Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Credshields icon
Sec7

An MCP server exposing SolidityScan for smart contract security analysis and reporting for integration with MCP-capable clients.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires a SolidityScan API key (SOLIDITYSCAN_API_KEY) which may involve a paid subscription.
  • ⚠️Requires an MCP-capable client (e.g., Claude Desktop, Cursor) to interact with it.
Verified SafeView Analysis
The server's `scan_local_directory` tool allows scanning local file paths provided by the client. If the server is deployed in an untrusted environment and exposed to arbitrary users, this could lead to information disclosure or unintended file system access on the server's host. However, given its intended use as an 'MCP Server' for developer clients (e.g., Claude Desktop, Cursor) running locally or in a trusted setup, this functionality is likely a feature for local code analysis. There are no obvious signs of 'eval', obfuscation, or hardcoded secrets. The `request` dependency (used by the underlying SolidityScan SDK) is deprecated, which can be a minor maintenance and security risk over time due to lack of updates.
Updated: 2026-01-16GitHub
0
0
Low Cost
bcsgarcia icon

shopify-mcp-server

by bcsgarcia

Sec4

A middleware HTTP API designed to simplify, build, and execute Shopify GraphQL search queries for automation tools.

Setup Requirements

  • ⚠️Requires Shopify Admin API access token (SHOPIFY_ACCESS_TOKEN) with necessary read/write permissions for products and orders.
  • ⚠️Requires a custom API key (MCP_API_KEY) for server authentication; deploying without it will leave all endpoints (except / and /health) publicly accessible.
  • ⚠️Requires a Node.js 14.17+ environment or Docker.
Review RequiredView Analysis
Authentication middleware is explicitly disabled if the `MCP_API_KEY` environment variable is not set, leading to unauthenticated access to all endpoints. This is a critical vulnerability. The query builder uses direct string concatenation to construct Shopify's search query parameters, which, while relying on Shopify's internal sanitization for search input, could potentially be vulnerable to unexpected query behavior or injection if specific malicious patterns are not fully neutralized. The `/api/execute-query` endpoint allows executing arbitrary GraphQL queries, making it a powerful endpoint that requires robust protection by the API key.
Updated: 2025-12-15GitHub
0
0
Medium Cost
sedoglia icon

garmin-mcp-ts

by sedoglia

Sec9

Connects Claude Desktop to Garmin Connect, enabling natural language queries, analysis, and management of fitness activities, health metrics, sleep data, and device information.

Setup Requirements

  • ⚠️Requires Node.js 18.0 or higher.
  • ⚠️Optional but recommended installation of 'keytar' for native OS vault integration (otherwise, it defaults to file-based key storage, which is also encrypted).
  • ⚠️For manual repository clones, requires editing Claude Desktop's 'claude_desktop_config.json' file (installation via .mcpb bundle handles this automatically).
  • ⚠️Garmin OAuth API has known limitations, such as inability to add activity comments and partial support for activity privacy ('followers' option is not supported and returns an error).
Verified SafeView Analysis
The server prioritizes robust security for credentials and OAuth tokens. It uses AES-256-GCM encryption, storing the encryption key in the operating system's native secure vault (e.g., Windows Credential Manager, macOS Keychain) via 'keytar' or falling back to a permissions-restricted local file if 'keytar' is unavailable. There are no hardcoded secrets, and sensitive data is handled locally. The dynamic import of 'keytar' using 'new Function("return import(\"keytar\")")' is a controlled pattern for optional dependency loading and not a general 'eval' risk. Logging is strictly to stderr to prevent contaminating stdout, which is reserved for MCP JSON-RPC communication. Potential minor risks include misconfigured file permissions for the fallback key file or users manually overriding secure setup by storing plain-text credentials in the .env file.
Updated: 2026-01-16GitHub
0
0
Medium Cost
tomblancdev icon

pinocchio

by tomblancdev

Sec9

An MCP server that spawns autonomous Claude Code agents in isolated Docker containers for secure code analysis, development, and modification.

Setup Requirements

  • ⚠️Requires Docker & Docker Compose to be installed and running.
  • ⚠️Requires Claude Code CLI (`claude` command) and authenticated Claude API credentials (`~/.claude/.credentials.json`).
  • ⚠️Initial workspace paths require explicit approval via the `manage_config` tool for security.
  • ⚠️Docker Socket Proxy may occasionally become 'unhealthy', requiring a restart.
Verified SafeView Analysis
The project demonstrates a robust defense-in-depth security model. Key mitigations include a Docker Socket Proxy to block dangerous operations (BUILD, COMMIT, EXEC, VOLUMES, SECRETS), a workspace allowlist with symlink resolution (fs.realpath) and explicit path/glob validation (including a dangerous glob blocklist), read-only workspace mounts by default with granular write access, container hardening (non-root, CAP_DROP ALL, memory/CPU limits, no-new-privileges), secure handling of GitHub tokens via temporary files with restrictive permissions, rate limiting for concurrent agents and spawn frequency, and comprehensive input validation for container names, tasks, and agent IDs. Audit logging tracks security-relevant events. There are no obvious 'eval' or obfuscation patterns. The main remaining considerations are the inherent prompt injection risk common to LLMs operating in 'YOLO' mode and that agent containers run with `ReadonlyRootfs: false` (necessary for dynamic package installation) and default network access (needed for LLM API communication).
Updated: 2026-01-18GitHub
0
0
Low Cost
Glebasta33 icon

sbol-mcp-server

by Glebasta33

Sec1

Assists Android developers with generating Clean Architecture layers, managing tasks, and resolving Gradle build errors by interacting with an MCP client.

