Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Ilm-Alan icon

claude-tmux

by Ilm-Alan

Sec3

Orchestrates multiple Claude Code instances in isolated tmux sessions for long-running, interactive coding tasks.

Setup Requirements

  • ⚠️Requires tmux to be installed on the host system.
  • ⚠️Requires Claude Code CLI to be installed on the host system.
Review RequiredView Analysis
The `spawn` tool is vulnerable to command injection via the `prompt` parameter. A malicious `prompt` (e.g., containing double quotes like `"`) can break out of the intended `"$(cat ${tempFile})"` shell construct when interpreted by the shell within the tmux session. This allows arbitrary shell commands to be executed within the created tmux session, potentially accessing or manipulating files in the `workdir` or other resources available to the session. Additionally, the Claude Code CLI is launched with the `--dangerously-skip-permissions` flag, explicitly indicating a reduced security posture for the Claude instance itself.
Updated: 2026-01-17GitHub
0
0
Medium Cost
HamdiOzkurt icon
Sec8

This server analyzes Turkish web content by scraping URLs, summarizing text using an LLM (optional), extracting keywords, and generating visual reports (word cloud, frequency chart) for integration with n8n automation workflows.

Setup Requirements

  • ⚠️Requires a GOOGLE_API_KEY for Google Gemini (paid API) to enable LLM-based summarization; otherwise, it falls back to a classic summary.
  • ⚠️Requires n8n automation platform knowledge and setup for full workflow integration.
  • ⚠️Requires Python environment setup and dependency installation via pip.
Verified SafeView Analysis
The code demonstrates good practices for handling sensitive information (loading API keys from .env). It performs extensive input sanitization using regex to clean scraped text from HTML tags, scripts, styles, and common spam patterns, significantly mitigating injection risks before processing or feeding to an LLM. No 'eval' or similar dangerous patterns are used directly on user input. The server listens on `0.0.0.0:8000`, which means it is externally accessible by default if not firewalled, a standard consideration for any network-facing service.
Updated: 2025-12-01GitHub
0
0
Medium Cost
nagareproject icon

server-mcp

by nagareproject

Sec7

A server implementation for the Nagare Model Context Protocol, enabling interaction with tools, resources, prompts, and sampling capabilities, primarily for AI/ML-driven applications.

Setup Requirements

  • ⚠️Requires a specific HTTP publisher (gunicorn or waitress) for SSE or the nagare-publishers-mcp-stdio package for STDIO protocol support.
  • ⚠️For STDIO protocol, logging must be explicitly configured to avoid stdout to prevent interference with protocol communications.
  • ⚠️The server is part of the Nagare framework ecosystem, requiring familiarity with Nagare application configuration and deployment.
Verified SafeView Analysis
The code uses `exec` to dynamically create function prototypes from introspected Python function signatures or Pydantic models. While `exec` is generally a high-risk function, its usage here appears to be controlled internally for AST manipulation based on validated inputs, rather than arbitrary user-controlled code execution. Resource functions, if implemented by users to accept arbitrary file paths from client input, could introduce path traversal vulnerabilities; however, the provided examples use hardcoded paths, making them safe within the example context. The server also relies on dynamically loaded plugins via `entry_points`, meaning the overall security posture is also dependent on the trustworthiness of any installed plugins. No hardcoded secrets were identified.
Updated: 2025-12-14GitHub
0
0
Low Cost
cubeguerrero icon

mcp_demo

by cubeguerrero

Sec6

This is a demo MCP server built with Vert.x and the MCP Java SDK, showcasing both blocking and non-blocking tool implementations for concurrent request handling.

Setup Requirements

  • ⚠️Requires a local MySQL server instance running (Docker command provided in README).
  • ⚠️Requires Java 21.
  • ⚠️Vert.x version 4.5 is required.
  • ⚠️Uses MCP SDK 0.11 (5-6 versions behind current SDK).
Verified SafeView Analysis
The database connection details (host, port, database name, username, password) are hardcoded directly in `MySqlClientProducer.java`. While acceptable for a local demo, this is a critical security vulnerability for any non-demo or production deployment, as it exposes sensitive credentials. No 'eval' or similar dangerous patterns were found. The server exposes an `/mcp` endpoint and `/health` check on a configurable port, which is standard for a server.
Updated: 2025-12-08GitHub
0
0
Low Cost
sheyboy icon
Sec8

A remote Model Context Protocol (MCP) server deployed on Cloudflare Workers, providing unauthenticated calculator tools that can be consumed by AI agents or playgrounds.

