Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Akilinoxx icon
Sec2

This server uses the Model Context Protocol (MCP) to allow AI agents to query and analyze a PostgreSQL database containing aligner activity data.

Setup Requirements

  • ⚠️CRITICAL: The import scripts (`import_csv_to_postgres.py`, `import_csv_optimized.py`) and schema creation scripts (`create_schema.py`, `setup_railway.sh`) contain hardcoded Railway PostgreSQL credentials, which must be replaced with environment variables or user-specific values before running to avoid exposing sensitive information.
  • ⚠️The CSV import scripts hardcode a specific local file path (`/home/goupilus/Téléchargements/query_result_2025-11-04T10_22_01.982276Z.csv`) which users will need to modify to their own CSV file path.
  • ⚠️Requires a running PostgreSQL database instance (local or remote like Railway).
Review RequiredView Analysis
CRITICAL: The source code (`import_csv_to_postgres.py`, `import_csv_optimized.py`, `create_schema.py`, `setup_railway.sh`) contains hardcoded PostgreSQL database credentials (username, password, host, port, dbname) which are publicly visible. This is a severe security vulnerability. Additionally, the `query_sql` tool allows direct execution of arbitrary SQL SELECT/WITH queries. While a feature for agents, this poses a significant SQL injection risk if the input is not strictly controlled and sanitized, potentially leading to data exfiltration or other database manipulations depending on user permissions.
Updated: 2025-12-06GitHub
0
0
High Cost
acartag7 icon

specwright

by acartag7

Sec9

Spec-driven AI software development platform that turns vague feature requests into executable plans, leveraging AI for planning, chunking, execution, and review with transparent oversight.

Setup Requirements

  • ⚠️Requires `opencode` server running locally at `http://localhost:4096` for AI execution.
  • ⚠️Requires `claude` CLI installed and configured for planning and review operations (uses `claude-opus`, `claude-sonnet`, `claude-haiku` models).
  • ⚠️Requires `pnpm` as the package manager and Node.js version `>=20.9.0`.
Verified SafeView Analysis
The codebase demonstrates strong security practices, particularly in handling external command execution. It extensively uses `child_process.spawnSync` and `child_process.spawn` for interacting with `git`, `gh` (GitHub CLI), `opencode`, and `claude` CLIs. Arguments are consistently passed as arrays with `shell: false`, effectively mitigating shell command injection risks. A dedicated `path-validation.ts` module ensures project paths are normalized, within the user's home directory, and do not access sensitive system locations, preventing path traversal attacks. These deliberate security patterns are even highlighted in internal documentation. No `eval` or code obfuscation is present. The primary security considerations stem from the inherent trust placed in external CLI tools (`opencode`, `claude`) and the network interactions with AI APIs, though these are handled with best practices for credentials (environment variables).
Updated: 2026-01-19GitHub
0
0
Low Cost
jeremylem icon

mcp_server4j

by jeremylem

Sec9

Provides a local Java-based knowledge base for Retrieval-Augmented Generation (RAG), supporting hybrid keyword and vector search over multi-format documents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Docker and Docker Compose are required to run the full stack (ChromaDB and MCP Server).
  • ⚠️Java 21+ and Maven 3.8+ are required for local development and building.
  • ⚠️An initial document ingestion step is required to build the BM25 index and populate ChromaDB after setup or if data is lost. The BM25 index is loaded from a persisted Docker volume on server start, but needs to be built initially.
Verified SafeView Analysis
The code uses Lucene's QueryParser.escape() to sanitize search queries, mitigating potential query injection vulnerabilities. Network and collection configurations are externalized via environment variables with sensible defaults, avoiding hardcoded secrets. No dynamic code execution (e.g., eval equivalent) or obvious malicious patterns were identified. A basic health endpoint is provided for service monitoring.
Updated: 2025-12-18GitHub
0
0
Medium Cost

mcp-selenium-server

by faimerecruiter

Sec9

An enterprise-grade Model Context Protocol (MCP) server that empowers Large Language Models (LLMs) to perform advanced browser automation using Selenium WebDriver for tasks like web scraping, form automation, and end-to-end testing.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires a compatible browser (e.g., Chrome, Firefox, Edge, Safari) to be installed on the host machine or accessible via a Selenium Grid.
Verified SafeView Analysis
Explicit input sanitization and Zod validation are implemented to prevent injection attacks (XSS, SQL, code). The `selenium_execute_script` tool allows arbitrary JavaScript execution, which requires careful input handling from the LLM, though server-side validation is in place to mitigate risks.
Updated: 2025-11-19GitHub
0
0
Medium Cost
sgerlach icon
Sec9

An MCP server for Gaggiuino-modified espresso machines, providing tools for real-time monitoring, detailed shot analysis, and brewing profile management.