Setup Requirements

  • ⚠️Requires Java 17+ and Kotlin 2.2.0+
  • ⚠️Assumes a local Gradle environment for compiler tools, including the `gradlew` wrapper in the project root.
  • ⚠️The server communicates via standard I/O (stdin/stdout), not network ports.
Review RequiredView Analysis
CRITICAL: The `compilerTools.kt` file, specifically the `runGradleBuild` function, constructs shell commands (`./gradlew :$nameModule$buildType`) using user-provided input (`nameModule`, `buildType`) without proper sanitization. This allows for command injection, where a malicious user could embed arbitrary shell commands within the `nameModule` argument, leading to remote code execution on the server's host system. For example, providing `my_module; rm -rf /;` as the module name would execute `rm -rf /`.
Updated: 2025-12-17GitHub
0
0
High Cost
cserock icon

htm-mcp-server

by cserock

Sec4

Deploys a user-friendly Streamlit interface for a LangGraph ReAct AI agent to interact with various external tools and data sources via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires OpenAI and/or Anthropic API Key (Paid Services) for LLM access, and an Upstage API Key for embeddings (for the RAG tool).
  • ⚠️Python 3.12 or newer is required as per `pyproject.toml`.
  • ⚠️Docker Desktop is recommended for easy setup and running all components, otherwise manual virtual environment setup is needed.
  • ⚠️The `allow_dangerous_deserialization=True` flag in FAISS loading poses a security risk and should be carefully evaluated regarding data source trust.
Review RequiredView Analysis
The project uses `allow_dangerous_deserialization=True` when loading FAISS vector stores (in `resources/mcp_rag_kbs/rag/kbs.py`), which is a critical security vulnerability if the serialized data comes from an untrusted source, potentially leading to arbitrary code execution. While currently loading from internal project paths, this pattern is highly risky. Additionally, MCP servers bind to `0.0.0.0` (e.g., `mcp_server_time.py`), making them accessible from any network interface if not adequately protected by a firewall.
Updated: 2025-11-25GitHub
0
0
Medium Cost
ntodd icon

watson

by ntodd

Sec9

Provides code intelligence and a searchable call graph for Elixir/Phoenix projects, specifically designed for LLM coding agents.

Setup Requirements

  • ⚠️Requires Elixir and a Mix project setup where 'watson' is added as a dev dependency.
  • ⚠️Requires manual configuration in '~/.claude/mcp.json' with the 'cwd' pointing to the root of your Elixir project.
Verified SafeView Analysis
This is a local development tool designed to process a user's own project source code. It performs static analysis (parsing code, building call graphs, extracting types). No apparent network risks or mechanisms for executing arbitrary external code. The primary risk would be if the underlying parsing library itself had vulnerabilities when processing malicious Elixir code, which is inherent to any static analysis tool. Requires careful configuration of 'cwd' to prevent unintended access.
Updated: 2026-01-18GitHub
0
0
Medium Cost
SureshAmal icon

mmcopilot-mcp

by SureshAmal

Sec2

The MMCopilot MCP Server provides trading tools for the MarketMaya platform, allowing users to create, manage, and backtest trading strategies, access account information, and search a knowledge base.

Setup Requirements

  • ⚠️Requires BEARER_TOKEN environment variable for MarketMaya API authentication.
  • ⚠️Requires FETCH_BEARER_TOKEN environment variable for dynamically fetching tool definitions from MarketMaya API.
  • ⚠️Requires GEMINI_API_KEY environment variable for Google Gemini API access, used by the knowledge base tool.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Relies heavily on external MarketMaya APIs for core functionality (strategy creation, management, account, backtest) and for dynamic tool definitions. Also depends on Google Gemini API for knowledge base services.
Review RequiredView Analysis
CRITICAL: The server uses `exec()` to dynamically load and register tool functions whose code is generated from definitions fetched from an external API (MarketMaya). While there are attempts at sanitization for identifiers and descriptions (`escape_string_for_python`, `sanitize_identifier`), dynamically executing code from an untrusted source, even a 'trusted' API that could be compromised, is an extreme security risk. A malicious or compromised external API could inject arbitrary Python code, leading to remote code execution on the MCP server. This vulnerability significantly lowers the security score.
Updated: 2025-12-24GitHub
0
0
Medium Cost
frankxiao008 icon

finnhub-mcp-server

by frankxiao008

Sec9

A Model Context Protocol (MCP) server that provides LLMs with access to Finnhub's financial data API for real-time stock quotes, company profiles, news, and financial metrics.

