Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
blogtheristo icon

cursoradk

by blogtheristo

Sec9

Automates the deployment of an MCP Server to Google Cloud Platform using GitHub Actions and Workload Identity Federation.

Setup Requirements

  • ⚠️Requires a Google Cloud Platform project with Workload Identity Federation configured (specifically a pool named 'github-pool' and a provider named 'github-provider').
  • ⚠️Requires a GCP Service Account ('cursoradk25@cursoradk.iam.gserviceaccount.com') with permissions to deploy the actual MCP server.
  • ⚠️The GitHub repository must match the audience specified in the workflow ('https://github.com/blogtheristo/cursoradk').
Verified SafeView Analysis
Uses Google Cloud Workload Identity Federation for secure authentication, avoiding hardcoded secrets. Permissions requested are appropriate for the tasks. No 'eval', obfuscation, or direct network risks are present in the provided workflow. The service account and provider details are configuration specific to a GCP project.
Updated: 2025-11-19GitHub
0
0
Low Cost
es6kr icon
Sec3

Manages Claude Code conversation sessions, including project, session, and message management, along with a SvelteKit-based Web UI.

Setup Requirements

  • ⚠️Requires Node.js 22+ to run.
  • ⚠️Requires pnpm 9.15.0 with corepack enabled for development/installation.
  • ⚠️Requires manual Claude Code MCP integration or editing `~/.claude.json`.
Review RequiredView Analysis
The server uses `child_process.execAsync` to open files (`code "${filePath}"`) via the `/api/open-file` endpoint. While intended for local file management, this endpoint allows an arbitrary `filePath` to be passed from the client side without server-side validation or restriction. This means a malicious actor (or a compromised UI) could potentially command the server to open any file on the user's local system (e.g., sensitive configuration files, private keys) in VS Code. Although `code "..."` mitigates some basic shell injection, the ability to specify arbitrary file paths is a significant local privilege escalation risk. No hardcoded secrets were found. File system operations are confined to expected Claude directories for session management, except for this specific 'open file' functionality.
Updated: 2025-12-25GitHub
0
0
Medium Cost
consigcody94 icon

mcp-server-suite

by consigcody94

Sec9

This suite provides specialized MCP servers for natural language to SQL translation, AST-based code security analysis, and Git conventional commit message generation.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0
  • ⚠️Requires npm >= 10.0.0
  • ⚠️SQL Whisperer requires loading a database schema (SQL or JSON) using its tools before natural language queries can be effectively translated.
Verified SafeView Analysis
The project demonstrates robust security practices across its core and specialized servers. The MCP core handles input validation (Zod), structured error handling, logging, and includes rate limiting and caching as built-in middleware. SQL Whisperer, a high-risk area, effectively prevents SQL injection by quoting identifiers and using parameterized queries for user-provided values. It also explicitly warns about UPDATE/DELETE queries without WHERE clauses. Schema parsing is designed for metadata extraction, not arbitrary code execution. Sentinel AI performs AST-based code analysis, detecting common vulnerabilities (e.g., SQL Injection, XSS, hardcoded secrets, insecure randomness, prototype pollution) without executing the analyzed code, making its operation safe. It explicitly identifies dangerous patterns like 'eval'. Commit Craft deals with text processing (Git diffs and commit messages), which are inherently less prone to code execution vulnerabilities. No hardcoded secrets or malicious patterns were found in the provided code snippets. All servers primarily communicate via standard I/O, reducing external network attack surface.
Updated: 2025-12-01GitHub
0
0
Low Cost
n8daniels icon

RulesetMCP

by n8daniels

Sec8

RulesetMCP provides AI agents with project-aware rulebooks defined in version-controlled files for contextual understanding and enforcement of coding standards, conventions, and process guidelines.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️A `rulesetmcp.config.json` file must be created and specified for project configuration.
  • ⚠️The YAML parser currently uses `JSON.parse` (as an MVP), which may not robustly handle complex YAML structures; a proper YAML library is planned but not yet implemented.
Verified SafeView Analysis
The server primarily operates via standard input/output (stdio), reducing external network attack surfaces. It does not contain obvious hardcoded secrets, direct arbitrary code execution ('eval', 'child_process.exec'), or obfuscation. A potential, albeit indirect, risk exists with user-defined regular expressions in rule files (`rule.pattern` used in `validateSnippet`), which could be crafted to cause ReDoS (Regular Expression Denial of Service) if rule definitions are compromised or untrusted. However, rule files are assumed to be trusted, version-controlled assets, making this a concern for the integrity of the project's rule definitions rather than a direct vulnerability in the server's runtime.
Updated: 2025-12-06GitHub
0
0
Low Cost
ziangziangziang icon

