Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
ry-ops icon
Sec9

Provides a Model Context Protocol (MCP) server for Claude AI and other agents to interact with Grafana's HTTP API for dashboards, datasources, alerts, and annotations.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires `uv` package manager (recommended) or `pip` for dependency management.
  • ⚠️Requires access to an existing Grafana instance.
  • ⚠️Grafana API Key with Editor or Admin permissions is necessary for full functionality.
  • ⚠️Configuration is strictly via environment variables (GRAFANA_URL, GRAFANA_API_KEY, etc.).
Verified SafeView Analysis
The server securely handles Grafana authentication via API keys or basic auth, relying on environment variables for credentials. It uses `httpx` for async HTTP requests to Grafana, and `mcp` for stdio communication with AI clients. No 'eval' or malicious patterns were detected. Error handling prevents exposing raw server-side stack traces to the MCP client. The architecture generally adheres to good security practices for an API proxy.
Updated: 2025-12-03GitHub
0
0
High Cost
jphdevsf icon

lilfetch-mcp

by jphdevsf

Sec8

Scrapes webpages using Playwright and crawl4ai to convert content into clean Markdown, providing context for AI agents.

Setup Requirements

  • ⚠️Requires Python 3.10+ (verified by installer).
  • ⚠️Initial setup downloads ~200MB for Playwright browser binaries, taking 1-2 minutes.
  • ⚠️Local installation requires `chmod +x bin/lilfetch.js` to make the wrapper script executable.
Verified SafeView Analysis
The server executes external commands for Python environment setup and dependency installation (pip, playwright install), which introduces reliance on the integrity of those packages and the Python interpreter. The core scraping functionality uses Playwright, launching a headless browser, which isolates web content execution. No direct `eval` or arbitrary code execution from user input is apparent beyond the intended scraping of provided URLs. The uninstall script uses `rm -rf` on a known, dedicated directory.
Updated: 2025-12-10GitHub
0
0
Low Cost
MCPintegrationtool icon

trivial-mcp-server

by MCPintegrationtool

Sec10

Provides a simple Micro-Service Communication Protocol (MCP) server for exposing basic utility functions.

Setup Requirements

  • ⚠️Requires `fastmcp` Python package to be installed
Verified SafeView Analysis
The provided source code is simple and does not contain any obvious security vulnerabilities like `eval`, `exec`, hardcoded secrets, or direct network exposure within this snippet. The `FastMCP` framework defaults to STDIO transport, which is generally safer.
Updated: 2025-11-20GitHub
0
0
Medium Cost
InduGolluri icon

McpServer-Client

by InduGolluri

Sec9

Develops an AI agent to manage a mock email inbox using Spring AI tools and a local Ollama large language model.

Setup Requirements

  • ⚠️Requires a Java Development Kit (JDK) and Apache Maven to build and run both Spring Boot applications.
  • ⚠️Requires Ollama to be running locally on port 11434 (e.g., `ollama run <model_name>`) for the 'springbootcilent' to function.
  • ⚠️The system comprises two distinct Spring Boot applications: 'demoServer' (providing the email tools) and 'springbootcilent' (the AI client that uses those tools). Both need to be running for the full functionality, ideally 'demoServer' first.
Verified SafeView Analysis
The demoServer uses an in-memory mock email service, which prevents real-world email account compromise. The springbootcilent connects to a local Ollama instance, minimizing network exposure. No 'eval' or dynamic code execution found. The primary risk would be potential unintended actions on the *mock* data if the AI agent misinterprets commands, but this is confined to the demo environment. No hardcoded sensitive credentials are present in the provided code.
Updated: 2025-12-01GitHub
0
0
Low Cost
ivanenev icon

skills-server

by ivanenev

Sec8

Serves specialized prompt libraries (skills) and provides a token-efficient bridge to hierarchical tool systems for AI clients.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm/yarn as prerequisites.
  • ⚠️Lazy-MCP integration requires Python 3.8+ and manual installation of lazy-mcp, including setting the `LAZY_MCP_COMMAND` environment variable to an absolute and trusted executable path (the default relative path is Linux-specific and often incorrect).
  • ⚠️Lazy-MCP browser automation tools (Playwright/Puppeteer) require a system-wide Chrome installation (e.g., at `/opt/google/chrome/chrome` on Linux) to function correctly.
Verified SafeView Analysis
The server uses `child_process.spawn` to execute the `LAZY_MCP_COMMAND` for Lazy-MCP integration. This command is configurable via an environment variable (`LAZY_MCP_COMMAND`). If an attacker can control this environment variable and point it to a malicious executable, it can lead to arbitrary code execution. However, the documentation explicitly warns users to set this to a trusted, absolute path. The server includes robust defenses against path traversal (in skill directory names), injection attacks, malformed JSON-RPC requests, and resource exhaustion, as evidenced by dedicated security tests. No direct `eval` or code obfuscation was identified in the provided source.
Updated: 2025-12-08GitHub
0
0
High Cost
vishraj icon
Sec2

