Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
johwiebe icon

anki-mcp

by johwiebe

Sec8

Integrates AI assistants with Anki by providing a Model Context Protocol (MCP) server for managing and querying flashcards.

Setup Requirements

  • ⚠️Requires Anki desktop application to be installed and running.
  • ⚠️Requires the AnkiConnect add-on to be installed and running within Anki.
  • ⚠️Requires `uv` (a Python package installer and runner) for execution as described in the README.
Verified SafeView Analysis
The server acts as a proxy to the local AnkiConnect add-on, operating on `http://localhost:8765`. Input queries for `find-notes` and `find-cards` are passed directly to AnkiConnect's search functionality. While Anki's search syntax is designed for querying data, the security of this interaction relies heavily on AnkiConnect's own input validation and sanitization. The server itself does not use `eval` or execute arbitrary shell commands with user-provided input. Error messages could potentially expose internal details, but given its local AI assistant integration context, this risk is mitigated.
Updated: 2025-12-11GitHub
0
0
Medium Cost
johnie icon

gmcp

by johnie

Sec8

Allows Language Models (LLMs) to manage Gmail emails, including searching, reading, sending, replying, and managing labels and attachments, through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Google Cloud Project with the Gmail API enabled.
  • ⚠️Requires an OAuth 2.0 Client ID of 'Desktop Application' type from Google Cloud Console.
  • ⚠️The initial authentication process involves a manual browser interaction to authorize the app and copy/paste an authorization code.
Verified SafeView Analysis
The server uses standard OAuth2 authentication for Google APIs, loading credentials and tokens from user-specified file paths (`GMAIL_CREDENTIALS_PATH`, `GMAIL_TOKEN_PATH`). This design requires the user to securely manage these files and choose appropriate Gmail API scopes. Crucially, the `send_email` and `reply` tools include a `confirm: false` default, requiring explicit user confirmation to send emails, which significantly enhances safety against accidental or malicious sends. No `eval` or obvious malicious patterns were found in the source code. The `get_attachment` tool returns base64url encoded data, which must be handled securely by the client application.
Updated: 2026-01-19GitHub
0
0
Medium Cost
RangRang416 icon

destatis-mcp-server

by RangRang416

Sec9

Provides a TypeScript client and MCP server for Claude Desktop to access German statistical data from the Destatis API.

Setup Requirements

  • ⚠️Manual editing of Claude Desktop's configuration file (claude_desktop_config.json) is required to register the MCP server.
  • ⚠️The Destatis API has specific authentication quirks (POST requests with username/password in HTTP headers) that were a hurdle during development, though handled by the provided client.
  • ⚠️Some Destatis API endpoints are known to return HTML instead of JSON, which the MCP server handles with error messages but might lead to unexpected data retrieval failures for certain queries.
Verified SafeView Analysis
The project correctly handles API tokens via environment variables, avoiding hardcoding in the runtime code. It uses standard, secure libraries for network communication (axios in Node.js, urllib in Python). No 'eval' or other malicious patterns were found. Minor note: example API token is present in documentation files, but not used directly by the application code.
Updated: 2025-12-06GitHub
0
0
Medium Cost
eGain icon
Sec3

Implements the Model Context Protocol (MCP) for eGain Knowledge, exposing Portal Manager, Search, Retrieve, and Answers as a single MCP endpoint for AI clients.

Setup Requirements

  • ⚠️Requires Node.js 20+ installed on the host system.
  • ⚠️Requires eGain platform version 21.22 or newer with AI Services enabled and a PKCE-friendly client application.
  • ⚠️Requires a supported browser (Chrome, Edge, or Brave) for authentication; Safari is not supported.
  • ⚠️The '--api-domain' flag is mandatory for client configuration, linking to your eGain API domain.
  • ⚠️The local authentication server requires port 3333 to be available.
Review RequiredView Analysis
The AuthenticationHook temporarily disables SSL certificate validation by setting 'NODE_TLS_REJECT_UNAUTHORIZED = '0'' during OAuth token exchange and portal fetching. This makes sensitive network requests vulnerable to Man-in-the-Middle (MITM) attacks. While sensitive configuration and token files are stored in the user's home directory with restrictive permissions (0o600), this critical TLS vulnerability significantly lowers the overall security rating. The use of 'child_process.exec' for browser interaction appears to be well-contained.
Updated: 2026-01-15GitHub
0
0
Low Cost
aiscibe-mcp-deployment icon

