Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
sbayer2 icon
Sec8

A production-ready medical document analysis platform offering AI-powered insights and secure Stripe payment processing for various analysis tiers, deployed on FastMCP Cloud.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid) for primary AI analysis.
  • ⚠️Requires Stripe API Key (Paid) for payment processing.
  • ⚠️Requires Python 3.12+.
  • ⚠️Requires Node.js/NPM locally if utilizing FastAgent's embedded MCP servers (filesystem, fetch, stripe).
Verified SafeView Analysis
The server uses `os.getenv` for API keys, which is good practice. It explicitly claims HIPAA compliance and PHI protection (no data persistence/logging of medical content) and uses TLS encryption. No `eval` or blatant obfuscation is present. Potential minor risks: 1. `docker-compose.yml` mounts `~/.zshrc:ro` for keys during local development, which, if unencrypted, could expose sensitive information (though read-only and for dev only). For FastMCP Cloud, keys are managed via dashboard environment variables, mitigating this. 2. Reliance on `npx` to fetch and run MCP servers (e.g., `server-filesystem`, `@stripe/mcp`) introduces a supply chain risk if these external packages were ever compromised.
Updated: 2025-11-19GitHub
0
0
Medium Cost
mcsacca icon

2pay-mcp-server

by mcsacca

Sec9

Enables AI assistants to interact with 2Checkout/Verifone payment processing, subscription management, and order operations through natural language.

Setup Requirements

  • ⚠️Requires a 2Checkout/Verifone merchant account.
  • ⚠️API credentials (TWOCHECKOUT_MERCHANT_CODE, TWOCHECKOUT_SECRET_KEY) must be configured as environment variables.
  • ⚠️Requires Node.js 18 or higher.
Verified SafeView Analysis
The server correctly leverages environment variables for API credentials (merchant code and secret key), which is a strong security practice. It uses HMAC-SHA256 for authenticating REST API calls and manages JSON-RPC sessions securely over HTTPS. No 'eval', obfuscation, or other obvious malicious patterns were found in the truncated source code. The project's README explicitly highlights important security considerations such as never exposing secret keys, using environment variables, and PCI DSS compliance awareness, indicating a good understanding of security best practices. However, the nature of handling payment-related data inherently carries risk, requiring strict operational security and compliance from the deployer.
Updated: 2025-11-21GitHub
0
0
Medium Cost
TobiWan1995 icon
Sec9

A text-based dungeon crawler demonstrating state-aware applications using the FSM MCP SDK.

Setup Requirements

  • ⚠️Requires Python 3.13.2
  • ⚠️Strictly recommends using a virtual environment
Verified SafeView Analysis
The main 'crossroads' server correctly implements session-scoped context, preventing data leakage between users. Hardcoded 'secrets' (game key IDs, test PIN '1234') are for game logic/testing purposes only and are not sensitive production credentials. No 'eval' or other direct code execution vulnerabilities are apparent. The 'lowlevel_test' files use global state, but are explicitly labeled as simplified examples/tests and not the main multi-user application.
Updated: 2025-12-10GitHub
0
0
Medium Cost
Technikhighknee icon

agent-workbench

by Technikhighknee

Sec8

Provides symbol-aware code operations for AI agents, allowing them to read, edit, and refactor code by function/class name rather than line numbers.

Setup Requirements

  • ⚠️Requires Node.js version 22.0.0 or higher.
  • ⚠️May encounter native module compilation issues for `tree-sitter` dependencies (requiring build tools like C++ compilers, Python, etc.) during `npm install`.
Verified SafeView Analysis
The server performs powerful file system operations (read, write, delete, move) and extensive code modifications (edit_symbol, apply_edits, rename_symbol). While these are core to its function as a coding agent tool, they carry inherent risks if misused by an agent, or if the agent itself is compromised. The tool mitigates some risks with `dry_run` options for previewing changes and atomic operations with rollback. Regex escaping is correctly used for string replacements to prevent regex injection. There are no obvious signs of `eval` or unsanitized `child_process` execution within the `syntax` package itself. It relies on standard Node.js file system APIs and `tree-sitter` for parsing. The server operates locally via `stdio`, reducing direct network attack surface for its core functions.
Updated: 2025-12-04GitHub
0
0
Low Cost
MoonsurfAI icon

