Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
vicgarcia icon

obsidian-mcp

by vicgarcia

Sec9

Enables Claude Desktop/Code to manage an Obsidian vault for daily journaling, project documentation, and knowledge management.

Setup Requirements

  • ⚠️Requires Docker to be installed and running.
  • ⚠️Requires Python 3.12 or newer for local development/execution, though Docker deployment abstracts this.
  • ⚠️Requires an absolute path to your Obsidian vault to be mounted into the Docker container (`-v /path/to/your/vault:/vault`).
  • ⚠️Requires the `TZ` environment variable to be set for accurate date/time calculations (e.g., `America/New_York`).
  • ⚠️Requires configuring Claude Desktop or Claude Code with the server definition.
Verified SafeView Analysis
The server implements robust path validation using `pathlib.Path.is_relative_to()` and Pydantic models to prevent directory traversal attacks and sanitize inputs. It is designed to run in a Docker container with specific user permissions (`--user`) to enforce the principle of least privilege. No direct `eval` or similar dangerous functions were identified. The risk of accessing files outside the mounted vault is effectively mitigated.
Updated: 2025-11-26GitHub
0
0
Medium Cost
audibleblink icon

tmux-mcp-server

by audibleblink

Sec3

This MCP server enables AI assistants to manage local tmux sessions, including creating, listing, and killing sessions, windows, and panes, as well as interacting with panes by sending commands and capturing output.

Setup Requirements

  • ⚠️Requires Node.js >= 18
  • ⚠️Requires tmux installed and available in PATH
Review RequiredView Analysis
The server uses `child_process.execAsync` to run `tmux` commands, directly interpolating user-provided arguments (e.g., session names, window names, start directories, pane indices) into shell command strings. This design is highly susceptible to command injection vulnerabilities. For example, if a session name input is `my_session"; rm -rf / #`, it could lead to arbitrary command execution on the host system. While `tmux_send_keys` attempts to escape double quotes, this escaping is not consistently applied to all arguments in all tools, and is insufficient to prevent all forms of command injection. There are no other obvious security flaws like hardcoded secrets or 'eval' usage, but the command injection risk is critical.
Updated: 2025-11-22GitHub
0
0
Medium Cost
acamit icon
Sec9

This server provides weather alerts and forecasts by integrating with the National Weather Service (NWS) API, acting as a tool for an MCP agent.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Python dependencies (`httpx`, `mcp[cli]`) to be installed.
  • ⚠️Requires an active internet connection to access the NWS API.
  • ⚠️This is an MCP server and is designed to be run as a tool by an MCP host/agent, not as a standalone user-facing application.
Verified SafeView Analysis
The server makes external HTTP requests to a known public API (api.weather.gov) using `httpx`. No 'eval' or other highly dangerous patterns are present. Arguments to `mcp.tool()` functions are directly used in f-strings for URL construction, which could be a minor theoretical risk if a malicious MCP host were to inject arbitrary strings. However, for the NWS API context, this risk is minimal and unlikely to lead to severe vulnerabilities beyond malformed requests. No hardcoded secrets or sensitive credentials were found. Logging is appropriately configured to `sys.stderr`.
Updated: 2025-11-27GitHub
0
0
Medium Cost
jchoi2x icon

genius-mcp

by jchoi2x

Sec8

Provides a Model Context Protocol (MCP) server for LLMs and AI applications to interact with the Genius API, enabling search for songs, artists, fetching lyrics, and retrieving music metadata.

Setup Requirements

  • ⚠️Requires a Genius API key (Client Access Token).
  • ⚠️Requires a Cloudflare account for deployment.
Verified SafeView Analysis
The server securely manages API keys by retrieving them from environment variables (`env.GENIUS_API_KEY`). It relies on web scraping (`cheerio`) for lyrics, which can be sensitive to website structural changes but is a common approach when direct API access isn't available for that data. No 'eval', obfuscation, or other immediately malicious patterns were found in the provided source code. Network requests explicitly set a 'User-Agent'. Logging of errors might expose some operational details but not credentials.
Updated: 2025-12-04GitHub
0
0
Low Cost
aaryagodbole icon
Sec9

A Micro-Agent Compute Protocol (MCP) server for tracking and managing personal expenses using a local SQLite database.