Setup Requirements

  • ⚠️Requires Finnhub API Key (free tier available but has rate limits and feature restrictions)
  • ⚠️Requires Node.js 18+
Verified SafeView Analysis
The server explicitly requires a Finnhub API key via environment variables and validates its presence. It uses Zod for input schema validation, which helps prevent malformed inputs. API requests are made using standard `fetch` to a known legitimate endpoint (`finnhub.io`), and includes robust error handling for API-specific issues like rate limits (429), invalid API key (401), and forbidden access (403). No 'eval' or other dynamic code execution from untrusted input is observed. Response content is formatted using internal utilities, and long outputs are truncated to prevent excessive token usage, also reducing potential for large data injection issues.
Updated: 2025-11-21GitHub
0
0
Medium Cost
s3midetnov icon

mcpArendServer

by s3midetnov

Sec7

Integrates Arend dependent typechecking and language specification generation with LLMs via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a separate 'typecheckerServer' process to be running and fully initialized with the Arend library before the MCP server can be used.
  • ⚠️The 'typecheckerServer' needs a path to an Arend library, which defaults to a user-specific hardcoded path ('/Users/artem.semidetnov/Documents/DatasetGenerator/Arend/arend-lib') that must be configured for other users.
  • ⚠️Requires Gradle and a Java Development Kit (JDK) to build the executables using the `installDist` task.
Review RequiredView Analysis
The MCP server forwards arbitrary Arend definitions directly to a local typechecker server for execution. While Arend's typechecker is generally considered a safe sandbox, the primary security risk lies in whether a maliciously crafted Arend definition could exploit the underlying Arend library for arbitrary code execution. The typechecker server listens on localhost:9999 without authentication, meaning any local process can submit code for typechecking. The 'Generate_specification' tool uses a whitelist for topic names, mitigating arbitrary file reads for that specific function. No 'eval' or explicit arbitrary command execution is present in the provided code, and Base64 encoding is used for data transfer, not obfuscation or encryption.
Updated: 2026-01-17GitHub
0
0
Medium Cost
BjornMelin icon

skillhub

by BjornMelin

Sec9

Skillhub acts as a local tool runner, reducing LLM context by executing heavy integrations (MCP & direct APIs) via scripts and condensing outputs.

Setup Requirements

  • ⚠️Requires Python 3.11+ (Python 3.13 recommended).
  • ⚠️Requires Node.js and npm/npx for certain MCP servers (e.g., `next-devtools-mcp`, `shadcn/ui`, `context7_stdio`).
  • ⚠️Requires external accounts/API keys for all integrated services (Exa, Firecrawl, Vercel, Supabase, Context7), which may incur costs.
Verified SafeView Analysis
The project demonstrates strong security posture with explicit confirmation gates for mutating/high-impact operations (e.g., Firecrawl crawls, Exa research tasks), strict token budgeting to prevent context bloat and prompt injection from raw outputs, and careful environment variable handling. Subprocess calls explicitly use `shell=False`. No hardcoded secrets were found; all API keys are sourced from environment variables. The design actively mitigates risks inherent to LLM-bridged API calls by filtering and condensing outputs.
Updated: 2025-12-14GitHub
0
0
Medium Cost

clover-bridge

by transform-ia

Sec9

Provides a dual-interface (MCP for AI agents and GraphQL for web applications) Go server to integrate with and expose Clover POS API data.

Setup Requirements

  • ⚠️Requires Go 1.23+ to build and run locally.
  • ⚠️Requires a Kubernetes cluster for deployment via Helm/ArgoCD.
  • ⚠️The GraphQL interface requires `make generate` to be run if `schema.graphql` or `gqlgen.yml` are modified, before building.
  • ⚠️Requires `CLOVER_TOKEN` and `CLOVER_MERCHANT_ID` environment variables or Kubernetes secrets for Clover API authentication.
Verified SafeView Analysis
The project uses Kubernetes secrets for sensitive information (Clover API token, merchant ID), which is a good practice. It implements OpenTelemetry for comprehensive observability (metrics, traces, logs), aiding in security monitoring. HTTP requests are made with context and include exponential backoff and rate limiting. No 'eval' or similar dangerous dynamic code execution patterns were found in the runtime code. The GraphQL setup uses gqlgen for code generation, preventing runtime schema manipulation risks. The build-time scripts (`update_handlers.sh`, `instrument_handlers.py`) use standard shell and Python string manipulation, not code execution. The project follows general good security hygiene for a Go service.
Updated: 2025-11-24GitHub
PreviousPage 551 of 713Next