Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
mariomosca icon

hidratespark-mcp

by mariomosca

Sec8

Integrate HidrateSpark smart water bottle data with Claude Desktop for hydration tracking and management.

Setup Requirements

  • ⚠️Requires HIDRATE_APP_ID, HIDRATE_CLIENT_KEY, HIDRATE_EMAIL, HIDRATE_PASSWORD environment variables to be set.
  • ⚠️This is an unofficial reverse-engineered client; the upstream HidrateSpark API may change or break without notice.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
No 'eval' or obfuscation found. User credentials (email, password) are loaded from environment variables, which is a good practice. Session tokens are cached in-memory only and are not persisted, enhancing security. The API keys (app_id, client_key) are embedded in the public Android app and used as defaults here, consistent with a reverse-engineered client. The server relies on the external HidrateSpark Parse API for all operations, which is an inherent network dependency. No malicious patterns identified.
Updated: 2026-01-19GitHub
0
0
Low Cost
Sec9

A Node.js server that exposes Facebook Graph API data (profile, feed, groups) as read-only MCP tools.

Setup Requirements

  • ⚠️Requires a valid Facebook Graph API access token with appropriate read permissions.
  • ⚠️Requires a user-defined MCP server API key for authentication.
  • ⚠️The Facebook Graph API token must have necessary permissions for the requested data (e.g., user profile, feed, group access).
Verified SafeView Analysis
The code uses standard libraries and does not appear to have obvious security vulnerabilities like 'eval' or malicious patterns. It correctly uses environment variables for sensitive information and implements an API key middleware. The primary risk would be exposure of the Facebook Access Token if not handled securely.
Updated: 2025-11-22GitHub
0
0
Low Cost
ilvolodel icon
Sec8

Provides a Micro-Capability Platform (MCP) server for digital signing PDF documents with intelligent positioning, Infocert integration, and automatic upload to DigitalOcean Spaces.

Setup Requirements

  • ⚠️Requires Infocert API credentials (CLIENT_ID, CLIENT_SECRET, TENANT), typically associated with a paid service account.
  • ⚠️Requires DigitalOcean Spaces access keys and a pre-configured bucket (DO_SPACES_ACCESS_KEY, DO_SPACES_SECRET_KEY, DO_SPACES_BUCKET, DO_SPACES_REGION, DO_SPACES_ENDPOINT), which incurs cloud storage costs.
  • ⚠️PDF analysis for signature placement (e.g., keyword search) may not function correctly on scanned PDFs (image-based documents) as they lack selectable text, potentially requiring the user to manually specify coordinates or a predefined position.
Verified SafeView Analysis
Uses environment variables for sensitive credentials (Infocert, DigitalOcean Spaces), which is a good security practice. API requests include `response.raise_for_status()` for error handling. PDF parsing with `pyhanko`, `PyPDF2`, and `pdfplumber` for document analysis carries inherent risks from potentially malformed documents; the use of `strict=False` in `PdfFileReader` and `PyPDF2.PdfReader` (fallback) might allow parsing of malformed PDFs, which could have security implications. Uploaded files to DigitalOcean Spaces are set to `private` ACL and accessed via presigned URLs for enhanced security, reducing public exposure.
Updated: 2025-11-30GitHub
0
0
High Cost
AIIIAjou icon
Sec4

Automates Open Source Intelligence (OSINT) gathering and threat detection, integrating various tools like web scraping, username search, and vulnerability scanning, with results visualized on a web dashboard.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires a local Ollama server running with the 'qwen3:14b' model downloaded.
  • ⚠️Requires API keys for Intelligence X, VirusTotal, and Google Safe Browsing (some may be paid or require registration).
  • ⚠️Requires `playwright install chromium` to download browser binaries (~200-300MB download).
Verified SafeView Analysis
The server uses Playwright to browse arbitrary, potentially malicious, URLs. While some Playwright instances have hardening arguments (e.g., in `web_interface.py`), this inherently carries a risk of browser exploits or malware if the LLM agent is compromised (e.g., via prompt injection) to interact with dangerous sites. The `interact_with_webpage` tool allows LLM-generated, detailed browser actions (clicks, types, selectors) which could be misused. Collected sensitive information and session data are stored locally in CSV and JSON files, posing a risk if the server's file system is compromised. API keys are managed via .env files, which is good practice.
Updated: 2025-12-10GitHub
0
0
Medium Cost
ChesterRa icon

