Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
bivex icon
Sec5

This server facilitates inter-process communication on Windows systems by managing shared memory operations using the Model Context Protocol (MCP) via memory-mapped files and JSON-RPC 2.0.

Setup Requirements

  • ⚠️Requires Windows operating system (Windows 10/11 recommended).
  • ⚠️Requires .NET 8.0 SDK or later installed.
  • ⚠️Requires Administrator privileges to run due to global shared memory access.
Review RequiredView Analysis
A comprehensive security audit is not possible as the actual C# source code (beyond the README content) was not provided for analysis. Based on the README, critical security considerations include: 1. **Administrator Privileges:** The server requires Administrator privileges for 'global shared memory access', which significantly increases the attack surface and potential impact if the application is compromised. 2. **JSON-RPC 2.0 Communication:** The README mentions JSON-RPC 2.0. Without code, it's unclear how this communication is secured (e.g., authentication, authorization, input validation, or if it's strictly local/networked). 3. **Shared Memory:** While efficient, shared memory can be a vector for vulnerabilities if not properly synchronized and managed (e.g., race conditions, memory corruption). The README states 'Thread-safe shared memory operations', which is a positive indicator, but actual implementation details are unknown. 4. **No Code Scan:** Unable to check for 'eval' or similar dangerous patterns, hardcoded secrets, or other malicious code patterns without the actual code.
Updated: 2025-12-08GitHub
0
0
High Cost
eduard256 icon

ozon-mcp-server

by eduard256

Sec8

Provides an MCP-compliant server for AI assistants to programmatically interact with Ozon.ru, enabling product search, detail retrieval, and delivery information.

Setup Requirements

  • ⚠️Requires manual installation of Playwright browser dependencies (Chromium) if not using Docker, e.g., 'npx playwright install chromium'.
  • ⚠️High resource consumption (CPU, RAM) due to launching a new browser instance for nearly every API call to bypass antibot systems, leading to increased latency per request.
  • ⚠️Web scraping is inherently fragile and can break if Ozon.ru changes its website structure or antibot mechanisms.
Verified SafeView Analysis
The server uses Playwright to automate a headless browser, which is a controlled environment. No 'eval' or malicious patterns were found. CORS is set to '*' to facilitate local client integration, which means it will accept requests from any origin; this is standard for local tools but should be noted if deployed publicly. Each request (search, details, etc.) launches a new browser instance, which is inefficient but a design choice to bypass Ozon's antibot measures. There are no hardcoded secrets or obvious vulnerabilities within the provided code.
Updated: 2026-01-19GitHub
0
0
Low Cost
nohuiam icon

niws-delivery

by nohuiam

Sec9

Orchestrates multi-platform news content delivery, including Notion integration, teleprompter exports, and video production workflows.

Setup Requirements

  • ⚠️Requires Notion API Token (NOTION_TOKEN, NOTION_DATABASE_ID)
  • ⚠️Requires FFmpeg installed for video processing (FFMPEG_PATH env var)
  • ⚠️AirDrop functionality is macOS-specific; will gracefully degrade on other OSes
  • ⚠️Depends on `niws-intake`, `niws-analysis`, and `niws-production` servers being operational via HTTP.
Verified SafeView Analysis
The server employs robust security measures: explicit CORS whitelisting, tiered rate limiting on API endpoints, and comprehensive input sanitization for paths and text to prevent shell injection (e.g., using `sanitizePath`, `sanitizeText`, `execFile` instead of `exec`). InterLock UDP communication uses a whitelisting `Tumbler` to filter signals. Database operations are parameterized to prevent SQL injection. External API calls (Notion, other NIWS services) are handled with timeouts and retry logic. Hardcoded secrets are avoided by requiring environment variables.
Updated: 2026-01-17GitHub
0
0
Medium Cost
Togavanny icon
Sec8

Facilitate client-server communication using the Model Context Protocol (MCP) with integrated AI capabilities for querying and managing user data.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key, which may incur costs based on usage.
  • ⚠️Requires Node.js (version >=18) and a TypeScript build environment.
  • ⚠️The client is designed to spawn a *built* version of the server (`build/server.js`), so `npm run server:build` is a prerequisite for the client to function as written.
Verified SafeView Analysis
The server-side code does not contain direct network listeners (like an HTTP server) but communicates via standard I/O when spawned by the client. It uses `process.env.GEMINI_API_KEY` for accessing the Google Gemini API, which is a good practice for API key management. Direct file system writes to `users.json` occur, which in a multi-user or high-concurrency scenario could pose data integrity risks, but for this single-instance demo, it is acceptable. No 'eval' or obvious obfuscation is present. The primary external data exposure is through the Google Gemini API calls, which is an expected part of the AI functionality.
Updated: 2026-01-19GitHub
0
0
Medium Cost
NovSerg icon
Sec8

A Model Context Protocol (MCP) server that provides an API for creating, managing, and delivering scheduled weather and air quality reminders, broadcasting them via Server-Sent Events (SSE).

