Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
girish12ns icon

BoardingMcp-Server

by girish12ns

Sec7

This server functions as a Management and Control Plane (MCP) for onboarding clients and managing various WhatsApp Business API (WABA) interactions through AiSensy APIs, often orchestrated by a generative AI model.

Setup Requirements

  • ⚠️Requires numerous environment variables to be configured in a `.env` file (e.g., Google OAuth credentials, AiSensy API keys, database connection strings, OpenAI API key).
  • ⚠️Requires a running PostgreSQL database instance.
  • ⚠️Requires accounts and API keys for AiSensy platform and Google Developer Console (for OAuth).
  • ⚠️Involves API calls to external services (AiSensy), which may incur their own costs and have rate limits.
Verified SafeView Analysis
The server correctly externalizes sensitive configurations via environment variables (`.env` file using pydantic-settings), avoiding hardcoded secrets in the main codebase. Database interactions use SQLModel (an ORM), mitigating direct SQL injection risks. Asynchronous HTTP requests (`aiohttp`) are used for external API calls, and basic error handling is in place. However, the `generate_token` function (used in `research/test1.py` and `mcp_servers/utlis/utlis.py`) relies on base64 encoding `username:password:project_id` to create a token. While base64 is an encoding, not an encryption method, and might be acceptable for a composite API key structure, if this token is used as a standalone bearer token for secure sessions without further cryptographic signing or encryption, it represents a significant security weakness as the raw credentials could be easily decoded if the token is compromised.
Updated: 2025-12-20GitHub
0
0
High Cost
phanijapps icon

ui-controller-mcp

by phanijapps

Sec6

Exposes desktop UI control tools over Server-Sent Events (SSE) for remote automation, augmented by AI vision and planning.

Setup Requirements

  • ⚠️Python 3.12+ required.
  • ⚠️Requires a local Ollama server running with 'llama3.2-vision' and 'llama3.2' models installed.
  • ⚠️Requires PyAutoGUI and PyWinCtl for actual desktop control; otherwise, it operates in no-op mode.
Review RequiredView Analysis
The server exposes powerful desktop control tools (`launch_app`, `type_text`, `click`, `scroll`, `focus_window`, `screenshot`) that, if compromised, could lead to full system control or data exfiltration. A `SafetyGuard` is implemented to block specific dangerous commands (`rm -rf`, `shutdown`), but this list might not be exhaustive and could potentially be bypassed by a sophisticated attacker. The optional `ngrok` tunneling, while convenient, exposes the desktop control to the public internet, drastically increasing the attack surface. Users must be extremely cautious when exposing this server.
Updated: 2025-11-25GitHub
0
0
Low Cost
Sitanshuu icon

FastMCP-Server

by Sitanshuu

Sec8

A microservice for managing employee leave requests, including checking balances, applying for leave, and viewing history.

Setup Requirements

  • ⚠️Python 3.14+ required
Verified SafeView Analysis
The code does not use `eval` or `exec`. There are no hardcoded secrets or obvious malicious patterns. Input validation for dates is present. The `employee_id` access (e.g., `employee_leaves[employee_id]`) can lead to `KeyError` if an invalid ID is provided, which is then caught and a string returned, rather than crashing the server. This is a robustness point, not a direct security flaw.
Updated: 2025-11-27GitHub
0
0
Low Cost
griffinwork40 icon

twilio-mcp

by griffinwork40

Sec9

An MCP server for Twilio enabling AI-powered SMS/MMS messaging with intelligent conversation management and persistence.

Setup Requirements

  • ⚠️Requires a Twilio account, phone number, and associated API credentials (which is a paid service).
  • ⚠️Requires a publicly accessible HTTPS URL for Twilio webhooks; for local development, `ngrok` or a similar tunneling service is needed.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server demonstrates strong security practices: - **No Hardcoded Secrets**: All sensitive credentials (Twilio SIDs/Tokens) are loaded from environment variables via Zod validation. - **Webhook Validation**: All inbound Twilio webhooks (`/webhooks/twilio/sms`, `/webhooks/twilio/status`) are rigorously validated using Twilio's signature verification. This prevents spoofing and unauthorized access. - **Input Validation**: All MCP tool inputs are validated using Zod schemas, minimizing the risk of injection attacks or unexpected data. - **HTTPS Requirement**: Documentation explicitly states HTTPS is required for production webhooks. No `eval` or malicious obfuscation patterns were found.
Updated: 2026-01-02GitHub
0
0
Low Cost
JosephKapalamula icon

mcp-Server

by JosephKapalamula

Sec9

Provides a framework for building and integrating AI agent tools, demonstrating how a client can orchestrate multiple MCP servers (math and weather) via a language model.

