Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
MADARAKZ icon

MCP-Server

by MADARAKZ

Sec3

Manages Kubernetes OPA Gatekeeper policies using natural language commands, powered by Google Gemini AI.

Setup Requirements

  • ⚠️Requires `GEMINI_API_KEY` environment variable for AI features (Google Gemini API costs may apply).
  • ⚠️Requires a Kubernetes cluster with OPA Gatekeeper installed.
  • ⚠️Requires `kubectl` configured and connected to the Kubernetes cluster.
  • ⚠️Requires Go >= 1.23 to build and run the client/server binaries.
  • ⚠️The client connects to the Gemini API with TLS certificate verification disabled, posing a significant security risk for API key transmission and data integrity.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `mcp-client/ai.go` explicitly disables SSL/TLS certificate verification by setting `TLSClientConfig: &tls.Config{InsecureSkipVerify: true}` when connecting to the Google Gemini API. This makes the connection highly susceptible to Man-in-the-Middle (MITM) attacks, allowing an attacker to intercept, read, and modify communication (including the GEMINI_API_KEY) without detection. This is a severe security flaw. Additionally, the `mcp-server/k8s.go` executes `kubectl` commands based on input from the client (and implicitly, the AI). While `exec.CommandContext` mitigates simple shell injection, the server acts as a trusted executor for arbitrary YAML content (from files or AI-generated manifests). There is no inherent validation of the YAML content itself by the server before applying it, making the system vulnerable to malicious policy definitions or resource deployments if the AI hallucinates harmful content or the client is compromised.
Updated: 2026-01-18GitHub
0
0
Medium Cost
ltphat2204 icon

teable-mcp-server

by ltphat2204

Sec9

Connects Teable, an open-source no-code database, to LLMs, enabling AI agents to query records and explore schema structures using natural language.

Setup Requirements

  • ⚠️Requires a Teable API Key with all read permissions enabled for the scopes (spaces, bases, tables, records, views, fields).
  • ⚠️The project must be built (`npm install && npm run build`) before running if using the local source code.
  • ⚠️Configuration relies on `TEABLE_API_KEY` and `TEABLE_BASE_URL` environment variables, which must be set appropriately by the calling client or manually for local development.
Verified SafeView Analysis
The server uses environment variables for `TEABLE_API_KEY` and `TEABLE_BASE_URL`, validating the API key's presence. It communicates with the Teable API via `axios` using standard HTTP requests and authorization headers. No usage of `eval` or other dangerous dynamic code execution patterns were found. Error handling in tool calls directly returns API error messages, which could potentially expose more detail than strictly necessary from the upstream Teable API, but is a common practice for direct API proxies.
Updated: 2025-12-14GitHub
0
0
Medium Cost
charles-adedotun icon

Lilith-Shell

by charles-adedotun

Sec1

Enables AI assistants (specifically Claude Desktop) to securely execute terminal commands on the host system through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Claude Desktop for integration.
  • ⚠️Requires `pip install lilith-shell` for installation.
  • ⚠️Configuration is done via Claude Desktop's `claude_desktop_config.json`.
Review RequiredView Analysis
The provided `src/lilith_shell/executor.py` module, which contains the `handle_call_tool` function, directly passes the AI-provided `command` argument to `subprocess.run` with `shell=True`. There are no visible calls to any security validation or sanitization functions (e.g., from the described `core/security.py` or `utils/sanitizer.py` in the README's architecture) *before* executing the command. This constitutes a severe shell injection vulnerability, allowing an AI assistant (or any entity capable of sending MCP requests) to execute arbitrary commands on the host system without restriction based on the provided code. While the README describes robust security features like command allowlisting, dangerous command detection, and security modes, these are not implemented or called in the core command execution logic shown in the truncated `executor.py` file, making the server extremely unsafe to run as provided.
Updated: 2025-12-12GitHub
0
0
Low Cost
MaybeItsAdam icon

etcnomad-mcp

by MaybeItsAdam

Sec9

Controls and monitors ETC Eos family lighting consoles via Open Sound Control (OSC) protocol.

Setup Requirements

  • ⚠️Requires ETCnomad (Eos Family software) for interaction.
  • ⚠️Requires manual configuration of ETCnomad's OSC RX/TX ports (8000/9001).
  • ⚠️Requires Python 3.10+ and 'uv' or 'pip' for dependency management.
Verified SafeView Analysis
The server listens on 0.0.0.0 for incoming OSC messages, which is standard for OSC servers but means it's accessible from any network interface on the host. If the host machine is exposed to an untrusted network, OSC messages could be sent to port 9001. The 'command_line' tool allows sending arbitrary commands to the ETC Nomad console, which is an intended feature of the Eos OSC API, but users should be aware of its power. No 'eval' or obvious malicious patterns found in the source code.
Updated: 2025-12-14GitHub
0
0
Medium Cost
edlsh icon
Sec9

An AWS Model Context Protocol (MCP) server that provides infrastructure security analysis for EC2 instances and Security Groups.

