Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
choseongje66 icon
Sec3

Provides a web-based chat client for interacting with public data via an MCP (Multi-Cloud Platform) and LLM.

Setup Requirements

  • ⚠️Requires a MySQL 8.0.44+ server instance with a configured database user and schema. Initial database migration (`npx prisma migrate dev`) is required.
  • ⚠️Requires a running MCP (Multi-Cloud Platform) / LLM server accessible at the configured `MCP_BASE_URL` (defaults to `http://localhost:3000`). This LLM backend is expected to serve a model named `gpt-oss:20b-cloud` as indicated in the chat service.
  • ⚠️The `JWT_SECRET` environment variable must be set to a strong, unique secret to prevent the use of the hardcoded 'devsecret' fallback, which is a critical security risk.
Review RequiredView Analysis
CRITICAL: The backend uses a hardcoded fallback JWT_SECRET 'devsecret' if the `JWT_SECRET` environment variable is not explicitly set. This is a severe vulnerability that makes the authentication easily bypassable. JWT tokens are stored in the browser's localStorage, which is susceptible to Cross-Site Scripting (XSS) attacks if other parts of the frontend are vulnerable. While the frontend uses `ReactMarkdown` with `rehype-highlight` for rendering LLM responses, direct streaming of potentially untrusted LLM output from the MCP to the client could theoretically pose risks if the markdown rendering or sanitization is not robust against all forms of injection, though `ReactMarkdown` typically offers good default protection.
Updated: 2025-11-19GitHub
0
0
High Cost
shibicr93 icon
Sec9

Generates performance test plans and scripts (Gatling, JMeter) by analyzing OpenAPI specifications using an MCP server and integrating with LLMs.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK 21+) and Maven 3.9+.
  • ⚠️Requires an MCP client (e.g., `mcp-inspector`) to interact with the server's exposed tools.
  • ⚠️The MCP client must be configured with access to a large language model (LLM), such as Anthropic's Claude (as hinted in `GatlingTestGeneratorHandler`), to utilize the code generation features. This implies associated API costs.
Verified SafeView Analysis
The server primarily acts as a tool provider within the Model Context Protocol (MCP) framework. It does not directly execute generated code or external commands. The `GatlingTestGeneratorHandler` constructs prompts for LLM-based code generation (via the MCP client), which presents an inherent risk of LLM prompt injection if user-provided 'scenarios' data is not properly validated/sanitized by upstream components. However, the generated code is returned to the client, not executed by the server itself. The internal Java logic for scenario generation appears safe. No 'eval', hardcoded secrets, or direct external command execution were found in the provided source code.
Updated: 2026-01-18GitHub
0
0
High Cost
ivandon15 icon

repocaster

by ivandon15

Sec6

Automatically transforms existing GitHub repositories or local codebases, especially computational biology tools, into AI-accessible Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires a paid LLM API key (e.g., OpenAI, DeepSeek, Qwen, configured via environment variables).
  • ⚠️Requires `git` to be installed on the host system for cloning remote repositories.
  • ⚠️Requires the `mcp` Python library to be installed to run the *generated* MCP servers.
Review RequiredView Analysis
The system heavily relies on `subprocess.run` to execute Python scripts from the target repository. While `subprocess.run` is used with a list (mitigating direct shell injection via arguments in `server.py`), the fundamental risk comes from the quality and safety of the target repository's scripts themselves, and the LLM's ability to correctly and safely interpret and expose arguments. Malicious input via the MCP interface could still potentially exploit vulnerabilities in the underlying target scripts if they perform unsafe operations (e.g., `os.system` or `subprocess.run(..., shell=True)` internally with untrusted input). The process inherently involves executing code from a cloned repository, which necessitates user vigilance over the source repository's trustworthiness.
Updated: 2025-12-03GitHub
0
0
High Cost
wx-b icon
Sec7

A Model Context Protocol (MCP) server that implements Recursive Language Models (RLM) for solving long-context problems by programmatically probing, recursing, and synthesizing over large codebases or documents.