Setup Requirements

  • ⚠️Requires `GROQ_API_KEY` environment variable.
  • ⚠️Requires `MODEL` environment variable for Groq (e.g., `llama3-8b-8192`).
  • ⚠️The `weather.py` server must be running independently (e.g., `python weather.py`) on `http://127.0.0.1:8000` before the client can interact with it.
Verified SafeView Analysis
Uses environment variables for API keys (`GROQ_API_KEY`, `MODEL`). No `eval` or obfuscation found. Server implementations (math, mock weather) are benign. The `weather` server runs on localhost, limiting direct external exposure. Potential security considerations would arise from exposing the client agent or implementing untrusted tools.
Updated: 2025-12-12GitHub
0
0
Low Cost
otey247 icon
Sec9

Deploys a secure Model Context Protocol (MCP) server on Google Cloud Run to provide external tools for Large Language Models (LLMs) like Gemini.

Setup Requirements

  • ⚠️Requires a Google Cloud Account with billing enabled.
  • ⚠️Requires `gcloud CLI` and specific Google Cloud APIs (Cloud Run, Artifact Registry, Cloud Build) to be enabled.
  • ⚠️Deployment is specifically designed for Google Cloud Run, leveraging its ecosystem for containerization and serving.
  • ⚠️Uses `uv` for Python dependency management, which may require initial setup or familiarity.
  • ⚠️Client authentication (e.g., for Gemini CLI) requires `gcloud auth print-identity-token` and specific client-side configuration.
Verified SafeView Analysis
The deployment explicitly enforces authentication (`--no-allow-unauthenticated`) and leverages Google Cloud IAM for access control, significantly reducing unauthorized access risks. The server code does not use dangerous functions like `eval` or `os.system`, nor does it contain hardcoded secrets. Data is handled in-memory, mitigating direct database vulnerabilities from the application.
Updated: 2025-12-14GitHub
0
0
Medium Cost
Yass1203 icon

Mcp-server

by Yass1203

Sec8

An AI chatbot capable of answering user queries via a web API and a Telegram bot, leveraging predefined tools to retrieve employee information.

Setup Requirements

  • ⚠️Requires Telegram Bot API Key (configured via `telegram.api.key` property or `TELEGRAM_API_KEY` environment variable)
  • ⚠️Requires an LLM API Key for Spring AI (e.g., `OPENAI_API_KEY` for OpenAI)
Verified SafeView Analysis
Secrets are externalized via `@Value` annotations (e.g., `telegram.api.key`), which is good practice. The `McpTools` define simple, safe functions for retrieving employee data and do not appear to have direct injection vulnerabilities or dangerous side effects. No `eval` or obvious obfuscation was found. The primary security consideration, common to all LLM applications with tool use, is the potential for prompt injection to manipulate tool calls, though the current tools are benign and their output is well-defined.
Updated: 2025-12-04GitHub
0
0
Low Cost
mldangelo icon

java-mcp-server

by mldangelo

Sec6

A server that exposes custom tools (like a calculator or greeting service) via gRPC for consumption by other applications.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK)
  • ⚠️Requires Apache Maven for building
Verified SafeView Analysis
The gRPC server uses plaintext communication by default (no TLS/SSL), which is explicitly stated for simplicity in the example. This is a critical security risk for any deployment handling sensitive data or operating over untrusted networks. While input validation and error handling for tool parameters (e.g., number parsing, division by zero) are present, the fundamental network transport security is absent in the default configuration. The SimpleToolServer variant (JSON-RPC over stdin/stdout) implies a trusted local execution environment, where network risks are less relevant.
Updated: 2025-11-30GitHub
0
0
Low Cost
RegCoding icon

emotionsin_ai_mcp

by RegCoding

Sec8

An open-source MCP server designed to integrate Emotionsin.ai emotional profiles into any LLM-driven chatbot or AI agent.

