Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
saskinosie icon

cook-mcp-server

by saskinosie

Sec8

Provides an AI-powered search and retrieval tool for the Cook Engineering Handbook, answering technical questions and fetching specific pages, including visual content.

Setup Requirements

  • ⚠️Requires a Weaviate Cloud instance and API key (paid service).
  • ⚠️Requires an OpenAI API Key (paid service) for GPT-4o vision model calls.
  • ⚠️If using Clerk-authenticated server variants (e.g., mcp_server_oauth.py), requires Clerk secret and publishable keys.
Verified SafeView Analysis
Secrets (API keys, URLs) are loaded from environment variables, which is good practice. The core operations are read-only searches. Some web server implementations (e.g., mcp_server_authenticated.py) use `allow_origins=["*"]` for CORS, which can be less secure if the API handles sensitive user data, but for a public-facing read-only tool, it's a common configuration. One variant (mcp_server_oauth.py) implements Clerk OAuth for more robust authentication. No 'eval' or other obvious malicious patterns were found.
Updated: 2025-11-19GitHub
0
0
Low Cost
zvxr icon

arcology

by zvxr

Sec6

Self-hosting an MCP (Multi-Modal AI Collaboration Protocol) server to integrate AI agents with an Obsidian knowledge base.

Setup Requirements

  • ⚠️Requires Docker Desktop for local execution.
  • ⚠️Requires `OBSIDIAN_API_KEY` and `ARCOLOGY_MCP_KEY` environment variables for secure operation and API access.
  • ⚠️Requires the 'Local REST API for Obsidian' plugin (from https://github.com/coddingtonbear/obsidian-local-rest-api) to be installed and configured within Obsidian.
Verified SafeView Analysis
The project uses ngrok to expose local services to the public internet via an HTTPS tunnel, which inherently introduces a significant network attack surface. This risk is mitigated by requiring an `ARCOLOGY_MCP_KEY` for authentication to the MCP bridge. The `patches/mcp_obsidian/tools.py` implements a `ComplexSearchToolHandler` that passes a `JsonLogic` query directly to the `obsidian-local-rest-api`. While this server does not execute `JsonLogic` itself, it acts as a proxy, making its security dependent on the robustness of the underlying Obsidian REST API's handling of such complex queries, especially if the AI agent is compromised or malicious. No hardcoded secrets or direct `eval`/`exec` of untrusted user input within this server's Python code were found. The `DeleteFileToolHandler` requires explicit confirmation, which is a good safety measure.
Updated: 2025-12-30GitHub
0
0
Medium Cost
aike1202 icon
Sec3

This server transforms Swagger/OpenAPI documentation into AI-callable tools, enabling AI models to perform API development tasks such as documentation querying, interface debugging, and cURL command generation.

Setup Requirements

  • ⚠️Requires Node.js (v18+ recommended) and npm/pnpm for installation and execution.
  • ⚠️Relies on a running Swagger/OpenAPI service accessible from the MCP server's host for documentation retrieval and API interaction.
  • ⚠️Authentication credentials are provided as command-line arguments, which may expose sensitive information in plaintext (e.g., in process lists or logs); secure handling of these arguments in the deployment environment is critical.
  • ⚠️Requires a compatible Model Context Protocol (MCP) Host (e.g., Claude Desktop, Windsurf) to integrate and use the provided tools.
Review RequiredView Analysis
The `debug_endpoint` tool allows AI to execute arbitrary HTTP requests, posing significant risks such as Server-Side Request Forgery (SSRF), internal network scanning, or interaction with unintended services if the AI is unconstrained or exploited. Authentication credentials for auto-login are passed via command-line arguments, which can be insecure as they may be visible in process lists or logs; secure handling of these arguments in the deployment environment is critical. The server also fetches Swagger docs from provided URLs, which could be a vector for fetching malicious content if not controlled.
Updated: 2025-11-22GitHub
0
0
Low Cost
StoyPenny icon

mcp-kilo-telegram

by StoyPenny

Sec9

Enables AI assistants to interact with humans via Telegram for decisions, approvals, and specific input, creating a 'human-in-the-loop' workflow.

Setup Requirements

  • ⚠️Requires a Telegram Bot Token from @BotFather (free to create)
  • ⚠️Telegram User ID recommended for security (auto-detects if not set, but explicit setting is safer)
  • ⚠️Python 3.10+ or Docker/Docker Compose required for installation
Verified SafeView Analysis
The server uses environment variables for `TELEGRAM_BOT_TOKEN` and `TELEGRAM_USER_ID`, preventing hardcoding of secrets. It leverages the `TELEGRAM_USER_ID` for access control, restricting interaction to a specific user, which is a good security practice. The optional auto-detection of `TELEGRAM_USER_ID` if not set could be a minor risk, as the bot would respond to the last person who messaged it. However, the documentation clearly highlights this and recommends setting it. No 'eval' or other inherently dangerous patterns, obfuscation, or malicious network activities were observed beyond standard Telegram API interaction.
Updated: 2026-01-17GitHub
0
0
Medium Cost
fwdslsh icon

converse

by fwdslsh

Sec8

A lightweight Model Context Protocol (MCP) server that provides voice capabilities (TTS/STT) using remote OpenAI-compatible APIs, enabling AI assistants to speak and listen through system audio devices.