Setup Requirements

  • ⚠️Requires Python 3.12+ and 'uv' (recommended) or 'pip' for dependency management.
  • ⚠️Docker is highly recommended (and default) for safe sandboxed execution of LLM-generated code. Running with 'environment: local' directly on the host carries significant risk.
  • ⚠️Requires API keys (e.g., OPENROUTER_API_KEY, OPENAI_API_KEY) for cloud providers, or a locally running Ollama/vLLM server for local inference. RLM works by making multiple recursive LLM calls, which can lead to significant API costs, especially with large models. Cost monitoring and usage limits are crucial.
Verified SafeView Analysis
The server's core functionality involves executing LLM-generated code (`rlm.core.rlm.RLM`) to probe context. While this inherently carries execution risk, the project is highly transparent about it, strongly recommends and defaults to a Docker sandbox for execution (`environment: docker`), and enforces API key management via environment variables (no hardcoded secrets). File ingestion (`rlm_mcp_server/ingest.py`) also enforces repo boundaries to prevent path traversal. The use of `ast.literal_eval` for parsing LLM output, while safer than `eval`, is a point of note for output processing.
Updated: 2026-01-19GitHub
0
0
Medium Cost
deepaktewari2000 icon

Finance-MCP-Server

by deepaktewari2000

Sec8

A Python FastAPI server exposing financial data and portfolio calculation tools for LLM integration.

Setup Requirements

  • ⚠️Requires MCP_API_KEY environment variable to be set (defaults to 'secret123' if not).
  • ⚠️Relies on external public APIs (CoinGecko, exchangerate.host, Yahoo Finance via yfinance) which may have rate limits or availability issues.
Verified SafeView Analysis
The server uses a hardcoded default API key 'secret123' if the MCP_API_KEY environment variable is not set, which is acceptable for quickstart but a significant security risk for production. It relies on external public APIs (yfinance, CoinGecko, exchangerate.host) which are generally safe but may have rate limits or availability issues. Input validation is present for required fields, but no comprehensive schema validation is enforced at the invocation layer. No 'eval' or other highly dangerous dynamic code execution patterns were found.
Updated: 2025-11-20GitHub
0
0
Low Cost

mcp-servers

by AlexandrosMelis

Sec10

The purpose of this repository is unknown as it contains no functional code or documentation, only a .gitignore file.

Verified SafeView Analysis
The repository contains no executable code (only a .gitignore file), therefore it poses no inherent security risks related to 'eval', obfuscation, or network vulnerabilities.
Updated: 2025-11-23GitHub
0
0
Medium Cost
zesty-io icon

mcp-local-server

by zesty-io

Sec9

Connects Zesty.io instances with AI tools like Claude, Cursor, and VS Code by implementing the Model Context Protocol, allowing AI agents to interact with Zesty.io content, accounts, and media.

Setup Requirements

  • ⚠️Requires a Zesty.io user account or an active access token.
  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Mandatory environment variables: ZESTY_SESSION_TOKEN and ZESTY_INSTANCE_ZUID.
  • ⚠️The configuration in AI applications requires providing an absolute path to the server's 'build/index.js' file.
Verified SafeView Analysis
The server primarily acts as a wrapper around the Zesty.io SDK, exposing API functionalities. It correctly uses environment variables for sensitive tokens (ZESTY_SESSION_TOKEN, ZESTY_INSTANCE_ZUID). Error handling involves returning the raw error message, which is acceptable for a local developer tool. Sentry is initialized with `sendDefaultPii: true` and logs the user's ZUID, which is a privacy consideration for users regarding error reporting, but not a direct code execution vulnerability. No 'eval', obfuscation, or other critical malicious patterns were identified in the provided source.
Updated: 2025-12-04GitHub
0
0
Low Cost
rrbemfica icon

mcp-auth

by rrbemfica

Sec6

Implement and secure an MCP (Model Context Protocol) API server using Keycloak OpenID Connect for authentication and authorization with dynamic client registration and token exchange capabilities.

Setup Requirements

  • ⚠️Docker and Docker Compose are required to run the Keycloak Identity Provider.
  • ⚠️The `KC_HOSTNAME` environment variable in `keycloak-standalone/docker-compose.yml` needs to be manually updated to match the host (e.g., `localhost` or an ngrok tunnel).
  • ⚠️A manual step in the Keycloak Admin Console is required to disable the "Trusted Hosts" client registration policy for dynamic client registration.
  • ⚠️Python 3 and a virtual environment are prerequisites for the Python components.
Verified SafeView Analysis
Hardcoded default admin credentials ('admin'/'admin') are present in `docker-compose.yml` and `setup_keycloak.py` for initial Keycloak setup. Keycloak is configured with `KC_HOSTNAME_STRICT: "false"` and `KC_HTTP_ENABLED: "true"` in `docker-compose.yml`, relaxing hostname validation and enabling HTTP for development, which could pose risks if deployed directly to production. The setup instructions recommend disabling Keycloak's "Trusted Hosts" client registration policy, further relaxing security for dynamic client registration. A hardcoded client secret (`PLOs4j6ti521kb5ZVVVwi5GWi9eDYTwq`) is present in `keycloak-standalone/config.json` for the `echo-mcp-server` client. Test user credentials (`mcp-admin: admin123`, `mcp-user: user123`, `mcp-readonly: readonly123`) are hardcoded in `config.json`. Environment variables for OIDC configuration in `server.py` have hardcoded defaults, requiring explicit override for production.
Updated: 2025-12-16GitHub
0
0
High Cost
maxvoltage icon

