Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
MoQiii icon
Sec8

A Model Context Protocol (MCP) server for managing geographical tasks, designed to integrate with AI assistants.

Setup Requirements

  • ⚠️Requires a separate 'geo_task_server' backend running at http://localhost:8080.
  • ⚠️The MCP server is configured to listen on a specific IP address (10.16.37.211:8081) in the `simple_mcp_server.py`, which may require network configuration depending on the deployment environment.
  • ⚠️Python 3.8+ is required.
Verified SafeView Analysis
The server binds to a specific IP address (10.16.37.211) rather than localhost or 0.0.0.0, which can be restrictive but is not inherently insecure. Data validation is performed using Pydantic, which enhances input safety. The `openapi_client` deserializes JSON responses, but this is mitigated by using Pydantic models for structured data. No 'eval', 'exec', or hardcoded secrets were found in the provided code snippets. Overall security relies on the robustness of the underlying FastMCP framework and the external 'geo_task_server' backend.
Updated: 2025-12-06GitHub
0
0
Medium Cost
GadgetFactory icon

papilio_mcp_server

by GadgetFactory

Sec7

Enables AI assistants to directly control and debug the Papilio Arcade FPGA board via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires `pyserial` and `opencv-python` Python packages installed. `opencv-python` can sometimes have complex installation requirements.
  • ⚠️Requires a correctly configured serial port (e.g., COM4, /dev/ttyUSB0) connection to the Papilio Arcade board, which may need to be specified via command-line arguments.
  • ⚠️The Papilio Arcade FPGA board must be running compatible firmware with the `PAPILIO_MCP_ENABLED` flag defined for the debug features to be active.
Verified SafeView Analysis
The server operates over standard I/O (stdio), limiting direct external network exposure. It does not use `eval` or exhibit obfuscation. However, as a hardware debugging tool, it inherently provides low-level control which, if compromised, could be misused: - **Wishbone Bus Access**: Direct read/write access to FPGA registers, allowing manipulation of hardware state. - **JTAG Bridge**: Ability to enable/disable JTAG passthrough for FPGA programming, a significant control plane access. - **Webcam Access**: The screenshot feature uses `opencv-python` to access a webcam, which is explicitly for capturing HDMI output but still involves webcam control. These capabilities are features necessary for its intended debugging purpose, but represent powerful access to hardware and local resources if the controlling AI agent or host system is compromised.
Updated: 2025-12-13GitHub
0
0
Medium Cost
yashas224 icon
Sec8

An AI-powered help desk ticket management system that allows an LLM to create and retrieve support tickets.

Setup Requirements

  • ⚠️Requires a relational database (e.g., H2, PostgreSQL, MySQL) to persist ticket data.
  • ⚠️If integrated with an external LLM via Spring AI, an API key for the respective AI model service (e.g., OpenAI) will be required for full functionality.
Verified SafeView Analysis
The provided source code does not contain 'eval', obfuscation, or hardcoded secrets. It uses Spring Data JPA which generally prevents SQL injection. Input validation for `TicketRequest` fields is not explicitly shown but is a general application best practice. No critical security vulnerabilities are immediately apparent in the provided snippets.
Updated: 2025-12-14GitHub
0
0
Medium Cost
MostafaMahmoud-33 icon

misc-mcp

by MostafaMahmoud-33

Sec8

A CTF (Capture The Flag) toolset providing miscellaneous utilities for encoding/decoding and file forensics.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer (Python 3.13 is currently in pre-release stages and might not be stable or readily available).
  • ⚠️Requires the `mcp` Python library (`pip install mcp`).
  • ⚠️The `strings` command-line utility (typically found on Unix-like systems) must be installed and available in the system's PATH for the `search_string_in_file_by_strings` tool to function.
Verified SafeView Analysis
The service, when running, exposes functions that allow reading arbitrary files on the server's file system via user-provided paths. While the implementation prevents command injection vulnerabilities in `subprocess.run` (by using a list of arguments) and handles file operations carefully (checking existence, file type, permissions), unauthorized access to the `misc-mcp` service itself could permit sensitive file content extraction. Requires the `strings` utility to be installed on the host system. No 'eval' or hardcoded secrets found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
pranshuiu icon
Sec9

The Trilix Atlassian MCP Server acts as a trusted intermediary between AI agents (like ChatGPT, Claude) and Atlassian APIs (Confluence, Jira), providing multi-tenant access to multiple Atlassian organizations with normalized, PHI-safe data exposure.

