Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
vespo92 icon
Sec6

Provides AI assistants with persistent memory and context by storing and retrieving diverse file types (code, documents, photos, CAD) in a local-first ChromaDB vector store, enhanced with batch processing, EXIF extraction, watch folders, and duplicate detection.

Setup Requirements

  • ⚠️Requires Bun runtime for execution
  • ⚠️Requires Docker to run ChromaDB locally
  • ⚠️Requires ChromaDB vector database to be running and accessible
Review RequiredView Analysis
The server performs extensive file system operations (read, write, scan, delete) based on paths provided via AI prompts. Without robust input sanitization or strict access controls, a compromised AI or malicious prompt injection could lead to directory traversal, unauthorized file access, modification, or deletion on the host system. The potential to connect to remote ChromaDB instances introduces a risk if these endpoints are untrusted or insecure. No obvious hardcoded secrets or 'eval' usage found.
Updated: 2025-11-22GitHub
0
0
Low Cost
veelenga icon

jot-mcp

by veelenga

Sec9

A lightweight MCP server for maintaining coding context across sessions by logging and retrieving 'jots' about development activities.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0
  • ⚠️Requires git for optimal context auto-detection
  • ⚠️Relies on a local SQLite database for storage
Verified SafeView Analysis
The server communicates over standard I/O (stdio) as an MCP plugin, limiting direct network exposure. It uses `execSync` for git operations, but the commands are fixed and not directly composed from untrusted user input, mitigating command injection risks. SQLite operations utilize prepared statements, preventing SQL injection. No hardcoded secrets or obvious malicious patterns were found. As a local tool, its attack surface is inherently lower.
Updated: 2026-01-15GitHub
0
0
Low Cost
koudaiii icon
Sec7

This project enables the deployment and management of a Model Context Protocol (MCP) server for the PHONE APPLI API via Azure API Management, allowing AI agents to interact with its functionalities.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires `uv` (Python package manager), `Azure CLI`, and `yq` to be installed globally.
  • ⚠️Deployment to older Azure API Management tiers (Basic/Standard/Premium) requires participation in the 'AI Gateway Early' update group.
  • ⚠️Requires an active Azure subscription with appropriate permissions.
Verified SafeView Analysis
The project utilizes secure practices like `yaml.safe_load` and Azure's `DefaultAzureCredential` for authentication. Infrastructure is defined with Bicep and Azure Verified Modules (AVM), indicating a focus on well-architected cloud deployments. The documentation provides clear guidance on general security best practices for the deployed API Management instance, including prompt injection, authentication, input validation, rate limiting, and the principle of least privilege. However, a discrepancy exists in the `src/import_api.py` script: its `generate_api_policy` function's comment states it generates XML for 'validates X-Pa-Api-Key header', but the actual XML returned is a generic base policy (`<base />`) with no specific validation or forwarding of the `X-Pa-Api-Key` header to the backend. While Azure API Management typically enforces `Ocp-Apim-Subscription-Key` validation at a higher level, proper forwarding and validation of the backend-specific `X-Pa-Api-Key` header might require manual policy configuration after deployment if this script's generated policy is relied upon. This is a functional flaw in the script for API-level policy generation, which could lead to an insecure configuration for the backend API if not manually corrected.
Updated: 2025-11-28GitHub
0
0
Low Cost
Nehareddy17 icon
Sec9

Provides AI tools for HR leave management, email notifications, and a personal to-do list, designed to integrate as agents within the Claude Desktop environment.

Setup Requirements

  • ⚠️Requires the Claude Desktop application to function as intended.
  • ⚠️Email functionality (in `email_agent.py`) requires `SENDER_EMAIL` and `SENDER_PASSWORD` environment variables to be configured.
  • ⚠️Multiple MCP servers (Leave Management, Email Notification, To-Do List) are provided as separate Python files; each needs to be individually installed into Claude Desktop via `uv run mcp install <filename.py>`.
Verified SafeView Analysis
The server uses in-memory data for leave and to-do lists, avoiding external database vulnerabilities. The email agent securely loads credentials from environment variables using `dotenv` and utilizes TLS for `smtplib` connections, preventing hardcoded secrets and securing network communication. There are no instances of `eval`, code obfuscation, or other immediately apparent malicious patterns. The primary security consideration is the secure management of the `SENDER_EMAIL` account credentials outside of the codebase.
Updated: 2025-11-28GitHub
0
0
Medium Cost

PG_SQL_MCP_SERVER

by TomerGutman1

Sec9

Production-ready PostgreSQL server supporting both MCP and A2A protocols for secure, read-only database access.