sourcetap

by maxvoltage

Sec7

SourceTap enables AI assistants to learn and search any library's documentation directly from GitHub repositories or documentation URLs.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires `uv` package manager for dependency handling and running.
  • ⚠️The path `/absolute/path/to/sourcetap` in the run command must be replaced with the actual path to the project directory.
Verified SafeView Analysis
The server downloads content from user-provided URLs (ZIP archives and webpages). While content is processed by internal libraries (zipfile, minsearch) and a proxy (jina.ai), this introduces a dependency on external content and services. A malicious URL could potentially lead to large file downloads (DoS), or exploit vulnerabilities in the parsing libraries, though Python's standard libraries are generally robust. There are no explicit uses of `eval`, `os.system`, or direct shell commands with user input. No hardcoded secrets were found.
Updated: 2026-01-16GitHub
0
0
Low Cost
ggange icon

mcp-review

by ggange

Sec9

An open-source platform for discovering, rating, and reviewing MCP (Model Context Protocol) servers, empowering developers to share experiences and make informed decisions.

Setup Requirements

  • ⚠️Requires a PostgreSQL database connection string (Neon free tier recommended).
  • ⚠️GitHub OAuth credentials (GITHUB_ID, GITHUB_SECRET) are mandatory for user authentication, which is essential for rating and uploading servers.
  • ⚠️Cloudflare R2 Storage (R2_ACCOUNT_ID, R2_ACCESS_KEY_ID, R2_SECRET_ACCESS_KEY) and Redis (REDIS_URL) are highly recommended for custom server icons, distributed rate limiting, and caching in production environments.
Verified SafeView Analysis
The project demonstrates strong security practices including robust input validation (Zod with custom sanitization for text), CSRF protection for mutation endpoints, and distributed rate limiting for all API endpoints to prevent abuse and DoS attacks. Authentication is handled by NextAuth.js, and authorization checks are in place for sensitive actions (e.g., admin access, server ownership). Secrets are managed via environment variables and Cloudflare R2 is used for secure icon storage with a proxy endpoint that includes basic path traversal prevention. The cron job endpoint uses a timing-safe secret comparison. Prisma ORM helps prevent SQL injection. Overall, a highly security-conscious implementation.
Updated: 2026-01-19GitHub
0
0
Medium Cost
sschiller089 icon
Sec8

This server demonstrates a custom communication protocol, possibly inspired by Minecraft, handling WebSocket connections and various message types like handshakes, logins, and chat.

Verified SafeView Analysis
The server exposes port 3000 for both HTTP and WebSocket connections. While no explicit authentication mechanisms for protocol messages are mentioned, this is typical for a demo project. The summaries do not indicate 'eval', obfuscation, hardcoded secrets, or other directly malicious patterns. For a production environment, authentication and more robust input validation would be critical, but for a demo, it appears reasonably secure.
Updated: 2025-11-25GitHub
0
0
Medium Cost
youweichen0208 icon

mcp-ops-server

by youweichen0208

Sec7

The MCP OPS Server provides an AI-driven interface for managing cloud infrastructure, allowing Claude Code to intelligently query, monitor, and analyze cloud instances, logs, and alerts.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for deployment.
  • ⚠️Requires an existing OPS platform web interface with valid login credentials.
  • ⚠️Requires manual adaptation of Playwright selectors in `src/clients/ops_selectors.py` to match the target OPS platform's HTML structure.
Verified SafeView Analysis
The application uses environment variables for sensitive credentials (OPS_WEB_URL, OPS_USERNAME, OPS_PASSWORD, MCP_SERVER_TOKEN), which is good practice. However, CORS is configured with `allow_origins=["*"]`, which is overly permissive for production and should be restricted to specific domains. Additionally, the `MCP_SERVER_TOKEN` is optional, allowing authentication to be bypassed in development environments; this poses a significant risk if not properly configured in production.
Updated: 2025-11-22GitHub
PreviousPage 566 of 713Next