Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
AiMoneyMachine icon

youtube-mcp-server

by AiMoneyMachine

Sec4

This server acts as an intermediary to generate videos via RunwayML and upload them to YouTube, providing a unified API endpoint for a Multi-tool Communication Protocol (MCP).

Setup Requirements

  • ⚠️Requires Google Cloud Project setup with YouTube Data API enabled for API Key and OAuth client configuration.
  • ⚠️Requires a valid RunwayML API Key (typically a paid service for video generation).
  • ⚠️All API credentials (Google CLIENT_ID, CLIENT_SECRET, REDIRECT_URL, RUNWAY_API_KEY) must be configured as environment variables.
Review RequiredView Analysis
The server uses `cors()` without specific origin restrictions, allowing requests from any domain, which could be a security risk in a production environment if not explicitly desired. The `express.json({ limit: '500mb' })` setting allows very large JSON payloads, potentially opening a denial-of-service (DoS) vector. The `videoUrl` in the `/upload` endpoint is fetched from user input without validation, which could lead to Server-Side Request Forgery (SSRF), downloading of malicious content, or excessive resource consumption if a malicious URL is provided. API keys and secrets are correctly loaded from environment variables using `dotenv`, which is a good practice.
Updated: 2025-12-15GitHub
0
0
Medium Cost
jeromewoody icon

ireland_mcp_server

by jeromewoody

Sec9

A Model Context Protocol (MCP) server for managing and searching comic book collections hosted on a Komga server.

Setup Requirements

  • ⚠️Requires a running Komga server instance.
  • ⚠️Requires Komga API key or username/password for authentication.
Verified SafeView Analysis
The server loads sensitive credentials (Komga API Key, Username/Password) from environment variables, which is good practice. It uses `httpx` for network requests and handles HTTP errors. There are no obvious malicious patterns or `eval` usage. The `configure_komga` tool allows setting Komga connection details at runtime via the MCP interface; while a feature, it necessitates proper access controls for the MCP server itself.
Updated: 2025-11-29GitHub
0
0
Low Cost
singhkuldeep29 icon

First-MCP-Server

by singhkuldeep29

Sec2

A server project with an unknown purpose, as no source code is provided for analysis.

Review RequiredView Analysis
No source code beyond the README title was provided, making a comprehensive security audit impossible. Without code to analyze, we cannot check for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Consequently, this server cannot be verified as safe to run due to the complete lack of visibility into its operations.
Updated: 2026-01-19GitHub
0
0
Low Cost
1995parham icon
Sec4

Deploying GitHub's MCP server on Kubernetes using a Helm chart to manage GitHub toolsets.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster (v1.19+ recommended).
  • ⚠️Requires Helm 3 installed.
  • ⚠️Requires a GITHUB_PERSONAL_ACCESS_TOKEN for the server to function, which is currently configured to be passed insecurely via Helm values.
  • ⚠️This chart is community-maintained and not officially supported by GitHub.
Review RequiredView Analysis
The Helm chart passes the GITHUB_PERSONAL_ACCESS_TOKEN directly as an environment variable from Helm values. For production use, sensitive credentials like this should be managed via Kubernetes Secrets rather than directly in Helm values or as command-line arguments, which exposes them in plain text in Helm release history and potentially CI/CD logs. There are no other obvious 'eval' or obfuscation patterns, but this token handling is a critical vulnerability.
Updated: 2025-11-25GitHub
0
0
Medium Cost
ry-ops icon
Sec2

Integrate Wazuh SIEM with Cortex automation systems to query security alerts, manage agents, monitor vulnerabilities, and coordinate security operations.

Setup Requirements

  • ⚠️Requires Wazuh API URL, username, and password configured via environment variables (`WAZUH_API_URL`, `WAZUH_API_USER`, `WAZUH_API_PASSWORD`).
  • ⚠️The server disables SSL certificate validation for connections to the Wazuh API, creating a critical security vulnerability (`rejectUnauthorized: false`). This must be addressed for any production deployment.
  • ⚠️Requires Node.js version 18 or higher.
Review RequiredView Analysis
The server uses `httpsAgent: { rejectUnauthorized: false }` for all Wazuh API calls. This critically disables SSL certificate validation, making the connection highly vulnerable to Man-in-the-Middle (MitM) attacks. This is a severe security risk, especially for an integration with a SIEM system where data integrity and confidentiality are paramount. Additionally, the `WAZUH_API_PASSWORD` defaults to an empty string if not provided via environment variables, which could lead to weak authentication if not properly configured.
Updated: 2025-12-14GitHub
0
0
Medium Cost
michaelprinc icon

MCP_prompt_broker

by michaelprinc

Sec8

Intelligent routing of prompts to optimal AI agent instruction profiles and orchestration of delegated AI tasks (Codex/Gemini CLI) in isolated Docker containers.

Setup Requirements

  • ⚠️Requires Docker Engine 24.0+ and Docker Compose v2.
  • ⚠️Codex CLI requires Node.js 18+ and authentication via ChatGPT Plus (`codex login`) or OpenAI API key.
  • ⚠️`llama.cpp` binaries must be manually acquired for Llama.cpp integration (if using that module).
  • ⚠️Python 3.11+ is the minimum for the Codex Orchestrator module.
  • ⚠️Initial workspace setup requires Git initialization and an initial commit for Codex CLI's security features.
Review RequiredView Analysis
The server orchestrates running AI-generated code in Docker containers, which inherently carries risk. It mitigates this with per-run containers, explicit 'readonly', 'workspace_write', and 'full_access' security modes, and read-only mounting of sensitive authentication files (`auth.json`). The 'full_access' mode, while documented, is inherently dangerous and allows the AI to make arbitrary changes.
Updated: 2026-01-11GitHub
0
0
Low Cost
swethasalunke-tech icon

cat-detection-demo

by swethasalunke-tech

Sec9

Demonstrates seamless database migration from PostgreSQL to DynamoDB using a Multi-Cloud Platform (MCP) server abstraction, allowing the same application code to function with both database backends.

