Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
airbytehq icon

fastmcp-extensions

by airbytehq

Sec9

Unofficial extension library for FastMCP 2.0, providing patterns, practices, and utilities for building and testing MCP servers.

Setup Requirements

  • ⚠️Requires `fastmcp` dependency (>=2.2.7,<3.0).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️This is an extension library, not a standalone runnable server; it is meant to be integrated into a FastMCP application.
Verified SafeView Analysis
The library primarily provides development utilities and decorators. It does not expose any public network services directly for production use. The HTTP testing utilities start a local `uvicorn` server for internal testing purposes, which is a controlled environment. No `eval` or obvious malicious patterns were found. No hardcoded secrets are present.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Sec9

A comprehensive Marketing and Sales automation suite providing tools for CRM, analytics, task management, invoicing, payments, document management, and various communication channels (email, SMS, calls).

Setup Requirements

  • ⚠️Requires a PostgreSQL database instance for all services.
  • ⚠️Requires configuration of multiple external API keys for full functionality (Google, Twilio, Stripe, AWS S3). These services often incur costs and require setting up external developer accounts.
  • ⚠️Intended deployment via Docker/Docker Compose. Default PostgreSQL credentials in `docker-compose.yml` are weak and must be overridden for production environments.
  • ⚠️Requires Node.js 20+ and pnpm 8+ if running locally without Docker.
Verified SafeView Analysis
The server suite uses environment variables for sensitive API keys (Google, Twilio, Stripe, AWS S3), which is a good practice for secrets management. Input validation is performed using Zod schemas for all tool inputs. The `safeTemplateSubstitute` function in the SMS server explicitly avoids regex on user-supplied input to prevent ReDoS attacks. A `DEMO_MODE` is implemented to bypass actual external API calls and use mock data, which is beneficial for testing and development without live credentials. However, the `docker-compose.yml` utilizes default, weak PostgreSQL credentials that are exposed and critically must be overridden for any production deployment. Improper management of the numerous external API keys required for full functionality could lead to security vulnerabilities.
Updated: 2025-11-27GitHub
0
0
Medium Cost
dannycowles icon

MCP-Server

by dannycowles

Sec3

Interactive command-line chat application integrating with Anthropic AI models, providing document retrieval, command-based prompts, and extensible tool integrations via the MCP protocol.

Setup Requirements

  • ⚠️Requires Anthropic API Key (paid service).
  • ⚠️Requires a running PostgreSQL database for the 'todo' list functionality.
  • ⚠️Python 3.10+ required (as per pyproject.toml).
Review RequiredView Analysis
The `mcp_server.py` exposes `read_file` and `edit_file` tools that allow the AI (and potentially a malicious user through crafted prompts) to read and write arbitrary files on the system where the server is running. This is a critical vulnerability that could lead to information disclosure or remote code execution. Database credentials are handled via environment variables, and SQL queries use parameterized statements, which is good practice to prevent SQL injection.
Updated: 2025-12-03GitHub
0
0
Medium Cost
adityabolabandinitk-droid icon

MY-AI-Experiment-001-MCP

by adityabolabandinitk-droid

Sec7

Interactive CLI chat application with Anthropic AI models, supporting document retrieval, command-based prompts, and extensible tools via MCP.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (paid service).
  • ⚠️The CLAUDE_MODEL environment variable is required but not explicitly mentioned in the README's `.env` example.
  • ⚠️Core MCP features like listing/getting prompts and reading resources in `mcp_client.py`, and implementing a 'summarize' prompt in `mcp_server.py`, are marked with TODOs, indicating incomplete functionality out-of-the-box.
Verified SafeView Analysis
The application loads API keys from environment variables, which is good practice. No 'eval' or overt obfuscation is present. The primary security consideration arises from `main.py`'s ability to execute arbitrary server scripts passed as command-line arguments, which could be a risk if untrusted scripts are used. The `edit_document` tool allows in-memory string replacement, posing a functional risk of data corruption if misused by the LLM or user, but not a system-level security vulnerability.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Luis13-source icon

jira-simple-mcp

by Luis13-source

Sec8

Facilitates AI assistants to interact with Jira, enabling access to issues, projects, and JQL searches.

