Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
LLMTooling icon

spotify-mcp-server

by LLMTooling

Sec9

Provides granular data and control over Spotify playback and library, optimized for dynamic HUDs, music visualizers, and AI-powered music control interfaces through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a Spotify Developer App setup (Client ID, Client Secret, Redirect URI configuration).
  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Spotify Premium account recommended for full functionality (due to Spotify API limitations on some free-tier features like full playback control).
Verified SafeView Analysis
Credentials (Client ID, Client Secret) are loaded from a `.env` file, and OAuth tokens are stored locally in `spotify-tokens.json`. The server handles automatic token refreshing. The authentication callback server runs on `localhost:8888` for the OAuth flow. No hardcoded secrets or malicious patterns observed. Robust error handling for Spotify API responses (e.g., 401, 403, 404, 429) is implemented to provide clear, actionable feedback.
Updated: 2025-12-09GitHub
0
0
Low Cost
minipuft icon

opencode-prompts

by minipuft

Sec9

Enhances the OpenCode IDE by tracking AI chain progress, providing gate reminders, and preserving workflow state for the 'claude-prompts' MCP server, improving AI-assisted development experience.

Setup Requirements

  • ⚠️Requires `oh-my-opencode` for full prompt syntax detection (e.g., `>>diagnose`). Native OpenCode lacks the necessary `UserPromptSubmit` hook.
  • ⚠️Requires Python 3 runtime on the system for the execution of plugin hooks (e.g., `prompt-suggest.py`).
  • ⚠️The installation modifies or creates `opencode.json` and `.claude/settings.json` in the project root to configure the MCP server and hooks.
Verified SafeView Analysis
The plugin performs local file I/O for configuration and session state, and executes predefined local scripts (Python hooks, `npx claude-prompts`). Command arguments and file paths are constructed from internal logic or trusted configuration files, not directly from untrusted user input, mitigating command injection and arbitrary file write risks. The parsing of LLM responses extracts information without direct code execution.
Updated: 2026-01-19GitHub
0
0
Medium Cost
JxnnyC icon
Sec10

Provides mathematical utility tools as an MCP server for calculating factorials and their digit counts.

Setup Requirements

  • ⚠️Requires `mcp` framework (Python library) to be installed.
  • ⚠️Designed to handle large integers, potentially consuming significant memory and CPU for very large inputs (n > 100,000).
Verified SafeView Analysis
The code uses Python's standard `math.factorial` function and handles large integers gracefully with `sys.set_int_max_str_digits`. No external dependencies other than the MCP framework and standard Python libraries. No `eval`, `exec`, network calls, or hardcoded secrets were found.
Updated: 2025-11-26GitHub
0
0
Low Cost
Sherkhan369 icon

mcp-server

by Sherkhan369

Sec5

This repository likely provides a Python-based server for a game, possibly related to Minecraft given 'MCP Server'.

Setup Requirements

  • ⚠️Python installation required
Review RequiredView Analysis
Source code for `main.py` is truncated and not provided, preventing a thorough security audit. No specific security issues ('eval', obfuscation, hardcoded secrets, etc.) can be identified from the limited information. Therefore, safety cannot be confirmed without inspecting the actual code.
Updated: 2025-12-02GitHub
0
0
Medium Cost
usmanbutt-dev icon

unity-mcp

by usmanbutt-dev

Sec9

Enables AI agents to query, inspect, and control the Unity Editor through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Unity 2021.3 or later to be installed and running.
  • ⚠️Requires Node.js for the MCP bridge component.
  • ⚠️Requires manual configuration of an MCP client (e.g., via 'mcp_config.json') to specify the path to the Node.js bridge.
Verified SafeView Analysis
The MCP server runs locally within the Unity Editor and the Node.js bridge connects to it via localhost (127.0.0.1:3000 by default). This design significantly limits external attack surfaces as no direct external network access is permitted. The Node.js bridge itself is simple, primarily acting as a stdio-to-HTTP proxy, and does not contain 'eval' or obvious malicious patterns. The primary security consideration is the power granted to the AI agent to modify the Unity Editor, which is its explicit purpose, and should be used with caution within controlled environments.
Updated: 2025-12-11GitHub
0
0
Medium Cost
vuguzum icon
Sec9

Provides a secure, sandboxed environment for LLMs to validate syntax and safely execute generated Python code.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️For full resource isolation on Windows, 'pywin32' must be installed separately.
  • ⚠️Relies on the MCP protocol via 'fastmcp'.
Verified SafeView Analysis
The server employs a robust multi-layered 'defense in depth' strategy. This includes AST parsing for syntax checks, static analysis to block dangerous functions/modules (e.g., 'eval', 'exec', 'os'), environment sanitization (removing modules from sys.modules, overriding __import__ and open()), and OS-level process isolation (resource.setrlimit on Unix, Job Objects on Windows) with configurable time/memory limits. Output is captured via buffers. While no sandbox is 100% impenetrable, this implementation is highly secure for its intended purpose.
Updated: 2025-11-20GitHub
0
0
Low Cost
sahil-kourav icon

mcp_server

by sahil-kourav

Sec8

This server and client demonstrate a basic setup for Model Context Protocol (MCP) tool calling, allowing a Generative AI model to interact with local functions via standard I/O.