Setup Requirements

  • ⚠️Requires OpenAI-compatible TTS/STT API endpoints (e.g., OpenAI, LocalAI). These are typically paid services or require local setup.
  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires system audio utilities like `aplay` and `arecord` (Linux), `afplay` and `sox` (macOS), or custom commands configured via `PLAY_CMD` and `RECORD_CMD` environment variables.
Verified SafeView Analysis
The server uses `child_process.spawn` to execute system audio commands (`aplay`, `arecord`, etc.). While `spawn` is generally safer than `exec`, if the `PLAY_CMD` or `RECORD_CMD` environment variables are maliciously configured by the operator, they could execute arbitrary commands. This is a configuration risk rather than a direct code vulnerability. No other critical security risks like `eval` or hardcoded secrets were identified in the provided source code. API keys are handled via environment variables.
Updated: 2025-12-29GitHub
0
0
Medium Cost

MCP_NODE

by TechMaster1000

Sec5

A Node.js gateway that connects AI models (AWS Bedrock) with external tools (Model Context Protocol servers) via a streaming SSE endpoint for real-time, agentic AI applications.

Setup Requirements

  • ⚠️Requires a properly configured AWS account with Bedrock access, including enabled Claude models (with region-specific inference profile IDs) and complex IAM roles (`ecsTaskExecutionRole` to `sts:AssumeRole` to `BedrockAccessRole`) for secure ECS Fargate deployment, or direct AWS credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`) for local development.
  • ⚠️`MCP_SERVERS` environment variable must be a correctly formatted JSON array string, containing valid configurations for stdio or HTTP MCP servers. Incorrect formatting or misconfigured commands/URLs (e.g., requiring specific `npx` packages) will cause startup issues.
  • ⚠️Many advanced MCP servers (e.g., Brave Search, GitHub, Google Maps) require API keys, which must be securely provided via environment variables in the individual MCP server configuration within the `MCP_SERVERS` JSON array or AWS Secrets Manager.
  • ⚠️Using the `filesystem` MCP server on macOS requires granting 'Full Disk Access' manually to the process, which is a high-privilege system permission.
Review RequiredView Analysis
The gateway's `stdio-client` can execute arbitrary commands (`npx`, `command`, `args`) configured via the `MCP_SERVERS` environment variable. While `MCP_SERVERS` is intended for administrative configuration, any compromise of the environment or application could lead to arbitrary code execution on the host where the gateway runs. The `filesystem` MCP server, if configured, explicitly requires 'Full Disk Access' on macOS, exposing a broad attack surface. The gateway does not perform input validation on tool arguments against the tool's schema, relying entirely on individual MCP servers for this, which could be a vulnerability if an MCP server is misconfigured or a malicious prompt bypasses Bedrock's guardrails. No hardcoded secrets were found in the code, and AWS credentials are handled via IAM roles or Secrets Manager, which are good practices for secure credential management.
Updated: 2025-11-25GitHub
0
0
High Cost
GavinZha0 icon

ChatPie

by GavinZha0

Sec8

ChatPie is a modern AI-driven chat platform designed to facilitate seamless human-AI collaboration, upgrading AI from a simple tool to a true partner for natural communication and efficient task completion.

Setup Requirements

  • ⚠️Requires API Keys (e.g., OpenAI, Anthropic, Exa, Google Generative AI) for core AI features, which typically involve paid usage.
  • ⚠️Requires Docker for a quick start, or manual setup of PostgreSQL and a compatible file storage solution (RustFS, S3, MinIO, or Vercel Blob).
  • ⚠️The `BETTER_AUTH_SECRET` environment variable must be set for authentication to function correctly.
Verified SafeView Analysis
The server utilizes environment variables for sensitive configurations, employs an ORM (Drizzle) for database interactions to mitigate SQL injection risks, and implements robust role-based access control for administrative features. Authentication is handled via 'better-auth'. However, inherent risks stem from powerful AI tools: - In-browser code execution (JavaScript via `new Function`, Python via Pyodide) is sandboxed client-side, but client-side vulnerabilities are possible. - The HTTP request tool allows LLMs to make arbitrary network requests, which poses potential SSRF or data exfiltration risks if not carefully constrained by prompt engineering. - Connections to external MCP servers introduce dependency risks on those servers' security practices. - File uploads require robust validation to prevent malicious content.
Updated: 2025-12-09GitHub
0
0
Medium Cost
danielecelsa icon

chatbot-with-search

by danielecelsa

Sec9

An advanced AI client for autonomous web research, utilizing a decoupled microservices architecture with the Model Context Protocol (MCP) for tool communication.

