Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
rim1230 icon
Sec9

A basic tutorial for setting up and running a simple Spring Boot web server exposing a 'Hello World' REST API.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 17 or higher
Verified SafeView Analysis
The provided source code is extremely minimal and consists of a standard Spring Boot 'Hello World' application. No 'eval', obfuscation, hardcoded secrets, or unusual/malicious patterns were identified within the truncated code. Default Spring Boot setup is generally secure for basic operation, but production deployments would require further hardening and dependency auditing.
Updated: 2025-11-28GitHub
0
0
High Cost
tindevelopers icon

notion-retell-mcp

by tindevelopers

Sec8

Provides a Model Context Protocol (MCP) server to allow AI agents to interact with the Notion API, primarily supporting Retell AI integration.

Setup Requirements

  • ⚠️Requires a Notion internal integration token (NOTION_TOKEN) configured with specific page/database access permissions.
  • ⚠️The server offers 'stdio', 'http', and 'hybrid' transport modes. Hybrid mode (STDIO + HTTP health endpoint) is recommended for Railway/Retell AI, requiring client configurations to use STDIO for tool calls, not HTTP.
  • ⚠️Contradictory information in the README: mentions 'No need to fiddle with JSON or API token anymore' for Notion MCP, but then details extensive token setup.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive Notion API tokens and authentication tokens, which is crucial for security. The README explicitly warns users about configuring Notion integration permissions to mitigate risks when exposing data to LLMs. There are no clear hardcoded secrets. A commented-out `eval` statement in `src/openapi-mcp-server/openapi/parser.ts` is a minor concern, but it is not active in the provided source.
Updated: 2025-11-21GitHub
0
0
Medium Cost
mako10k icon
Sec9

Enables AI assistants to search the web using Google Custom Search and manage Redmine projects, including issue and project management, comments, and smart updates with workflow-aware error handling.

Setup Requirements

  • ⚠️Requires Google API Key and Custom Search Engine ID to use Google Search features (free tier limited to 100 queries/day).
  • ⚠️Requires Redmine instance URL and API Key for Redmine features, or a multi-repository config file (e.g., `redmine-repositories.json`) with corresponding environment variables.
  • ⚠️Requires manual setup of Google Cloud Console and Google Custom Search Engine for web and image search functionality.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in secret management. It uses a `SecretsResolver` utility to resolve environment variables, validate API keys (length, placeholders, unresolved references), mask keys in logs, and redact them from error messages. Configuration files use environment variable references (`${VAR_NAME}`) to avoid hardcoding secrets. It supports a prioritized search for config files and a fallback to legacy environment variables. Network requests use `axios` with timeouts. No obvious malicious patterns or `eval` usage found. Comprehensive documentation on security setup is also provided.
Updated: 2025-11-20GitHub
0
0
Low Cost
alexnichol50n icon

summary-page-prototype

by alexnichol50n

Sec9

This project serves as a frontend prototype or dashboard for managing and assessing insurance claims and related documents.

Setup Requirements

  • ⚠️Requires Node.js and npm installed to run development scripts.
  • ⚠️The application primarily uses mock data; a backend service would be required for dynamic functionality.
Verified SafeView Analysis
The provided source code is for a client-side React application. It does not contain server-side logic, direct database interactions, explicit 'eval' usage, or hardcoded sensitive secrets. Font loading from a well-known CDN is standard practice. The app appears to be a prototype using mock data, minimizing direct security risks from the code itself. Any potential security concerns would arise from its integration with a backend (not provided) or specific deployment practices.
Updated: 2025-11-27GitHub
0
0
Medium Cost
adhit-r icon

aran-mcp

by adhit-r

Sec5

Provides a comprehensive security and management platform for Model Context Protocol (MCP) deployments, with the specific mcp-server component offering simulated filesystem operations for testing and integration.

