Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
gurkanfikretgunak icon

mcp_server

by gurkanfikretgunak

Sec8

Manages Python packages and indexes project codebases for AI-assisted development using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️`uv` package manager must be installed and available in the system's PATH.
  • ⚠️Full Server-Sent Events (SSE) integration via HTTP/SSE transport requires additional setup with the MCP SDK, as the current implementation includes a placeholder.
Verified SafeView Analysis
The server implements API key-based authentication, a policy engine for package allow/block lists, and audit logging for tool invocations and resource access. It uses `subprocess.run` with lists for arguments, mitigating shell injection risks. Path operations within `ProjectScanner` and resource handlers correctly use `Path.resolve()` and `project_root / file_path` to prevent path traversal. A note in `src/python_package_mcp_server/transports/http.py` indicates that full SSE integration requires additional setup with the MCP SDK, which could be an area for further security hardening if not properly integrated.
Updated: 2026-01-19GitHub
0
0
Medium Cost
BojanMakivic icon
Sec8

Exposes Strava athlete activity data via a Model Context Protocol (MCP) server for integration with language model tooling.

Setup Requirements

  • ⚠️Requires Python >= 3.10.
  • ⚠️Requires `STRAVA_CLIENT_ID` and `STRAVA_CLIENT_SECRET` environment variables to be set.
  • ⚠️Initial authorization requires opening a browser URL and manually copying an authorization code from a redirect URI.
  • ⚠️Persists tokens to a local file (~/.strava_mcp_tokens.json), requiring local filesystem write permissions.
Verified SafeView Analysis
The server handles Strava OAuth, requesting 'read,activity:read_all' scope. Client ID and Secret are read from environment variables. Access and refresh tokens are persisted to a local JSON file (~/.strava_mcp_tokens.json) after initial authorization, which is a potential local filesystem security risk if the user's machine is compromised. The presence of `print(tokens)` in token handling functions is a minor debug issue that could expose tokens to stdout if logs are not secured.
Updated: 2026-01-19GitHub
0
0
Medium Cost
jackfioru92 icon

mcp-aruba-email

by jackfioru92

Sec9

Seamlessly integrate Aruba email and calendar with AI assistants for management tasks such as reading, searching, sending emails, and managing calendar events.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Aruba credentials (IMAP/SMTP/CalDAV username and password) must be manually configured via a .env file or directly in the MCP client's configuration (e.g., Claude Desktop, VS Code mcp.json).
  • ⚠️CalDAV calendar synchronization needs to be explicitly enabled within Aruba Webmail before calendar functions can be used.
Verified SafeView Analysis
The server runs locally, ensuring credentials do not leave the user's machine. Credentials are retrieved from environment variables or securely stored via `keytar` in the VS Code extension. All email and calendar connections use SSL/TLS encryption. The email verification tool's transient connection to external SMTP servers on port 25 is unencrypted, which is a standard method but noted. A public Imgur client ID is hardcoded for optional photo signature uploads, which isn't a direct user data security risk but means uploads are not anonymous on Imgur's side. No obvious remote code execution vulnerabilities or dangerous `eval`-like patterns were found from user input.
Updated: 2026-01-15GitHub
0
0
Medium Cost
sdesani icon

mcp-fhir

by sdesani

Sec9

The server provides a Model Context Protocol (MCP) interface for securely interacting with Oracle Millennium Platform's FHIR APIs to access patient, clinical, and administrative healthcare data.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires registration with Oracle Cerner Code Console to obtain FHIR_CLIENT_ID and FHIR_CLIENT_SECRET, which is a manual external setup step.
  • ⚠️Specific `uv run --with fastmcp fastmcp run` command and absolute path required for MCP client configuration.
Verified SafeView Analysis
The server correctly implements OAuth 2.0 Client Credentials flow, automatically managing access tokens with refreshing. Client ID and Secret are loaded from environment variables (or .env file), preventing hardcoding. It uses HTTPS for API communication and raises errors for authentication failures. Reliance on external FHIR server security and correct credential management by the user are key considerations.
Updated: 2025-12-02GitHub
0
0
Medium Cost
aroraavinash icon

