Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
lborjigi icon

bookstack-mcp

by lborjigi

Sec8

This server integrates BookStack documentation management with Cursor AI using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a running BookStack instance with API access enabled.
  • ⚠️Requires manual creation of a BookStack API Token (ID and Secret) with appropriate permissions.
  • ⚠️Requires configuration of the BookStack URL (BS_URL) in the .env file, which may point to an internal IP address.
Verified SafeView Analysis
The server uses environment variables for API credentials, which is a good security practice. HTTP requests are made using the httpx library, and there are no direct command injection vulnerabilities detected in the parsing or execution paths. The `setup_env.sh` script is interactive, reducing the risk of shell injection through user input if not used maliciously. A potential risk is Server-Side Request Forgery (SSRF) if the `BS_URL` is configured to point to an internal network address controlled by an attacker, allowing them to probe internal services. However, this is a configuration-level risk rather than a vulnerability in the code itself, which adheres to standard security practices for Python applications interacting with APIs.
Updated: 2025-11-25GitHub
0
0
High Cost
richard-hajek icon

macbird

by richard-hajek

Sec4

Provides AI assistants with direct access to Thunderbird email accounts for management and interaction.

Setup Requirements

  • ⚠️Requires `bun` runtime to be installed.
  • ⚠️Thunderbird extension must be manually loaded as a 'temporary add-on' via developer tools, meaning it needs to be reloaded after each Thunderbird restart.
  • ⚠️The client configuration requires an absolute path to the `server.ts` file.
Review RequiredView Analysis
The server explicitly warns about giving AI direct access to email, which is an inherent risk. A critical vulnerability exists in the `download_attachment` and `read_email_attachments` tools, where the `downloadPath` parameter is directly used to write files to the local filesystem without sufficient sanitization or validation. A malicious AI could instruct the server to write arbitrary files to sensitive system locations or overwrite user files, leading to remote code execution or data corruption. While the WebSocket server is local-only, this arbitrary file write capability makes it unsafe to use with untrusted AI.
Updated: 2025-11-25GitHub
0
0
Medium Cost
parthshr370 icon

mem0_mcp_private

by parthshr370

Sec7

The Mem0 MCP server provides a Model Context Protocol (MCP) interface for LLM agents to perform long-term memory operations like adding, searching, updating, and deleting memories via the Mem0 API.

Setup Requirements

  • ⚠️Requires a Mem0 API Key (`MEM0_API_KEY`), which is for a paid service.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️The default server configuration disables DNS rebinding protection, which might be a security concern in certain deployment environments.
Verified SafeView Analysis
The server uses environment variables for API keys, which is a good practice. It also handles exceptions from the Mem0 API gracefully, returning structured error JSON. However, the `create_server` function explicitly disables DNS rebinding protection (`enable_dns_rebinding_protection=False`) for its transport security settings. While potentially justified for specific deployment scenarios (e.g., behind a reverse proxy), this is a deliberate weakening of a security feature that should be considered.
Updated: 2025-12-05GitHub
0
0
Medium Cost
oshoura icon

memes-mcp

by oshoura

Sec8

This MCP server enables users to find meme templates via text search and generate new meme images by overlaying custom text onto the templates, leveraging Google Gemini for meme annotation and Pinecone for vector search.

Setup Requirements

  • ⚠️Requires Google Generative AI API Key (Paid) for the 'scraper/batch_annotate.py' script, which is necessary to populate meme metadata.
  • ⚠️Requires Pinecone API Key, index, and namespace to be configured (Paid) for the meme search functionality.
  • ⚠️Requires AWS S3 bucket, region, and credentials (Paid) for storing and serving meme images.
  • ⚠️The scraper component ('scraper/scraper.py') depends on Selenium, meaning a Chrome browser and ChromeDriver (or compatible driver) must be installed and accessible on the machine where the scraper is executed.
Verified SafeView Analysis
API keys for Google Generative AI, Pinecone, and AWS S3 are loaded from environment variables, which is good practice. Input schemas for tool functions are validated using Zod, mitigating some input-related risks. Image processing uses the Jimp library for text overlay, a common and generally safe image manipulation tool. The scraper component, a prerequisite for generating the 'memes.json' data, utilizes Selenium and fetches external content from imgflip.com. While Selenium can introduce a larger attack surface if not properly isolated, it operates as an offline data preparation step and sanitizes filenames. There is a theoretical potential for Server-Side Request Forgery (SSRF) if the 'memes.json' file (which is generated by the trusted scraper) were maliciously altered to contain arbitrary 'image_url' values pointing to internal network resources; however, the server itself loads this file locally.
Updated: 2025-12-16GitHub
0
0
Low Cost
pangeacyber icon

