Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
azza39925 icon

kali-mcp-server

by azza39925

Sec9

Enables AI assistants to perform authorized penetration testing and security assessments by exposing Kali Linux security tools through an AI-friendly interface.

Setup Requirements

  • ⚠️Requires Kali Linux (or a compatible Linux distribution) with 20+ specific security tools installed locally.
  • ⚠️Node.js 18+ and npm are required.
  • ⚠️Some security tools (e.g., Nmap SYN scan, Masscan) require root privileges or specific OS capabilities (CAP_NET_RAW) to function correctly, which must be configured manually.
  • ⚠️Wordlists (e.g., rockyou.txt) are highly recommended for many tools and need to be downloaded or present in specific, allowed directories.
Verified SafeView Analysis
The server implements robust security controls for its intended purpose: exposing offensive security tools. Key protections include a strict command allowlist (preventing arbitrary command execution), extensive input validation (preventing shell injection and path traversal), output sanitization (redacting sensitive data like passwords/API keys), execution timeouts, and output size limits. All commands run in isolated child processes. The inherent nature of the tools it wraps (e.g., Nmap, SQLMap, Hydra) means they are capable of destructive actions, hence the critical legal disclaimers. The server's own code does not contain 'eval', obfuscation, or hardcoded sensitive secrets that would directly compromise it, but misuse of the powerful underlying tools could lead to significant security incidents if authorization is not properly obtained. The server uses StdioServerTransport, reducing its direct network attack surface for the MCP protocol itself.
Updated: 2025-11-29GitHub
0
0
High Cost
shivvor2 icon

arxiv-txt-mcp

by shivvor2

Sec8

Provides LLM-friendly plain text summaries and full content of arXiv papers by delegating rendering to an external service.

Setup Requirements

  • ⚠️Python 3.10+ required
  • ⚠️Requires an external 'arxiv-txt.org' service (or a self-hosted instance)
  • ⚠️Ensure required dependencies (fastmcp, requests, python-dotenv) are correctly listed in requirements.txt
Verified SafeView Analysis
The server primarily acts as a proxy to an external `arxiv-txt.org` service (or a user-configured self-hosted instance). The `ARXIV_TXT_URL` environment variable allows configuration of this external service. While this flexibility is a feature, an attacker able to control this environment variable in a deployment could redirect requests to a malicious endpoint, potentially leading to Server-Side Request Forgery (SSRF) if the target `arxiv_id` is also malformed or the external service itself is vulnerable. However, the code itself does not contain obvious direct injection vulnerabilities like `eval`, `exec`, or hardcoded secrets. It relies on the trusted nature of the `arxiv-txt.org` service and proper environment configuration.
Updated: 2025-12-03GitHub
0
0
Medium Cost
qinxiushan icon

mcp-hs-code-query

by qinxiushan

Sec8

Queries harmonized system (HS) codes for products from multiple web sources, offering intelligent search, semantic matching, and detailed customs declaration information for AI agent integration.

Setup Requirements

  • ⚠️Initial installation requires downloading large Python packages, especially 'torch' and 'sentence-transformers' (approx. 500MB combined), which can be slow and consume significant disk space.
  • ⚠️Web scraping functionality is dependent on the target websites' HTML structures. Changes to these websites (i5a6.com, hsciq.com) will break the parsers, requiring code updates.
  • ⚠️For exposing the API publicly, 'ngrok' needs to be installed, and optionally an auth token configured, which involves `subprocess` execution and external tool management.
Verified SafeView Analysis
The core server logic implements good input validation via Pydantic models and controls network requests to predefined target domains, mitigating common injection and SSRF risks. However, the FastAPI service (api_server.py) uses `allow_origins=["*"]` for CORS, which is overly permissive for public-facing APIs and could be a concern if not explicitly intended for broad access by non-browser clients. External AI models are loaded from HuggingFace, introducing a supply chain risk if the model itself is compromised.
Updated: 2025-11-28GitHub
0
0
Low Cost
dc-larsen icon

mcp-socket-docs

by dc-larsen

Sec9

Provides up-to-date Socket.dev documentation to Claude Desktop through a Model Context Protocol (MCP) server, enabling accurate AI responses to documentation-related queries.