Setup Requirements

  • ⚠️Requires a Google GenAI API Key (Paid service)
  • ⚠️Requires Node.js runtime (>=18 recommended by dependencies)
  • ⚠️Requires environment variables to be set (e.g., via a .env file or system environment)
Verified SafeView Analysis
The server and client communicate via standard I/O, reducing direct network attack surface. Secrets are handled via environment variables (`GOOGLE_GENAI_API_KEY`), which is good practice. Input validation for tools is done using Zod, enhancing robustness. No 'eval' or obvious obfuscation found. Potential risks would arise if the `command` or `args` for `StdioClientTransport` were user-controlled, but they are hardcoded in this example.
Updated: 2025-12-10GitHub
0
0
Low Cost
dannwaneri icon
Sec9

An MCP server providing a knowledge base via various tools for semantic search and data retrieval, specifically designed to serve context to LLMs.

Setup Requirements

  • ⚠️Requires Node.js 18+
Verified SafeView Analysis
The current implementation operates purely on hardcoded, in-memory data, and does not perform external network requests (beyond MCP protocol itself) or file system operations that could introduce common vulnerabilities. Tool arguments are used safely within array filtering/mapping operations, preventing injection. No 'eval' or similar dangerous functions are used. Future integrations (Vectorize, authentication) explicitly mentioned in 'Next Steps' will introduce new attack surfaces and require re-evaluation.
Updated: 2025-12-03GitHub
0
0
Medium Cost
devdash-project icon

devdash-mcp

by devdash-project

Sec7

Provides tools for DevDash development and debugging, interacting with QML Gauges Explorer, DevDash runtime telemetry and logs, and system-level screenshot capabilities.

Setup Requirements

  • ⚠️Requires `wmctrl`, `imagemagick`, and `scrot` for X11 screenshot functionality (e.g., `sudo apt install wmctrl imagemagick scrot` on Debian/Ubuntu).
  • ⚠️Requires the `DEVDASH_QML_GAUGES_PATH` environment variable to be set to the absolute path of the `qml-gauges` repository.
  • ⚠️Assumes `qml-gauges` and `devdash` repositories are available and can be built/run separately; the server does not manage their installation or initial setup.
Verified SafeView Analysis
The server uses `subprocess` calls for building and launching the QML Gauges Explorer (`cmake`), as well as for screenshot capture (`wmctrl`, `imagemagick`, `scrot`). A critical security consideration is the `DEVDASH_QML_GAUGES_PATH` environment variable. If this path is maliciously configured by an administrator, the `qml_explorer_build` and `qml_explorer_launch` tools could execute arbitrary commands. However, direct user input to tools is generally sanitized (e.g., JSON encoding for WebSocket requests) or derived from trusted system commands (like X11 window IDs), reducing direct injection risks from typical tool arguments. The risk is primarily from a compromised or maliciously configured local environment.
Updated: 2025-12-14GitHub
0
0
Medium Cost
Sunalamye icon

mcp-claude-shell

by Sunalamye

Sec1

This server provides a structured interface for local Claude Code CLI commands, enabling generation, editing, and refactoring with built-in retry, timeout, and JSON validation capabilities via the MCP protocol.

Setup Requirements

  • ⚠️Requires `jq` to be installed for JSON processing.
  • ⚠️Requires the `claude` CLI to be installed, configured, and authenticated locally.
  • ⚠️The `timeout` command is recommended for robust timeout handling, though an alternative is used if not available.
Review RequiredView Analysis
The `mcp-claude.sh` script is critically vulnerable to shell injection. User-provided input parameters such as `jsonSchema`, `systemPrompt`, and `appendSystemPrompt` are directly embedded into shell command strings with single quotes (e.g., `'$json_schema'`) that are later executed via `bash -c`. A malicious client can inject arbitrary shell commands by including a single quote in these parameters, breaking out of the quoted string. For example, a `jsonSchema` value like `{'foo':'bar'}; rm -rf /; echo '` would result in the `rm -rf /` command being executed on the host system. Additionally, the underlying `claude` CLI is always invoked with `--dangerously-skip-permissions`, granting the AI agent broad, unconfirmed access to execute commands and modify files, which further exacerbates the risk if the system is compromised via prompt injection or the aforementioned shell injection vulnerability.
Updated: 2025-11-26GitHub
0
0
Medium Cost
vallipichappan icon

financeCopilot

by vallipichappan

Sec5

A playground for developing and testing quantitative research workflows powered by Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires a configured Model Context Protocol (MCP) server environment.
Review RequiredView Analysis
No source code was provided for analysis beyond the README.md content. Cannot assess for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns without the actual code. A score of 5 reflects the inability to perform a comprehensive audit.
Updated: 2025-11-20GitHub
0
0
Medium Cost
kiki830621 icon

che-things-mcp

by kiki830621

Sec9

Provides comprehensive task and project management for Things 3 on macOS via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires macOS 13.0 (Ventura) or later.
  • ⚠️Requires Things 3 application to be installed.
  • ⚠️macOS will prompt for 'Automation' permission to control Things 3 on first use; this must be allowed.
  • ⚠️For checklist management and some update operations, a `THINGS3_AUTH_TOKEN` is required, obtainable from Things 3 settings and set as an environment variable or via the `set_auth_token` tool.
  • ⚠️The binary should be installed to a local directory (e.g., `~/bin/`), not a cloud-synced folder, to prevent MCP connection timeouts.
Verified SafeView Analysis
The server operates entirely locally, interacting with Things 3 using native AppleScript and URL schemes. Input strings for AppleScript are sanitized using `escapeForAppleScript` to prevent injection. URL scheme parameters are percent-encoded. The `THINGS3_AUTH_TOKEN` is loaded from an environment variable, not hardcoded. No external network connections or hardcoded secrets were detected. The primary attack surface would involve vulnerabilities in macOS's AppleScript interpreter or Things 3's API, which are external to this server's code. UI operations are correctly marked with `openWorldHint` as they cause visible side-effects on the user's system.
Updated: 2026-01-19GitHub
PreviousPage 520 of 713Next