Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
AuraFriday icon

llm_mcp

by AuraFriday

Sec8

Provides a local, offline LLM inference server with integrated tool-calling capabilities for the MCP ecosystem, enabling autonomous AI agents without cloud dependencies.

Setup Requirements

  • ⚠️Initial setup requires network access for downloading PyTorch, Transformers, and LLM models from HuggingFace Hub.
  • ⚠️Automatic PyTorch installation or upgrade may uninstall existing CPU-only versions and install CUDA versions, potentially requiring a server restart.
  • ⚠️Optimal performance necessitates an NVIDIA GPU with CUDA for larger models.
Verified SafeView Analysis
The server performs auto-installation/upgrade of PyTorch and Transformers via `pip`, potentially uninstalling existing Python packages, and downloads models from HuggingFace Hub, which requires network access and trust in those upstream sources. It also triggers internal server restarts (`mcp_bridge.call("server_control", {"operation": "restart"})`). The `tool_unlock_token` provides a local access control mechanism for operations.
Updated: 2025-12-02GitHub
0
0
Medium Cost
gillesdelhaes icon

AppleNotesMCP

by gillesdelhaes

Sec8

Enables AI assistants to interact with Apple Notes on macOS, providing comprehensive notes management (CRUD) and advanced semantic search capabilities through Retrieval-Augmented Generation (RAG).

Setup Requirements

  • ⚠️Requires macOS operating system and the Apple Notes application to be installed and configured.
  • ⚠️Manual setup of macOS Automation permissions for your MCP client to control Apple Notes is necessary.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️RAG features necessitate a one-time download of an ~80MB embedding model and consume local CPU/RAM for indexing and searching.
Verified SafeView Analysis
The server operates entirely locally, with no data leaving the Mac. Interactions with Apple Notes are handled via AppleScript executed through `osascript`. The `escape_applescript_string` function correctly sanitizes user-provided input by escaping quotes and backslashes, significantly mitigating AppleScript injection risks. All AppleScript commands are confined within the 'Notes' application context, limiting potential impact. The RAG component downloads a local embedding model but does not involve external cloud services for processing note content. macOS Automation permissions are required and managed by the user.
Updated: 2025-11-27GitHub
0
0
Medium Cost
cucinellclark icon

bvbrc-mcp-server

by cucinellclark

Sec4

This server provides a unified Model Context Protocol (MCP) interface for the Bacterial-Viral Bioinformatics Resource Center (BV-BRC), enabling AI models to query biological data, submit analysis jobs, and manage workspace files programmatically.

Setup Requirements

  • ⚠️Requires a BV-BRC (formerly PATRIC) account for authentication and operation. An initial login step is required to generate an authentication token.
  • ⚠️The `install.sh` script attempts to clone and install a dependency (`bvbrc-python-api`) from a private GitHub repository (`git@github.com:cucinellclark/bvbrc-python-api.git`), which will fail without appropriate SSH key access or if the repository is not public.
  • ⚠️Requires `npm` and `@anthropic-ai/mcpb` CLI for packing the extension if installing as a Claude extension.
  • ⚠️The HTTP server is configured to listen on a specific IP address and port (`config.json` shows `140.221.78.67:12007`), implying it's intended for remote access and requires proper network configuration (e.g., firewall rules, DNS) for external MCP clients like ChatGPT or Claude.
Review RequiredView Analysis
The server has a critical file disclosure vulnerability. The `workspace_upload` tool accepts a `filename` parameter, which is then used by the `_upload_file_to_url` function to read a file from the *local filesystem of the server itself*. If a malicious user (or LLM) provides an arbitrary path for `filename` (e.g., `/etc/passwd` or `/root/.ssh/id_rsa`), the server could read and upload these sensitive files to the user's workspace, assuming the server process has read permissions. Additionally, the `create_feature_group` tool includes a heuristic fix for feature IDs that attempts to insert a '.' character, which, while not a direct vulnerability, is a code smell that could silently alter valid user input if it doesn't conform to the expected pattern. Authentication relies on a specific PATRIC token format parsed by string manipulation, which could be brittle if the format changes unexpectedly.
Updated: 2025-12-16GitHub
0
0
Low Cost
secretaleph icon

yeelight-mcp

by secretaleph

Sec9

Controls Yeelight smart lamps on a local network via an MCP server, allowing AI assistants like Claude to manage them through natural language commands.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Yeelight devices must have 'LAN Control' enabled in the Yeelight app.
  • ⚠️Manual configuration of Claude Desktop's 'claude_desktop_config.json' is necessary.
  • ⚠️Potential firewall issues: UDP port for discovery, TCP port 55443 for device control.
Verified SafeView Analysis
The server employs a split architecture where an HTTP proxy handles network communication and an MCP client communicates with the AI assistant via localhost. This design effectively sandboxes the AI client. No 'eval' or other direct code execution from user input is apparent. No hardcoded secrets were found. The 'start.sh' script uses `kill -9` for cleanup, typical for local utility scripts. The README notes that the Yeelight LAN protocol itself is unencrypted, which is a protocol limitation, not a vulnerability in this server's code.
Updated: 2025-11-26GitHub
0
0
Medium Cost
upandacross icon