Setup Requirements

  • ⚠️Requires a free/paid OpenWeatherMap API key (`OPENWEATHER_API_KEY`) to fetch weather and air quality data; without it, these features will not work.
  • ⚠️Data persistence relies on a local `reminders.json` file in the `data` directory, meaning reminders will be lost if the server is run in an ephemeral environment without persistent storage.
  • ⚠️Requires Node.js (version 12.20.0 or higher, as per node-fetch requirements in lockfile) to be installed.
Verified SafeView Analysis
The server uses `cors({ origin: '*' })` which allows requests from any origin. While convenient for broad API access, it might be a security risk in specific production scenarios where stricter origin control is needed. However, it's generally acceptable for an MCP server designed for agent interaction. The server loads `OPENWEATHER_API_KEY` from environment variables, which is good practice. Crucially, user-provided cron expressions are validated using `cron.validate()` before scheduling, mitigating a potential arbitrary code execution vulnerability. Data is persisted locally to `reminders.json` with JSON serialization, which is safe from injection.
Updated: 2025-11-20GitHub
0
0
Low Cost
knoxmcken icon
Sec9

A comprehensive template for developing Model Context Protocol (MCP) servers, enabling AI assistants to securely access external data sources and tools through a standardized protocol.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher and npm v8.0.0 or higher.
  • ⚠️The `AUTH_SECRET` environment variable must be updated from its default for production security.
  • ⚠️Full production deployment with Docker Compose includes Redis and PostgreSQL as external dependencies, requiring their setup.
Verified SafeView Analysis
The project demonstrates strong security practices for a server template, utilizing 'helmet' for security headers, 'cors' for origin control, and 'express-rate-limit' for abuse prevention. Configuration validation with Zod helps prevent misconfigurations. A default 'AUTH_SECRET' is provided, but it's explicitly marked with a warning to 'change-this-secret-in-production', indicating good awareness. No 'eval' or obvious malicious patterns were found.
Updated: 2025-11-24GitHub
0
0
Low Cost
ahmad5599 icon

mysql-mcp-server

by ahmad5599

Sec3

Enables AI assistants to interact with SQL databases (MySQL, MariaDB, PostgreSQL, SQLite) through natural language queries, integrating with the Model Context Protocol (MCP) and providing a VS Code extension for setup.

Setup Requirements

  • ⚠️Requires Node.js version 20.19.0 or higher.
  • ⚠️An external SQL database (MySQL, PostgreSQL) must be running and accessible, or SQLite for local use (a test.db is bundled).
  • ⚠️Users must provide a correctly formatted database connection string via environment variable or CLI argument.
Review RequiredView Analysis
The `query` tool, intended for AI-driven SQL SELECT statements, directly executes the user-provided query string via `knex().raw()` without proper parameterization for values within the query. This makes the server vulnerable to SQL injection attacks, contradicting the 'Prepared statements' security claim in the documentation. While `read-only` mode is a good default, it does not prevent malicious read operations through injection. Other operations like `insert` and `describeTable` use parameterized queries or identifier sanitization correctly.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Wesype icon
Sec3

This server provides a Model Context Protocol (MCP) interface to query a PostgreSQL database containing aligner activity data, primarily for AI agents.

Setup Requirements

  • ⚠️Requires a PostgreSQL database instance.
  • ⚠️The import scripts (`import_csv_to_postgres.py`, `import_csv_optimized.py`) have a hardcoded CSV file path that needs to be manually modified or provided.
  • ⚠️Setup and import scripts contain hardcoded Railway PostgreSQL credentials, which should be removed or made configurable for production use.
Review RequiredView Analysis
CRITICAL SQL INJECTION VULNERABILITY: The `query_sql` tool directly executes SQL SELECT queries provided by the agent. Although it restricts queries to start with 'SELECT' or 'WITH', it does not use parameterized queries. This leaves it vulnerable to SQL injection if an agent (or a malicious user prompting the agent) provides specially crafted input (e.g., `SELECT * FROM activities WHERE patient_id = 123 OR 1=1;`), allowing unauthorized data access or manipulation. CRITICAL HARDCODED CREDENTIALS: Several auxiliary scripts (`import_csv_to_postgres.py`, `import_csv_optimized.py`, `create_schema.py`, `setup_railway.sh`) within the repository contain hardcoded PostgreSQL credentials (password `UqtALrZoRLKifgxpMKUhVcfBYGOIdRDK`). While the main server uses environment variables, these scripts pose a significant security risk by exposing sensitive database access information.
Updated: 2025-12-06GitHub
0
0
Medium Cost
sandraschi icon

home-assistant-mcp

by sandraschi

Sec9

Provides AI-powered natural language control for Home Assistant smart home systems via the Model Context Protocol, enabling AI assistants to orchestrate complex home automations.