Setup Requirements

  • ⚠️Requires a running PostgreSQL database instance; a `setup_postgres.sh` script is provided for local Docker setup.
  • ⚠️Python 3.11+ is required for direct execution.
  • ⚠️For production A2A use, `api_keys` in `config.yaml` (and `SECRET_KEY`) must be replaced with strong secrets, ideally managed via environment variables.
Verified SafeView Analysis
The server implements strong multi-layered security measures, including SQL guardrails to prevent DDL/DML operations and common injection patterns (like `DROP`, `DELETE`, `pg_read_file`), Role-Based Access Control (RBAC) for granular permissions on databases, schemas, and tables, automatic row limiting and query timeouts. It supports various SSL/TLS modes for secure connections. Audit logging is comprehensive, and the configuration explicitly warns against hardcoded default secrets in production, recommending environment variables instead. While `sqlglot` is used for robust SQL parsing, a regex-based fallback for table extraction exists, which is a minor theoretical weakening compared to pure AST parsing, but still guarded by the overall validation. The project also provides explicit instructions on production security hardening (e.g., reverse proxy, secrets management).
Updated: 2025-11-24GitHub
0
0
Medium Cost
Batman-05 icon

crimeapp-mcp

by Batman-05

Sec3

A Cloudflare Worker acting as a Model Context Protocol (MCP) server that exposes tools for crime analysis and news article fetching, delegating complex natural language queries to an external LangChain/LangGraph-powered AI agent.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (Paid) for LLM interactions.
  • ⚠️Requires a Cloudflare D1 Database instance bound as `CRIME_DB` with a predefined schema.
  • ⚠️Requires deploying two distinct services: a Cloudflare Worker (`crimeapp-mcp-server`) and a Python FastAPI server (`lang-agent`). The Python server's URL must be configured as `LANG_AGENT_URL` in the Cloudflare Worker's environment.
  • ⚠️The `lang-agent` also requires `MCP_BASE_URL` (the URL of the deployed Cloudflare Worker) and `MCP_GATEWAY_TOKEN` (a shared secret for agent-to-worker authentication) environment variables.
  • ⚠️Cloudflare Access configuration (`POLICY_AUD`, `TEAM_DOMAIN`) is present but currently bypassed, requiring manual re-enabling and configuration for secure deployment.
Review RequiredView Analysis
CRITICAL: The `isAuthorized` checks for `/proxy/db/query` and `/proxy/news_articles` endpoints in `crimeapp-mcp-server/src/index.ts` are commented out, making these internal database proxy endpoints publicly accessible without authentication. While `sanitizeSelect` limits queries to `SELECT` and adds `LIMIT 1000`, this still allows for unauthenticated information leakage of sensitive crime data. Additionally, the `AGENT_SHARED_SECRET` check in `crimeapp-mcp-server/src/lib/agent.ts` is commented out, meaning calls to the external LangChain agent (`LANG_AGENT_URL`) are unauthenticated, which is another major security flaw. The `lang-agent` generates SQL queries using an LLM (`_plan_sql_from_query`), which, despite SQL sanitization (`_sanitize_select`), introduces a high risk of LLM hallucinating or being prompted to generate malicious or resource-intensive queries that could bypass imperfect guardrails.
Updated: 2025-12-05GitHub
0
0
High Cost
QianJue-CN icon

mcp-memory-server

by QianJue-CN

Sec8

An intelligent memory management server for AI models, providing persistent memory storage with CRUD operations, semantic vector search, and folder organization via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires API keys for external embedding providers (e.g., Gemini, OpenAI), which may incur usage costs.
  • ⚠️If 'ollama' is chosen as the embedding provider, a local Ollama server must be installed and running.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server operates as an IPC server via standard I/O, which inherently limits direct network attack surface. It employs robust input validation using Zod schemas for all tool inputs, and file operations leverage `proper-lockfile` to prevent race conditions, enhancing data integrity. API keys for external embedding providers (OpenAI, Gemini) are expected from environment variables, which is good practice. However, the `MCP_EMBEDDING_BASE_URL` for embedding providers is configurable, introducing a potential risk if an attacker can manipulate environment variables to point to a malicious endpoint, or if a user inadvertently misconfigures it. The default base URLs for known providers are safe. No direct 'eval' or obfuscation found.
Updated: 2025-11-20GitHub
0
0
High Cost
rglaubitz icon

exa-mcp

by rglaubitz

Sec9

An MCP server to integrate AI agents (like Claude) with the Exa AI search API, providing enhanced web search, content extraction, answer generation, and research capabilities with full parameter support.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires uv package manager
  • ⚠️Requires an Exa API key (available via dashboard.exa.ai)
Verified SafeView Analysis
The server uses Pydantic models for robust input validation, mitigating injection risks for API parameters. It handles the Exa API key securely via environment variables and uses `httpx` for network requests with proper error handling, converting HTTP errors to custom exceptions. Logging is directed to stderr, a crucial MCP best practice to avoid JSON-RPC corruption. No direct usage of dangerous functions like `eval()` or `exec()` was found.
Updated: 2025-12-09GitHub
0
0
Low Cost
kdspaul icon
Sec10