automation-agent

by aroraavinash

Sec6

This project demonstrates an LLM agent's ability to reason and execute tasks by interacting with an external server exposing various utility functions as tools.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires Google Gemini API Key (paid usage may apply)
  • ⚠️Specific OS recommendation (macOS) with Homebrew dependencies (uv, Node.js, FFmpeg) if following the README setup exactly
Verified SafeView Analysis
The architecture allows an LLM to directly construct and execute tool calls with arguments, which carries inherent risks if the LLM's output is not rigorously sanitized. Specifically, the `create_thumbnail` tool takes an `image_path` string, which if controlled by the LLM, could potentially lead to attempts to access arbitrary files on the server's filesystem. While the current toolset is relatively benign, this pattern could be exploited if more sensitive tools are added or if the LLM can be prompted to provide malicious paths. No direct 'eval' or hardcoded secrets were found; API keys are loaded from environment variables, which is good practice.
Updated: 2025-12-14GitHub
0
0
Medium Cost
haptic-io icon

biometrics-mcp

by haptic-io

Sec1

A server designed to manage and process biometric data for authentication or identification purposes.

Review RequiredView Analysis
Source code not provided; unable to perform a security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Safety cannot be determined, assume highest risk until code is thoroughly reviewed.
Updated: 2025-11-27GitHub
0
0
Low Cost
andriyshevchenko icon

linkedin-mcp-server-headed

by andriyshevchenko

Sec9

Provides a base Model Context Protocol (MCP) server for interacting with LinkedIn using Playwright, designed to be extended with specific tools and resources.

Setup Requirements

  • ⚠️This is an empty server template; significant development is required to implement actual LinkedIn-specific tools and functionality.
  • ⚠️Requires an MCP-compatible client to interact with it, as it communicates over stdio.
  • ⚠️Playwright requires browser binaries to be downloaded, which might add to initial setup time or present challenges in restricted environments.
Verified SafeView Analysis
The provided source code is a minimal template and does not contain obvious hardcoded secrets, 'eval' statements, or malicious patterns. It utilizes `winston` for logging and adheres to strict Biome code quality standards. The server currently throws an error for all tool calls, mitigating immediate risks. However, as an MCP server wrapping Playwright for web interaction, future extensions to interact with LinkedIn could introduce security risks if not carefully developed, such as potential data exposure or unintended actions.
Updated: 2026-01-19GitHub
0
0
Medium Cost
RickyCompagny icon

mcp-server-lemonsqueezy

by RickyCompagny

Sec8

Manage Lemon Squeezy e-commerce and subscription data (stores, products, webhooks) via a Model Context Protocol (MCP) server, primarily for interaction through LLMs like Cursor/Claude.

Setup Requirements

  • ⚠️Requires a Lemon Squeezy API Key (free with a Lemon Squeezy account, but Lemon Squeezy itself is a payment platform that may involve costs for transactions/features).
  • ⚠️Requires Node.js runtime environment for `npx` execution.
  • ⚠️Designed for integration with Model Context Protocol clients like Cursor/Claude.
Verified SafeView Analysis
The Lemon Squeezy API key is a critical secret. It can be passed via `--api-key` command-line argument or `LEMON_SQUEEZY_API_KEY` environment variable. Passing sensitive keys as command-line arguments can expose them in process listings on multi-user systems. While less ideal than environment variables, for a local MCP server setup, the risk might be acceptable to some users. No 'eval' or malicious patterns were found in the provided source code. External API calls are exclusively to Lemon Squeezy's official API.
Updated: 2025-12-01GitHub
0
0
Medium Cost
honestlai icon