Setup Requirements

  • ⚠️Requires a running Home Assistant instance for full functionality.
  • ⚠️Requires a Home Assistant Long-Lived Access Token, which must be generated by the user and provided via configuration or environment variables.
  • ⚠️Requires Python 3.10 or higher for the server to run.
Verified SafeView Analysis
The server's design emphasizes local-only operation and uses Pydantic's SecretStr for handling the Home Assistant access token, preventing hardcoded secrets and promoting secure handling. It relies on the user to provide a long-lived access token for Home Assistant API communication, which is standard for integrations. No 'eval' or obvious malicious patterns were found in the provided source code. The main security consideration is the security of the provided Home Assistant token and the underlying Home Assistant instance itself.
Updated: 2026-01-16GitHub
0
0
Medium Cost
shadcnspace icon

shadcnspace-mcp

by shadcnspace

Sec8

This MCP server enables AI agents to interact with Shadcn Space's UI block registry for listing, searching, and installing components to build web interfaces.

Setup Requirements

  • ⚠️Requires Node.js runtime (version 18 or higher).
  • ⚠️Requires internet access to fetch UI block data from tailwind-admin.com.
Verified SafeView Analysis
The server utilizes Zod for input validation, mitigating common injection risks. Network requests are made to a hardcoded external domain (tailwind-admin.com), reducing the risk of arbitrary SSRF. The `getBlockInstall` tool, while its description in the README implies returning implementation details, actually outputs an `npx` installation command, not executing arbitrary code itself. The only potential minor concern is how component names (user-provided) are directly used in URL paths for fetching details (e.g., `https://tailwind-admin.com/r/${name}.json`). While Zod ensures it's a string, if `name` could contain malicious path traversal characters that bypass external LLM sanitization and are not blocked by the `fetch` implementation, it could lead to unexpected resource access on the `tailwind-admin.com` domain. However, this is a low risk given typical component naming conventions.
Updated: 2026-01-19GitHub
0
0
Low Cost
dannwaneri icon
Sec9

Provides semantic search capabilities from Claude Desktop by acting as a Model Context Protocol (MCP) bridge to a Cloudflare Workers backend with Vectorize.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed locally.
  • ⚠️Requires Claude Desktop to be installed and manually configured with the server's absolute path to `dist/index.js`.
  • ⚠️An external `vectorize-mcp-worker` (Cloudflare Worker) must be deployed and accessible via the configured `WORKER_URL`.
  • ⚠️The Vectorize index on the backend Worker needs to be populated with data for semantic search to return results.
Verified SafeView Analysis
The server primarily acts as a local proxy, forwarding requests to a remote Cloudflare Worker. It does not handle sensitive user data directly beyond search queries. Input 'topK' is sanitized with Math.min, limiting potential abuse. No 'eval' or direct arbitrary code execution vectors are apparent in the provided source. The 'WORKER_URL' is hardcoded but is a backend endpoint, not a secret, and is explicitly stated in the README to be user-configurable by editing the source file.
Updated: 2025-12-05GitHub
0
0
Low Cost
gugga7 icon
Sec8

Integrate Morocco tourism data with AI assistants like Claude Desktop via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Cloudflare account and Wrangler CLI for deployment and local development
  • ⚠️Requires Node.js 18+ to run
  • ⚠️Firebase credentials and other database configurations are required for full data functionality, as indicated in the contributing and deployment guides, though not actively used in the provided main server logic.
Verified SafeView Analysis
The current `tools/call` implementation is a placeholder, returning static text, which significantly reduces immediate security risks related to data access or injection. Future integration with `firebase-admin` (as indicated in `package.json` and `CONTRIBUTING.md`) and external data sources will require careful implementation of input validation, authentication, and authorization to prevent data exposure or injection vulnerabilities. CORS `Access-Control-Allow-Origin: *` is broadly configured, which is common for public AI integration servers, but the deployment guide demonstrates how to restrict it to specific domains in production. No hardcoded secrets are present in the provided `src/index.ts` file; sensitive data is expected to be managed via environment variables or Cloudflare Workers secrets.
Updated: 2025-12-11GitHub
PreviousPage 517 of 713Next