Provides a sandboxed command execution environment for AI coding assistants, enabling controlled directory listing and Git operations with robust output transformations and security features.

Setup Requirements

  • ⚠️Rust toolchain (Cargo) required for building the server executable.
  • ⚠️Server configuration for 'BLOCKED_PATHS' requires setting an environment variable before startup.
Verified SafeView Analysis
The server implements comprehensive security measures to prevent common command execution vulnerabilities. This includes robust shell injection prevention (blocking a wide range of dangerous characters in arguments and environment variables), path traversal prevention ('..' blocked), configurable path blocking (via BLOCKED_PATHS environment variable with symlink resolution), flag injection prevention, restrictions on dangerous environment variables (e.g., LD_PRELOAD, PATH), and explicit whitelisting of allowed Git subcommands. Output transformations (grep, sort, head, tail, unique) are implemented natively in Rust using the regex crate, eliminating risks associated with piping to external shell utilities. The use of `std::process::Command::new` and its `arg`/`args` methods further ensures commands are not executed via a shell. Extensive unit tests for security components are also present.
Updated: 2025-12-31GitHub
0
0
Low Cost
arthurfantaci icon

requirements-advisor

by arthurfantaci

Sec9

An MCP server providing expert guidance on requirements management best practices using Retrieval-Augmented Generation (RAG).

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for easy setup.
  • ⚠️Requires a Voyage AI API Key (Voyage AI is a paid service).
  • ⚠️Requires content files (JSONL format) to be placed in the 'content/' directory for ingestion.
Verified SafeView Analysis
The project handles API keys via environment variables, avoiding hardcoding. It uses well-regarded libraries like httpx and chromadb. No obvious 'eval' or direct shell execution vulnerabilities were found. Docker binding to 0.0.0.0 is standard for containers but requires host firewall configuration in production environments.
Updated: 2025-12-03GitHub
0
0
Low Cost
hazzaz-am icon

mcp-servers

by hazzaz-am

Sec8

Provides Model Context Protocol (MCP) server functionality to retrieve Google Calendar events for a specified date.

Setup Requirements

  • ⚠️Requires a Google API Key with Calendar API access, configured as GOOGLE_API_KEY environment variable.
  • ⚠️Requires a Google Calendar ID to fetch events from, configured as GOOGLE_CALENDAR_ID environment variable.
  • ⚠️Requires Node.js (version 18 or higher, based on package-lock.json peer dependencies) to run.
Verified SafeView Analysis
The server uses environment variables (process.env.GOOGLE_API_KEY, process.env.GOOGLE_CALENDAR_ID) for sensitive credentials, which is a good practice. Input validation for the 'date' parameter is present using Zod, preventing basic malformed date issues. No 'eval' or obvious obfuscation found. The primary security consideration lies in managing access to the Google API Key and Calendar ID, and understanding that the tool exposes calendar event summaries, which could contain sensitive information depending on the calendar's content.
Updated: 2026-01-18GitHub
0
0
Low Cost
thormuller icon

spotify-mcp-server

by thormuller

Sec9

Enables AI assistants to control Spotify playback and manage playlists through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js v16+ to be installed.
  • ⚠️A Spotify Premium account is required for full playback control.
  • ⚠️Requires manual creation of a Spotify Developer application to obtain Client ID and Client Secret.
  • ⚠️An initial authentication step (`npm run auth`) involves a browser redirect and a local HTTP server to obtain access and refresh tokens.
Verified SafeView Analysis
The server stores sensitive Spotify API credentials (client ID, client secret, access token, refresh token) in a local `spotify-config.json` file. While this is a common practice for CLI tools, users must ensure this file is adequately protected (e.g., via file permissions and `.gitignore`). The authentication flow correctly enforces `localhost` or `127.0.0.1` for the redirect URI, mitigating common OAuth redirection vulnerabilities. No `eval` or obvious malicious patterns were found.
Updated: 2025-12-14GitHub
PreviousPage 516 of 713Next