browser-mcp-server

by MoonsurfAI

Sec4

Automates web browser interactions for AI agents using a streamlined Model Context Protocol to enable AI-native web control.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires Chrome, Chrome for Testing, or Chromium browser installed.
  • ⚠️Requires the Moonsurf Browser Extension to be installed in the browser for full functionality.
  • ⚠️If `AUTH_ENABLED` is true, valid tokens must be configured via `AUTH_TOKENS` environment variable. If `TLS_ENABLED` is true, `TLS_CERT_PATH` and `TLS_KEY_PATH` must be set.
Review RequiredView Analysis
The server includes placeholder OAuth compatibility endpoints (`/.well-known/oauth-authorization-server`, `/oauth/register`, `/oauth/authorize`, `/oauth/token`). These endpoints are explicitly *not* protected by the server's authentication mechanism, meaning they are accessible even when `AUTH_ENABLED` is set to `true`. Specifically: - `/oauth/token` returns a hardcoded `access_token: 'local-access-token'` without any authentication or validation. - `/oauth/register` returns a hardcoded `client_secret: 'not-secret'`. - `/oauth/authorize` automatically redirects with an `auto-approved-code`. While these seem intended for compatibility or local testing, their complete lack of protection creates a significant vulnerability if the server is exposed publicly, potentially allowing attackers to exploit or misuse these endpoints. Additional minor concerns: - Token authentication via URL query parameters (`?token=`) for SSE connections, which can lead to token leakage in server logs or browser history. - The `--no-sandbox` flag is used when launching browsers on Linux, which can reduce the browser's security posture in certain environments.
Updated: 2026-01-18GitHub
0
0
Low Cost
bethanie-franklin icon

mcp-stress-tester

by bethanie-franklin

Sec7

Simulates load against Model Context Protocol servers to evaluate performance, stability, and connection handling under pressure.

Setup Requirements

  • ⚠️Requires a Node.js runtime environment.
  • ⚠️Requires a target MCP server URL to test against.
  • ⚠️Resource consumption (CPU, network) scales with configured client count and operation rate.
Review RequiredView Analysis
The provided information describes a client-side stress testing tool and its file structure, but does not include actual source code snippets to audit for 'eval' functions, obfuscation, hardcoded secrets, or other malicious patterns. Its primary function is to initiate network connections, which inherently carries risk depending on the target server. The score reflects a neutral stance due to the inability to inspect the full source code for implementation-specific vulnerabilities.
Updated: 2025-12-14GitHub
0
0
Medium Cost
markus-tobler icon
Sec8

Provides secure, standardized access to Microsoft Dataverse for AI agents and applications through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires complex Azure Entra ID App Registration and Federated Credential setup for both the server and the custom connector.
  • ⚠️Requires Node.js version 18 or higher and npm version 8 or higher.
  • ⚠️Docker is required for deployment to Azure Container Apps using Azure Developer CLI (`azd`).
Verified SafeView Analysis
The default `express-session` secret is hardcoded if the `SESSION_SECRET` environment variable is not provided, which is a significant security risk in production. CORS `origin: "*"` is used, which could be a security concern depending on the deployment context and whether stricter origins are applied at an API Gateway level. Relies heavily on correct Azure AD/Entra ID configuration and Federated Credentials for robust security.
Updated: 2026-01-17GitHub
0
0
Medium Cost
harshv2013 icon
Sec8

A Gradio chatbot providing an interactive interface to Azure OpenAI capabilities, enhanced with integrated file system read-only access and calculator tools.

Setup Requirements

  • ⚠️Requires an Azure OpenAI subscription with a deployed model (e.g., GPT-4 or similar).
  • ⚠️Environment variables for Azure OpenAI credentials (API key, endpoint, deployment name) must be configured (e.g., in a .env file).
  • ⚠️Requires a standard Python 3.x environment.
Verified SafeView Analysis
The server leverages environment variables for sensitive API keys, avoiding hardcoded secrets. It implements path traversal prevention using `pathlib.Path.resolve().startswith()` for file system operations, which is generally robust for its intended use. Crucially, while a 'write_file' tool is defined in `fs_server.py`, it is NOT exposed to the AI via the `MCPToolRegistry` used by the main application, limiting file system interaction to read-only operations within the designated `test_files` directory. The AI-driven tool execution pattern relies on the inherent safety of the registered Python functions, which appear well-contained.
Updated: 2026-01-19GitHub
0
0
Low Cost
ContractedAPI icon

deno

by ContractedAPI

Sec8

Generates a Model Context Protocol (MCP) server from ContractedAPI specifications to enable AI assistants to interact with defined APIs.

