Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
kayoMichael icon

bowman-prospects-mcp

by kayoMichael

Sec8

Classifies Bowman Prospects baseball cards, provides player statistics, and retrieves market pricing data to assess card value.

Setup Requirements

  • ⚠️Requires DEEPSEEK_API_KEY (paid API).
  • ⚠️Requires BRAVE_API_KEY (for search, likely paid API).
  • ⚠️Requires the fine-tuned CLIP model 'clip-card-model-v1' to be available locally (downloadable from HuggingFace).
  • ⚠️Performance benefits from GPU for the CLIP model and EasyOCR (supports Apple GPU/CUDA, falls back to CPU).
Verified SafeView Analysis
The system generally follows good practices for handling secrets (environment variables) and database interactions (parameterized queries). File system operations for image downloads and dataset creation employ filename sanitization. HTML parsing includes some sanitization before passing to the LLM. The primary inherent risk is from processing untrusted inputs (images for OCR, scraped HTML for LLM parsing) and relying on the integrity of the fine-tuned CLIP model and external APIs.
Updated: 2025-12-01GitHub
0
0
Low Cost
dmarsters icon
Sec9

Enhances image generation prompts with synthetic aperture radar (SAR) and microwave remote sensing aesthetics, providing 'material truth' insights.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires the `fastmcp` library, installed via `pip install -e ".[dev]"`.
  • ⚠️The full workflow implicitly relies on an external LLM (specifically Claude, as mentioned in the philosophy/architecture) to synthesize the generated 'synthesis_guidance' into a final image prompt.
Verified SafeView Analysis
The server primarily loads YAML configuration files and performs deterministic logic based on string matching and dictionary lookups. It uses `yaml.safe_load` to mitigate YAML parsing risks. There are no apparent uses of `eval`, `exec`, or direct shell commands within the server logic itself. No hardcoded secrets or direct external network requests are evident in the provided code, making it relatively safe for its stated purpose.
Updated: 2025-11-29GitHub
0
0
High Cost
MarcusJellinghaus icon

mcp_coder

by MarcusJellinghaus

Sec7

An AI-powered software development automation toolkit that uses LLMs (specifically Claude) for various tasks such as code analysis, commit message generation, planning, implementation, and pull request creation. It integrates with Git, GitHub, and Jenkins for orchestrating and automating development workflows.

Setup Requirements

  • ⚠️Requires Claude Code CLI or API access and authentication setup.
  • ⚠️Requires GitHub Personal Access Token (GITHUB_TOKEN) with necessary scopes configured.
  • ⚠️Requires Jenkins server URL, username, and API token (JENKINS_URL, JENKINS_USER, JENKINS_TOKEN) for CI integration.
  • ⚠️Python environment management via 'uv sync --extra types' implies 'uv' must be installed.
Verified SafeView Analysis
The system interacts with external APIs (LLMs, GitHub, Jenkins) and executes shell commands, which inherently involves network and process execution risks. Credentials for GitHub and Jenkins are managed through environment variables or a TOML configuration file, with sensitive fields redacted in logs. The `subprocess_runner.py` module contains an internal testing flag (`_DISABLE_STDIO_ISOLATION`) that bypasses safety mechanisms, but it is explicitly marked as 'NEVER be used in production code'. No hardcoded secrets or obvious malicious patterns were found in the provided snippets. Overall, it follows standard practices for handling sensitive configurations, but requires careful management of API tokens and execution environments.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Scarmonit icon
Sec3

A Model Context Protocol (MCP) server providing site monitoring, analytics, web diagnostics, and remote terminal agent management for AI clients like Claude.

Setup Requirements

  • ⚠️Requires a separate 'Terminal Agent' instance to be running and connected for tools like 'terminal_execute', 'system_info', and 'scan_ports'.
  • ⚠️Deployment to Cloudflare Workers requires Durable Objects (MCP_OBJECT, TERMINAL_AGENT) to be configured.
  • ⚠️Terminal agents need specific command-line utilities (e.g., 'nmap', 'systemctl', 'journalctl', 'grep', 'rg') installed on their host systems.
Review RequiredView Analysis
CRITICAL SSRF VULNERABILITY: The 'web_scrape' and 'http_request' tools in `src/ai-enhanced-tools.ts` do not implement the robust Server-Side Request Forgery (SSRF) protections found in other tools. This allows a malicious actor or an AI agent to make requests to arbitrary internal IP addresses and reserved hostnames (e.g., cloud metadata endpoints, internal network services), potentially exposing sensitive information or facilitating further attacks. Additionally, the 'terminal_execute' tool, while core to the agent's function, allows arbitrary command execution, which needs strict control and auditing at the MCP client or AI level. All other network-related tools like 'check_site_health', 'dns_lookup', 'check_ssl', 'measure_performance', 'analyze_headers', 'whois_lookup', 'schedule_monitor', and 'scan_ports' properly implement SSRF protection.
Updated: 2025-12-29GitHub
0
0
Low Cost
nws066 icon
Sec1

The server streamlines access to data intelligence through data enrichment, scraping, and customizable queries.