codebase-mcp-server

by upandacross

Sec9

Provides intelligent search and navigation capabilities for Python, SQL, and Markdown codebases to help LLMs and AI assistants understand and explore large codebases efficiently.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Requires manual configuration (e.g., `.vscode/mcp.json` or `claude_desktop_config.json`) specifying absolute paths for the Python executable and `server.py`.
  • ⚠️The `--codebase` argument, intended to specify the project root for indexing, is currently ignored due to hardcoded `PROJECT_ROOT = Path(__file__).parent.parent.parent` in `server.py` and `indexer.py`. This means the server will always attempt to index a directory two levels above its own location, regardless of the user's `--codebase` input. This is a functional flaw.
  • ⚠️Enabling optional embeddings functionality requires additional heavy dependencies like `sentence-transformers` and `torch`, which can significantly increase installation size and memory usage.
Verified SafeView Analysis
The server uses `ast.parse` for Python code, which safely generates an Abstract Syntax Tree without executing the code. SQL parsing relies on regular expressions for metadata extraction, not direct SQL execution. User input for tool calls (e.g., query, filepaths, component types) is used for string matching and filtering, not direct command execution. There are no obvious `eval()` or `exec()` calls, nor direct `subprocess` calls. No hardcoded secrets were found. The primary security model relies on the underlying MCP framework for IPC, assuming it's secure. The server does not expose network ports directly; it communicates via standard I/O.
Updated: 2025-11-21GitHub
0
0
Low Cost
consigcody94 icon

linear-flow

by consigcody94

Sec9

Automates Linear project management tasks such as issue creation, cycle tracking, and label management using natural language commands.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed.
  • ⚠️A Linear account with a personal API key is mandatory for authentication, which grants full workspace access.
  • ⚠️Requires Claude Desktop for configuration and execution as an MCP server.
Verified SafeView Analysis
The server securely retrieves the Linear API key from environment variables, preventing hardcoding. It uses the official Linear SDK and JSON Schema for input validation, reducing arbitrary code execution risks. Error handling is present. The primary security consideration is that the Linear API key itself grants 'full workspace access' to the Linear account, as noted in the README, making it a powerful credential that must be protected externally.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Shreykhanna icon

gmail-mcp-server

by Shreykhanna

Sec4

Integrate Gmail and Google Calendar functionalities into AI agents via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with Gmail and Calendar APIs enabled to generate `credentials.json`.
  • ⚠️Requires an initial OAuth2 authentication flow (handled by `@google-cloud/local-auth`) to generate `token.json`.
  • ⚠️The `send_email` tool is hardcoded to send emails from a specific Gmail address (`shrey.khanna.au@gmail.com`), preventing it from sending emails on behalf of the authenticated user.
Verified SafeView Analysis
The most critical security/functional flaw is in `src/send/sendEmail.ts`, where the `userId` for sending an email is hardcoded to `"shrey.khanna.au@gmail.com"` instead of using the authenticated user's ID (`"me"`). This means all emails sent via the 'send_email' tool will originate from this hardcoded address, regardless of who authenticates the Gmail API access. This is a significant impersonation risk or a functional bug that prevents multi-user support. Additionally, `src/read/readGmail.ts` uses `process.exit(1)` upon failure, which can abruptly terminate the server. Credentials are read from local files (`credentials.json`, `token.json`) at fixed paths derived from `process.cwd()`, which requires careful handling of these files to prevent unauthorized access. No `eval` or obfuscation was found.
Updated: 2026-01-18GitHub
0
0
Low Cost
consigcody94 icon

studio-pilot

by consigcody94

Sec9

Controls Ableton Live with natural language using an MCP server for AI-assisted music production.

Setup Requirements

  • ⚠️Requires Ableton Live 10+ with a third-party OSC remote script (AbletonOSC/LiveOSC) installed and configured in Ableton's MIDI preferences.
  • ⚠️Requires Node.js 16+ to be installed.
  • ⚠️Requires an MCP-compatible LLM client (e.g., Claude Desktop) to be installed and configured with specific JSON settings to recognize and invoke this server.
Verified SafeView Analysis
The server binds its OSC receive port to '0.0.0.0' by default, meaning it listens on all network interfaces. While necessary for some network configurations (e.g., controlling a remote Ableton instance), users should ensure their firewall properly restricts access if not intended for external network exposure. No 'eval' or obvious malicious code patterns were found. Uses environment variables for configuration, preventing hardcoded secrets. Relies on the security of the underlying 'node-osc' library and AbletonOSC remote script.
Updated: 2025-11-20GitHub
0
0
High Cost

RunFromRun

by dumpling815

Sec7

This server analyzes stablecoin off-chain reserve risk and on-chain market/behavioral risk by parsing PDF reports and collecting on-chain data to calculate integrated risk scores (FRRS, OHS, TRS).