mcp-e70738e0-1d31cc16-jcd

by aiscibe-mcp-deployment

Sec7

An auto-generated Model Context Protocol (MCP) server that exposes configured APIs as tools for Claude and other AI models.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) if connecting to OpenAI services, as mentioned for Vercel deployment.
  • ⚠️Requires Python 3.9 for Vercel deployment (local development may vary but 3.9+ is recommended).
  • ⚠️Local development requires manually creating and editing a `.env` file from `.env.example`.
Verified SafeView Analysis
The `api/index.py` handler uses `Access-Control-Allow-Origin: *`, which is a permissive CORS setting. The `API_CONNECTIONS` object in `app/mcp_server.py` is defined in source code and, if modified, could potentially hardcode API keys/tokens directly instead of fetching them from environment variables, posing a secret management risk. The `call_api` function directly uses the `endpoint` argument for URL construction; while tools are intended to be manually registered, this pattern could lead to Server-Side Request Forgery (SSRF) if user input to tools is not rigorously validated. Logging is set to DEBUG which might expose sensitive information in a production environment. No direct use of `eval` or explicit command injection patterns were identified.
Updated: 2025-12-05GitHub
0
0
Low Cost
samlevan icon
Sec9

Provides a safety system for AI assistants to update Bear notes by creating previews for user review and approval.

Setup Requirements

  • ⚠️Requires macOS (Bear app is macOS-only)
  • ⚠️Requires Bear app installed and running
  • ⚠️Requires Python 3.11+
  • ⚠️Requires manual configuration in Claude Desktop or a compatible MCP client to integrate
Verified SafeView Analysis
The server uses `subprocess.run` to interact with the Bear app via `x-callback-url`, with all content parameters properly URL-encoded using `urllib.parse.quote` to prevent injection. SQLite database interactions for reading notes use parameterized queries, preventing SQL injection. The local database file has secure permissions (600). The web interface for previews correctly escapes HTML content, mitigating XSS risks. No `eval` or similar dangerous patterns are used without clear justification. The overall design prioritizes user review and explicit approval before applying changes to Bear notes, significantly enhancing safety.
Updated: 2025-11-30GitHub
0
0
Medium Cost
rickyhoneycutt icon

mcp-connector

by rickyhoneycutt

Sec5

A unified server for bridging multiple LLM platforms to a centralized tool execution layer using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Go 1.22+, Node.js 20+, Docker, PostgreSQL 15+, and Redis 7+ installed locally for development setup.
  • ⚠️Hardcoded PostgreSQL credentials (`mcp:mcp`) and unauthenticated Redis in the `docker-compose.yml` for development, which must be secured for production.
Verified SafeView Analysis
The `docker-compose.yml` file contains hardcoded database credentials (`mcp:mcp`) and does not configure authentication for Redis. While the `docs/architecture.md` outlines a robust security model (bcrypt-hashed API keys, scoped permissions, input validation, rate limiting), the provided Go backend's `main.go` is largely a scaffold with `TODO` comments, meaning these security features are not fully implemented or visible in the truncated source. This makes the current state of the repository as provided insecure for production deployment without significant configuration changes.
Updated: 2026-01-18GitHub
0
0
Medium Cost
huangjien icon

devops-mcps

by huangjien

Sec9

A FastMCP-based server providing read-only DevOps tools and integrations for GitHub, Jenkins, Artifactory, and Azure, designed for data analysis and display.

Setup Requirements

  • ⚠️Requires accounts and API tokens/credentials for GitHub, Jenkins, Artifactory, and Azure. These are external services, which may incur costs and require specific setup.
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires outbound network access to GitHub, Jenkins, Artifactory, and Azure API endpoints.
  • ⚠️Artifactory authentication requires either 'ARTIFACTORY_IDENTITY_TOKEN' or both 'ARTIFACTORY_USERNAME' and 'ARTIFACTORY_PASSWORD' in conjunction with 'ARTIFACTORY_URL'.
Verified SafeView Analysis
The server operates in a read-only manner, retrieving data without modifying external systems. It properly handles sensitive credentials via environment variables (GitHub token, Jenkins credentials, Artifactory credentials, Azure credentials) and does not hardcode them. API calls to external services use standard Python libraries (`requests`, `PyGithub`, `jenkinsapi`, `azure-sdk`) with timeouts. Dynamic prompt rendering relies on regex and string replacement, not `eval`. Logging includes robust exception handling.
Updated: 2026-01-19GitHub
0
0
Low Cost
shin902 icon
Sec7