Setup Requirements

  • ⚠️Requires Jira URL, Email, and API Token to be set as environment variables (JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN).
  • ⚠️The README mentions a requirement for Java Runtime Environment (JRE) 8 or higher, which is unusual and likely incorrect for a Node.js application, potentially causing confusion.
  • ⚠️The README suggests an unusual installation method by downloading a .zip file, rather than cloning the repository and using standard Node.js package management (npm install).
Verified SafeView Analysis
The server relies on environment variables (JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN) for authentication, which is a good practice as no secrets are hardcoded. API calls use standard Basic authentication over HTTPS. Input JQL from the AI is encoded before being sent to Jira, mitigating URL injection, but malicious or resource-intensive JQL could still be provided by a compromised AI. The server communicates via stdio, reducing direct network attack surface. No 'eval' or obvious malicious patterns found in the provided source code. The large dependency tree from '@modelcontextprotocol/sdk' always introduces transitive risks, but the direct code is clean.
Updated: 2026-01-19GitHub
0
0
Low Cost
FakerVash icon
Sec9

Provides a simple Fastify API to perform basic arithmetic operations (add, subtract, multiply, divide) with strict input validation and automatic OpenAPI documentation.

Setup Requirements

  • ⚠️Requires Node.js and npm installed to run.
  • ⚠️Port 3000 must be available for the server to listen on.
Verified SafeView Analysis
Input parameters are strictly validated using Fastify's JSON Schema (AJV), preventing common injection attacks. The 'operation' parameter is restricted to an enum of allowed values. Division by zero is explicitly handled as a 400 error. No use of 'eval' or other dangerous functions, and no hardcoded secrets were found in the provided source code.
Updated: 2025-12-13GitHub
0
0
Medium Cost
sahil-makandar icon
Sec2

A multi-server Model Context Protocol client orchestrating GitHub, MS Learn, and FileSystem tools via Azure OpenAI for an AI agent.

Setup Requirements

  • ⚠️Requires Azure OpenAI API Key and Endpoint (paid service).
  • ⚠️Requires a GitHub Token for higher API rate limits (optional but recommended).
  • ⚠️File system operations (`save_file`, `read_file`) are relative to the client's execution directory and are vulnerable to path traversal.
Review RequiredView Analysis
The `server_filesystem.py` module exposes `read_file` and `save_file` tools directly to the AI without adequate path sanitization or validation. The `read_file` tool takes a `filepath` argument, which can be exploited via path traversal (e.g., `../../../../etc/passwd`) to read arbitrary files on the system that the Python process has permissions for. Similarly, `save_file` constructs paths using `topic` and `filename` arguments, which could be manipulated via path traversal to write files outside the intended `data/` directory. This poses a significant risk for data exfiltration (e.g., `.env` file containing API keys) or arbitrary file writes, even if the AI is generally trusted, as prompt injection could exploit these vulnerabilities.
Updated: 2025-11-26GitHub
0
0
Low Cost
Nikil11 icon
Sec10

This repository appears to serve as a collection or documentation of design-work samples, possibly for a larger 'stacks-clarity' project.

Verified SafeView Analysis
The provided source code consists solely of a markdown file (`designs.md`). There is no executable code, no 'eval', no network calls, no hardcoded secrets, and no obfuscation. As such, there are no inherent security risks associated with running this 'server', as no server code is present.
Updated: 2026-01-19GitHub
0
0
Low Cost
Ishanpreet-Singh icon

Weather-Time-MCP-Chatbot

by Ishanpreet-Singh

Sec8

A chatbot leveraging an Ollama LLM and custom tools to answer user queries about time and weather in various cities.

