Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
ry-ops icon
Sec8

Provides a Model Context Protocol (MCP) server for AI assistants to manage CheckMK monitoring systems, including hosts, folders, services, and configurations.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires `uv` package manager, which the `setup.sh` attempts to install via `curl | sh`, a method that might be restricted or undesirable in some environments. Manual installation may be needed.
  • ⚠️Requires access to an existing CheckMK instance (version 2.0+) and an automation user with appropriate permissions configured on that instance.
Verified SafeView Analysis
The server uses `os.getenv` for sensitive credentials (CheckMK URL, username, password, site), which is a good practice. No direct `eval` or `exec` commands are observed in the core `server.py` logic. The `httpx` library is used for API communication. The setup script uses `curl | sh` for `uv` installation, which is a common pattern but carries inherent risk if the source is compromised. The server itself is designed for local stdio transport, limiting external network attack surface.
Updated: 2025-12-03GitHub
0
0
High Cost
RoyRushreeta icon
Sec2

Orchestrates a multi-agent loop to answer user queries by leveraging Google Gemini models, MCP tool servers, and a retrieval pipeline.

Setup Requirements

  • ⚠️Requires `GEMINI_API_KEY` environment variable for Google Gemini API access (a paid service).
  • ⚠️Requires a local Ollama server running with specific models installed (`nomic-embed-text`, `gemma3:12b`, `phi4:latest`, `qwen2.5:32b-instruct-q4_0`) for RAG and semantic chunking.
  • ⚠️The `cwd` paths in `config/mcp_server_config.yaml` are hardcoded to absolute Windows paths (e.g., `C:/Users/Rushreeta Roy/...`) and MUST be updated to reflect the user's local environment.
  • ⚠️Requires Python >= 3.11.
Review RequiredView Analysis
The `action/executor.py` module, which is responsible for running user-generated Python code in a sandbox, includes `__import__` in its `__builtins__` for `exec`. This allows arbitrary modules (e.g., `os`, `subprocess`) to be imported and executed by user-provided code, effectively bypassing any intended sandboxing and leading to full system compromise. Hardcoded absolute Windows paths in `config/mcp_server_config.yaml` also pose a slight risk if not correctly managed in a multi-user environment, but the `__import__` vulnerability is critical.
Updated: 2025-11-27GitHub
0
0
Medium Cost
Traia-IO icon
Sec8

Provides an MCP (Model Context Protocol) server to enable AI agents and LLMs to interact with the asddsaadsadssad API.

Setup Requirements

  • ⚠️Requires Docker for recommended setup, utilizing `run_local_docker.sh` to build and run the container.
  • ⚠️Requires configuration of D402 payment protocol environment variables (e.g., SERVER_ADDRESS, MCP_OPERATOR_PRIVATE_KEY, D402_FACILITATOR_URL), which may involve blockchain wallet setup and management.
  • ⚠️Python 3.12 or newer is specified as a requirement in `pyproject.toml`.
  • ⚠️The `run_local_docker.sh` script modifies `pyproject.toml` and attempts to locate a local `traia-iatp` project, which might cause friction if the path is not correctly configured or if `rsync` is unavailable.
Verified SafeView Analysis
The server uses environment variables for sensitive data like `MCP_OPERATOR_PRIVATE_KEY` and `D402_FACILITATOR_API_KEY`. The `run_local_docker.sh` script generates placeholder private keys for local development, which is convenient but highlights the need for secure secret management in production. The D402 payment protocol relies on blockchain transactions (involving `TokenAmount` and `TokenAsset`), requiring proper configuration of addresses and private keys. There are no obvious 'eval' or obfuscation risks. Network exposure is controlled to standard HTTP ports.
Updated: 2025-12-03GitHub
0
0
Low Cost
Ericwyn icon

mcp-partner

by Ericwyn

Sec8

A Postman-like client for testing and interacting with Model Context Protocol (MCP) servers via Server-Sent Events (SSE) or Streamable HTTP.