Setup Requirements

  • ⚠️Node.js 18+ required
  • ⚠️Claude Desktop application required
  • ⚠️Manual configuration of Claude Desktop's `claude_desktop_config.json` file, including the absolute path to the repository on the user's machine
Verified SafeView Analysis
The server primarily serves pre-scraped, public documentation. Input validation is present for tool arguments (query, limit, url), restricting URLs to specific trusted domains (`docs.socket.dev`, `github.com`). The scraper uses standard `fetch` requests with a `User-Agent` and includes delays for rate limiting. There are no `eval` statements, hardcoded secrets, or obvious code injection vulnerabilities. The documentation data is loaded from a local JSON file, preventing dynamic content execution. The risk is minimal, primarily confined to potential edge cases in the HTML/Markdown content extraction regexes within the scraper, which is outside the live server's runtime execution path.
Updated: 2026-01-18GitHub
0
0
Medium Cost
bioanywhere icon

london

by bioanywhere

Sec9

A client library to access the World News API, enabling search and retrieval of news articles from thousands of sources in over 50 languages and 150 countries.

Setup Requirements

  • ⚠️Requires Python 3.7+ for the Python package.
  • ⚠️Requires an API Key for the World News API (likely a paid service).
  • ⚠️Requires internet access to communicate with the World News API.
Verified SafeView Analysis
The provided code snippets are for client libraries generated by OpenAPI Generator across multiple languages (C++, Java, Kotlin, Angular, Perl, Go, PHP, Python). They generally follow best practices for API interaction, such as handling API keys as user-provided values (not hardcoded) and proper parameter serialization for network requests. Modern HTTP clients are used, which typically manage low-level network security like SSL/TLS. Input validation is present in some areas (e.g., `enumValues` in C++ URL templating, Pydantic in Python models). No direct malicious patterns, obfuscation, or arbitrary code execution (`eval`) were observed in the truncated code.
Updated: 2025-12-13GitHub
0
0
Medium Cost
multistreams icon

typingmind-mcp-server

by multistreams

Sec7

Provides a server-side component for the TypingMind AI client, likely for proxying requests or managing custom AI model interactions for Railway deployment.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires an `AUTH_TOKEN` environment variable to be set for the server to function.
Review RequiredView Analysis
The server's core functionality is encapsulated within the `npx @typingmind/mcp` package. Without access to the source code of `@typingmind/mcp`, a comprehensive security audit of the actual server logic is not possible. The provided `package.json` and `README.md` do not contain obvious security vulnerabilities like 'eval', obfuscation, or hardcoded secrets. The primary risk factor is the trust placed in the external `@typingmind/mcp` package.
Updated: 2026-01-16GitHub
0
0
Medium Cost
mgrandau icon

docscope-mcp

by mgrandau

Sec9

MCP server for analyzing documentation quality across multiple programming languages and prioritizing improvements for AI-assisted code review and GitHub issue automation.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires GitHub CLI (gh) installed and authenticated for issue creation utilities.
  • ⚠️A VS Code window reload is required after installation for the MCP server to activate.
  • ⚠️Python AST parsing timeout protection (via SIGALRM) is not available on Windows.
Verified SafeView Analysis
The system demonstrates strong security awareness. Python AST parsing includes configurable DoS protections (code size, AST depth, parse timeout). File path handling uses `PathSecurityValidator` to prevent path traversal and symlink escapes. The `create_issues.py` utility, which uses `subprocess` calls for `gh CLI`, implements robust input validation (`DANGEROUS_CHARS_REGEX`), checks for null bytes, enforces length limits, and writes issue bodies to temporary files to prevent shell injection. Subprocess calls are justified by explicit mitigation strategies.
Updated: 2026-01-14GitHub
0
0
Medium Cost
efremidze icon

swift-mcp

by efremidze

Sec3

Provides curated Swift and SwiftUI patterns, best practices, and code examples to AI assistants via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Patreon integration for premium content requires `PATREON_CLIENT_ID` and `PATREON_CLIENT_SECRET` environment variables. Obtaining these credentials involves creating a Patreon OAuth application, which currently requires users to register as a 'creator' (even for personal use).
  • ⚠️YouTube content fetching (part of Patreon integration) requires a `YOUTUBE_API_KEY` environment variable.
Verified SafeView Analysis
The project uses `child_process.execSync` and `child_process.exec` to run external tools like `playwright` and `patreon-dl` for its *optional* premium Patreon integration. This includes launching a browser to extract session cookies and downloading content. While justified for its intended functionality (accessing Patreon content which lacks a direct API for content download), executing external commands carries inherent security risks, such as potential command injection if inputs were not perfectly sanitized (though not evident in the provided code) or vulnerabilities in the external tools themselves. Sensitive session cookies are written to a local file (`.patreon-session`) which, while used by a trusted local dependency, is less secure than `keytar` which is used for OAuth tokens. Users should be aware of these risks before enabling Patreon integration, and ensure their environment is secure.
Updated: 2026-01-19GitHub
0
0
Low Cost
BinodRai123 icon