Setup Requirements

  • ⚠️Requires Docker for the recommended quick start, or manual setup of Go, Node.js, and PostgreSQL.
  • ⚠️A PostgreSQL database is strictly required.
  • ⚠️Requires careful configuration of authentication providers (Clerk, Authelia, or NeonAuth) and API keys; default settings are insecure.
  • ⚠️The `mcp-server` component is intentionally vulnerable and should not be exposed or used in production.
Review RequiredView Analysis
The project aims for high security with detailed threat modeling (SAFE-MCP) and features like tool attestation and anomaly detection. However, several critical implementation gaps exist: (1) The default API key in `backend/internal/middleware/production.go` is a hardcoded placeholder, requiring manual override for production. (2) MCP API routes in `backend/cmd/server/main.go` are explicitly unprotected by default for testing, posing a significant risk if deployed without enabling the `ENABLE_MCP_AUTH` flag. (3) The cryptographic verification for tool attestation in `backend/internal/mcp/tool_manager.go` is stubbed, weakening the integrity checks. (4) The example `mcp-server` component is intentionally vulnerable to path traversal for demonstration purposes, which should not be used in a real environment without proper hardening.
Updated: 2025-12-13GitHub
0
0
Medium Cost
4lejandrito icon
Sec4

The server provides a Model Context Protocol (MCP) endpoint for Liferay DXP, enabling AI agents to interact with Liferay content as context.

Setup Requirements

  • ⚠️Requires Docker to build and run the server image.
  • ⚠️Implies a Liferay DXP instance is expected or integrated, though the setup focuses on the MCP server itself.
Review RequiredView Analysis
The README explicitly documents hardcoded basic authentication credentials ('test@liferay.com:test') for accessing the MCP server endpoint. This is a critical security vulnerability and should be replaced with a secure authentication mechanism for any non-development or production deployment. No other security risks like 'eval' or obfuscation are apparent from the truncated README content.
Updated: 2025-12-01GitHub
0
0
Low Cost
William12556 icon

mcp-sed-awk

by William12556

Sec9

Enables LLMs to perform secure and token-efficient text processing and file manipulation using native sed, awk, and diff utilities.

Setup Requirements

  • ⚠️Requires Python 3.9 or higher.
  • ⚠️Requires FastMCP 2.0+ library.
  • ⚠️Requires `sed`, `awk`, and `diff` system binaries to be installed and available in PATH.
  • ⚠️Resource limits (memory and CPU time) are only applied on Linux systems; macOS/Windows will only enforce timeouts.
  • ⚠️Requires explicit configuration of allowed directories via CLI arguments or the `ALLOWED_DIRECTORIES` environment variable for any file operations to succeed.
Verified SafeView Analysis
The server implements a robust, multi-layered security architecture: 1. Input Validation: `SecurityValidator` actively sanitizes sed patterns and AWK programs, preventing command injection, ReDoS attacks (nested quantifiers, excessive repetition, deep nesting), and filters shell metacharacters through blacklists and structural checks. 2. Access Control: `PathValidator` enforces a strict directory whitelist, canonicalizes paths, resolves symlinks, and prevents path traversal and TOCTOU vulnerabilities. 3. Resource Protection: `BinaryExecutor` enforces file size limits (10MB), operation timeouts (30s), and on Linux systems, applies memory (100MB) and CPU time (30s) limits using `setrlimit`. 4. Safe Execution: All native binary executions (sed, awk, diff) use `subprocess.run(shell=False)` to prevent shell injection. 5. Error Recovery: `sed_substitute` creates automatic backups and rolls back changes on failure, while `preview_sed` uses temporary files for non-destructive operations with guaranteed cleanup. 6. Audit Trail: `AuditLogger` records all security-relevant events (validation failures, access violations, executions) with data sanitization and fail-safe logging to prevent log injection. No `eval()` or similar dangerous functions were identified. No hardcoded secrets were found; sensitive configurations like allowed directories are passed via CLI or environment variables.
Updated: 2026-01-08GitHub
0
0
Medium Cost
parthamjangir2020 icon

claude-connector-perfexcrm

by parthamjangir2020

Sec3

Provides AI-powered integration for Claude Desktop to manage and query data within Perfex CRM through direct database access via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires a specific version of Claude Desktop with Model Context Protocol (MCP) support.
  • ⚠️Requires manual creation and secure management of a '.env' file containing sensitive database credentials.
  • ⚠️Demands creating and configuring a dedicated database user for Perfex CRM with appropriate (potentially broad) permissions.
Review RequiredView Analysis
The 'execute_sql' tool allows arbitrary raw SQL queries to be executed directly against the Perfex CRM database. While other tools use prepared statements for parameters, the 'sql' argument itself is directly taken from input, posing a severe SQL injection risk if the LLM's output for this argument is not perfectly safe or if an attacker gains control. This grants full control over the database, including modification, deletion, and exfiltration of all data. The MCP server operates with a single database user, lacking granular, in-server role-based access control. Database credentials are handled via environment variables, which is a good practice for secure storage, but the broad capabilities of the 'execute_sql' tool remain a critical vulnerability.
Updated: 2025-12-10GitHub
0
0
Low Cost
ed-marquez icon
Sec9

A RESTful proxy for the Hedera MCP 'SearchHedera' tool, enabling platforms like Custom GPTs to interact with it.