Setup Requirements

  • ⚠️Requires a Cloudflare account and Wrangler CLI for deployment.
  • ⚠️Requires Node.js and npm/yarn/pnpm for local development and dependency management.
  • ⚠️The server is 'authless' by design, meaning it is publicly accessible without authentication. This is suitable for a demo but unsuitable for production use without adding authentication layers.
Verified SafeView Analysis
The server is explicitly designed to be 'authless' as an example, meaning anyone with the URL can access its tools. While this is intentional for the demo, it is a critical security consideration for any production deployment where access control would typically be required. Input validation for the 'add' and 'calculate' tools uses `zod` to ensure inputs are numbers and operations are valid enums, mitigating basic injection risks. Division by zero is also handled. No direct use of 'eval' or other dynamic code execution from user input is observed. Dependencies are standard for Cloudflare Workers and AI SDKs, and their security is assumed.
Updated: 2025-11-27GitHub
0
0
Low Cost
Hooryo icon
Sec9

Effortlessly remove Gemini AI watermarks from images using client-side processing.

Setup Requirements

  • ⚠️Requires a local web server (e.g., `python -m http.server`) to avoid CORS issues when running directly from the file system.
  • ⚠️The LaMa AI method requires a one-time ~200MB model download, which is cached in IndexedDB.
Verified SafeView Analysis
The application is entirely client-side, meaning no user image data is uploaded to a server, significantly reducing backend security risks. The core logic runs in the user's browser. It loads ONNX Runtime and the LaMa AI model from external CDNs (cdn.jsdelivr.net, huggingface.co), which are generally reputable sources, but introduce a supply-chain risk if those sources were compromised. The code itself contains no 'eval' or obvious malicious patterns, and no hardcoded secrets.
Updated: 2026-01-19GitHub
0
0
Medium Cost
AlejandroDiazD icon

mcp-server-real-state

by AlejandroDiazD

Sec8

Facilitate LLM interaction with a real estate database for property data management and SEO content generation.

Setup Requirements

  • ⚠️Docker and Docker Compose v2+ required
  • ⚠️Requires specific Bearer Token ('secret_token_2026') for authentication
  • ⚠️Uses SQLite, limiting scalability for production environments (though portable for challenge)
Verified SafeView Analysis
The server uses a static bearer token ('secret_token_2026') for authentication, which is hardcoded in the Docker Compose file and as a default in the application settings. While explicitly stated as a test secret for the challenge, this pattern is a significant security risk for production environments as it makes the token easily discoverable and non-rotatable. No 'eval' or obvious obfuscation found. Network exposure (0.0.0.0) is typical for Dockerized apps.
Updated: 2026-01-19GitHub
0
0
High Cost
Tuprott991 icon

VertexAI-MCP

by Tuprott991

Sec2

An AI-powered insurance product inquiry assistant for Prudential Vietnam, utilizing a Model Context Protocol (MCP) server for tool execution and a client for AI orchestration and frontend interaction.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer due to `pyproject.toml` specification.
  • ⚠️Requires paid API keys for LLM access (OpenAI, Gemini/Vertex AI) and for the Linkup web search service.
  • ⚠️PostgreSQL database is required and needs to be initialized (tables created, documents ingested) before full functionality.
  • ⚠️The `run_command` tool poses a significant security risk and should be disabled or removed for production use.
Review RequiredView Analysis
The `run_command` tool in `mcp_server/sse_server.py` and `mcp_client/services.py` allows arbitrary shell command execution with `shell=True`. This is a critical security vulnerability that can lead to Remote Code Execution (RCE) if an attacker (or a misconfigured LLM) can inject malicious commands. Although there's an attempt to set a `DEFAULT_WORKSPACE`, `shell=True` can bypass many restrictions. Additionally, using `GOOGLE_CREDENTIALS_JSON` environment variable for service account keys is less secure than file paths as the raw JSON content might be exposed in process listings or logs.
Updated: 2025-12-22GitHub
0
0
Low Cost
aiscibe-mcp-deployment icon

mcp-e70738e0-7ce97189-healiora

by aiscibe-mcp-deployment

Sec9

This server acts as a Model Context Protocol (MCP) server, exposing configured external APIs as tools for AI models like Claude.

