Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
salmangada icon

marine-traffic-mcp

by salmangada

Sec9

An MCP server that provides an interface to access real-time and historical Marine Traffic vessel tracking data and port intelligence.

Setup Requirements

  • ⚠️Requires Go 1.21 or higher
  • ⚠️Requires a Marine Traffic API key (paid service)
Verified SafeView Analysis
The API key is loaded from environment variables and is not hardcoded. Communication with the Marine Traffic API defaults to HTTPS. Input parameters for MCP tools are explicitly parsed with type safety. There are no obvious signs of 'eval' or other direct code execution vulnerabilities. The `.env` file is appropriately excluded via `.gitignore`.
Updated: 2025-12-05GitHub
0
0
Medium Cost
FluxA-Agent-Payment icon

FluxA-AI-Wallet-MCP

by FluxA-Agent-Payment

Sec8

This MCP server enables AI agents to make x402 (EIP-3009 exact) blockchain payments and manage payouts using the FluxA Wallet API without local private key management.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0.
  • ⚠️Requires initial agent registration using the `init_agent_id` tool, either by providing `AGENT_EMAIL`, `AGENT_NAME`, `CLIENT_INFO` environment variables or passing them as parameters.
  • ⚠️Stores sensitive Agent ID credentials (agent_id, token, jwt) in `~/.fluxa-ai-wallet-mcp/config.json` by default, which must be secured.
Verified SafeView Analysis
The server explicitly states 'No Local Key Management', offloading private key handling to the FluxA Wallet API, which is a significant security advantage. It uses environment variables for API endpoints, which can be configured by the user, but this also means that if the environment variables are compromised or misconfigured, traffic could be redirected to malicious endpoints. Agent ID credentials (agent_id, token, jwt) are stored locally in `~/.fluxa-ai-wallet-mcp/config.json`, which should be protected with appropriate file system permissions. JWTs are automatically refreshed to maintain session validity. Input validation is performed using Zod schemas, mitigating common parsing vulnerabilities. Audit logs are recorded for traceability. Overall, it appears to be a reasonably secure implementation for its intended purpose, provided the local configuration file and environment variables are properly secured.
Updated: 2025-11-24GitHub
0
0
Medium Cost
princeyohann icon

stoic-mcp

by princeyohann

Sec8

Provides a local Model Context Protocol (MCP) server for Stoic philosophy quotes, featuring CRUD operations, AI-powered explanations, and quote generation, aimed at developer wellness and productivity.

Setup Requirements

  • ⚠️Requires DeepSeek API Key (paid service) for all AI features (explanations, quote generation).
  • ⚠️Node.js 18+ and npm are prerequisites.
  • ⚠️Requires specific configuration in Claude Desktop's `claude_desktop_config.json` file, with careful attention to the absolute path and Windows backslash formatting.
Verified SafeView Analysis
The server uses `process.env.DEEPSEEK_API_KEY` to load the DeepSeek API key, avoiding hardcoded secrets. File system operations (`fs/promises.readFile`, `writeFile`) are contained to a `quotes.json` file within the project directory. Input parsing for the bulk import utility uses regex, and tool arguments are handled by casting to `Number()` for IDs, reducing injection risks. No `eval` or `child_process.exec` patterns were found for arbitrary code execution. The primary security considerations are typical for a local Node.js application accessing the file system and making external API calls, which is generally safe for its intended use case.
Updated: 2026-01-19GitHub
0
0
Low Cost
Josh-Gotro icon

generic-mcp

by Josh-Gotro

Sec9

Provides a scaffolding for building Model Context Protocol (MCP) servers to expose external APIs as tools for Claude Desktop and CLI.

Setup Requirements

  • ⚠️Requires Python 3.12+ for execution.
  • ⚠️Requires 'uv' or 'python' installed and accessible in the system PATH.
  • ⚠️Requires specific environment variables (e.g., API keys, base URLs) to be configured, typically via .env files or Claude Desktop's mcpServers 'env' block.
  • ⚠️Designed primarily for Claude Desktop/CLI via stdio transport; requires specific client-side setup.
Verified SafeView Analysis
The server adheres to good security practices by utilizing environment variables for secrets, logging to stderr, and providing clear examples of input validation. No dangerous functions like 'eval' or 'pickle' are present in the provided code snippets. Best practices like using HTTPS for API calls and thorough input validation are explicitly recommended and demonstrated.
Updated: 2025-12-11GitHub
0
0
Medium Cost
babasida246 icon

ai-mcp-gateway

by babasida246

Sec8

An intelligent AI Model orchestration gateway for AI-powered project scaffolding, code analysis, interactive chat, and multi-agent collaboration, functioning as a CLI tool or a HTTP API server.