Setup Requirements

  • ⚠️Requires an existing Model Context Protocol (MCP) server to connect to.
  • ⚠️Web browser CORS (Cross-Origin Resource Sharing) policies can prevent direct connection to local or different-domain MCP servers; users may need to enable the built-in proxy (if on Vercel), use a public proxy, or run a local proxy (like Pancors).
  • ⚠️The built-in '/cors' proxy functionality is only available when deployed on Vercel; GitHub Pages deployments will need an external proxy.
Verified SafeView Analysis
The application is primarily a client-side React application. The included 'api/cors.ts' file implements a generic CORS proxy (Edge Function). While the proxy code includes measures to filter potentially unsafe headers and validates the target URL, it is an open proxy without authentication, authorization, or rate-limiting. If deployed publicly, this proxy could be abused. However, the application's main purpose is to debug CORS issues, and it explicitly provides this proxy functionality or suggests using public/local alternatives. There are no 'eval' statements, obfuscation, hardcoded secrets, or immediate malicious patterns identified within the provided source code snippets.
Updated: 2025-12-09GitHub
0
0
Low Cost
turmex icon
Sec4

The AI Assistant provides a local-first conversational interface, enabling users to chat with LLMs directly in their browser via WebLLM (WebGPU) or locally using an Ollama server. It features intelligent model management, hardware-aware recommendations, and token optimization for efficient conversation.

Setup Requirements

  • ⚠️Requires Ollama to be installed and running locally for server-based models (`ollama serve`).
  • ⚠️Requires Chrome 113+ or Edge 113+ with WebGPU support for browser-based (WebLLM) inference.
  • ⚠️Requires Python 3.8+.
Verified SafeView Analysis
API keys are stored in browser localStorage with base64 obfuscation, which is explicitly noted as 'not encryption' and easily discoverable. CORS is configured permissively for MVP and requires restriction in production. The `launch.sh` script uses `kill -9` to free ports, which could be risky if misused, though it's contextualized for local cleanup.
Updated: 2025-11-20GitHub
0
0
Medium Cost
mendesrobson icon
Sec1

A server designed for managing or facilitating review processes related to GitHub repositories.

Review RequiredView Analysis
No source code was provided for analysis. Therefore, a comprehensive security audit is not possible, and potential risks such as 'eval' usage, code obfuscation, network vulnerabilities, hardcoded secrets, or malicious patterns cannot be identified. The lowest possible score is assigned due to the inability to verify the safety and security of the application.
Updated: 2025-11-19GitHub
0
0
Medium Cost
donbr icon
Sec6

Provides AI agents with persistent, temporally-aware knowledge graph memory through episodic ingestion, entity extraction, and semantic search.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the recommended default setup (or a running Neo4j/FalkorDB instance).
  • ⚠️Requires API keys for LLM (e.g., OPENAI_API_KEY) and Embedder (e.g., OpenAI).
  • ⚠️Requires Python 3.10+ and the `uv` package manager.
  • ⚠️Tuning `SEMAPHORE_LIMIT` is critical to avoid LLM rate limits (429 errors) and manage API costs, as episode ingestion involves multiple LLM calls.
  • ⚠️Database connection issues (e.g., 'Connection refused') are common setup friction points.
  • ⚠️The default Neo4j password 'demodemo' in config files should be changed for production.
Verified SafeView Analysis
The server exposes powerful graph CRUD operations (e.g., `clear_graph`) as MCP tools, which can delete all data if not properly managed or confirmed. The multi-agent migration system, defined by JSON manifests, explicitly grants `Read`, `Write`, and `Bash` permissions to file systems and allows interaction with multiple MCP servers, significantly increasing the attack surface in unconstrained agentic environments. The default `NEO4J_PASSWORD` in `config/schema.py` is 'demodemo', which is a weak default but can be overridden. Critical safety rules are mentioned in agent prompts to mitigate risks, indicating an awareness of potential issues.
Updated: 2025-12-13GitHub
0
0
Low Cost
abhishekkhasgiwala icon

mcp

by abhishekkhasgiwala

Sec3

An MCP server that exposes Activiti BPM case and transaction data as AI-consumable tools for IDE-integrated, natural language case analysis.

Setup Requirements

  • ⚠️Requires Docker to run the PostgreSQL database (`activiti-bpm-docker/docker-compose.yml`).
  • ⚠️Requires Java 17 runtime environment.
  • ⚠️Hardcoded database credentials make it unsafe for production environments without modification.
Review RequiredView Analysis
CRITICAL: Database credentials (username 'activiti', password 'activiti') are hardcoded in `application.yaml`. This is a severe security risk and should be replaced with environment variables or a secrets management solution in any non-development environment. While `JdbcTemplate` uses prepared statements for the `get_case_summary` tool, mitigating SQL injection for that specific query, the general `McpTool` interface does not inherently enforce this, meaning future tools could introduce SQL injection vulnerabilities if not carefully implemented.
Updated: 2026-01-17GitHub
0
0
Low Cost
maybleeess-collab icon
Sec9

Interacting with the Ethereum blockchain for balance queries, token price fetching, and Uniswap V3 swap simulations.