mcp-mongodb

by ziangziangziang

Sec7

Exposes a MongoDB database to Model Context Protocol (MCP) agents, providing tools for database inspection, querying, and aggregation.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires a MongoDB instance (local or hosted) to be running and `MONGODB_URI` environment variable to be set.
  • ⚠️Requires an MCP-capable client (e.g., GitHub Copilot Chat in Agent mode, Codex CLI) for interaction.
  • ⚠️For robust security, the MongoDB user connected via `MONGODB_URI` must be configured with read-only permissions to prevent accidental or malicious write/delete operations.
Verified SafeView Analysis
The `query` and `aggregation` tools accept flexible JSON objects for filters, projections, sort, and pipelines (`z.any()` in their input schemas). This allows agents to construct arbitrary MongoDB read queries. While the README emphasizes 'read-only access' and strongly recommends not exposing the server publicly, and database access can be controlled via `ALLOWED_DB_NAME`/`DISALLOWED_DB_NAME` environment variables, a compromised or maliciously instructed agent could potentially execute complex, resource-intensive read operations or exfiltrate unintended data if the connected MongoDB user has broader permissions than strictly necessary for these tools. It is CRITICAL to ensure the MongoDB user configured via `MONGODB_URI` has minimal, read-only privileges.
Updated: 2025-12-05GitHub
0
0
High Cost
hunterkevv icon

iphone-mcp

by hunterkevv

Sec7

Provides an MCP server to automate iPhone tasks like UI interaction, app control, and screenshot capture via Appium.

Setup Requirements

  • ⚠️Requires a local Appium server to be installed and running, which itself needs a complex iOS development environment setup (Xcode, WebDriverAgent).
  • ⚠️The UDID of the target iPhone is a mandatory configuration ('DEVICE_UDID' environment variable or '--udid' argument).
  • ⚠️Relies on 'pymobiledevice3' for direct device interaction, which might have its own platform-specific dependencies or requirements.
Verified SafeView Analysis
The server binds to '127.0.0.1' by default, limiting external access. If 'SERVER_HOST' is set to '0.0.0.0' or a public IP, the MCP server would expose control of the connected iPhone to the network without authentication. The underlying Appium server is run with '--relaxed-security', which is permissive but often required for iOS automation. No direct malicious patterns, 'eval', or hardcoded secrets were found in the Python code. Input XML parsing from Appium is considered internal and low risk for XXE.
Updated: 2026-01-19GitHub
0
0
High Cost
daniil-shumko icon

cloudflare-dns-mcp

by daniil-shumko

Sec9

Enables natural language management of Cloudflare DNS records and zones for AI assistants via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires CLOUDFLARE_API_TOKEN environment variable to be set.
  • ⚠️Cloudflare API Token needs specific permissions: Zone.Zone: Read, Zone.DNS: Edit, and optionally Zone.Zone: Edit for the `add_zone` tool.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server loads the Cloudflare API token from environment variables (CLOUDFLARE_API_TOKEN), which is a secure practice. It explicitly warns users in the README about the 'vibe coded' nature and strongly advises reviewing the code, cloning locally, using minimal API token permissions, and backing up DNS records before use. No 'eval' or obvious obfuscation was found in the provided source code, and network interactions are confined to the Cloudflare API. Tool annotations (destructiveHint) correctly flag actions that require extra caution, enhancing transparency.
Updated: 2026-01-07GitHub
0
0
Low Cost
kashyapm94 icon

learn-mcp-server

by kashyapm94

Sec9

This server provides a set of tools for an AI agent to interact with e-commerce data like customer information, order details, and product inventory.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Designed to be integrated with an LLM via the MCP protocol; it is not a standalone web service.
Verified SafeView Analysis
The server primarily communicates via standard I/O (stdio) as indicated by `mcp.run(transport='stdio')`, which inherently limits direct network exposure. It does not use `eval()` or similar dangerous functions, nor does it appear to handle external user input directly beyond tool arguments. The 'database' is an in-memory dictionary, so there are no hardcoded database credentials or external database connection risks. The risk is primarily confined to the integrity of the data it operates on and how it's integrated with an LLM.
Updated: 2025-11-26GitHub
0
0
Medium Cost
Andrewwilliamross icon

respring-content-mcp

by Andrewwilliamross

Sec3

Generates branded marketing materials like pitch decks, one-pagers, and social media infographics on demand.