A proxy server to efficiently manage and expose categorized tools from multiple Model Context Protocol (MCP) servers to Language Models (LLMs), optimizing context usage by loading tool schemas on-demand.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0 (as per package.json 'engines').
  • ⚠️Requires pnpm for development dependencies (packageManager: pnpm@10.21.0).
  • ⚠️Requires at least one accessible upstream Model Context Protocol (MCP) server, as it acts as a proxy. The example configuration's `@org/serena-mcp@latest` is a placeholder and does not exist on npm; users must provide or implement a functional upstream MCP server for the proxy to be operational.
Review RequiredView Analysis
The server's core functionality involves launching external processes (for 'stdio' type upstream MCP servers via the 'command' and 'args' fields) or connecting to arbitrary network endpoints ('http'/'sse' types via 'url' field) as defined in its configuration. This design means that the overall security is heavily dependent on the trustworthiness and secure management of the configuration file (e.g., 'serena-config.json'). Untrusted or malicious configuration could lead to arbitrary command execution on the host system or connections to harmful external services. The source code itself uses `valibot` for robust schema validation of the configuration, helping prevent issues from malformed inputs, and logs errors to stderr. No hardcoded secrets or obvious malicious patterns were found in the application's source code, making the code itself reasonably secure for its intended purpose. However, the powerful capabilities it enables require a high degree of trust in the provided configuration.
Updated: 2026-01-19GitHub
0
0
Low Cost
sharo-jef icon

wait-mcp

by sharo-jef

Sec9

An MCP Server providing a 'wait' tool, primarily used for testing timeouts, simulating delays, and rate limiting in development and integration scenarios.

Setup Requirements

  • ⚠️Requires Node.js runtime (version 18.0.0 or higher).
  • ⚠️Requires manual configuration in `claude_desktop_config.json` to integrate with Claude Desktop.
Verified SafeView Analysis
The source code is straightforward and purpose-built. It uses standard Node.js `setTimeout` for its core 'wait' functionality and includes basic input validation for the `duration` parameter (ensuring it's a non-negative number). There are no obvious signs of 'eval' usage, obfuscation, hardcoded secrets, or malicious network patterns. The server operates over stdio, limiting direct network exposure beyond the Model Context Protocol SDK. The `message` parameter is used as plain text, preventing injection. The primary function (waiting for a duration) is an intended feature for testing, not a vulnerability in itself, though extremely long durations could be a resource concern in uncontrolled environments.
Updated: 2026-01-18GitHub
0
0
High Cost
sendsta icon

tri-tender-mcp

by sendsta

Sec8

Generates complete, multi-document tender responses and proposals from parsed tender and company profile data using a large language model.

Setup Requirements

  • ⚠️Requires FastMCP Cloud runtime for optimal operation.
  • ⚠️Requires an LLM provider configured within the FastMCP Cloud environment (e.g., OpenAI, Anthropic, etc.).
Verified SafeView Analysis
The code itself does not contain explicit 'eval' or other direct code execution vulnerabilities. Input data (parsed_tender, company_profile) is embedded directly into LLM prompts, introducing the common risk of prompt injection, which could lead to undesired LLM outputs or potential data exposure if not properly mitigated at the LLM provider level. No hardcoded secrets were found.
Updated: 2025-11-30GitHub
0
0
Medium Cost
malwaredetective icon

GTFOBins-MCP

by malwaredetective

Sec9

This MCP server enables Large Language Models (LLMs) to query local GTFOBins data for Unix binaries that can be exploited to bypass security restrictions.

Setup Requirements

  • ⚠️Requires Python 3.11+ and a Python virtual environment.
  • ⚠️Requires a separate MCP client to interact with the server.
  • ⚠️The GTFOBins API data (api.json, functions.json) needs to be built locally using the `scripts/build_api.py` script and the GTFOBins.github.io repository (not included directly in the provided source code snapshot) before the server can function correctly.
Verified SafeView Analysis
The server primarily operates locally via STDIO, processes data from local JSON files, and does not initiate external network connections. It uses safe JSON parsing and dictionary lookups for handling input, mitigating risks like command injection or 'eval' vulnerabilities. No hardcoded secrets or malicious patterns were identified. The data provided by GTFOBins describes system exploits, but this is the intended purpose of the server and not a vulnerability in the server's code itself.
Updated: 2026-01-18GitHub
PreviousPage 568 of 713Next