Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
rakgogia icon

mcp-server

by rakgogia

Sec7

Integrates an MCP server with Google Gemini for AI-powered chat, allowing the AI to execute predefined tools and access resources.

Setup Requirements

  • ⚠️Requires `google-generativeai`, `mcp`, and `fastmcp` Python packages to be installed.
  • ⚠️Requires a Google Gemini API Key, which must be provided via the `GEMINI_API_KEY` environment variable (e.g., in a `.env` file).
  • ⚠️Requires internet access to communicate with the Google Gemini API.
Verified SafeView Analysis
The system grants Google Gemini the ability to call server-side tools based on user input, which presents a potential risk if powerful or poorly secured tools were added to the MCP server. For instance, if a tool allowed arbitrary file system access or network requests, a malicious prompt could exploit it. However, the current tools (`calculate_bmi`, `get_support_email`) are benign and do not pose direct security threats. The `GEMINI_API_KEY` is correctly loaded from environment variables.
Updated: 2026-01-19GitHub
0
0
High Cost
silicon-works icon

mcp-tools

by silicon-works

Sec7

Provides a collection of MCP servers wrapping various cybersecurity tools for automated penetration testing, vulnerability scanning, and exploitation tasks.

Setup Requirements

  • ⚠️Requires various underlying command-line tools (e.g., nmap, ffuf, hydra, gcc) to be installed in the environment (typically managed by a Docker image).
  • ⚠️The OWASP ZAP daemon must be running and accessible for the `zap` server to function.
  • ⚠️Relies on standard wordlist paths (e.g., /usr/share/wordlists), which may need to be mounted or present in the container image.
Verified SafeView Analysis
The server includes multiple tools designed for offensive security actions (e.g., exploit execution, payload generation, brute-forcing, scanning). While internal operations generally use argument lists for subprocess calls to mitigate shell injection within the server itself, the core functionality involves executing arbitrary user-provided code, commands, or crafting malicious inputs against target systems. For example, `exploit-runner` executes user scripts/commands, and `payload` compiles user-provided C code. The `searchsploit.get_exploit` method might allow reading arbitrary files within the container if a malicious `exploit_id` path is provided, though its impact is contained by the Docker environment. Users should understand these inherent risks for offensive security tools.
Updated: 2026-01-19GitHub
0
0
Medium Cost
creatrcollective icon

zohocrm-mcp-server

by creatrcollective

Sec8

Integrates Claude.ai with Zoho CRM to enable natural language querying and read-only access to CRM data.

Setup Requirements

  • ⚠️Requires Docker or Docker Desktop installed and running.
  • ⚠️Requires administrator access to a Zoho CRM account to create OAuth applications.
  • ⚠️Manual setup of Zoho OAuth credentials (Client ID, Client Secret, Redirect URI) and configuration in Claude Desktop's config file is necessary.
  • ⚠️The Zoho OAuth redirect URI must be set to 'http://localhost:3000/authRedirect'.
Verified SafeView Analysis
The application stores the Zoho OAuth refresh token in a local file ('refreshToken.txt') within the Docker volume. While common for local desktop integrations for persistence and ease of use, this file could be a point of vulnerability if the local file system is not adequately secured. The integration is explicitly read-only, which significantly reduces the potential impact of any compromise. There are no 'eval' calls, code obfuscation, or immediately apparent malicious patterns in the provided source code. Environment variables are used for sensitive credentials (Zoho Client ID/Secret) rather than hardcoding.
Updated: 2025-12-01GitHub
0
0
Medium Cost
EnzymeML icon

enzymeml-mcp

by EnzymeML

Sec6

Provides an MCP server for AI assistants to interact with EnzymeML documents, enabling reading, modification, searching, and visualization of biochemical data.

Setup Requirements

  • ⚠️Requires Rust toolchain (Rust and Cargo 1.70+).
  • ⚠️Requires the EnzymeML Suite desktop application to be installed and running locally, exposing an HTTP API.
Verified SafeView Analysis
The server uses the `meval` crate to parse and potentially evaluate mathematical expressions from `EnzymeMLDocument` equations. If the `equation` strings can be manipulated by untrusted input (e.g., via a malicious AI assistant generating document updates), this could lead to denial of service or unexpected behavior. The server also communicates with a local `EnzymeML Suite desktop application` via HTTP on `127.0.0.1:13452`. While local communication is generally safer, it assumes the local system and the Suite application itself are secure. No hardcoded secrets or obvious direct malicious patterns were found in the truncated source. External API calls (UniProt, PubChem, ChEBI) are made to well-known public services.
Updated: 2026-01-18GitHub
0
0
Low Cost
m2ai-mcp-servers icon