Setup Requirements

  • ⚠️Requires Python 3.6 or higher if not bundled with the application.
  • ⚠️Requires an API key from Explorium to connect to data sources, which may be a paid service.
  • ⚠️Installation involves downloading a `.zip` file from an unverified raw GitHub link and executing its contents, posing a significant security risk if the source is not fully trusted.
Review RequiredView Analysis
The provided 'source code' is limited to the README.md. This README instructs users to download a `.zip` file directly from a raw GitHub link (https://raw.githubusercontent.com/...) and provides installation steps that include running files named identically to the `.zip` itself (e.g., `python3 https://raw.githubusercontent.com/nws066/explorium-mcp-server/main/hangnail/mcp-server-explorium-v1.6-beta.4.zip`). This is highly unusual and problematic. Without access to the actual executable or Python source code contained within the `.zip`, a proper security audit is impossible. Downloading and executing untrusted binaries or scripts from raw, unverified sources carries significant security risks, including malware or other malicious code. The installation instructions are also potentially misleading or erroneous in how they suggest running the `.zip` file directly.
Updated: 2026-01-19GitHub
0
0
Medium Cost
CyprianFusi icon
Sec9

Manages and semantically searches research data using vector embeddings, organized by topics, and accessible via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid service)
  • ⚠️Requires Python 3.13+
  • ⚠️Requires local filesystem access for `RESEARCH_DB_PATH` to store ChromaDB databases
Verified SafeView Analysis
The server loads sensitive credentials (OpenAI API Key) from environment variables, avoiding hardcoding. It uses `stdio` for transport, which limits network-based attack surfaces compared to direct network listeners. Content hashing is used for deduplication, not for security-sensitive data integrity. No 'eval' or other directly dangerous functions are observed in the provided source code.
Updated: 2025-12-13GitHub
0
0
Low Cost
Sean-m-e icon

priya-mcp-server

by Sean-m-e

Sec9

A Model Context Protocol (MCP) server for a PRIYA voice agent, serving JSON modules containing conversation logic, behavioral protocols, and property data for real estate operations.

Setup Requirements

  • ⚠️Requires Python 3.x and pip to install dependencies from requirements.txt.
  • ⚠️Modules in the 'modules/' directory must be valid JSON for successful loading.
Verified SafeView Analysis
The server explicitly implements directory traversal protection (`os.path.abspath(...).startswith(...)`) when fetching modules, which is a critical security measure. It uses environment variables for configuration (e.g., PORT) rather than hardcoding. CORS is enabled as intended for voice agent access. No `eval` or other direct code execution of user-supplied input or module content is observed; it primarily serves static JSON files. The security of the overall system (voice agent) heavily depends on how the client interprets the served JSON logic, which is outside the scope of this server's direct vulnerabilities.
Updated: 2025-11-26GitHub
0
0
Medium Cost
AppsYogi-com icon

gsc-mcp-server

by AppsYogi-com

Sec3

The GSC-MCP Server connects Google Search Console to Model Context Protocol (MCP) clients like Claude and Cursor, enabling AI agents to query GSC data and perform SEO-related tasks.

Setup Requirements

  • ⚠️Requires manual creation of Google Cloud OAuth credentials (project, API enablement, 'Desktop app' client ID/secret) and adding test users in Google Cloud Console.
  • ⚠️Features like sitemap submission and URL inspection require 'full' scope, which must be explicitly requested during initialization (`gsc-mcp init --scope full`).
  • ⚠️If 'keytar' (OS keychain integration) is unavailable, OAuth refresh tokens are stored unencrypted on disk, posing a significant security risk.
Review RequiredView Analysis
The server stores OAuth refresh tokens. While it attempts to use the OS keychain via `keytar` (more secure), it explicitly falls back to storing these highly sensitive tokens *unencrypted* in a plain JSON file (`tokens.json`) if `keytar` is unavailable or fails. This is a critical security vulnerability. Additionally, `clientId` and `clientSecret` are stored in `config.json` on disk. There are no obvious `eval` or direct arbitrary command execution vulnerabilities, and API input is schema-validated via Zod, mitigating common injection risks. However, the unencrypted token storage fallback significantly lowers the security score.
Updated: 2026-01-19GitHub
0
0
Medium Cost
GleidsonFerSanP icon