Setup Requirements

  • ⚠️Requires AWS credentials (e.g., `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_PROFILE` configured)
  • ⚠️Requires `AWS_REGION` environment variable to be set
  • ⚠️Requires Node.js 18+ or Bun runtime
Verified SafeView Analysis
The project demonstrates a strong focus on security, utilizing `eslint-plugin-security` with strict rules (e.g., disallowing `eval`, object injection, and unsafe regex). Docker configuration includes `read_only: true` and `no-new-privileges:true` for enhanced container security. AWS credentials are correctly handled via environment variables or profiles, with no hardcoded secrets identified. Error handling for AWS API calls is present. The `security/detect-non-literal-fs-filename` warning is noted in the ESLint config for `rules-loader.ts`, but for runtime execution, the default path is a static, relative path, mitigating this specific risk.
Updated: 2025-12-09GitHub
0
0
High Cost
NicolasPirello icon
Sec3

Connect AI assistants to Microsoft SQL Server databases for natural language queries and data inspection.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires ODBC Driver 17+ for SQL Server to be installed on Windows systems (if not running in Docker).
  • ⚠️Database credentials must be provided via environment variables (`MSSQL_SERVER`, `MSSQL_DATABASE`, `MSSQL_USER`, `MSSQL_PASSWORD`).
  • ⚠️Due to the arbitrary SQL execution capability, it is critical to configure a dedicated SQL user with minimal, read-only permissions to prevent data modification or deletion if the AI generates unexpected queries.
Review RequiredView Analysis
The `call_tool` function directly executes arbitrary SQL queries provided by the AI assistant, including DML and DDL operations (e.g., INSERT, UPDATE, DELETE, CREATE, DROP). This contradicts the README's claim of being 'Solo Lectura (Seguro)' and presents a critical security risk. While `read_resource` validates table names, the `execute_sql` tool has no built-in restrictions on query type. The `docker-compose.yml` uses 'sa' as the default database user, which goes against the security best practices outlined in `SECURITY.md` (recommending minimal permissions and avoiding admin accounts). Without extremely strict database user permissions, this server can be used to execute destructive commands.
Updated: 2025-12-10GitHub
0
0
Low Cost
jacksoom icon

eth_mcp

by jacksoom

Sec3

An MCP server for AI agents to query Ethereum balances, token prices, and simulate/execute Uniswap V3 token swaps.

Setup Requirements

  • ⚠️Requires Rust (latest stable) installed.
  • ⚠️Requires an Ethereum RPC URL (e.g., Infura, Alchemy) for network interaction.
  • ⚠️Using the `ETH_PRIVATE_KEY` for actual swaps lacks slippage protection, posing a significant financial risk.
Review RequiredView Analysis
If `ETH_PRIVATE_KEY` is provided, the server can execute real transactions, directly controlling user funds. The `swap_tokens` function, when executing a real swap, sets `amountOutMinimum` to `U256::ZERO`. This means there is no slippage protection, making actual trades vulnerable to significant loss due to price movements or MEV attacks. Running with a private key configured for real swaps is highly risky.
Updated: 2025-12-01GitHub
0
0
High Cost
b9122-jl6929 icon

mcp-server

by b9122-jl6929

Sec6

An AI-powered digital twin server that answers questions based on a user's CV PDF content.

Setup Requirements

  • ⚠️Requires OpenAI API Key (paid service)
  • ⚠️Requires Python >=3.10
  • ⚠️If no `cv_path` is provided, expects PDF files to be present in a local `docs/` directory relative to the script.
Review RequiredView Analysis
The `chat_with_me` tool accepts an optional `cv_path` parameter, which is then used directly in `extract_text_from_pdf` to open files. This allows an attacker to specify arbitrary file paths on the server's filesystem (e.g., `/etc/passwd`, `/app/secrets.txt`), potentially leading to Local File Inclusion (LFI) or path traversal vulnerabilities. While the PDF parsing libraries will likely fail on non-PDF files, error messages could confirm file existence, leading to information disclosure. It is crucial to sanitize or restrict the `cv_path` input, or deploy in a highly sandboxed environment with strict filesystem permissions.
Updated: 2025-11-25GitHub
0
0
Medium Cost
lianekai icon
Sec8

Integrates Apifox API management and testing capabilities with MCP-compatible clients, enabling automated OpenAPI synchronization from code and execution of Apifox CLI tests.