Setup Requirements

  • ⚠️Requires Python 3.14+ as per pyproject.toml (note: Python 3.14 is a future version, this might be a typo and earlier versions like 3.9+ may work with fastmcp).
  • ⚠️Expense data is stored in a temporary directory (tempfile.gettempdir()) which means data might not persist across system reboots or temporary file cleanups.
  • ⚠️Dependencies include fastmcp>=2.14.3 and aiosqlite.
Verified SafeView Analysis
The server appears secure. It uses parameterized SQL queries throughout all database operations (add_expense, list_expenses, summarize), effectively preventing SQL injection vulnerabilities. There is no usage of 'eval' or other highly dangerous functions. File paths are constructed using standard library functions (os.path.join, tempfile.gettempdir(), os.path.dirname(__file__)) and do not appear susceptible to path traversal attacks. No hardcoded secrets or malicious patterns were identified. The database is stored in a temporary directory which, while functional, might not be suitable for persistent storage across system reboots or cleanup routines.
Updated: 2026-01-19GitHub
0
0
Medium Cost
heqds icon

brew-mcp

by heqds

Sec9

Provides an LM Studio MCP server to manage macOS Homebrew packages as tools.

Setup Requirements

  • ⚠️Homebrew ('brew') must be installed and accessible on the system's PATH.
  • ⚠️Requires the `mcp` Python library to be installed (e.g., `pip install fastmcp`).
  • ⚠️Designed to run within LM Studio's Multi-tool Context Protocol (MCP) framework.
Verified SafeView Analysis
The server executes Homebrew commands via `subprocess.run` with good input validation (`NAME_PATTERN`) to prevent command injection. It carefully constructs command arguments as a list. Timeouts are used for long-running operations. There are no direct uses of `eval` or obvious network risks beyond what Homebrew itself would inherently do.
Updated: 2025-11-23GitHub
0
0
Medium Cost
a67793581 icon
Sec6

An MCP server for AI agents to query Ethereum balances, token prices, and simulate token swaps.

Setup Requirements

  • ⚠️Requires a valid Infura Project ID (INFURA_PROJECT_ID) for Ethereum RPC access, which may incur costs based on usage.
  • ⚠️Requires a wallet private key (PRIVATE_KEY) for transaction simulation, posing a security risk if not managed carefully (e.g., using a burner wallet with no funds).
Review RequiredView Analysis
The server requires a `PRIVATE_KEY` to be set as an environment variable, which is used to instantiate a `LocalWallet` for transaction simulation in the `swap_tokens` function. While the current implementation only uses this for `estimate_gas` (which performs an `eth_call` and does not execute on-chain), exposing a live private key to a server, especially one designed for AI agents, introduces a significant risk. If the server were compromised or the code accidentally or maliciously modified, this private key could be used to sign and broadcast real transactions, leading to potential fund loss. A safer approach for simulations might involve using a dedicated simulation environment or a burner private key with no real assets.
Updated: 2025-11-26GitHub
0
0
Medium Cost
Gagan0406 icon
Sec4

An AI assistant leveraging LangGraph and Multi-Server MCP to manage expenses, fetch real-time data like stock prices, and perform general search queries.

Setup Requirements

  • ⚠️Requires Python >= 3.13.
  • ⚠️A local or remote LLM compatible with OpenAI API is needed (either OPENAI_API_KEY set for OpenAI or base_url/api_key configured for a local LLM). The 'langgraph_with_mcp.v1/v2.py' files would use OpenAI by default if OPENAI_API_KEY is available.
  • ⚠️The MultiServerMCPClient in 'langgraph_with_mcp.v1/v2.py' and 'client.demo.py' is configured with external MCP server URLs (fastmcp.app domains) which must be accessible and operational.
  • ⚠️The 'arith' server configuration in 'langgraph_with_mcp.v1/v2.py' uses a hardcoded local path '/Users/nitish/Desktop/mcp-math-server/main.py' which will likely need to be adjusted or removed for other users.
  • ⚠️The hardcoded Alpha Vantage API key in 'get_stock_price' is a major security flaw and needs to be replaced with a secure environment variable or removed.
Review RequiredView Analysis
Critical security risk due to a hardcoded Alpha Vantage API key ('C9PE94QUEW9VWGFM') in 'langgraph_with_mcp.v1.py' and 'langgraph_with_mcp.v2.py'. The 'remote_server.mcp.py' stores its SQLite database in a system-wide temporary directory, which can lead to data exposure or conflicts. The server binds to '0.0.0.0:8000', making it publicly accessible, and lacks explicit authentication or access control mechanisms.
Updated: 2026-01-16GitHub
0
0
Medium Cost
hdjebar icon

neo4j-yass-mcp

by hdjebar

Sec10

A production-ready, security-enhanced Model Context Protocol (MCP) server that provides natural language querying capabilities for Neo4j graph databases using LLM-powered Cypher generation and performance analysis.

