Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
darshan-n25 icon

MCP-Servers

by darshan-n25

Sec6

A multi-threaded server implementation of the Minecraft Protocol, likely for custom Minecraft server hosting or emulation.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) installed.
  • ⚠️Requires network configuration (e.g., port forwarding, firewall rules) for external access.
Verified SafeView Analysis
This is a network server implementing a custom protocol, which inherently carries risks from untrusted input. The use of Java Reflection needs careful auditing to ensure it doesn't bypass access controls. While a 'security manager' is mentioned, its configuration and effectiveness are unknown. No hardcoded secrets or explicit malicious patterns were found in the provided summary.
Updated: 2025-12-15GitHub
0
0
Medium Cost
ramanujasagar icon

Trulead

by ramanujasagar

Sec1

Provides a server implementation for the Minecraft Client Protocol, allowing clients to connect and interact with a custom game world or logic.

Setup Requirements

  • ⚠️Requires Node.js runtime
  • ⚠️Manual port forwarding may be required for external access
Review RequiredView Analysis
No source code was provided for analysis; therefore, a comprehensive security audit could not be performed. Running unvetted code carries significant inherent security risks as 'eval', obfuscation, network vulnerabilities, hardcoded secrets, or malicious patterns cannot be detected or ruled out.
Updated: 2025-11-23GitHub
0
0
Medium Cost
guerinjeanmarc icon

mcp-neo4j-vectordb

by guerinjeanmarc

Sec9

This server integrates Neo4j as a pure vector database for LLM applications, primarily designed to compare the performance of Vector RAG against Graph RAG by explicitly hiding graph features.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance.
  • ⚠️The Neo4j APOC plugin must be installed and enabled for schema discovery.
  • ⚠️An API key for an embedding provider (e.g., OPENAI_API_KEY for OpenAI) is required for vector search operations.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server uses parameterized Neo4j queries, mitigating SQL/Cypher injection risks. Credentials and API keys are managed via environment variables, not hardcoded. Output content is sanitized and truncated based on size and token limits, reducing potential data overexposure. No 'eval' or similar dangerous patterns were identified in the provided source code.
Updated: 2025-12-05GitHub
0
0
High Cost
mdwillman icon
Sec8

The Avalogica Emergent Consumer Needs MCP server analyzes emerging consumer signals, synthesizes market trends, and helps entrepreneurs and business owners brainstorm novel product ideas based on their capabilities and current market trajectories.

Setup Requirements

  • ⚠️Requires Node.js 18 or later.
  • ⚠️Requires an OpenAI API Key (Paid Service for actual use).
  • ⚠️Requires an Exa API Key (Paid Service for actual use).
Verified SafeView Analysis
The server implements robust input validation for all tool arguments and correctly utilizes environment variables for sensitive API keys (OpenAI, Exa). It makes legitimate external API calls to OpenAI and Exa.ai, relying on these services' security for web content processing. While URLs are passed directly to Exa without extensive sanitization beyond trimming, Exa is designed for this purpose. The system is designed to operate in conjunction with a trusted agent.
Updated: 2025-12-09GitHub
0
0
Medium Cost
flying-coyote icon
Sec9

An AI-powered interactive decision support tool for cybersecurity architects, designed to filter and select optimal security data platforms based on organizational constraints and technical requirements.

Setup Requirements

  • ⚠️Requires Python 3.11+ to run locally.
  • ⚠️Requires Anthropic MCP SDK 1.2.0+ for integration with Claude Desktop.
  • ⚠️Requires Docker 24.0+ for the recommended containerized deployment.
Verified SafeView Analysis
The project features a 5-layer security defense with AST-based code validation, sandboxed execution for Python code, and strict banning of dangerous imports/attributes (e.g., `os`, `sys`, `eval`, `exec`, `open`). Docker deployments incorporate `no-new-privileges` for additional hardening. While it utilizes dynamic code execution (`exec`), extensive measures are in place to mitigate inherent risks, making it robustly secured for its intended purpose.
Updated: 2025-12-11GitHub
0
0
Low Cost
peteqian icon

mcp-server-tools

by peteqian

Sec2

Provides utilities for managing or extending a Minecraft server.

Review RequiredView Analysis
No source code was provided for analysis, therefore a comprehensive security audit could not be performed. The low score reflects an inability to verify safety rather than identified vulnerabilities. Running this project without proper code review is not recommended.
Updated: 2025-12-02GitHub
0
0
Medium Cost
collegeman icon
Sec8

Provides a WordPress-native Model Context Protocol (MCP) server for AI-assisted page building using the Ollie block theme, allowing AI clients like Claude to build pages from patterns and design tokens.