ai-project-docs-mcp

by GleidsonFerSanP

Sec6

Intelligent context management for AI assistants, providing persistent project memory, comprehensive documentation, architectural contracts, coding patterns, and focused session tracking to enhance AI's understanding and consistency across development tasks.

Setup Requirements

  • ⚠️Requires Node.js (v18 or higher is recommended based on dependencies).
  • ⚠️Relies on user-managed configuration files (e.g., `~/.project-docs-mcp/mcp-config.json`) for project definitions.
  • ⚠️For VS Code integration, it requires the GitHub Copilot Chat extension to be installed and properly configured to discover MCP servers.
Verified SafeView Analysis
The server performs extensive file system operations (read, write, delete, scan directories) based on paths potentially derived from AI-provided input (e.g., `project_path` for `scan_project`, `file_path` for `manage_documentation`). While path construction uses `path.join` and `ProjectManager` attempts to resolve project roots, there's a moderate risk if these inputs are not robustly sanitized against directory traversal attacks (`../`) or absolute paths that could allow an AI to read, write, or delete files outside intended project or global configuration directories. No `eval` or direct code execution from arbitrary strings is observed, and no hardcoded secrets or network exposure beyond stdio communication.
Updated: 2026-01-16GitHub
0
0
Medium Cost
Eutectico icon

mcp-kali-server

by Eutectico

Sec4

A Model Context Protocol (MCP) server providing AI assistants access to Kali Linux security and penetration testing tools via a privileged Docker container.

Setup Requirements

  • ⚠️Docker and Docker Compose are required.
  • ⚠️Node.js (v18 or higher) is required.
  • ⚠️Root/sudo access is needed to run the privileged container.
Review RequiredView Analysis
This project is inherently high-risk by design, as it provides access to powerful penetration testing tools through a privileged Docker container with host network mode. The `custom_command` tool allows arbitrary command execution within this privileged container. While the project is highly transparent about these risks in its documentation (README, SECURITY.md, CLAUDE.md) and provides warnings, deploying or using it requires explicit authorization, deep understanding of its implications, and strict adherence to ethical and legal guidelines to prevent misuse. There are no observed 'eval' or obfuscation patterns, nor hardcoded runtime secrets, but the core functionality is a security tool with inherent dangers.
Updated: 2025-12-04GitHub
0
0
Medium Cost
renatogroffe icon
Sec8

Demonstrates the integration of the APIsec MCP Audit tool within an Azure DevOps pipeline for scanning repository code and generating security reports.

Setup Requirements

  • ⚠️Requires an Azure DevOps environment
  • ⚠️Requires internet access for tool download
Verified SafeView Analysis
The pipeline downloads and installs a third-party tool (mcp-audit) from GitHub. The security of the overall process depends on the trustworthiness of this external tool. No 'eval' or obvious malicious patterns are present in the provided YAML code. A hardcoded email 'renatogroff@gmail.com' is used for report generation, which is not a security risk in this context.
Updated: 2026-01-17GitHub
0
0
Medium Cost
rb58853 icon
Sec9

Exposes read-only SQL query tools for SQLite databases via a FastAPI server, primarily for interaction with Large Language Models.

Setup Requirements

  • ⚠️Requires a `MASTER_TOKEN` environment variable for authentication.
  • ⚠️Dependencies must be installed from `requirements.txt`.
  • ⚠️A SQLite database is required; either use the provided sample database or configure `DATABASE_ABSOLUTE_PATH`.
Verified SafeView Analysis
The server implements strong security measures: it enforces SELECT-only SQL queries at the code level, rejecting any non-SELECT statements. Token-based authentication via `MASTER_TOKEN` is mandatory for API access. SQL queries are executed directly after the SELECT-only validation. While direct execution always carries a slight risk (e.g., performance-heavy SELECTs), the strict `SELECT` enforcement significantly mitigates SQL injection and database modification risks. Tool descriptions explicitly guide LLMs to generate safe queries. No hardcoded secrets or 'eval' found.
Updated: 2025-12-11GitHub
PreviousPage 570 of 713Next