Setup Requirements

  • ⚠️Requires manual cloning of the proprietary TwistyGo library to a specific local path (e.g., D:\Idea Usher\twistygo), which is unusual and can be cumbersome, especially for non-Windows users or different drive configurations.
  • ⚠️Requires Docker and Docker Compose for local infrastructure services (RabbitMQ, PostgreSQL).
  • ⚠️Setting up local development requires running three separate Go services in different terminals (MCP Server, Confluence Service, Jira Service).
Verified SafeView Analysis
The system demonstrates strong security practices for handling sensitive Atlassian API tokens. Tokens are encrypted at rest using AES-256-GCM via a password-derived key (PBKDF2) and stored in PostgreSQL. There is an explicit rule (and code adherence) to never expose API tokens in logs or error messages. Optional Clerk integration provides user authentication. Local development setup uses default 'secret' passwords for RabbitMQ and PostgreSQL in docker-compose, but environment variables are used for production-grade configurations, mitigating hardcoded secrets in deployment. No 'eval' or other obviously malicious patterns were found.
Updated: 2025-11-27GitHub
0
0
High Cost
anirudhatalmale7-a11y icon

ai-agent-mcp-server

by anirudhatalmale7-a11y

Sec8

Automates developer tasks on a remote GCP VM using an AI agent with SSH-based tools.

Setup Requirements

  • ⚠️Requires a GCP project with VM, Cloud Run, Secret Manager, and Cloud Build setup.
  • ⚠️Requires manual SSH key pair generation and secure storage of the private key in Secret Manager.
  • ⚠️Requires an Anthropic API Key (paid service) for the AI agent to function.
Verified SafeView Analysis
The system features robust path validation (`PathValidator`) and command filtering (`CommandFilter`) that explicitly blocks dangerous patterns like `rm -rf /`, fork bombs, `eval $(`, and `wget|curl|sh` pipes. SSH connections use `paramiko.AutoAddPolicy()`, which is less secure than host key verification but potentially mitigated by the controlled GCP VM environment. Optional API key authentication for the FastAPI server and secure handling of SSH keys via GCP Secret Manager are good practices. The VM setup script also configures a dedicated user and firewall rules.
Updated: 2025-11-29GitHub
0
0
Low Cost
binnapro icon

bear-mcp-server

by binnapro

Sec3

This server allows Claude Code to programmatically interact with and manage notes in the Bear note-taking application on macOS.

Setup Requirements

  • ⚠️Requires macOS, as Bear is a macOS-only application.
  • ⚠️Requires Node.js 18+.
  • ⚠️The Bear application must be installed and running.
  • ⚠️The `BEAR_TOKEN` environment variable is required by the server's startup script, though its functional use within the Bear API calls is not evident in the provided code.
Review RequiredView Analysis
The server has a critical Local File Read (LFR) vulnerability. The `create_note_with_image` and `add_image` tools accept an `image_path` parameter, which is then directly read using `fs.readFileSync` without validation or sanitization. A malicious actor or compromised LLM could provide paths to sensitive local files (e.g., '/etc/passwd', '~/.ssh/id_rsa'), leading to their content being base64 encoded and embedded into a Bear note. Additionally, the `BEAR_TOKEN` environment variable is required at startup but appears to be unused in the `BearAPI` logic, which is confusing and potentially misleading. While URL encoding is used for x-callback-url parameters, the LFR is the primary concern.
Updated: 2026-01-19GitHub
0
0
Medium Cost
breannasalah icon

mcp-obsidian-universal

by breannasalah

Sec2

This server allows AI models to interact with an Obsidian vault, providing tools for reading, writing, searching, and managing notes.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or later.
  • ⚠️Requires an Obsidian vault to be specified via the `OBSIDIAN_VAULT_PATH` environment variable.
  • ⚠️Requires manual configuration within each AI client (Claude, ChatGPT, Gemini, Grok, Perplexity) to connect to the server's SSE endpoint.
Review RequiredView Analysis
CRITICAL SECURITY CONCERNS: The `search_notes` function directly constructs a regular expression from user-provided input (`query`), leading to a severe Regular Expression Denial of Service (ReDoS) vulnerability. A malicious or malformed regex query could freeze the server indefinitely. Furthermore, there is no authentication layer, meaning any local process can access and fully control your Obsidian vault (read, write, delete notes and folders) via the server. While it defaults to `localhost`, this still exposes the entire vault to local applications without any security checks. The `keytar` dependency is present but unused in the provided code, offering no current security benefit.
Updated: 2025-12-01GitHub
0
0
Medium Cost
alexistomaselli icon