Setup Requirements

  • ⚠️Docker is required to run and orchestrate all services (Ollama, time-server, weather-server, mcp-server).
  • ⚠️An internet connection is needed for the time and weather services to query external APIs (Nominatim, wttr.in).
  • ⚠️The specified Ollama model (smollm2) needs to be available or downloaded by the Ollama container, which might take time on first run.
Verified SafeView Analysis
The application relies on external APIs (wttr.in, Nominatim) which introduce dependencies on third-party security and availability. City extraction is basic and and might not handle complex inputs but is not a direct security vulnerability. No hardcoded secrets or obvious code injection vulnerabilities (like 'eval') are present. Services are contained within Docker, limiting direct host exposure.
Updated: 2025-12-06GitHub
0
0
Medium Cost
will-pang icon

osler-mcp

by will-pang

Sec9

Provides a health care knowledge base and a Multi-Agent Communication Protocol (MCP) server for analyzing medical data, specifically using dbt-built DuckDB databases, facilitating querying and understanding data lineage for LLM-driven analytics.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires `uv` package manager for environment setup (`uv venv`, `uv sync`)
  • ⚠️Requires `dbt` and `git` for dataset initialization (`osler init` command clones dbt projects and builds models)
  • ⚠️Initial dataset build (e.g., 'tuva-project-demo') can take up to 30 minutes
  • ⚠️For local LLM evaluation, requires Ollama service running and specific models pulled (e.g., `ollama pull gpt-oss:20b`)
Verified SafeView Analysis
The server includes a robust `_is_safe_query` function that actively blocks SQL injection patterns (e.g., boolean-based, time-based, file access) and write operations (INSERT, UPDATE, DELETE, DROP, CREATE, ALTER, TRUNCATE, REPLACE, MERGE, EXEC, EXECUTE). It parses SQL to prevent multiple statements and restricts queries to 'SELECT' statements. It also flags suspicious identifiers (e.g., PASSWORD, ADMIN, USER) not typically found in medical data contexts. Environment variables for API keys are used for LLM integrations, preventing hardcoded secrets. The `get_table_info` tool directly executes PRAGMA commands, which are inherently safe in this context and bypass the `_is_safe_query` function, but are not user-supplied SQL.
Updated: 2026-01-08GitHub
0
0
Low Cost
zv-louis icon

mktotp

by zv-louis

Sec9

Manage TOTP (Time-based One-Time Password) secrets and generate authentication tokens locally, with an option to run as a local MCP server.

Setup Requirements

  • ⚠️Requires `uv` package manager for installation.
  • ⚠️Requires Python 3.12 or higher.
  • ⚠️QR code processing (especially SVG) may require external system libraries (e.g., Cairo for `cairosvg`) beyond Python packages.
Verified SafeView Analysis
The project implements robust security measures for managing TOTP secrets. Sensitive secret strings are stored locally in a JSON file with strict owner-only file permissions (0o600 on Unix, `icacls` on Windows). When acting as a local MCP server, the implementation explicitly prevents the raw secret values from being exposed to the agent (e.g., LLM), only providing non-sensitive metadata like name, account, and issuer. Communication is primarily via stdio, limiting network exposure. No 'eval' or obfuscation is used.
Updated: 2025-12-19GitHub
0
0
Low Cost
rwese icon

mcp-backlog

by rwese

Sec9

Manages backlog items and todos, tracking their status, priority, and dependencies, with automatic versioning and a pruning mechanism, storing data in human-readable markdown files.

Setup Requirements

  • ⚠️Requires Node.js (>=18.0.0) or Bun runtime environment.
  • ⚠️Functions as an MCP server, requiring an MCP client (e.g., Claude Desktop, VSCode Cline extension) to interact with its tools.
  • ⚠️Stores all backlog data locally in XDG-compliant directories or a specified custom path, requiring local storage management.
Verified SafeView Analysis
The server operates locally using standard I/O and manipulates local filesystem files for data storage. Input sanitization is applied to topic names to mitigate path traversal vulnerabilities. It uses `child_process.execSync` to detect git repository roots, which is generally safe for system metadata retrieval within a trusted environment and does not directly process arbitrary user input. No hardcoded secrets or malicious patterns were identified.
Updated: 2026-01-03GitHub
PreviousPage 534 of 713Next