Setup Requirements

  • ⚠️Requires Node.js 18+ runtime.
  • ⚠️Requires a Gaggiuino-modified espresso machine to be present on the local network.
  • ⚠️The 'GAGGIUINO_BASE_URL' environment variable must be configured with the correct IP address or hostname of the Gaggiuino machine; the default value is unlikely to work for all users.
Verified SafeView Analysis
The source code is clean TypeScript, does not contain 'eval' or other obfuscation, and includes input validation for tool arguments. All HTTP requests include a timeout to prevent hanging. The primary security consideration is that the 'GAGGIUINO_BASE_URL' environment variable can be set by the user to any IP or hostname. While this is necessary for its function to connect to a local device, misconfiguring it to an untrusted external network address could lead to unintended interactions. However, the server itself correctly implements the intended Gaggiuino API client logic.
Updated: 2026-01-18GitHub
0
0
High Cost
thebrownproject icon

raglit-mcp-server

by thebrownproject

Sec8

RagLit is an MCP server enabling AI agents to ingest, embed, and semantically search documents in PostgREST-compatible PostgreSQL databases for RAG pipelines.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for embedding generation.
  • ⚠️Requires PostgreSQL database with 'pgvector' extension enabled and a PostgREST API endpoint configured.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server utilizes environment variables for API keys, preventing hardcoded secrets. Zod is used for input validation, mitigating basic injection risks. Communication is via stdio, implying a controlled execution environment. PostgREST integration primarily uses hardcoded RPC function calls (e.g., "match_chunks", "filter_chunks_by_meta"), which abstracts raw SQL execution and provides a layer of safety. The "makeRequest" function constructs URLs using a base URL from environment variables and hardcoded paths, limiting arbitrary path traversal. No direct 'eval' or 'child_process.exec' with user-controlled input was found. However, reliance on external APIs (OpenAI, PostgREST) means security is partially dependent on those services and their configuration.
Updated: 2025-12-03GitHub
0
0
Low Cost
mhabedini icon
Sec9

Converts JSON data to a token-efficient TOON (Token-Oriented Object Notation) format and vice-versa, providing token savings analysis specifically for LLM applications.

Setup Requirements

  • ⚠️Requires Node.js (version 18.0.0 or higher)
  • ⚠️Manual configuration within an MCP client like Claude Desktop is necessary for integration
  • ⚠️Communicates via stdio, requiring an MCP client compatible with this communication method
Verified SafeView Analysis
The server communicates via standard input/output (stdio) which reduces network attack surface. It uses `JSON.parse` for handling JSON strings, which is safe from code injection. The core logic relies on the `@toon-format/toon` library for conversion, which is assumed to be secure. No direct use of `eval` or other dynamic code execution methods was found. No hardcoded secrets are present in the provided source code.
Updated: 2025-12-03GitHub
0
0
Medium Cost
emilsteixner icon
Sec1

Manages Debian 13 servers by leveraging continue.dev as an IDE copilot and mcp-ssh-manager for SSH interactions.

Setup Requirements

  • ⚠️Requires `continue.dev` setup, which typically involves configuring an LLM provider (e.g., OpenAI API Key, Anthropic API Key, or a local LLM like Ollama).
  • ⚠️Requires `mcp-ssh-manager` to be configured and have appropriate SSH access to the target Debian 13 servers.
Review RequiredView Analysis
CRITICAL: No source code was provided for analysis beyond the README.md. Therefore, a comprehensive security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could not be performed. The low score reflects the inability to verify the safety and security of the application.
Updated: 2025-12-01GitHub
0
0
Medium Cost
Sakhir786 icon
Sec8

An advanced server for autonomous options trading intelligence that processes real-time market data through 18 specialized analytical layers to provide actionable trading signals and AI-ready outputs.