Setup Requirements

  • ⚠️Requires OpenAI, Anthropic, or OpenRouter API keys (some are paid services, OpenRouter is recommended for fallback models).
  • ⚠️Requires PostgreSQL database for persistence (model config, conversations, agent memory, analytics, quotas).
  • ⚠️Requires Redis for caching and session management.
  • ⚠️Optional: Local LLM runtime (e.g., Ollama) for 'oss-local' provider.
  • ⚠️Optional: Claude Code CLI installation for direct Claude Code integration with the MCP CLI.
  • ⚠️Requires Node.js >=20.0.0 and pnpm for development/direct execution.
  • ⚠️Docker/Docker Compose is recommended for easy deployment.
Verified SafeView Analysis
The server employs robust security practices including parameterized SQL queries, JWT-based authentication, and environment variable management for API keys. It also includes a policy enforcer for prompt/output scanning. Potential inherent risks associated with the GPTPlusClient (relying on browser session tokens) and WebTerminal (remote execution capabilities) are noted, but these features are implemented using standard libraries and with explicit warnings about terms of service compliance for GPTPlus. Overall, the implementation adheres to good security standards.
Updated: 2025-12-05GitHub
0
0
Low Cost
pasie15 icon
Sec2

Facilitate AI assistant interaction with Tripo3D AI API for 3D model generation, animation, and stylization.

Setup Requirements

  • ⚠️Requires a Tripo3D API secret (TRIPO_API_SECRET) which likely corresponds to a paid service.
  • ⚠️Node.js and npm are required to run this server.
  • ⚠️For image/multiview-to-3d, the server needs local file system access to the specified image paths.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `upload_file` tool (and implicitly `image_to_3d`, `multiview_to_3d` which auto-upload local files) accepts a `file_path` (or `image_path`, `files[].path`) directly from the AI model's arguments. This path is then used without sanitization or restriction in `fs.createReadStream()`. An attacker controlling the AI model's input could exploit this to perform an Arbitrary File Read (CWE-22), exfiltrating sensitive files (e.g., `/etc/passwd`, environment variables, API keys if stored on disk) from the server's host system. This is a severe security risk.
Updated: 2025-11-22GitHub
0
0
Low Cost
anillibra icon

AgentMCP_V1

by anillibra

Sec1

Orchestrates a multi-agent system in ADK, enabling an LLM agent to utilize specialized Microservice Communication Protocol (MCP) servers for tasks like mathematics, SQLite database operations, and Pinecone search indexing.

Setup Requirements

  • ⚠️Requires a Google API Key with billing enabled for Gemini models.
  • ⚠️MCP servers (Math, SQLite, SearchIndex) must be started manually via `uv run 2-streamable-http-mcp-server-multi-agent/main.py` before running the ADK client.
  • ⚠️The `adk web mcp_client` command must be run from the `multi-agent` parent directory, not from within the `mcp_client` agent folder.
Review RequiredView Analysis
CRITICAL security risks identified: 1. **SQL Injection Vulnerability:** The `sqllite_mcp_server.py` directly executes user-provided SQL queries via `cursor.execute(query)` in both `run_query` and `execute` tools. This allows any malicious user input to read, modify, or delete database contents, or even execute arbitrary system commands if the database user has sufficient privileges. 2. **Hardcoded API Key:** The `PINECONE_API_KEY` is hardcoded directly in `searchindex_mcp_server.py`, which is a severe security risk. This key should always be loaded from environment variables or a secure secret management system. 3. **Local Server Exposure Risk:** While servers run on `localhost`, if these ports (6000, 6001, 6002) were exposed externally (e.g., via a firewall rule or port forwarding), the SQL injection vulnerabilities and access to Pinecone could be exploited by external attackers.
Updated: 2025-11-22GitHub
0
0
Low Cost
aiscibe-mcp-deployment icon

mcp-e70738e0-808ea82c-nklsdfjk

by aiscibe-mcp-deployment

Sec7

This server acts as a Model Context Protocol (MCP) gateway, exposing configured external APIs as tools for consumption by AI models like Claude.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Deployment to Vercel assumes GitHub repository connection
Verified SafeView Analysis
The server uses `CORSMiddleware` with `allow_origins=["*"]`, which permits requests from any origin. While common for public-facing API gateways, it should be noted. The `call_api` function dynamically constructs API requests. Although the base URL for `API_CONNECTIONS` is hardcoded to a specific domain, if the `endpoint` parameter to `call_api` is directly derived from untrusted AI model input without sanitization or validation, it could potentially lead to SSRF (Server-Side Request Forgery) vulnerabilities. No explicit `eval` or other dangerous patterns are present. API keys are expected via environment variables, which is good practice.
Updated: 2025-12-05GitHub
0
0
Medium Cost
KuljeetSinghXDA icon

nexter-mcp-server

by KuljeetSinghXDA

Sec8

AI-powered content management for WordPress using Nexter Blocks, enabling creation, analysis, editing, and validation of posts and pages.