Setup Requirements

  • ⚠️Requires a Google Cloud API Key (for Gemini LLM).
  • ⚠️Requires a separate Tavily API Key for the *MCP Server* (not this client, but the server must be running and configured).
  • ⚠️Python 3.10+ is required.
  • ⚠️The default `MCP_TAVILY_URL` points to a potentially public server. For production or sensitive use, a self-hosted MCP server with Tavily API configured is recommended.
Verified SafeView Analysis
The project follows good security practices by externalizing API keys to environment variables and implements a decoupled security model where the client (agent) does not directly hold sensitive API keys like the Tavily key. However, it relies on an external MCP server URL (`MCP_TAVILY_URL`) which, if compromised or misconfigured, could lead to unexpected behavior or data exposure. The `get_user_info` helper function relies on undocumented Streamlit internal APIs, which could be a stability risk for future Streamlit versions, but not a direct security vulnerability.
Updated: 2025-12-20GitHub
0
0
Low Cost
JanWillemSteur65 icon

mas-mcp-server

by JanWillemSteur65

Sec3

An independent MCP Server designed for multi-tenant IBM Maximo Application Suite (Manage), providing an MCP endpoint, admin UI, user/role management, Maximo discovery, message logging, and concept definition.

Setup Requirements

  • ⚠️Requires replacing `REPLACE_WITH_YOUR_GIT_URL` in `02-buildconfigs.yaml` with your repository URL.
  • ⚠️For production, PostgreSQL requires persistent volumes; the provided `04-postgres.yaml` uses `emptyDir`, leading to data loss on pod restart.
  • ⚠️Critical environment variables (e.g., `MAS_MCP_JWT_SECRET`, `POSTGRES_PASSWORD`, `MAS_MCP_BOOTSTRAP_ADMIN_PASSWORD`) are set to weak defaults in `03-config-and-secrets.yaml` and `init_db.py`, which MUST be changed for any production deployment.
Review RequiredView Analysis
The OpenShift deployment manifests (03-config-and-secrets.yaml) hardcode critical secrets like MAS_MCP_JWT_SECRET ('CHANGE_ME') and PostgreSQL credentials (user: masmcp, password: masmcp). If these manifests are applied directly without modification, the deployed system will have publicly known, weak credentials, posing a severe security risk in production. Default admin bootstrap credentials (admin@example.com/admin) are also present. CORS is set to '*' by default, requiring explicit lockdown for production. Tenant credentials for Maximo (`api_key_enc`, `username_enc`, `password_enc`) are stored with an `_enc` suffix, implying encryption, but the encryption/decryption implementation is not provided in the source, making it a blind spot for audit.
Updated: 2026-01-17GitHub
0
0
Low Cost
keidson299 icon
Sec8

A Model Context Protocol (MCP) server for analyzing business emails and spreadsheet data, integrating with Claude Desktop to provide intelligent analysis tools.

Setup Requirements

  • ⚠️Requires manual configuration of Claude Desktop's `claude_desktop_config.json` file.
  • ⚠️Requires Claude Desktop (latest version) to be installed and running.
  • ⚠️Python path and project directory path in the Claude Desktop configuration must be precise (e.g., using forward slashes or double backslashes on Windows).
Verified SafeView Analysis
The server's `analyze_eml_file` tool directly accesses local files specified by a `file_path` argument. While it checks for file existence and the `.eml` extension, a malicious actor (e.g., via a compromised Claude Desktop client or successful prompt injection) could potentially direct the server to read sensitive `.eml` files on the local file system that the server process has access to, leading to local file disclosure. There are no direct `eval` or `exec` calls, no hardcoded secrets, and no external network requests to untrusted sources within the provided source code, limiting the risk to information disclosure rather than arbitrary code execution.
Updated: 2025-12-15GitHub
0
0
Low Cost
udaydevarakonda icon

MCP_Remote_Server_Demo

by udaydevarakonda

Sec9

This server acts as a weather agent, providing real-time weather alerts and forecasts by integrating with the National Weather Service (NWS) API.

Setup Requirements

  • ⚠️Requires Node.js (version 18 or higher recommended due to dependencies).
  • ⚠️Requires internet connectivity to access the NWS API.
  • ⚠️Designed to run as a Model Context Protocol (MCP) server communicating over standard input/output (stdio), not a standalone HTTP server.
Verified SafeView Analysis
The server primarily makes HTTP requests to a public, well-known API (National Weather Service). Input validation is performed using Zod, limiting potential injection vectors. There are no direct uses of `eval`, no obfuscated code, and no hardcoded sensitive secrets found. The application's exposure to external threats is through its NWS API calls and its stdio transport, which implies it's an internal tool rather than a public-facing API.
Updated: 2025-12-01GitHub
0
0
Medium Cost
vweiss960 icon
Sec9

An MCP server for interacting with YouTube Music and performing web searches.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires BRAVE_API_KEY for web search functionality (optional).
  • ⚠️The `ytmusicapi` library may require authentication, which needs to be configured separately according to its documentation.
Verified SafeView Analysis
The code uses `os.environ.get` for API keys, which is good practice. No `eval` or `exec` statements are present. The primary security considerations involve the use of `ytmusicapi` and `requests` libraries, and ensuring the Brave API key is kept secure.
Updated: 2025-11-28GitHub
PreviousPage 543 of 713Next