Setup Requirements

  • ⚠️Requires a paid Polygon.io API key for data fetching.
  • ⚠️Requires Python 3.8+ and installation of numerous Python dependencies (from `requirements.txt`).
  • ⚠️Relies on `TRADEPILOT_PRODUCTION_PATH` and `TRADEPILOT_LAYERS_PATH` environment variables for module imports; incorrect configuration can lead to runtime errors.
Verified SafeView Analysis
The application uses environment variables for sensitive data (API keys, paths), which is good practice. However, it dynamically modifies `sys.path` using environment variables (`TRADEPILOT_LAYERS_PATH`, `TRADEPILOT_PRODUCTION_PATH`). While defaults are provided, if these variables are compromised or incorrectly set in a custom deployment, it could potentially allow the loading of malicious modules from arbitrary locations. No direct `eval`, `exec`, or obvious shell injection vulnerabilities were found in the exposed API routes. Network requests to Polygon.io are for legitimate data fetching.
Updated: 2025-12-04GitHub
0
0
Low Cost
wouter-bon icon

CERT-MCP-SERVER

by wouter-bon

Sec4

Manages SSL/TLS certificates across various device types using Let's Encrypt and Cloudflare DNS for automated issuance and renewal.

Setup Requirements

  • ⚠️Requires Cloudflare API Token for Let's Encrypt DNS-01 challenges.
  • ⚠️Requires ACME contact email for Let's Encrypt account registration.
  • ⚠️Requires device-specific authentication credentials (API tokens, username/password, SSH keys) for each managed device.
  • ⚠️Requires Python 3.11 or higher.
Review RequiredView Analysis
The default configuration of `verify_ssl=False` for FortiGate, FortiManager, FortiAnalyzer, and Windows handlers, along with `paramiko.AutoAddPolicy()` for Linux SSH, represents a significant security risk. These settings disable server certificate validation and host key checking, making the system highly vulnerable to Man-in-the-Middle (MITM) attacks. An attacker could intercept sensitive certificate data, private keys, and device credentials. While a temporary hardcoded password (`TempCertPassword123!`) is used for Windows PFX operations, its transient nature and immediate deletion mitigate, but do not eliminate, this minor concern. Users must explicitly enable SSL verification and implement proper SSH host key management for secure operation.
Updated: 2026-01-16GitHub
0
0
Low Cost
QAZ83 icon
Sec7

A remote Model Context Protocol (MCP) server designed for Cloudflare Workers to expose AI agent tools, primarily demonstrating a calculator without requiring authentication for easy integration with MCP clients.

Setup Requirements

  • ⚠️Requires deployment on Cloudflare Workers or local execution via Wrangler, tying it to the Cloudflare ecosystem.
  • ⚠️The server operates entirely without authentication, meaning any user with the server's URL can execute its exposed tools. This is suitable for demos but highly insecure for production applications without additional security layers.
  • ⚠️Interaction with the server's tools requires a compatible Model Context Protocol (MCP) client (e.g., Cloudflare AI Playground, Claude Desktop with `mcp-remote` proxy).
Verified SafeView Analysis
The server is explicitly designed to operate 'without authentication', which is a significant security risk if deployed in a production environment with sensitive tools. Anyone with the deployed URL can access and execute the exposed tools. The provided calculator tools themselves (`add`, `calculate`) are simple and do not exhibit immediate code injection vulnerabilities, leveraging `zod` for input validation. However, the 'authless' nature necessitates careful consideration for any custom tools added by the developer.
Updated: 2025-11-20GitHub
0
0
Low Cost
Fantomas42 icon

mcp-cubing

by Fantomas42

Sec8

An MCP server for Rubik's cube manipulation, visualization, and algorithm analysis, ideal for developing and testing cube-related projects.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Dependency 'kociemba' might require build tools for compilation on some systems if wheels are not available.
  • ⚠️The server maintains a single global cube state, not isolated per MCP connection as suggested by comments, meaning all users interacting with a single server instance will share and modify the same cube state.
Verified SafeView Analysis
The server maintains a global cube state per process (`_cube_state`). While the documentation states 'Each MCP connection gets its own isolated cube state', the implementation suggests a single global state across all connections to a single server instance. This could lead to unexpected state modifications if multiple users were to interact with the *same* MCP server process, implying a functional isolation issue rather than a direct code vulnerability. No 'eval' or obvious hardcoded secrets were found. Input parsing for algorithms relies on the `cubing-algs` library, which is assumed to be robust.
Updated: 2025-11-24GitHub
PreviousPage 559 of 713Next