Setup Requirements

  • ⚠️Requires Node.js >= 18
  • ⚠️Requires npm >= 9
  • ⚠️Requires Apifox Access Token (Project Admin) and Project ID
  • ⚠️Requires `apifox-cli` installed globally or specified by absolute path
Verified SafeView Analysis
The server handles sensitive Apifox Access Tokens and Project IDs, which are securely read from environment variables or CLI arguments and are not hardcoded. The `apifox_run_cli_test` tool executes an external `apifox-cli` command. While command arguments are constructed internally, the `cliExecutable` path is configurable; if a user configures this to point to a malicious binary, it poses a significant risk. However, `child_process.spawn` is used, which is generally safer for external command execution as it does not inherently parse shell commands. Code scanning (`controllerScanner.ts`) involves reading and parsing local project files, which is an expected and core functionality handled via TypeScript's AST parser. No direct `eval` or code obfuscation was identified.
Updated: 2025-11-27GitHub
0
0
Low Cost
Bazilio-san icon

fa-mcp-sdk

by Bazilio-san

Sec5

A production-ready framework for building Model Context Protocol (MCP) servers, enabling AI models to interact with custom tools, prompts, and resources.

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️If NTLM authentication or AD Group Authorization (via `initADGroupChecker`) is enabled, a Microsoft Active Directory domain controller and valid service account credentials are required.
  • ⚠️If PostgreSQL database integration is enabled in configuration (`db.postgres.dbs.main.host` is set), a running PostgreSQL instance is required, and the server will exit on startup if it cannot connect.
Review RequiredView Analysis
The server has a critical misconfiguration in its default CORS policy (`src/core/web/cors.ts`), which explicitly allows all origins (`callback(null, true);`). This exposes all HTTP endpoints, including the /mcp API, to cross-origin requests from any website, potentially leading to CSRF vulnerabilities or unauthorized access if other authentication mechanisms are bypassed or misconfigured. While rate limiting is present, and auth is configurable, this wide-open CORS is a significant risk. Additionally, the custom JWT-like token implementation (using symmetric AES-256 CTR encryption) in `src/core/auth/jwt.ts` has a hardcoded default `encryptKey` if not configured (a UUID `11111111-7777-8888-9999-000000000000`). If authentication is enabled and this default key is used, it severely compromises the security of generated tokens. The `cli-config.example.yaml` shows an auto-generated UUID, which is better, but the default in code is problematic. Logging has masking for sensitive data, which is a good practice. Path traversal checks exist in `src/core/web/svg-icons.ts`. NTLM and Basic authentication options require external configuration of credentials (AD or username/password).
Updated: 2026-01-18GitHub
0
0
Medium Cost
udahorn icon
Sec8

Acts as a Model Context Protocol (MCP) server for querying and visualizing geospatial data from ArcGIS REST services, generating interactive Leaflet maps.

Setup Requirements

  • ⚠️Requires manual configuration of `config.yaml` from `config.example.yaml` with ArcGIS service details.
  • ⚠️The `DataExtractor.py` script must be run first to generate `semantic_layer.yaml` and `metadata.json` before `mcp_server.py` can function correctly.
  • ⚠️Requires Python 3.8+ and specified dependencies installed via `pip install -r requirements.txt`.
Verified SafeView Analysis
The server uses `yaml.safe_load` for configuration, mitigating YAML deserialization risks. HTTP requests are made using the `requests` library with timeouts. No direct use of `eval` or `exec` is present in the provided code. SQL `where_clause` parameters are passed directly to the ArcGIS REST API, relying on the ArcGIS backend for sanitization. The `output_file` parameter for map generation could pose a minor path traversal risk if the server is exposed to untrusted input, allowing files to be written to arbitrary locations, though this is primarily a local file operation intended for trusted use.
Updated: 2025-12-02GitHub
0
0
Low Cost
p-karwowski-dev icon

mcp_etoro

by p-karwowski-dev

Sec9

Interacts with the eToro API to provide a list of available financial instruments through an MCP server.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires `uv` for dependency management and running the server.
  • ⚠️Requires initial internet connectivity to eToro API to populate `instruments.json` if it's not present locally.
Verified SafeView Analysis
The server uses `subprocess.run` to execute `getInstruments.py` if the `instruments.json` file is missing. While `subprocess.run` can be a security risk, in this context it executes a fixed, local, trusted script within the project, which is safe. No other significant security risks like `eval`, hardcoded secrets, or user-controlled command injection were identified. The external API call to eToro appears to be for public metadata without authentication.
Updated: 2025-11-30GitHub
PreviousPage 536 of 713Next