Setup Requirements

  • ⚠️Requires `OPENAI_API_KEY` environment variable for AI model integration.
  • ⚠️Specifically requires Python version 3.9 as configured for Vercel deployment.
  • ⚠️Relies on an external backend API at `https://healiorabackend.rawcode.online` for tool functionality.
Verified SafeView Analysis
The code uses environment variables for sensitive data (e.g., OPENAI_API_KEY) and hardcodes API connection URLs, preventing common SSRF vulnerabilities. No 'eval' or other highly dangerous patterns are present. External API calls are made using httpx, which is a robust library. Error handling for server initialization is also present.
Updated: 2025-12-02GitHub
0
0
Medium Cost
Atomic-Germ icon

mcp-bridge

by Atomic-Germ

Sec8

Orchestrates a cyclical creative workflow by logging meditation and critique, suggesting mode switches, and injecting context between generative and analytical AI models.

Setup Requirements

  • ⚠️Requires mcp-creative server to be running for meditation functionalities.
  • ⚠️Requires mcp-consult server to be running for critique functionalities (which may in turn require a local Ollama instance or other LLM access).
  • ⚠️Requires a Node.js (>=18) and TypeScript environment.
Verified SafeView Analysis
The server primarily communicates over standard I/O (StdioServerTransport), limiting direct network attack surface. It stores session data in local JSON files with atomic writes for integrity. Input parsing for meditation/consult text uses regexes and string manipulations, which appear safe. No direct use of 'eval' or hardcoded secrets found. Potential risks exist in parsing complex or malicious outputs from other MCPs, but the current code doesn't execute arbitrary commands based on these inputs.
Updated: 2026-01-02GitHub
0
0
Medium Cost
bioanywhere icon

manana

by bioanywhere

Sec9

Provides client libraries to access the World News API for retrieving and searching news articles from various sources.

Setup Requirements

  • ⚠️Requires an API key for the World News API, which is a commercial service and may incur costs depending on usage.
  • ⚠️The Python client specifically requires Python 3.7+.
  • ⚠️The C++ client's OAuth implementation may open a local TCP server on port 9999 for authentication redirects.
Verified SafeView Analysis
The repository contains client libraries for the World News API across multiple programming languages, not a standalone server application. The code is largely auto-generated by OpenAPI Generator, suggesting adherence to standard practices. API keys are expected to be provided by the user at runtime and are not hardcoded. The C++ OAuth client includes a local TCP server (`ReplyServer`) that listens on port 9999 (`QHostAddress::Any`) for handling OAuth redirects, which is a common and generally safe pattern for desktop applications. No malicious patterns, obfuscation, or direct network vulnerabilities on the client side were identified. The core functionality relies on secure HTTPS communication with the external World News API.
Updated: 2025-12-13GitHub
0
0
High Cost
adarshvermaa icon
Sec2

An AI-powered web builder and code assistant that plans project structures, generates UI components, and creates full code files based on natural language prompts, leveraging multiple LLM providers and real-time updates.

Setup Requirements

  • ⚠️Requires API keys for OpenAI, Anthropic, and Gemini LLMs (paid services).
  • ⚠️A hardcoded Gemini API key is present in the source code; replace it with an environment variable for security.
  • ⚠️Requires Kafka, Zookeeper, and Redis infrastructure (typically run via Docker Compose, as indicated in the dev script).
  • ⚠️Requires a Pinecone vector database for RAG (paid service).
Review RequiredView Analysis
CRITICAL: The Gemini API key is hardcoded as a fallback in `backend/src/main/web/services/builder.service.ts` (`AIzaSyAkptd80FbJT8cwKbghiv57ppoDvQPSfHo`). This is a severe vulnerability, as this key could be exposed and abused. Additionally, the system uses `child_process.spawn` and `exec` for command execution (`ChatService.runCommandStream`, `CodeBuilderService.runCommand`), which allows for arbitrary command execution. While `ALLOWED_COMMANDS` are mentioned, their full implementation and robustness against bypasses are not fully visible. Path sanitization is present for file system operations, which is a positive, but overshadowed by the hardcoded secret and command execution capabilities.
Updated: 2025-11-29GitHub
PreviousPage 577 of 713Next