pangea-mcp-server

by pangeacyber

Sec9

Integrates various Pangea security services as tools for AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js v24.11.0 or greater.
  • ⚠️Requires a Pangea account and API tokens configured with access to AI Guard, Domain Intel, Embargo, IP Intel, Redact, Secure Audit Log, URL Intel, and Vault services. The primary token must be stored in Pangea Vault.
  • ⚠️Requires a Pangea Secure Audit Log configuration with a 'Standard Audit Log Config' schema.
  • ⚠️If Pangea AuthN is enabled (--authn flag), additional Pangea AuthN client setup is required in the Pangea console.
Verified SafeView Analysis
The server implements strong security practices by integrating Pangea's AI Guard for both pre-tool input and post-tool output validation and redaction, significantly reducing risks like prompt injection or data leakage. Sensitive Pangea API tokens are securely fetched from Pangea Vault at runtime, rather than being hardcoded or directly exposed as environment variables. OAuth client secrets for authentication are also stored in Vault. No 'eval' or similar dangerous code execution patterns were found. Network risks are managed through explicit HTTP transport with optional Pangea AuthN for access control. The hardcoded Pangea domain is a configuration, not a vulnerability. Overall, a well-secured application.
Updated: 2026-01-18GitHub
0
0
Medium Cost
myraffy icon

homelab-mcp

by myraffy

Sec6

Manage and monitor homelab infrastructure including Docker/Podman, Ollama AI, Pi-hole DNS, Unifi networks, Ansible inventory, and UPS systems through an MCP-compatible server.

Setup Requirements

  • ⚠️Requires Ansible Inventory (`ansible_hosts.yml`) to be configured and mounted, OR individual environment variables for each service (Docker/Podman, Ollama, Pi-hole, Unifi, Ping, UPS).
  • ⚠️Requires direct network access from the server to your homelab services (Docker/Podman API, Ollama API, Pi-hole API, Unifi Controller, NUT servers). In Docker, this often means `network_mode: host`.
  • ⚠️API keys/passwords are required for many integrations (e.g., Pi-hole API, Unifi API, NUT authentication) and must be securely configured via environment variables or Ansible Vault.
  • ⚠️Running the Ping MCP server in Docker containers requires granting the `NET_RAW` capability (`--cap-add=NET_RAW`).
Verified SafeView Analysis
The project demonstrates strong security awareness through comprehensive documentation (SECURITY.md, pre_publish_check.py) and a pre-push Git hook to prevent accidental exposure of sensitive data. It explicitly warns about the inherent security risks of some services (e.g., Docker/Podman APIs often using unencrypted HTTP without authentication) and provides mitigation strategies like firewall rules and TLS. However, some key services, such as the Unifi exporter, by default disable SSL verification for HTTPS connections (`verify_ssl=False`, `urllib3.disable_warnings`), which is a significant security vulnerability to Man-in-the-Middle attacks. Other integrations primarily use unencrypted HTTP, relying on network isolation for security. While risks are acknowledged and documented, the default insecure network settings for Unifi are a notable concern.
Updated: 2026-01-19GitHub
0
0
Medium Cost
meetsandeepan icon

aria-mcp-server

by meetsandeepan

Sec8

The server acts as a Model Context Protocol (MCP) gateway to the ARIA Access API, enabling comprehensive management of healthcare data including patient demographics, appointments, billing, and radiation therapy.

Setup Requirements

  • ⚠️Requires ARIA Access API credentials (base URL, client ID, client secret, username, password) to be configured via environment variables.
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Relies on the `@modelcontextprotocol/sdk` for its server framework, implying interaction with an MCP client/orchestrator.
Verified SafeView Analysis
The server handles sensitive healthcare data and authenticates with an external ARIA Access API using credentials from environment variables. There are no obvious signs of 'eval' or malicious code patterns. Authentication tokens are managed with automatic refresh. The primary security consideration is ensuring the `ARIA_BASE_URL` points to a trusted ARIA instance and that all environment variables holding credentials are securely managed.
Updated: 2025-11-28GitHub
0
0
Medium Cost
SvenTern icon

mcp_email

by SvenTern

Sec7

A Streamable HTTP/SSE wrapper that provides MCP tools for comprehensive IMAP/SMTP email management, including account setup, email operations, folder management, and advanced sorting rules.