Setup Requirements

  • ⚠️Docker engine must be running.
  • ⚠️Ollama must be installed locally with specified models downloaded and mounted.
  • ⚠️Node.js and npx are required for the Claude Desktop integration script.
  • ⚠️Requires Python 3.12+.
  • ⚠️CoinGecko Demo API Key is mandatory.
  • ⚠️Host directories for PDF caching and Ollama models need to be manually created and mounted.
Verified SafeView Analysis
The system processes untrusted PDF files using Camelot and img2table, which can be an attack surface if the PDFs are malicious, though Docker isolation mitigates some risks. It interacts with numerous external APIs (CoinGecko, OpenFIGI, various blockchain RPCs) and a local Ollama LLM, which introduces inherent network and potential prompt injection risks. However, the code avoids 'eval' or similar dangerous functions on untrusted input, uses `yaml.full_load` for configuration, and handles API keys via environment variables, demonstrating good security practices for its domain.
Updated: 2025-11-29GitHub
0
0
Low Cost
enzokamal icon

mcp-mssql-server

by enzokamal

Sec3

Connects to an MS SQL database to expose tables as resources and execute arbitrary SQL queries via an MCP (Multi-Modal Compute Platform) server.

Setup Requirements

  • ⚠️Requires access to an MS SQL Server instance.
  • ⚠️Requires `pymssql` and MCP dependencies to be installed.
  • ⚠️Relies heavily on environment variables for database configuration.
Review RequiredView Analysis
The `call_tool` function directly executes arbitrary SQL queries provided by the client via `cursor.execute(query)`, making it highly vulnerable to SQL injection and unauthorized database operations (read, write, delete, DDL) if exposed to untrusted input without additional, robust input sanitization and authorization layers. While environment variables are used for credentials (good practice), the core functionality of executing arbitrary SQL is a significant security risk. The `read_resource` function uses `validate_table_name` which helps prevent basic table name injection, but the `call_tool` functionality remains critical.
Updated: 2025-12-11GitHub
0
0
Low Cost
Emeenent14 icon

relay

by Emeenent14

Sec5

Relay is a desktop application for managing Model Context Protocol (MCP) servers, enabling users to configure, enable/disable, and export these servers for AI applications like Claude Desktop.

Setup Requirements

  • ⚠️Requires Node.js v18+ to run the frontend build and development server.
  • ⚠️Requires Rust toolchain (rustc, cargo) for the backend compilation.
  • ⚠️Requires platform-specific build tools (e.g., Visual Studio C++ Build Tools on Windows, Xcode Command Line Tools on macOS, `libwebkit2gtk-4.0-dev build-essential` on Linux) due to its Tauri framework.
Verified SafeView Analysis
The primary security consideration is that Relay's core functionality involves allowing users to define and execute arbitrary commands and arguments for the MCP servers it manages. While essential for its purpose, this grants a high degree of control over the user's system, meaning users must exercise extreme caution when adding or configuring servers, as malicious or improperly configured commands could lead to unintended system access or data manipulation. Additionally, the current implementation (based on `src-tauri/src/models/server.rs` and `src-tauri/src/commands/servers.rs`) stores environment variables (`env`) as plain JSON strings within the local SQLite database. If these `env` strings contain sensitive credentials (e.g., API keys, tokens), they would be stored unencrypted, posing a risk if the local database file is compromised. Although `docs/03-API-SPECIFICATION.md` mentions `env_credentials` and a `KeychainService` for more secure storage, these are not fully implemented in the provided Rust backend code for server CRUD operations, indicating a potential vulnerability for sensitive data.
Updated: 2026-01-17GitHub
0
0
Medium Cost
prepmonk icon

iwx-mcp-server

by prepmonk

Sec5

Provides a Microservice Communication Protocol (MCP) server to expose Infoworks data management tools via a unified API.

Setup Requirements

  • ⚠️Requires `IWX_REFRESH_TOKEN` environment variable
  • ⚠️Requires `IWX_BASE_URL` environment variable pointing to an Infoworks API instance
  • ⚠️Disables SSL certificate verification (`verify=False`) for upstream Infoworks API calls, which is a critical security vulnerability and should be addressed before production use.
Review RequiredView Analysis
Disables SSL certificate verification (`verify=False`) when making upstream API calls to the Infoworks system, making it vulnerable to Man-in-the-Middle attacks. It relies on environment variables (`IWX_REFRESH_TOKEN`, `IWX_BASE_URL`) for sensitive credentials, which is good practice if those variables are securely managed. Error responses from the upstream API could potentially expose sensitive information through logged full response texts.
Updated: 2025-12-01GitHub
PreviousPage 527 of 713Next