A Model Context Protocol (MCP) server providing enterprise-grade database operations, analytics, and AI agent integration with PostgreSQL and AWS Bedrock for both development and production environments.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Hardcoded database credentials and AWS Bedrock agent IDs must be updated in `main.py` and `mcpserver.py` before running.
  • ⚠️An AWS Account and a configured Bedrock Agent (a paid service) are required for the production server and knowledge base functionality.
  • ⚠️Requires creating a stub `performance.py` file (e.g., `echo "def store_performance(): pass" > performance.py`) due to a missing import.
  • ⚠️Additional dependencies (`boto3`, `streamlit`, `matplotlib`, `pandas`, `InlineAgent`) need to be manually installed via pip, as they are not listed in `pyproject.toml`.
  • ⚠️The `style/final.css` file and `image/default_logo.png` image are required for the Streamlit UI (`kb.py`) to function without errors; these files/directories might need to be created if not present.
Review RequiredView Analysis
Hardcoded database credentials ('vish3380' and 'w%>y&ZNyH%QFe#qp') and AWS Bedrock agent IDs ('NDIOYYWRVL', 'NWYFAEELRA') are present directly in `main.py` and `mcpserver.py`, respectively. While the README advises updating these values, their presence in the distributed code is a critical security vulnerability, making the server unsafe for direct deployment without immediate modification of these values.
Updated: 2026-01-11GitHub
0
0
Medium Cost
Tabeeh icon
Sec9

This server provides AI agents secure, relative filesystem access to a project's files and directories via the Model Context Protocol (MCP) over standard I/O.

Setup Requirements

  • ⚠️Requires Node.js 20 or higher.
  • ⚠️The server's 'PROJECT_ROOT' is determined by `process.cwd()`; the launching process (e.g., AI agent host) must set the correct current working directory for the target project.
  • ⚠️Functions like `chmod_items` and `chown_items` may have limited or no effect on non-POSIX systems like Windows, and their tests are explicitly skipped due to these limitations.
Verified SafeView Analysis
The server uses `StdioServerTransport` for communication, meaning it doesn't directly expose HTTP endpoints, limiting its direct network attack surface. A critical `resolvePath` utility rigorously prevents path traversal and absolute path usage, confining all file operations strictly to the `PROJECT_ROOT`. No instances of `eval`, obfuscation, or hardcoded secrets were found. While tools like `chmod_items` and `chown_items` offer powerful capabilities, they operate within the confined project root, and the server itself implements robust path validation to prevent misuse outside these boundaries. The primary security consideration would be a compromised AI agent misusing these powerful tools within the allowed project scope.
Updated: 2026-01-19GitHub
0
0
Low Cost
Timo761 icon
Sec2

The application is designed to help users remove watermarks from videos and images by processing them on the client side.

Setup Requirements

  • ⚠️Requires downloading and running an executable file from a GitHub Releases page, necessitating a high level of trust in the developer for security.
  • ⚠️The provided source code (`remove.user.js`) is client-side JavaScript (likely bundled/minified) and does not represent the full source or build scripts for the advertised executable.
  • ⚠️No specific installation dependencies are mentioned, implying it's a self-contained executable, which further emphasizes the trust required for running it.
Review RequiredView Analysis
The README instructs users to download and run an executable file from GitHub releases. The provided source code (`remove.user.js`) appears to be a bundled JavaScript application (likely React-based), potentially a userscript component within a larger desktop application like Electron. Running executable binaries from unverified third-party sources, especially without access to the full, auditable source code for the entire executable, carries significant security risks. Such executables can perform arbitrary operations on the user's system, including data theft or system compromise, beyond any browser sandbox limitations. While the provided JavaScript code snippet itself does not contain explicit 'eval' or obviously malicious patterns, its context within an unvetted executable raises critical security concerns.
Updated: 2026-01-19GitHub
0
0
Low Cost
juanpprieto icon

figma-write-mcp

by juanpprieto

Sec5

This project likely provides writing or content integration capabilities designed to interact with or enhance the Figma design environment.