Setup Requirements

  • ⚠️Requires Neo4j 5.x database with APOC plugin installed and enabled (GDS plugin recommended).
  • ⚠️Requires an API key for your chosen LLM provider (e.g., OpenAI, Anthropic, Google Generative AI), which is typically a paid service.
  • ⚠️A strong Neo4j password is required; weak passwords are blocked in production unless ALLOW_WEAK_PASSWORDS=true (for development only).
Verified SafeView Analysis
The server implements a 6-layer defense-in-depth security architecture, including comprehensive query sanitization (Cypher injection, UTF-8 attacks, dangerous patterns), complexity limiting, read-only enforcement, audit logging, response size limiting, and per-client rate limiting. It explicitly blocks weak passwords and debug mode in production environments, enforces TLS for Neo4j connections, and mitigates OWASP Top 10 threats. All security checks occur *before* query execution.
Updated: 2025-11-22GitHub
0
0
High Cost
dammyboss icon
Sec8

Facilitate natural language interaction and management of Azure DevOps resources via a chat interface, powered by OpenAI function calling.

Setup Requirements

  • ⚠️Requires an Azure DevOps Personal Access Token (PAT) with appropriate read/write permissions for accessing Azure DevOps resources.
  • ⚠️Requires an Azure OpenAI service deployment (endpoint, API key, API version, deployment name) for natural language processing, which incurs costs.
  • ⚠️Node.js version 18+ is a prerequisite for running the application.
Verified SafeView Analysis
Secrets are correctly handled via environment variables (`.env`). No 'eval' or code obfuscation was observed. The project utilizes `axios` for external API calls, which is a standard and generally secure HTTP client. CORS is enabled globally by default (`app.use(cors())`) which is permissive and should be configured for specific origins in a production deployment to mitigate certain web security risks, though it is acceptable for self-hosted development or internal tools. Error messages in tool calls might expose some internal details if not sanitized, but generally, robust `try-catch` blocks are in place.
Updated: 2025-12-13GitHub
0
0
Medium Cost
shanto12 icon
Sec3

Enables AI assistants to interact with Splunk SOAR instances for security operations and automation via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Splunk SOAR instance.
  • ⚠️Mandatory environment variables: `SPLUNK_SOAR_URL` and `SPLUNK_SOAR_TOKEN`.
  • ⚠️The default SSL configuration (`ssl.create_unverified_context()`) makes it insecure for production use without addressing certificate validation.
  • ⚠️If using `mcp_server_remote.py` for remote clients (e.g., Claude.ai web), the server must be publicly exposed, requiring tools like ngrok or cloud deployment.
Review RequiredView Analysis
The server uses `ssl.create_unverified_context()` which disables SSL certificate validation, making API communication vulnerable to Man-in-the-Middle (MITM) attacks. While noted for self-signed certificates, this is a critical security flaw for production environments handling sensitive security data. Additionally, the `mcp_server_remote.py` listens on `0.0.0.0` and would require careful exposure (e.g., secure reverse proxy with proper SSL and network segmentation) if used publicly, further exacerbating the initial SSL issue. No hardcoded secrets or 'eval' statements were found.
Updated: 2025-12-29GitHub
0
0
Medium Cost
kp18-cpu icon

Kali_MCP_server

by kp18-cpu

Sec8

Provides an interface for AI assistants to perform web application penetration testing using Kali Linux tools.

Setup Requirements

  • ⚠️Requires Docker Desktop with MCP Toolkit enabled.
  • ⚠️Requires Docker MCP CLI plugin (`docker mcp` command).
  • ⚠️Assumes a Kali Linux environment (or an environment with pentesting tools installed) within the Docker container.
Verified SafeView Analysis
The server implements robust input sanitization to prevent command injection and strong target validation, restricting scans by default to localhost and private IP ranges. It also allows configurable allowed targets. Commands are executed with timeouts and the README states it runs as a non-root user in a container. While these measures significantly mitigate risk, the inherent nature of running penetration testing tools means careful usage and adherence to legal authorization are critical.
Updated: 2025-11-30GitHub
PreviousPage 549 of 713Next