Setup Requirements

  • ⚠️Requires Playwright's Chromium browser to be installed (`npx playwright install chromium`).
  • ⚠️Requires Node.js runtime environment.
  • ⚠️HTML escaping is explicitly disabled in templates, posing a high risk for HTML/script injection if content is not pre-sanitized.
Review RequiredView Analysis
The server explicitly disables HTML escaping for Mustache templates (`Mustache.escape = (text: string) => text;`). This means any content provided to the `generate_one_pager` or `generate_infographic` tools, if it contains malicious HTML or JavaScript, will be rendered directly without sanitization. If the content input is not strictly controlled and sanitized by the caller (e.g., an LLM generating arbitrary text for template fields), this creates a severe Cross-Site Scripting (XSS) or HTML injection vulnerability. Output paths for generated files (`RESPRING_OUTPUT_DIR`) are controlled, mitigating arbitrary file system writes. No 'eval' or direct command injection patterns were found in the server's core logic.
Updated: 2026-01-19GitHub
0
0
Medium Cost
zikifaker icon
Sec7

Serves as a Middle-ware Call Protocol (MCP) server providing specialized tools for diabetes knowledge graph search and user-specific knowledge base retrieval, primarily supporting Retrieval Augmented Generation (RAG) for AI agents.

Setup Requirements

  • ⚠️Requires external database instances: A Neo4j graph database and a Milvus vector database must be running and accessible.
  • ⚠️Requires a paid API Key: An API key for Alibaba Cloud Dashscope (or a compatible OpenAI endpoint) is required for `text-embedding-v4` embeddings, incurring usage costs.
  • ⚠️Requires manual data ingestion: Initial setup involves running `cmd/milvus-schema/main.go` to create the Milvus collection schema and `cmd/knowledge-graph/main.go` to populate the Neo4j knowledge graph from local JSON files.
Verified SafeView Analysis
The JWT secret key and database credentials are loaded from a configuration file, which is good practice. However, several database queries are constructed using string concatenation instead of fully parameterized queries. In `tools/diabetes_kg.go`, the Neo4j fulltext search query uses manual escaping for single quotes within the search string; while an attempt at sanitization, it's generally less robust than parameterized queries. In `tools/knowledge_base.go`, the Milvus filter uses string concatenation, though the user email is derived from validated JWT claims, mitigating risk. A significant Cypher injection vulnerability exists in `cmd/knowledge-graph/main.go`'s `saveRelation` function, where `relation.RelationType` is directly inserted into the query via `fmt.Sprintf`. This tool is for data ingestion from presumably trusted JSON files, but it highlights a potential weak point if source data or the ingestion process could be compromised. No hardcoded secrets were found in the main server code. For production, loading configuration via environment variables is generally preferred over only a local `config.yaml`.
Updated: 2026-01-01GitHub
0
0
Medium Cost
sequenzia icon

pg-mcp-server

by sequenzia

Sec9

Enables LLMs to interact with PostgreSQL databases for progressive schema discovery and read-only query execution.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires PostgreSQL 14+.
  • ⚠️Requires database connection details (PG_HOST, PG_PORT, PG_DATABASE, PG_USER, PG_PASSWORD) configured via .env file or environment variables.
Verified SafeView Analysis
The server implements robust security measures for database interaction, including: - Explicitly read-only design with comprehensive blocking of write/DDL/transaction keywords (INSERT, UPDATE, DELETE, DROP, CREATE, ALTER, etc.). - Enforcement of parameterized queries ($1, $2, etc.) to prevent SQL injection. - Database passwords loaded from environment variables/dotenv and handled as Pydantic `SecretStr`. - Configurable statement timeouts to prevent runaway queries. The primary area not covered (per MVP non-goals) is explicit authentication/authorization for the MCP server itself, which is a common consideration for networked services.
Updated: 2026-01-19GitHub
0
0
High Cost
Preetnagda icon

mcp-lab

by Preetnagda

Sec9

A Next.js dashboard for registering and testing HTTP-based Model Context Protocol (MCP) servers, allowing manual tool interaction or LLM-orchestrated chat experiences.

Setup Requirements

  • ⚠️Requires AWS credentials configured locally for deployment/development.
  • ⚠️Requires a PostgreSQL database URL and an encryption key to be configured as secrets (`DATABASE_URL`, `ENCRYPTION_KEY`).
  • ⚠️Requires API keys for LLM providers (e.g., OpenAI, Anthropic) to enable AI chat functionalities, which are typically paid services.
  • ⚠️Requires an email provider API key and sender email (`EMAIL_API_KEY`, `EMAIL_FROM`) for user login via magic links.
Verified SafeView Analysis
The application demonstrates strong security practices, utilizing NextAuth.js for robust authentication and session management, including magic links and Drizzle adapter. Data access is strictly user-scoped across API routes, mitigating unauthorized access. Drizzle ORM prevents SQL injection vulnerabilities by default. OAuth 2.0 authorization code flow with PKCE and state/nonce protection is implemented via `oauth4webapi`. Sensitive API keys and OAuth tokens are encrypted at rest using AES-256-GCM with a key securely managed by SST secrets. Input validation for tool arguments is enhanced by `@rjsf/validator-ajv8` when JSON schemas are provided. A minor note is the hardcoded default `DATABASE_URL` in `sst.config.ts` for local development, which is overwritten by secrets in deployed environments.
Updated: 2025-12-21GitHub
PreviousPage 546 of 713Next