mcp-server

by BinodRai123

Sec9

This server implements the Model Context Protocol (MCP) to define and expose AI-powered tools, such as a simple addition tool, via inter-process communication.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0+ (v20.0.0+ for full compatibility with '@google/genai' peer dependency, though not used in the provided tool).
  • ⚠️Designed for local inter-process communication using standard I/O, not a typical network-exposed HTTP server out-of-the-box (though 'express' dependency suggests HTTP support is possible).
Verified SafeView Analysis
The server uses `StdioServerTransport` for communication, limiting direct network exposure and generally making it safer for local inter-process use. Input validation is performed using `zod`, a good security practice. No 'eval' or obvious malicious patterns were found. The `@google/genai` dependency is present but not utilized in the provided tool definition, thus not introducing external API key requirements or associated risks in this snippet.
Updated: 2025-12-02GitHub
0
0
Medium Cost
khlanna icon
Sec5

This repository demonstrates an interactive client-server application built using the Model Context Protocol (MCP) SDK, allowing users to interact with AI-powered tools, resources, and prompts, primarily for data management and generative AI tasks.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (GEMINI_API_KEY) configured as an environment variable.
  • ⚠️The `src/data/users.json` file must exist and be writable by the Node.js process for user creation tools to function.
  • ⚠️Running the client (`npm run client:dev`) implicitly compiles the server and runs it as a child process, so `tsc` must be available in `PATH` or run explicitly beforehand (`npm run server:build`).
Review RequiredView Analysis
The server includes tools (`create-user`, `create-random-user`) that perform direct file system writes to `src/data/users.json` based on user input or AI-generated content. While limited to a JSON file in a local demonstration, this pattern is a significant security risk as uncontrolled inputs could lead to data corruption, resource exhaustion (e.g., excessively large files), or other local file system vulnerabilities if the application were used in a less controlled environment or with different file paths.
Updated: 2025-11-27GitHub
0
0
Medium Cost
BlockSecCA icon

unc-filesystem-mcp

by BlockSecCA

Sec8

Enables AI agents (specifically Claude Desktop) to perform secure filesystem operations with proper UNC path support on Windows, addressing issues with network drive resolution and subdirectory access.

Setup Requirements

  • ⚠️Requires Node.js runtime environment (version 20 or higher is indicated by glob/minimatch dependencies).
  • ⚠️One or more 'allowed directories' (UNC or local paths) must be explicitly configured as command-line arguments during server startup; the server will exit if no directories are provided.
Verified SafeView Analysis
The server's primary security mechanism is the `validatePath` function, which normalizes all incoming request paths and verifies they fall strictly within pre-configured 'allowedDirectories'. This robustly defends against path traversal vulnerabilities. All file system operations (`fs.readFile`, `fs.writeFile`, `fs.readdir`, `fs.stat`) are gated by this validation. The `edit_file` tool includes checks for unique occurrences to prevent unintended broad replacements. The `searchFiles` tool uses `glob` but limits user input to a wildcard pattern `**/*${pattern}*` within a validated `cwd`, mitigating risks associated with arbitrary glob patterns. No `eval` or obvious malicious patterns are present. The server operates with the permissions of the executing Node.js process.
Updated: 2025-11-25GitHub
0
0
Low Cost
cdavis405 icon

c3850-mcp-server

by cdavis405

Sec6

Bridge Cisco 3850 switches with AI for natural language network management.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher
  • ⚠️Cisco 3850 switch must have RESTCONF over HTTPS enabled (`ip http secure-server`, `restconf` commands on device)
  • ⚠️Disables SSL certificate verification (`verify=False`) to connect to the switch, posing a security risk due to potential man-in-the-middle attacks
Review RequiredView Analysis
The server uses `httpx.AsyncClient(verify=False)` by default, disabling SSL certificate verification. This is a critical security vulnerability for production environments as it allows man-in-the-middle attacks. While potentially intended for self-signed certificates, it should be configurable to allow providing a CA bundle. The `get-pip.py` file, though a standard utility, is heavily obfuscated and its inclusion in the repository could raise concerns during an audit. Credentials are managed securely via environment variables and `.env` files.
Updated: 2025-11-27GitHub
PreviousPage 540 of 713Next