mcp-philips-hue

by m2ai-mcp-servers

Sec9

Control Philips Hue smart lights (brightness, color, on/off) via an MCP server.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed.
  • ⚠️A Philips Hue Bridge must be present and accessible on the local network.
  • ⚠️Requires manual retrieval of a Hue API key from the bridge's debug interface.
  • ⚠️Environment variables HUE_BRIDGE_IP and HUE_API_KEY must be configured prior to running.
Verified SafeView Analysis
The server correctly retrieves sensitive information (Hue Bridge IP, API Key) from environment variables, avoiding hardcoded secrets. Input validation is present for brightness levels. Color inputs are processed by internal utility functions (hexToXy, colorNameToHex, colorTempToMireds) that appear robust. Light IDs are passed directly to the Hue Bridge API; assuming Hue Bridge IDs are safe (typically numeric or simple strings), this does not pose a direct injection risk, but in a broader context, URL component encoding for arbitrary user-supplied IDs would be a best practice. No 'eval' or direct arbitrary command execution is observed. Network calls are confined to the specified Hue Bridge IP.
Updated: 2026-01-19GitHub
0
0
High Cost
openpharma-org icon

pubchem-mcp

by openpharma-org

Sec9

This server provides a Model Context Protocol (MCP) interface to the PubChem chemical database, enabling AI models or applications to perform chemical searches, retrieve compound information, analyze structures, fetch properties, access bioassay data, and query safety information.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires a build step (`npm run build` or `tsc`) to compile the TypeScript source code to JavaScript before running.
  • ⚠️Many features advertised in the README (e.g., 'search_by_inchi', 'predict_admet_properties', 'search_bioassays', 'search_by_target') are listed in the tool schema but are currently commented out as unimplemented in the provided source code. Calling these methods will result in an 'MethodNotFound' error.
Verified SafeView Analysis
The server appears well-designed with robust input validation (using `isValid...Args` functions) for all implemented tools, which helps prevent common injection vulnerabilities when interacting with the external PubChem PUG REST API. All API calls to PubChem use `encodeURIComponent` for query parameters, further enhancing safety. There are no `eval` statements, explicit dangerous `child_process` calls (beyond the Node.js runtime itself), or direct sensitive file system operations detected in the provided source code. No hardcoded secrets (like API keys) are present, aligning with PubChem's public API policy. The server acts as a proxy, and its overall security model relies on the inherent security of the PubChem API. Potential for high volume data retrieval (e.g., from similarity searches or batch lookups with many records) exists, which could impact server resources if not managed by the caller, but this is an operational concern rather than a code vulnerability. Unimplemented methods gracefully return an `ErrorCode.MethodNotFound` error.
Updated: 2025-12-22GitHub
0
0
Medium Cost
Ashafaatadhis icon

mcp-server-sql-tool

by Ashafaatadhis

Sec6

A NestJS backend server providing API endpoints for user initialization and executing user-defined SQL queries against a PostgreSQL database with security guards.

Setup Requirements

  • ⚠️Requires a PostgreSQL database instance accessible via a connection string.
  • ⚠️Relies on specific PostgreSQL schema and function (`public.user_init`) being present.
  • ⚠️SQL query execution is performed directly from user input, albeit with a security guard, which is a potential attack vector.
Review RequiredView Analysis
The server exposes an endpoint to execute arbitrary SQL queries provided by the user, which is inherently high-risk. While a `SqlGuard` is implemented to blacklist dangerous keywords (e.g., INSERT, UPDATE, DELETE, DROP, ALTER, CREATE) and enforce SELECT/WITH statements, such regex-based blacklisting can often be bypassed by sophisticated attackers. The use of `SET LOCAL search_path` based on a sanitized `telegram_id` provides a degree of schema isolation, but its effectiveness relies heavily on the `telegram_id` being correctly sanitized and the database's user/schema permissions being meticulously configured. Direct execution of user-supplied SQL strings via `client.query(q)` (even after validation) is less safe than using parameterized queries with a robust SQL parser. No hardcoded secrets were found; sensitive configurations are managed via environment variables.
Updated: 2026-01-17GitHub
0
0
Medium Cost
rsmolgovsky-cnc icon

remote_mcp

by rsmolgovsky-cnc

Sec9

This is an MCP (Model Context Protocol) server that provides AI agents with tools and resources to search, retrieve, and organize academic papers from arXiv based on specified topics.