Setup Requirements

  • ⚠️Requires separate Node.js-based 'imap-mcp-server' to be installed and built, as this server acts as a Python wrapper around it.
  • ⚠️Email providers like Gmail/Yandex require 'App Passwords' (not main passwords) and potentially 2FA to be enabled for IMAP/SMTP access.
  • ⚠️Remote deployment is recommended via Docker and `docker-compose`, requiring Docker environment setup.
  • ⚠️Requires persistent Docker volumes for AES-256 encrypted IMAP account credentials.
Verified SafeView Analysis
The application itself implements good security practices, such as recommending App Passwords (not main passwords) for email providers and using AES-256 encryption for storing credentials in Docker volumes. Attachment downloads use temporary, single-use tokens. However, the provided deployment documentation and scripts contain hardcoded SSH passwords, which is a critical security vulnerability for the deployment process itself. Additionally, the README explicitly states 'CORS: Включен для всех источников' (CORS: Enabled for all sources), which can be a significant risk if not adequately mitigated by a robust reverse proxy (like Nginx with strict origin validation). The Python wrapper communicates with an underlying Node.js IMAP server via STDIO, which is generally secure for inter-process communication.
Updated: 2026-01-17GitHub
0
0
Low Cost
iogi icon
Sec5

Deploys an authentication-less Remote Model Context Protocol (MCP) server on Cloudflare Workers, providing basic calculator tools for AI agents.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment.
  • ⚠️Requires Node.js, npm, and Cloudflare Wrangler CLI for local development and deployment.
  • ⚠️The server is intentionally deployed without authentication. This is suitable for a demo or local testing, but highly insecure for public production use without implementing additional security measures.
Verified SafeView Analysis
The server is explicitly designed 'without authentication' for demonstration purposes, as stated in the README. While this simplicity enables easy setup for testing, deploying such a server publicly without adding proper authentication mechanisms (e.g., API keys, OAuth) would be a critical security vulnerability, allowing anyone to access and use its tools. The code itself performs input validation using Zod schemas for the defined tools, and no obvious code-level vulnerabilities like RCE or hardcoded secrets are present.
Updated: 2025-12-01GitHub
0
0
High Cost
jbandu icon

routes-mcp

by jbandu

Sec9

This server provides intelligent route network analysis, optimization, and competitive intelligence for airline operations, serving as a canonical source of truth for planning and strategic insights.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0, PostgreSQL >= 14, and Neo4j >= 5.0 (Neo4j is optional but recommended for full functionality).
  • ⚠️Requires Ollama to be running locally (if LLM_MODE is 'ollama') or an Anthropic Claude API key for AI-powered analysis.
  • ⚠️Initial database setup involves multiple manual steps: creating the PostgreSQL database, running migrations (`npm run db:migrate`), and seeding sample data (`npm run db:seed`).
Verified SafeView Analysis
The server demonstrates good security practices by using parameterized queries for PostgreSQL interactions, preventing SQL injection vulnerabilities. Environment variables are properly externalized via `.env` for sensitive configurations like database credentials and API keys. Integration points for external MCPs (Aircraft, Crew) and external APIs (FlightAware, OAG, LLMs) are noted, with some currently using mock data, indicating a structured approach to external dependencies. While the eventual implementation of these external calls and LLM integrations could introduce new attack vectors (e.g., SSRF, prompt injection), the core framework itself does not show any obvious immediate security flaws like 'eval' or hardcoded secrets.
Updated: 2025-11-28GitHub
0
0
Medium Cost
ani-me-sh icon

test-remote-server

by ani-me-sh

Sec9

A personal expense tracking server providing tools to add, list, and summarize financial entries.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Expense data stored in the database will be lost when the system restarts, as it uses a temporary directory for the SQLite database.
Verified SafeView Analysis
The server uses parameterized SQL queries, which prevents SQL injection vulnerabilities. No 'eval' or similar dangerous dynamic code execution is present. No hardcoded sensitive secrets were found. The database is stored in a temporary directory, which means data will be lost on system restart; while not a security vulnerability per se, it's a critical operational consideration for data persistence. The FastMCP server listens on all interfaces (0.0.0.0) on port 8000, which is standard but means it's publicly accessible if not protected by a firewall.
Updated: 2025-11-19GitHub
0
0
Medium Cost
tbelfort icon
Sec9

Fetches structured Google SERP (Search Engine Results Page) data from Serper.dev for SEO agents or any application requiring programmatic access to search results.

Setup Requirements

  • ⚠️Requires a Serper.dev API Key (Serper.dev is a paid service).
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Only stdio transport is supported; HTTP transport is a stub and not functional.
Verified SafeView Analysis
The server demonstrates good security practices: - `SERPER_API_KEY` is loaded from environment variables and explicitly checked for existence before use, preventing hardcoding. - Logging redaction is implemented via `RedactingJsonFormatter` and `redact_mapping` to prevent sensitive data from appearing in logs. - The HTTP transport is explicitly marked as a 'stub' and raises a `NotImplementedError`, preventing unhardened HTTP endpoints from being accidentally exposed. - The primary transport is stdio, which is generally safer for inter-process communication. - Input validation with Pydantic schemas is used for tool arguments, mitigating injection risks. - Concurrency limits and request timeouts are configurable, helping prevent resource exhaustion.
Updated: 2025-11-21GitHub
PreviousPage 523 of 713Next