable must be explicitly set to 'http' for OAuth support; otherwise, it defaults to 'stdio' which requires a pre-obtained GOOGLE_ACCESS_TOKEN.
Verified SafeView Analysis
The server acts as an OAuth proxy, handling Google API credentials (Client ID/Secret) securely via environment variables. It does not store user access tokens, performing stateless token validation against Google's tokeninfo endpoint with caching to improve performance and gracefully handle expired tokens by returning HTTP 401, which is critical for client-side token refresh. Input/output schemas are rigorously validated using Zod, minimizing data-related vulnerabilities. No 'eval' or obfuscation is present, and network interactions are standard for an OAuth flow. The overall design prioritizes secure handling of external API access.
Updated: 2026-01-07GitHub
0
0
Low Cost
EliseuSantos icon
Sec8

Provides a Micro-Copilot (MCP) HTTP server for AI agents to discover, query, and suggest React components from a centralized Storybook-documented design system in a monorepo architecture.

Setup Requirements

  • ⚠️Requires Node.js 18+ (recommended 20+)
  • ⚠️Requires pnpm 8+ (or npm/yarn with workspaces)
  • ⚠️Requires Docker for simulated production mode
  • ⚠️Requires Storybook static build to be run (`storybook:build`) before the MCP server can effectively provide component metadata.
  • ⚠️Requires VS Code or Cursor with MCP extension for AI interaction.
Verified SafeView Analysis
The server uses standard `express` practices. No `eval()` or code obfuscation was found. It relies on environment variables for sensitive paths/URLs, which is good practice. CORS is set to `*` (allow all origins), which is acceptable for a local/internal development tool but should be locked down to specific origins in a production deployment exposed externally. Input validation for tool arguments is basic string matching, which is sufficient for the current toolset, but should be carefully reviewed if new tools involving more complex operations (e.g., file paths, database queries) are added.
Updated: 2025-12-18GitHub
0
0
Medium Cost
octbramantya icon

pfn-mcp

by octbramantya

Sec9

A conversational AI interface for industrial energy monitoring, analysis, and cost management using natural language queries against a PostgreSQL/TimescaleDB database.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (Paid service for LLM inference).
  • ⚠️Requires Docker and Docker Compose for easy setup (though can be run natively).
  • ⚠️Requires a PostgreSQL database with TimescaleDB extension for time-series data.
  • ⚠️Requires Keycloak (or compatible OAuth2 provider) for authentication and user/tenant management.
Verified SafeView Analysis
The project demonstrates strong security practices with parameterized SQL queries preventing injection and robust Keycloak OAuth/JWT authentication for access control. Critical internal servers (e.g., SSE transport for the MCP protocol) are explicitly warned against public internet exposure in the source code. Custom formula parsing includes robust validation to prevent injection. Hardcoded secrets are avoided, relying on environment variables. The primary security consideration is ensuring proper deployment (e.g., internal network access only for certain services) and strong environment variable management.
Updated: 2026-01-19GitHub
0
0
Medium Cost
hariskarim41 icon

claude_prompter

by hariskarim41

Sec8

A universal Model Context Protocol (MCP) server for advanced prompt management, enabling structured AI workflows, hot-reloading, and integration with various AI clients.

Setup Requirements

  • ⚠️Requires Node.js 16+ to run.
  • ⚠️Full semantic analysis and LLM-driven chain features require an external LLM API key (e.g., OpenAI, Anthropic), which is a paid service.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, Cursor Windsurf, Claude Code CLI) for interactive prompt management and execution.
Verified SafeView Analysis
The project demonstrates strong security awareness through explicit quality gates (e.g., `security-awareness.json` forbidding hardcoded secrets, input validation). The `CLAUDE.md` file strictly forbids direct file operations by the AI agent, mandating the use of secure MCP tools like `prompt_manager` and `SafeConfigWriter` for configuration changes. The use of Nunjucks for dynamic chain orchestration with LLM outputs is a high-risk area for template injection if not perfectly sanitized and escaped. While sanitization is mentioned, this remains an inherent complexity in such systems. Overall, the emphasis on security and controlled access is a significant positive.
Updated: 2025-12-03GitHub
PreviousPage 512 of 713Next