Review RequiredView Analysis
Source code was not provided for analysis. A comprehensive security audit for 'eval', hardcoded secrets, or malicious patterns could not be performed. The score reflects an inability to verify safety.
Updated: 2026-01-19GitHub
0
0
Medium Cost
SanthoshSetty icon

mcp-knowledge-server

by SanthoshSetty

Sec9

The MCP server transforms personal digital data from sources like GitHub, LinkedIn, and personal notes into an AI-accessible knowledge base for an AI assistant.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token (with `repo` and `user` scopes) set as `GITHUB_TOKEN` environment variable for executing data export scripts.
  • ⚠️LinkedIn data requires a manual export from LinkedIn settings, which is an external, multi-step process that can take 24-48 hours to complete.
  • ⚠️For local Claude Desktop integration, the absolute path to the server's `dist/index.js` file needs to be correctly configured in `~/Library/Application Support/Claude/claude_desktop_config.json`.
  • ⚠️Cloudflare Workers deployment involves additional steps for setting up KV namespaces and R2 buckets, necessitating `wrangler login` and manual `wrangler.toml` updates (though automated by `./cloudflare/deploy.sh` script).
Verified SafeView Analysis
Strong emphasis on personal data sanitization is observed throughout the codebase (redacting emails, phone numbers, addresses, IDs, credit cards) for both local and deployed versions. It leverages Cloudflare KV for secure data storage for the public deployment. The local server uses stdio for communication with Claude Desktop, minimizing network exposure. The deployed Cloudflare Worker uses HTTPS and correctly handles CORS. No hardcoded secrets or 'eval' patterns were found. While images are linked from GitHub raw URLs, making them publicly accessible on GitHub, this is a minor control consideration and not a direct server vulnerability.
Updated: 2026-01-17GitHub
0
0
Low Cost
Sankarr123 icon

MCP-Server

by Sankarr123

Sec8

An interactive web application for analyzing predefined sales data, generating charts, and exporting reports to PDF based on user queries.

Setup Requirements

  • ⚠️Requires Node.js and npm to set up and run the Angular development environment.
  • ⚠️The `npm start` command utilizes `set NODE_OPTIONS=--openssl-legacy-provider`, which may be necessary for compatibility with newer Node.js versions (e.g., Node.js 17+ with OpenSSL 3.0) to avoid build issues.
  • ⚠️The application's data (`SalesRecord[]`) is hardcoded within `report-list.component.ts`, meaning it does not fetch data from a backend API or database, limiting its real-world dynamic data analysis capabilities without modifications.
Verified SafeView Analysis
The application is client-side and primarily processes static data, limiting direct server-side risks. User input for queries is used for filtering data and keyword matching; there are no indications of dynamic code execution ('eval') or injection vulnerabilities. PDF generation uses `html2canvas` to capture internal UI elements, not arbitrary user-provided HTML, which reduces XSS risks. No hardcoded secrets or direct network vulnerabilities are apparent in the provided code snippets.
Updated: 2025-11-20GitHub
0
0
Low Cost
karthikingithub icon

pagila-mcp

by karthikingithub

Sec9

A Streamlit-based chatbot that allows users to query a PostgreSQL database using natural language, leveraging Google's Gemini API for SQL generation and the Model Context Protocol (MCP) for secure database execution.

Setup Requirements

  • ⚠️Requires a PostgreSQL database with the Pagila schema installed.
  • ⚠️Requires a Google Gemini API Key (paid API).
  • ⚠️Requires careful setup of a `config.env` file.
  • ⚠️Recommended to use a read-only PostgreSQL database user for security.
Verified SafeView Analysis
The server uses environment variables for sensitive database credentials. It implements a blacklist and 'SELECT' query enforcement for `run_pagila_query` and `execute_sql` methods. Parameterized queries are used where applicable (`execute_sql`). Crucially, the README strongly recommends configuring a read-only PostgreSQL database user as the primary security defense, which is excellent practice. The MCP server runs locally as a subprocess, reducing direct network exposure. No 'eval' or similar dynamic code execution is observed.
Updated: 2026-01-03GitHub
PreviousPage 557 of 713Next