Setup Requirements

  • ⚠️Requires the Python 'Pillow' library (and potentially 'psycopg2' if using `PostgreSQLAdapter` directly), installable via `pip install -r requirements.txt`.
  • ⚠️The `create_test_images` function in `unified_cat_detector.py` and `cat_detector.py` uses hardcoded absolute paths (`/Users/saswetha/Documents/cat-detection-app/test_images`) which will fail on other systems unless the directory is manually created or the path is updated.
  • ⚠️For actual (non-mocked) PostgreSQL connectivity, a running PostgreSQL database instance with specific credentials ('postgres' user, 'password' password, 'cat_detection' database) is required.
  • ⚠️For actual DynamoDB connectivity (beyond the mock client), a separate `PostgreSQL-DynamoDB MCP server` must be running and accessible as an intermediary.
Verified SafeView Analysis
The provided MCP server implementations (`MockMCPClient`, `AdvancedMCPClient`) are in-memory mocks for demonstration purposes and do not inherently expose network risks or hardcoded secrets. The `DynamoDBAdapter` uses this mock client. However, if deployed with a real MCP server and actual DynamoDB connections, rigorous security practices (e.g., environment variables for credentials, secure network configuration, IAM roles) would be critical. The `cat_detector.py` file (an older PostgreSQL-only version, not central to the MCP demo) does contain hardcoded database credentials (`user: postgres`, `password: password`), which is a significant security risk if used in a production environment.
Updated: 2025-11-20GitHub
0
0
Low Cost
MuhammadAyan67 icon

Task_6

by MuhammadAyan67

Sec1

This project appears to be a server-side application with a user interface, potentially for management or interaction, as indicated by the 'MCP Server' context and UI screenshots.

Review RequiredView Analysis
Security analysis is impossible as no source code was provided for review. The repository content provided only includes a README.md file with image links, making it impossible to check for vulnerabilities like eval, obfuscation, network risks, hardcoded secrets, or malicious patterns.
Updated: 2025-11-28GitHub
0
0
Medium Cost

SF_studio_alpha

by jdlan2wm

Sec9

Run Securitization Cashflow Engine

Setup Requirements

  • ⚠️Requires Python 3.8+ installed
  • ⚠️Requires NumPy, Pandas, SciPy, Scikit-learn Python libraries
  • ⚠️MCP Server dependencies must be installed via npm
  • ⚠️Large JSON inputs for cashflow/portfolio may exceed command line limits (use stdin)
  • ⚠️Timeouts are set aggressively (15s for bridge, 30s for cashflow engine) - may need adjustment for complex models
Verified SafeView Analysis
Code seems safe. Python dependencies are standard libraries. No obvious malicious patterns or hardcoded secrets detected. Uses subprocess for isolated execution.
Updated: 2025-11-19GitHub
0
0
Medium Cost
WangYihang icon
Sec2

Provides LLMs with stateful, interactive terminal access for persistent processes, remote management, and debugging.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires `uvx` (or `pipx` for Claude Code integration) for simplified installation and execution.
  • ⚠️Must be run in a trusted or sandboxed environment (e.g., Docker) due to the inherent security risk of providing full terminal access to an LLM.
Review RequiredView Analysis
The server provides full terminal access to the connected LLM via `pexpect.spawn`, allowing execution of arbitrary commands with the permissions of the user running the server. There is no inherent sandboxing or command validation within the application logic. The README explicitly warns that it should 'only be used in trusted environments or sandboxed containers (e.g., Docker) to prevent unauthorized system modifications.'
Updated: 2025-12-11GitHub
0
0
Low Cost
giogdev icon
Sec9

This server enables AI assistants to control Shelly smart home devices via the Shelly Cloud API.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose
  • ⚠️Requires Shelly Cloud API Key (AuthKey)
  • ⚠️Requires custom 'devices.json' configuration for Shelly devices
  • ⚠️Requires Shelly Cloud Server URI specific to user's account
Verified SafeView Analysis
The project explicitly recommends placing sensitive API keys (SHELLY_CLOUD_AUTHKEY, SHELLY_CLOUD_SERVER_URI) in environment variables, which is good practice. No 'eval' or obfuscation is evident. The docker-compose.yml maps these to SHELLY_API_KEY and SHELLY_API_ENDPOINT inside the container. The server exposes port 80, which is standard for web services, but the 'docker attach' integration with Claude Desktop suggests an internal or localhost-proxied interaction, limiting public exposure if not explicitly configured otherwise.
Updated: 2025-11-28GitHub
0
0
Low Cost
haman211fsdfsd icon
Sec5

Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers to host custom AI tools, demonstrated with basic arithmetic functions without requiring authentication.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment to Workers.
  • ⚠️The server is 'authless' by design for this demo, making all exposed MCP endpoints publicly accessible without any user authentication.
  • ⚠️Requires Cloudflare Workers bindings configured for Durable Objects (MCP_OBJECT) as part of its deployment environment.
Verified SafeView Analysis
The server is explicitly designed as 'authless' for demonstration purposes, meaning it lacks authentication and is publicly accessible. While the provided calculator tools pose minimal inherent risk to sensitive data, deploying custom tools without authentication in a production environment could lead to unauthorized access, resource abuse (e.g., rate limiting issues if connected to paid APIs), or exposure of business logic. No 'eval' or obvious malicious patterns are present in the provided source code, and no hardcoded secrets are visible.
Updated: 2025-12-14GitHub
PreviousPage 563 of 713Next