3AmigosMCP

by honestlai

Sec5

Provides a comprehensive containerized environment for AI coding agents by combining browser automation (Playwright), file system access, and database operations.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed.
  • ⚠️Requires Cursor or VS Code with Model Context Protocol (MCP) support.
  • ⚠️The `Network-Bridge` Docker network must be created externally if not already present (e.g., `docker network create Network-Bridge`).
Review RequiredView Analysis
The container is configured with significant permissions that introduce security risks if not understood and managed properly. Specifically: 1. Playwright runs with `--no-sandbox`, disabling Chrome's security sandbox, which is a known risk for browser automation, especially when interacting with untrusted web content. 2. The container mounts the host's `/workspace` directory with read/write (`rw`) permissions. This means the container and any process within it (including the MCP servers) have full access to modify or delete files in that host directory. A compromise of any MCP server or the container itself could lead to host filesystem manipulation. 3. The recommended 'Command-Based Mode' for client configuration uses `docker exec`, which grants the client (e.g., Cursor/VS Code) direct execution capabilities within the container. While this eliminates persistent HTTP connections, it means the client effectively controls command execution inside the highly-privileged container. 4. The HTTP wrappers for Filesystem and Database MCPs (on ports 8082/8083 internal, 8092/8093 external) use `Access-Control-Allow-Origin: *`, which is broadly permissive if these ports were exposed beyond localhost to an untrusted network. However, the recommended usage is `docker exec` (stdio) or local HTTP access. It is crucial for users to understand these risks, particularly the `rw` volume mount and `--no-sandbox` flag, and only run this in a trusted development environment.
Updated: 2025-12-02GitHub
0
0
Medium Cost
mixelpixx icon

github-mcp-mod

by mixelpixx

Sec9

Connects AI tools (agents, assistants, chatbots) to GitHub's platform to read repositories, manage issues/PRs, analyze code, and automate workflows through natural language interactions.

Setup Requirements

  • ⚠️GitHub Personal Access Token (PAT) required for authentication with appropriate scopes (e.g., 'repo').
  • ⚠️Docker required for local containerized deployment.
  • ⚠️Requires Go 1.21+ (for client tool) or Go 1.24+ (for server source build).
Verified SafeView Analysis
The project explicitly documents and emphasizes secure handling of GitHub Personal Access Tokens (PATs) using environment variables, avoiding hardcoding, and recommending least-privilege scopes. It utilizes standard authentication flows (PATs, OAuth) and GitHub's native permission model. No 'eval' or obvious malicious code patterns were found. The error handling mechanism stores detailed error information for middleware analysis without exposing sensitive data in logs, promoting observability and debugging while maintaining privacy. Lockdown mode offers an additional layer of content filtering for public repositories.
Updated: 2025-12-12GitHub
0
0
Medium Cost
dtsoden icon

DS-MCP-FLOWISE

by dtsoden

Sec9

This MCP server enables AI assistants to design, build, and deploy Flowise chatflows and agentflows by providing deep knowledge of Flowise nodes, their configurations, and connection rules.

Setup Requirements

  • ⚠️Direct deployment to Flowise requires configuring FLOWISE_API_URL and FLOWISE_API_KEY environment variables.
  • ⚠️For non-npx installations (e.g., global npm install or build from source), the node database must be prepared manually by running `npm run extract && npm run prepare-db`.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server uses standard practices for handling environment variables (`FLOWISE_API_URL`, `FLOWISE_API_KEY`) for Flowise API integration. It loads node definitions and templates from local JSON files, generated by internal scripts from (presumably) trusted Flowise source code. Database queries use prepared statements, which mitigates SQL injection risks. There is no evidence of `eval` or dynamic code execution from untrusted sources. The main security consideration is ensuring users correctly configure their Flowise API credentials and target URL, as misconfiguration could lead to unintended actions on their Flowise instance.
Updated: 2026-01-18GitHub
0
0
Low Cost
gaforov icon
Sec9

A real-time stock price retrieval system that supports natural language queries with Yahoo Finance and CSV fallback.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Internet connection is needed for real-time data from Yahoo Finance (CSV fallback is available offline).
  • ⚠️The `mcp_client.py` and `mcp_server.py` files should be in the same directory for the client to find the server.
Verified SafeView Analysis
The code uses `yfinance` to fetch data from Yahoo Finance. While `yfinance` is a common library, relying on external APIs always introduces dependency risks. No 'eval', hardcoded secrets, or obvious malicious patterns were found. The server communicates via stdio, limiting direct external network exposure.
Updated: 2025-12-03GitHub
PreviousPage 550 of 713Next