Setup Requirements

  • ⚠️Requires an Emotionsin.ai profile ID for functionality (fetched by client, consumed by server's tool).
  • ⚠️Client demos require external API keys for OpenAI or Google (potentially paid services).
  • ⚠️Docker is recommended for server deployment.
Verified SafeView Analysis
The server's core function involves fetching data from an external Emotionsin.ai backend URL (defaulted but configurable via EMOTIONSIN_BACKEND). The 'profile' parameter in the `get_agent_contract_from_link` tool is used to construct this URL. While `httpx` generally handles URL encoding, any vulnerabilities in the external backend's handling of the `id` parameter could be indirectly exposed (e.g., if it's susceptible to SQL injection or path traversal via the ID). The server itself doesn't use `eval` or similar dangerous functions on user input and follows good practices for environment variable configuration, making it relatively secure from direct exploitation. The persona contract received from the backend is then used as a system prompt for an LLM; potential prompt injection risks lie with the content provided by the Emotionsin.ai service, rather than the MCP server's code itself.
Updated: 2026-01-05GitHub
0
0
Low Cost
SaptaDey icon
Sec9

Transforms an EndNote reference library into a Neo4j knowledge graph for efficient querying, analysis, and hypothesis linking, bypassing slow MCP servers.

Setup Requirements

  • ⚠️Requires a running Neo4j Database instance and its connection credentials (URI, user, password).
  • ⚠️Requires a local EndNote .enl file path.
  • ⚠️User must manually create `config.py` from `config_template.py` and fill in their specific paths and credentials.
Verified SafeView Analysis
The project demonstrates excellent security practices by explicitly outlining a sanitization process. It removes all hardcoded credentials, personal paths, and sensitive research data, replacing them with placeholders in a `config_template.py`. The `config.py` (which users customize with their actual credentials) is correctly excluded from version control via `.gitignore`. No `eval` or other inherently dangerous functions are used. Network security relies on the Neo4j instance's configuration, which is outside the scope of this script. The main risk is a user accidentally committing their `config.py`.
Updated: 2025-11-24GitHub
0
0
Medium Cost
y-hirakaw icon

mcp-gh-pr-mini

by y-hirakaw

Sec9

A minimal Model Context Protocol (MCP) server for interacting with GitHub pull requests, supporting dual authentication (PAT or GitHub CLI).

Setup Requirements

  • ⚠️Requires Node.js installed locally.
  • ⚠️Requires either a GitHub Personal Access Token (GITHUB_PERSONAL_ACCESS_TOKEN environment variable) with 'Pull requests: Read & Write', 'Issues: Read & Write', and 'Contents: Read & Write' permissions, OR an authenticated GitHub CLI installation (gh auth login).
  • ⚠️Requires a VSCode with an MCP-compatible extension (e.g., Copilot Agent) to interact with the server.
Verified SafeView Analysis
The server demonstrates good security practices including explicit input validation using Zod for all MCP tool parameters, which significantly reduces the risk of injection vulnerabilities. It uses environment variables for sensitive data like GitHub Personal Access Tokens, avoiding hardcoding. The dual authentication system, while complex, appears to be securely implemented by abstracting underlying mechanisms (HTTPS fetch for PAT, `gh` CLI for CLI auth). Execution of external `gh` commands is performed via `child_process.spawn` with arguments carefully constructed from validated inputs, and data is passed via `stdin` for API calls, mitigating typical shell injection risks. There are no apparent uses of `eval` or deliberate obfuscation. Comprehensive error handling is in place.
Updated: 2025-12-01GitHub
0
0
Low Cost
consigcody94 icon

pythia-mcp

by consigcody94

Sec9

An MCP server for Higgs Boson phenomenology, interfacing with the Lilith framework to constrain new physics from LHC Higgs measurements for AI assistants.

Setup Requirements

  • ⚠️Requires Python 3.6+ (despite Lilith's original README stating Python 2.7) and Node.js 18.0.0+.
  • ⚠️Requires Python libraries: SciPy and NumPy must be installed (e.g., `pip install numpy scipy`).
  • ⚠️The Lilith directory needs to be explicitly set via `LILITH_DIR` environment variable if not bundled locally, and `PYTHON_CMD` for the Python executable.
Verified SafeView Analysis
The server demonstrates strong security practices for input validation, path traversal prevention (`safeResolvePath`), XML injection (`escapeXml`), and Regex DoS (`safeRegex`). External API calls to HEPData and CERN Open Data are rate-limited and use hardcoded base URLs with `encodeURIComponent` for query parameters, mitigating SSRF. The primary risk vector would be vulnerabilities within the underlying Lilith Python library itself, especially concerning its XML parsing, but the Node.js wrapper diligently sanitizes and constrains inputs to the Python subprocess calls. No obvious hardcoded secrets or arbitrary code execution vulnerabilities were found in the Node.js layer.
Updated: 2026-01-19GitHub
PreviousPage 539 of 713Next