project-central-mcp-server

by alexistomaselli

Sec7

This server provides a set of tools for an AI agent to manage software development projects, including creating and updating projects and issues, listing them, and adding comments, all persisted in a Supabase backend.

Setup Requirements

  • ⚠️Requires a Supabase project with predefined tables (projects, issues, activities, comments) and their respective schemas. These are not automatically created by the server.
  • ⚠️Mandatory environment variables: SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY must be configured.
  • ⚠️Requires Node.js runtime and project dependencies to be installed (e.g., via npm or yarn).
Verified SafeView Analysis
The server uses a highly privileged `SUPABASE_SERVICE_ROLE_KEY`, which grants extensive access to the Supabase project. Secure management of this environment variable is critical to prevent unauthorized database access in case of server compromise. While the Supabase client library generally prevents SQL injection, directly returning raw Supabase error messages to the client could expose internal database details. CORS is enabled for all origins, which is common but means the API is globally accessible.
Updated: 2026-01-18GitHub
0
0
Medium Cost
Vishakhavel icon

filesystem-mcp-server

by Vishakhavel

Sec9

Provides an agent or external system with controlled file system access (listing, reading, searching) over a JSON-RPC stdin/stdout interface.

Setup Requirements

  • ⚠️The `MCP_FS_ROOT` environment variable must be explicitly set to the desired root directory, as the default is a user-specific path that is unlikely to be appropriate for general use.
  • ⚠️Requires Node.js and `ts-node` to run directly from source, or requires a prior build step (`tsc`) if running the compiled JavaScript output.
Verified SafeView Analysis
The server implements robust path traversal protection using `resolveSafePath` to confine all file operations strictly within a configured `ROOT_DIR`. File read operations are limited by `MAX_READ_BYTES` to prevent excessive memory usage or denial-of-service, and the search tool crudely filters out common binary file types. Communication occurs via stdin/stdout, which inherently limits direct network attack vectors. The default `ROOT_DIR` (`/Users/vichu/Desktop/`) is user-specific and highlights the critical need for users to configure the `MCP_FS_ROOT` environment variable to a sensible, isolated directory.
Updated: 2025-11-27GitHub
0
0
Low Cost
BlockRunAI icon

awesome-creator-mcp

by BlockRunAI

Sec10

This repository serves as a curated directory of Model Context Protocol (MCP) servers tailored for content creators, designers, and media professionals, facilitating the discovery of tools for various creative tasks.

Verified SafeView Analysis
The provided source code for `awesome-creator-mcp` consists of Markdown files (README.md, CONTRIBUTING.md) which describe a curated list of external MCP servers. This repository itself does not contain any executable code, server logic, or dynamic elements that could introduce security vulnerabilities such as 'eval', obfuscation, network risks, or hardcoded secrets. It is safe to clone and view. Any security considerations would apply to the individual MCP servers linked within this directory, not to this repository itself.
Updated: 2026-01-18GitHub
0
0
Medium Cost
BarrosEdu icon
Sec9

Provides an AI-powered server for analyzing earthquake data and seismic risk using a multi-agent system and external APIs.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires AGENTOPS_API_KEY (Optional for tracing, but recommended)
  • ⚠️Requires API_KEY for the external earthquake data service
  • ⚠️Requires Python 3.13 or higher
Verified SafeView Analysis
Relies on environment variables for sensitive API keys (OpenAI, AgentOps, custom earthquake API), which is good practice. No 'eval' or malicious obfuscation found. Network calls are made to specified external APIs (earthquake data, OpenAI, AgentOps) and a local sub-MCP server, introducing typical network dependency risks. The nested execution of `mcp/earthquake_mcp_server.py` is controlled and not arbitrary code execution.
Updated: 2025-11-22GitHub
PreviousPage 529 of 713Next