Setup Requirements

  • ⚠️Requires a Python 3.x environment with 'arxiv' and 'mcp' libraries installed.
  • ⚠️Running with the provided `run_inspector.sh` requires Node.js and npm to be installed for `npx @modelcontextprotocol/inspector`.
  • ⚠️Requires write permissions to the `/tmp` directory for logging.
Verified SafeView Analysis
The server interacts with the local filesystem to store paper information. While `os.path.join` and topic sanitization (`replace(" ", "_")`) mitigate common path traversal risks, exposing the server to untrusted inputs without further input validation or sandboxing could theoretically lead to issues like excessive file creation or information disclosure from the `PAPER_DIR` if a malicious topic is crafted. No 'eval' or hardcoded secrets were found.
Updated: 2025-11-22GitHub
0
0
Medium Cost
roland-kiraly icon

habitica_mcp_server

by roland-kiraly

Sec9

An MCP server that enables clients to interact with the Habitica API for task and stat management.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires HABITICA_USER_ID environment variable.
  • ⚠️Requires HABITICA_API_TOKEN environment variable.
Verified SafeView Analysis
The server code itself is straightforward, acting as an API wrapper without 'eval', obfuscation, or obvious malicious patterns. Hardcoded secrets are avoided by requiring environment variables. The primary security considerations are the secure handling of HABITICA_USER_ID and HABITICA_API_TOKEN environment variables in the deployment environment and the trustworthiness of the MCP client spawning this server via stdio.
Updated: 2025-12-10GitHub
0
0
High Cost
pahar0 icon
Sec7

Enables AI assistants to interact with Splunk for searching, managing, and analyzing data.

Setup Requirements

  • ⚠️Requires `SPLUNK_TOKEN` or `SPLUNK_USERNAME` and `SPLUNK_PASSWORD` environment variables for authentication.
  • ⚠️Requires access to a running Splunk instance with appropriate API permissions.
  • ⚠️Requires Python 3.10 or higher to run.
Verified SafeView Analysis
The server uses environment variables for Splunk authentication (token or username/password), which is a good practice. It does not contain hardcoded secrets or direct use of Python's `eval`. However, several tools (e.g., `search_splunk`, `create_dashboard`, `update_server_settings`, and others that accept SPL queries or raw configuration content) directly incorporate string arguments into Splunk SPL queries, XML configurations, or API calls. If these inputs are sourced from untrusted user input without proper sanitization by the AI client, they could lead to injection vulnerabilities (e.g., arbitrary SPL execution, XML injection, configuration manipulation). The server relies on the calling AI client to ensure input validity and safety, which is a critical consideration for deployment.
Updated: 2026-01-16GitHub
0
0
Low Cost
humaka20-netizen icon

remote-mcp-server-humaka

by humaka20-netizen

Sec8

Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers, providing AI agents with defined tools (e.g., calculator functions) without requiring authentication.

Setup Requirements

  • ⚠️Requires a Cloudflare account and `wrangler` CLI for deployment.
  • ⚠️The server is intentionally deployed 'Without Auth', making its tools publicly accessible to anyone who discovers the URL.
  • ⚠️Clients must be compatible with the Model Context Protocol (MCP) to interact with the server (e.g., Cloudflare AI Playground, Claude Desktop with mcp-remote proxy).
Verified SafeView Analysis
The server's core logic for its defined tools (addition, calculator) uses Zod for schema validation on inputs, which is good practice for preventing injection attacks. It explicitly states 'Without Auth' in the README and project name, meaning it's intentionally public-facing without authentication mechanisms, making its functionality accessible to anyone who discovers the URL. No obvious 'eval' or direct arbitrary code execution, hardcoded secrets, or network vulnerabilities are visible in the truncated source code. Cloudflare Worker bindings are used for environmental configuration, which is platform-managed.
Updated: 2025-11-30GitHub
0
0
Medium Cost
522jack icon
Sec3

Standalone MCP server providing weather information, task management, and local document processing capabilities for an AI client.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE) to run.
  • ⚠️Requires `OPENWEATHER_API_KEY` environment variable for full weather functionality (otherwise uses limited demo key).
  • ⚠️File system tools (`search_documents`, `summarize_document`, `save_summary`) operate on the local file system relative to the server's working directory, which requires careful security consideration.
Review RequiredView Analysis
The document search, summarization, and storage services allow file system operations (read, write, search) based on user-provided paths (`folder_path`, `document_path`, `output_folder`, `filename`). While `Path.normalize()` is used, it might not be sufficient to prevent all path traversal attacks, potentially allowing access to arbitrary files outside the intended project directory (the `user.dir` where the server is run). This is a significant local file system security risk if the server processes untrusted input from an LLM or external client. The `OPENWEATHER_API_KEY` is handled correctly via environment variables. SQL queries for task management use prepared statements, mitigating SQL injection risks.
Updated: 2025-11-23GitHub
PreviousPage 518 of 713Next