Setup Requirements

  • ⚠️Designed for deployment on Vercel, potentially requiring a Vercel account and CLI for local development or deployment.
  • ⚠️Relies on the external Hedera MCP server (https://docs.hedera.com/mcp) being available and maintaining its API contract.
  • ⚠️Requires Node.js for local development or execution.
Verified SafeView Analysis
The proxy is a simple pass-through without complex logic, making it relatively secure. No hardcoded secrets, 'eval' usage, or obvious malicious patterns were found. It relies on the security and availability of the external Hedera MCP server, which is beyond the scope of this proxy's code.
Updated: 2025-11-26GitHub
0
0
Low Cost
ipnet-mesh icon

meshcore-mcp

by ipnet-mesh

Sec5

Enables AI assistants and web-based tools to control and communicate with MeshCore mesh network devices via an HTTP MCP server.

Setup Requirements

  • ⚠️Requires a MeshCore-compatible hardware device (via Serial, BLE, or TCP) to be functional.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️The server defaults to binding on 0.0.0.0:8000 without authentication; external security (e.g., reverse proxy, firewalls) is critical for secure deployment, especially in production environments.
Review RequiredView Analysis
The server explicitly states that it does not include authentication by default and binds to 0.0.0.0. For production use, it critically requires external security measures like a reverse proxy with authentication, HTTPS/TLS, and firewall rules. Without these, direct exposure to the network poses a significant security risk.
Updated: 2025-12-05GitHub
0
0
Medium Cost
JasonBates icon

image-gen-mcp

by JasonBates

Sec9

Generates images using the laozhang.ai Gemini 3 Pro API and saves them to an Obsidian vault.

Setup Requirements

  • ⚠️Requires a laozhang.ai API Key (paid service)
  • ⚠️Requires uv package manager
  • ⚠️Requires Python 3.11+
  • ⚠️Requires an Obsidian vault to save generated images
Verified SafeView Analysis
The server correctly loads API keys from environment variables and provides configurable paths for saving images. Filenames generated from prompts are sanitized, preventing path traversal. File operations are limited to user-defined directories. The use of httpx for API calls and pydantic for settings are standard secure practices. The LLM call for prompt variations is structured to parse JSON output, mitigating direct code execution via LLM responses. Reference images are read as bytes and passed to the API, without local execution of their content. User configuration of the Obsidian vault path to a sensitive system directory could pose a risk, but this is user-dependent and not a direct vulnerability in the server's code.
Updated: 2026-01-19GitHub
0
0
Low Cost

mcp-delegator

by littlebearapps

Sec9

Orchestrates and delegates AI agent tasks (specifically OpenAI Codex) from Claude Code, enabling asynchronous execution and advanced development workflows.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0.
  • ⚠️Requires OpenAI Codex CLI installed and configured.
  • ⚠️Requires ChatGPT Pro subscription or CODEX_API_KEY environment variable.
  • ⚠️Codex Cloud environments require manual configuration (~/.config/mcp-delegator/environments.json) due to lack of programmatic API for OpenAI Codex Cloud.
  • ⚠️SDK-based tasks may use incorrect Python versions if virtual environment is not activated in the MCP server's process context.
Verified SafeView Analysis
Robust input validation prevents command injection and path traversal. Automatic secret redaction for 15+ patterns. Mutation gating requires explicit user confirmation for file-modifying operations. Risky Git operations are detected and require explicit user confirmation with automatic safety checkpointing. Uses child_process.spawn to prevent shell injection. Comprehensive CI/CD security plan including CodeQL, Dependabot, and npm Trusted Publisher. Deduction for wrapping codex CLI, which is an external dependency.
Updated: 2025-11-24GitHub
PreviousPage 576 of 713Next