Setup Requirements

  • ⚠️Requires PHP 8.1+.
  • ⚠️Needs a MySQL database named 'olliewpmcp' with user 'root' and password 'password' for local setup.
  • ⚠️A local PHP web server (e.g., Herd) is required to run the WordPress site.
  • ⚠️Composer must be used for dependency management (`composer install`).
  • ⚠️WP-CLI is necessary for testing and interacting with the MCP adapter.
  • ⚠️The 'ollie-mcp' plugin is a Git submodule and needs to be initialized and updated (`git submodule update --init --recursive`).
  • ⚠️For HTTP transport, a WordPress Application Password must be generated for authentication.
Verified SafeView Analysis
The server is built on Roots Bedrock, a more secure WordPress boilerplate. It utilizes the WordPress Abilities API and MCP Adapter for structured AI interaction, which is a good practice for controlling exposed functionality. Critical security features include 'draft-first editing' to prevent direct malicious edits to live content and the initial abilities being read-only (`get-patterns`, `get-design-tokens`), significantly reducing the immediate attack surface. Environment variables are managed with Dotenv. Potential risks exist with future 'enhanced abilities' if input sanitization and authorization are not meticulously handled.
Updated: 2025-12-06GitHub
0
0
Low Cost
NaokiTest icon
Sec3

A server that provides an API for basic mathematical calculations.

Review RequiredView Analysis
Source code was not provided for analysis. A server named 'mcp_calculator_server' inherently carries a significant security risk, as calculator functionality often relies on interpreting arbitrary user-provided mathematical expressions. This frequently involves dangerous functions like `eval()` or `exec()` which, if not meticulously sandboxed, can lead to remote code execution (RCE) or other injection vulnerabilities. Without the source code, it's impossible to verify the safety or presence of robust sanitization and sandboxing mechanisms.
Updated: 2025-11-29GitHub
0
0
Medium Cost
telediego icon

pdf-cleaner

by telediego

Sec7

MCP server to clean Wuolah PDFs by removing ads and rescaling content.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Outbound internet access is required for the automatic online sharing feature (uploading cleaned PDFs to external services).
  • ⚠️Requires the 'mcp' client/server framework to be understood for proper integration.
Verified SafeView Analysis
The server accepts an `input_path` directly, which is then made absolute via `os.path.abspath` and used with `fitz.open()`. While this is common for local file processing, if this MCP server were exposed in an untrusted environment, it could potentially be exploited for directory traversal or arbitrary file reading if the input path is not properly sanitized by the MCP client or calling application. Additionally, the `subir_a_internet` function uploads the processed PDF to third-party services (Catbox.moe), which is a design feature but implies sending user data externally. There are no 'eval' statements, hardcoded secrets, or obvious malicious patterns.
Updated: 2025-12-09GitHub
0
0
Low Cost
dennisonbertram icon

mcp-web3-wallet-tester

by dennisonbertram

Sec7

A programmable Ethereum wallet for automated Web3 dApp testing controlled by LLMs via MCP tools.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires Anvil (from Foundry) to be running separately as a local blockchain.
  • ⚠️The provider script (dist/provider.js) must be built using `npm run build` before starting the server if any code changes are made.
Verified SafeView Analysis
The server includes hardcoded test private keys for Anvil accounts, which is acceptable for a testing tool but means these accounts are not secure for real funds. Sensitive operations (e.g., setting private keys, approving transactions) are exposed via MCP tools and WebSocket, relying on LLM control and policy configuration for safety. The system's security largely depends on the trustworthiness of the controlling LLM and the configured auto-approval policies. Direct JSON parsing of messages from untrusted browser providers via WebSocket/HTTP exists, which could be an attack vector if internal processing is not robust.
Updated: 2025-12-26GitHub
0
0
Low Cost
ruk-shan icon
Sec9

This server exposes Python functions as an API using FastMCP, primarily intended for LLM function calling to integrate custom tools with AI models.

Setup Requirements

  • ⚠️Requires Python 3 and virtual environment setup.
  • ⚠️Requires `fastmcp` package installed.
  • ⚠️Intended usage implicitly requires a local Ollama server running for LLM integration.
Verified SafeView Analysis
The provided source code is minimal and focuses on exposing a simple `add` function. It does not contain direct file system access, network requests, hardcoded secrets, or dynamic code execution like `eval` or `exec`. The primary security consideration would be the `fastmcp` library itself or any additional tools integrated later, but the current implementation appears safe.
Updated: 2025-12-14GitHub
0
0
High Cost
KS-GEN-AI icon
Sec7

Execute HTTP requests to interact with web APIs, fetch data, and automate web interactions within AI workflows.

Setup Requirements

  • ⚠️Requires Node.js (version >=18) to be installed.
  • ⚠️Requires `npm install` and `npm run build` to compile the TypeScript source into JavaScript before first use.
  • ⚠️Requires manual configuration in the AI client (e.g., Claude Desktop, Cursor) with the absolute path to the built server executable (`/ABSOLUTE/PATH/TO/webrequest-mcp-server/build/index.js`).
Verified SafeView Analysis
The server's code is well-implemented and does not contain obvious vulnerabilities like 'eval' or hardcoded secrets. The primary security consideration is the inherent power of the 'http_request' tool itself: allowing an AI to make arbitrary HTTP requests with custom methods, headers, and body. This capability, if unconstrained by careful AI prompting or network isolation, could potentially be misused for Server-Side Request Forgery (SSRF), data exfiltration, or interactions with unintended/malicious external services. Response truncation (max 50,000 chars) mitigates large data exfiltration through tool output.
Updated: 2025-11-28GitHub
PreviousPage 558 of 713Next