Setup Requirements

  • ⚠️Requires an Ethereum RPC URL (e.g., from Alchemy or Infura), which may be a paid service or have rate limits.
  • ⚠️Requires a private key for signing transactions/simulations, which must be kept secure.
  • ⚠️Communication is via Stdio, not a typical HTTP API, which may require specific integration patterns.
Verified SafeView Analysis
The server uses environment variables for sensitive data like `ETHEREUM_RPC_URL` and `PRIVATE_KEY`, which is a good practice. It explicitly performs swap *simulations* (read-only `eth_call`) and returns calldata for agents to sign and broadcast, preventing the server from directly executing trades. The use of `rust_decimal` prevents floating-point inaccuracies for financial calculations. There are no obvious malicious patterns or dynamic code execution (like `eval`) found. The server communicates via Stdio, reducing its direct network attack surface, but the underlying RPC interactions still rely on secure communication with the Ethereum node.
Updated: 2025-11-30GitHub
0
0
Low Cost
Ch1nyzzz icon
Sec8

Automates AI-assisted software development workflows by managing project initialization, documentation (PRD/GDD, tech stack, architecture, changelog), and progress tracking within a 'memory-bank' directory.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires `fastmcp` library (`pip install fastmcp`).
  • ⚠️Requires manual configuration for AI tools (e.g., Claude Code/Desktop, Codex CLI) to register the MCP server with the correct file path.
Verified SafeView Analysis
The server's tools interact with the local file system (read/write markdown files, create directories) primarily within a 'memory-bank' directory relative to a `base_path`. There are no 'eval', 'exec', or direct network risks observed. The primary risk would be if a compromised AI agent intentionally manipulates `base_path` or `document_name` arguments to access or modify files outside the intended project scope, which is a general risk for any agent with file system access. However, the tools themselves do not introduce arbitrary code execution vulnerabilities.
Updated: 2025-12-05GitHub
0
0
Medium Cost
RealGustavoHerrera icon

mcp-basics

by RealGustavoHerrera

Sec9

A minimal example of building an MCP client and server in Python for connecting AI models to external tools and data, demonstrating AI agent capabilities.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires manual creation of a `.env` file for the API key
  • ⚠️Requires Python 3 environment and `pip install -r requirements.txt`
Verified SafeView Analysis
The server runs locally as a subprocess of the client, communicating via stdin/stdout, which limits network exposure. OpenAI API key is loaded from a `.env` file, following good security practice for secrets. File I/O for resources is handled safely. The main theoretical risk would be if a malicious `server_path` were provided to the client without robust validation, but in the context of this project, it's designed to run its own trusted server script.
Updated: 2026-01-19GitHub
0
0
Medium Cost
nsklikas icon

juju-mcp

by nsklikas

Sec1

Enables LLMs to interact with and manage Juju environments by exposing CLI commands as Model Context Protocol (MCP) tools.

Setup Requirements

  • ⚠️Requires Juju CLI installed and available in system PATH.
  • ⚠️Requires Kubectl CLI installed and available in system PATH.
  • ⚠️Requires being logged in to a Juju controller (juju login).
Review RequiredView Analysis
The `exec_workload_command` tool, when not in read-only mode, allows arbitrary shell commands to be executed on workload containers via `kubectl exec -- /bin/sh -c {command}`. This poses a severe command injection risk, enabling remote code execution within the Juju environment. Additionally, `read_workload_file` constructs a Python script string with user-provided `file_path` and `container_name`, which could potentially be exploited through complex string injection if not adequately escaped by `juju ssh` or Pebble's API. The server also relies heavily on `juju` and `kubectl` binaries, operating with the privileges of the user running the server, making robust input sanitization crucial for all tool parameters. Running in `--read-only` mode mitigates some risks, but the fundamental `exec_workload_command` vulnerability exists if not enabled.
Updated: 2025-12-08GitHub
PreviousPage 528 of 713Next