ccontext

by ChesterRa

Sec9

Manages a persistent, shared execution context for AI agents across sessions, enabling project coordination and memory.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires setting the CCONTEXT_ROOT environment variable to the project directory or running the server from the desired project directory.
Verified SafeView Analysis
The server operates locally via standard I/O (stdio), limiting direct network attack surface. File operations are confined to a designated 'context/' directory within a specified project root, mitigating arbitrary file system access. Input validation is present for tool arguments, and `yaml.safe_load` is used to parse configuration, reducing YAML deserialization risks. `fcntl` is used for local file locking, not arbitrary code execution. No hardcoded secrets or direct 'eval' statements were found.
Updated: 2025-12-13GitHub
0
0
Low Cost
small-xiexu icon

mcp-server-study

by small-xiexu

Sec9

This project implements a Spring AI-based MCP (Model Context Protocol) server, enabling AI models to interact with external systems by providing various tool capabilities like querying computer configurations, exporting database data, querying weather, and publishing CSDN articles.

Setup Requirements

  • ⚠️Requires JDK 17+ and Maven.
  • ⚠️Database export functionality requires a configured MySQL instance.
  • ⚠️CSDN article publishing requires manual setup of a `~/.csdn/cookie.json` file and environment variables (CSDN_CA_KEY, CSDN_CA_NONCE, CSDN_CA_SIGNATURE).
  • ⚠️For running via an MCP client, the server's JAR path must be configured, e.g., `/path/to/mcp-server-study-1.0.0.jar`.
Verified SafeView Analysis
The project demonstrates robust security practices, especially for database interactions, using a custom `SqlValidator` and the Druid SQL firewall to prevent SQL injection (allowing only SELECT queries and disallowing multi-statements, comments, and DDL/DML operations). The `CsvWriter` prevents path traversal attacks. The `ComputerService` executes fixed system commands, mitigating direct command injection risks. CSDN API credentials are managed via external files and environment variables, avoiding hardcoding secrets in the source code. Operational security of these credentials is the user's responsibility. No 'eval' or obfuscation found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
MagmaBasilisk icon

mcp-run-python

by MagmaBasilisk

Sec8

Securely execute arbitrary Python code within a sandboxed environment, primarily as a tool for Model Context Protocol agents.

Setup Requirements

  • ⚠️Requires Deno runtime installed on the host system.
  • ⚠️Python 3.10+ required to run the Python orchestration layer.
Verified SafeView Analysis
The server uses Pyodide in a Deno runtime for sandboxed Python execution, which inherently provides isolation. Network access for user-provided Python code is controllable via the 'allow_networking' flag. Deno itself runs with controlled permissions from a temporary directory, mitigating direct system impact. Dependency installation may require network access. No obvious hardcoded secrets or malicious patterns were found. The primary risk lies in potential undiscovered vulnerabilities within Pyodide or Deno, or misuse of the 'allow_networking' flag by the caller.
Updated: 2025-12-15GitHub
0
0
Low Cost
tianmuji icon
Sec8

Enable AI coding agents to access and understand Figma design data, including spatial relationships and layout properties, for accurate design-to-code conversion and UI implementation.

Setup Requirements

  • ⚠️Requires a Figma API Key (Personal Access Token or OAuth Token) from Figma developer settings.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires manual JSON configuration in the AI client's MCP server settings (e.g., Cursor, VS Code Continue extension).
Verified SafeView Analysis
The server requires a Figma API key (personal access token or OAuth token) which must be securely provided by the user, not hardcoded. The `download_figma_images` tool downloads files from URLs provided by the Figma API; while generally safe, downloading from external sources always carries a theoretical risk if Figma's CDN could be compromised or the URLs maliciously altered. The `saveFigmaData` and `downloadFigmaImage` functions write to user-specified local paths, which could be exploited if a malicious `savePath`/`localPath` is provided to overwrite critical system files (though this assumes a malicious AI client or user input). The `fetchWithRetry` function's `curl` fallback constructs a command string with potentially user-derived URLs, but in practice, these URLs originate from the trusted Figma API and headers are server-configured, minimizing direct command injection risk from external malicious input.
Updated: 2025-11-24GitHub
0
0
Low Cost
mike-sanlon icon

Personal-Notion-MCP

by mike-sanlon

Sec9

Enables AI agents to interact with the Notion API by providing a Model Context Protocol (MCP) server for Notion.