Setup Requirements

  • ⚠️Requires Deno runtime environment.
  • ⚠️Requires a ContractedAPI specification file (YAML, JSON, or TOML) as input for generation or serving.
  • ⚠️Relies on several Deno Standard Library modules (@std/yaml, @std/toml, @std/path, @std/fs) and third-party npm packages (json-schema-to-ts, ajv, hono, @modelcontextprotocol/sdk).
Verified SafeView Analysis
The project focuses on generating API servers and CLI tools from specifications. Security practices observed include schema-based validation for request parsing (preventing malformed input), structured error handling (preventing information leakage by hiding stack traces in production), and configurable external parameters (reducing hardcoded secrets). The core logic for handling network communication (HTTP, WebSockets) and file operations is based on standard Deno APIs and well-established external libraries (`hono`, `ajv`). The overall security will heavily depend on the correctness and security of the input ContractedAPI specifications and the handlers written by the end-user.
Updated: 2025-12-15GitHub
0
0
Medium Cost
UnitVectorY-Labs icon

mcp-markdown-rag

by UnitVectorY-Labs

Sec8

Indexing and semantic search of local Markdown documents using vector embeddings and an MCP server.

Setup Requirements

  • ⚠️Requires Ollama to be running locally or at a specified URL.
  • ⚠️The embedding model (default: nomic-embed-text) must be available in Ollama.
Verified SafeView Analysis
The tool interacts with the local file system for indexing and database storage, and makes HTTP requests to a configurable Ollama API endpoint. By default, it uses 'http://localhost:11434/api/embeddings', limiting network exposure. Users must ensure the configured Ollama endpoint is trusted to prevent sensitive Markdown content from being sent to an untrusted embedding service. The MCP server runs over standard I/O, which is typically a secure communication channel.
Updated: 2026-01-17GitHub
0
0
High Cost

screen2claude

by zetaphoenix888-byte

Sec8

Captures the active window screenshot on Windows and facilitates its analysis by an AI, either by sending it to an external HTTP endpoint or directly to an MCP client (like Claude Code) for local LLM processing.

Setup Requirements

  • ⚠️Requires Windows 10/11 operating system.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires manual creation and configuration of `config.json` (or `S2C_CONFIG` environment variable).
  • ⚠️Requires manual registration of the MCP server in the `.claude.json` file of the MCP client.
  • ⚠️If using the provided `prod-server.js` as an HTTP endpoint, an Anthropic API Key (which can incur costs) is required.
Verified SafeView Analysis
The server's core screenshot capture mechanism (PowerShell -EncodedCommand) helps mitigate command injection risks from the script content itself. No obvious direct code injection vulnerabilities from user input were found. However, the SSE server in `sse-server.ts` uses `Access-Control-Allow-Origin: *`, which is a permissive CORS policy, potentially allowing any origin to connect, though MCP SDK handles the protocol. Configuration files (`config.json`) should be secured as they can contain sensitive `auth_token`s. The `save_screenshots` feature writes to a configurable directory, which if misconfigured, could lead to unintended file writes.
Updated: 2025-11-27GitHub
0
0
Low Cost
Daniel-Yordanov-dev icon

mcp-server_inventory_audit

by Daniel-Yordanov-dev

Sec4

Provides an audit trail for inventory quantity changes, allowing logging and retrieval of product quantity modifications.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Relies on a local JSON file (`inventory_audit_log.json`) for data storage, which is not suitable for concurrent access or production-grade persistence.
  • ⚠️Debugger exposed on `0.0.0.0:5678` by default, posing a security risk if the server is publicly accessible (e.g., via ngrok).
Review RequiredView Analysis
The `debugpy` debugger is configured to listen on `0.0.0.0:5678` and `debugpy.wait_for_client()` is called, making it a critical security risk if the server (or its associated ngrok tunnel) is exposed publicly, as it allows remote code execution via debugger attachment. The local JSON file acts as a simple database, which is less robust and secure than a proper database for integrity and concurrency, but does not introduce immediate RCE vulnerabilities in itself. No explicit input sanitization beyond type hinting is present, but FastMCP usually handles basic type validation.
Updated: 2025-12-05GitHub
PreviousPage 532 of 713Next