Setup Requirements

  • ⚠️Requires manual setup of an internal Notion integration and granting it access to relevant pages/databases.
  • ⚠️Requires setting Notion API authentication (NOTION_TOKEN, OPENAPI_MCP_HEADERS, or NOTION_WORKSPACES) via environment variables.
  • ⚠️When using HTTP transport, an AUTH_TOKEN environment variable or command-line argument is required for API authentication.
  • ⚠️Client-side configuration (e.g., for Cursor, Claude, Zed, or Smithery) is necessary to connect to the MCP server.
Verified SafeView Analysis
The project follows good security practices, emphasizing the use of environment variables for Notion API tokens and a configurable bearer token for HTTP transport authentication. A comprehensive `SECURITY.md` outlines best practices for local development, GitHub publishing, and container deployment, explicitly warning against hardcoding tokens. An `eval` statement was found in `src/openapi-mcp-server/openapi/parser.ts`, but it is commented out and therefore inactive, posing no current runtime risk. The HTTP transport includes authentication, and a health endpoint is provided, which is standard practice. No obfuscation or other malicious patterns were detected.
Updated: 2025-11-23GitHub
0
0
Medium Cost
jwgv icon

ManualMind

by jwgv

Sec3

ManualMind is an AI-powered system for natural language search and querying of user manuals for electronic musical instruments.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (Paid service)
  • ⚠️Requires Docker and Docker Compose for deployment
  • ⚠️PDF manuals must be manually placed in the `media/` folder
  • ⚠️Requires Python 3.12 or newer
  • ⚠️The `mcp_client_stdio.sh` script requires the `jq` utility to be installed
Review RequiredView Analysis
The server uses `eval(processed_files)` in `main.py` when retrieving `processed_files` from Redis. If an attacker can manipulate the content of the `processed_files` Redis key, they could achieve arbitrary code execution on the server. Although other security measures like API key authentication and rate limiting are present, this `eval` call poses a critical vulnerability.
Updated: 2025-12-13GitHub
0
0
Low Cost
schwarztim icon

fiddler-mcp

by schwarztim

Sec7

Intercept HTTP/HTTPS traffic, extract credentials, and replay/make requests for API debugging and reverse engineering.

Setup Requirements

  • ⚠️Requires `mitmproxy` to be installed (e.g., `brew install mitmproxy` on macOS or `pip install mitmproxy`).
  • ⚠️Requires Node.js v18+.
  • ⚠️For HTTPS traffic, a mitmproxy CA certificate must be installed and trusted in your browser/system (visit `http://mitm.it` through the proxied browser).
Verified SafeView Analysis
The MCP uses `mitmdump` with the `--set ssl_insecure=true` flag. This disables SSL/TLS certificate verification for upstream connections, which can make the proxy susceptible to Man-in-the-Middle attacks if used for general browsing on untrusted networks. However, for its stated purpose of development and API analysis, this is sometimes a necessary configuration. Captured flows and extracted credentials (API keys, tokens, cookies) are stored locally in unencrypted JSON files in `~/.fiddler-mcp/flows.json`. While this is an expected behavior for a tool of this nature, it means these files should be protected with appropriate system-level security, as their compromise could lead to credential leakage.
Updated: 2026-01-16GitHub
0
0
High Cost
yfujita icon
Sec7

A Retrieval Augmented Generation (RAG) system that crawls web pages, indexes them in Elasticsearch, provides an MCP server for LLMs to query, and includes a chat UI for interaction.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for vector search and LLM chat features.
  • ⚠️Docker and Docker Compose are required to run the entire microservices stack.
  • ⚠️Elasticsearch service is configured to use 2GB of RAM (`-Xms2g -Xmx2g`), which can be a significant resource requirement for local development machines.
Verified SafeView Analysis
The system uses environment variables for sensitive data like OpenAI API keys (read from `openai_token.txt`), which is better than hardcoding. Tool arguments passed from LLMs are validated using Pydantic models in the `mcp-api`, mitigating some risks of arbitrary code execution through tool calls. The `mcp-api` includes a middleware to force `Host: localhost:8000` header for internal Docker communication, which is functional within the controlled environment but an unusual pattern that might need careful consideration in different deployment scenarios.
Updated: 2026-01-17GitHub
PreviousPage 547 of 713Next