Setup Requirements

  • ⚠️Requires a running WordPress instance with the Nexter MCP API plugin installed.
  • ⚠️WordPress Application Passwords must be enabled and configured for the `WP_USERNAME`.
  • ⚠️Requires Docker for easy deployment via `docker-compose`.
  • ⚠️An AI agent capable of interacting with the Model Context Protocol (MCP) is needed to utilize this server.
Verified SafeView Analysis
The server is designed to run in an isolated Docker network, with external authentication and routing handled by a proxy like Traefik. It relies on WordPress Application Passwords for API access, uses `express-rate-limit` for DDoS prevention, and implements extensive input validation. Sensitive data is sanitized in logs. The PHP plugin code also uses WordPress-standard sanitization functions. Direct exposure to the internet without the described proxy-layer authentication would be vulnerable, but for its intended deployment model, security considerations are well-addressed.
Updated: 2025-11-24GitHub
0
0
Low Cost
teomarcdhio icon

proxmox-mcp

by teomarcdhio

Sec6

Allows LLM agents to interact with and monitor Proxmox homelab VMs and containers in a read-only capacity.

Setup Requirements

  • ⚠️Requires an existing Proxmox VE cluster/host.
  • ⚠️Requires a Proxmox API token with PVEAuditor (read-only) role for secure authentication.
  • ⚠️The `PROXMOX_VERIFY_SSL` setting defaults to `false`, which is a security risk if not changed to `true` (and a valid SSL certificate is present on Proxmox).
  • ⚠️The `get_vm_filesystem_info` tool requires the QEMU Guest Agent to be installed and running inside the target VM.
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The `PROXMOX_VERIFY_SSL` setting defaults to `false` in the configuration, Docker Compose, and Kubernetes deployment manifests. This disables SSL certificate verification for the Proxmox API, making the connection vulnerable to Man-in-the-Middle (MITM) attacks. While the README recommends setting it to `true` in production, the default configuration is insecure. All operations are explicitly read-only, which mitigates the risk of direct system compromise or data modification, but sensitive information (VM configurations, metrics) could be intercepted if MITM occurs. The server binds to `0.0.0.0` by default for SSE, requiring proper firewalling if exposed externally.
Updated: 2025-11-29GitHub
0
0
Low Cost
serkan-uz icon

governmcp

by serkan-uz

Sec6

A control plane for Model Context Protocol (MCP) servers, enabling user and role management, MCP server registration, tool metadata, policy enforcement, capability token issuance, and comprehensive audit logging.

Setup Requirements

  • ⚠️Requires manual generation and secure configuration of cryptographic keys (Fernet key for credential encryption, RSA private/public keys for JWT signing) for production use.
  • ⚠️The default PostgreSQL username and password in `docker-compose.yml` are `governmcp:governmcp`; these must be changed for any production deployment.
  • ⚠️The API requires Python 3.11+.
Verified SafeView Analysis
The server demonstrates good security practices such as using environment variables for critical secrets (Fernet key for encryption, JWT private/public keys), employing JWTs for capability tokens with a public JWKS endpoint for verification, and implementing comprehensive audit logging. It also includes a hardcoded block for 'delete' actions, regardless of policy. However, there are critical vulnerabilities if default configurations are used in production: 1) The API's `CORSMiddleware` is configured with `allow_origins=["*"]`, which is highly insecure for a production API handling user authentication. This should be restricted to known client origins. 2) The `docker-compose.yml` hardcodes default `POSTGRES_USER` and `POSTGRES_PASSWORD` (`governmcp:governmcp`), which poses a significant risk if deployed without overriding these credentials. While secrets are loaded from environment variables for keys, these defaults undermine that effort in a Docker setup.
Updated: 2025-12-06GitHub
0
0
Medium Cost
gopal-prakash-codes icon

mcp-server

by gopal-prakash-codes

Sec5

Provides Model Context Protocol (MCP) compliant endpoints for managing travel packages, creating and retrieving bookings, planning itineraries, and performing price calculations.

Setup Requirements

  • ⚠️Requires an external proxy layer for essential security features like authentication, authorization, and rate limiting.
  • ⚠️All session and booking data is stored in-memory and will be lost if the server restarts or crashes.
  • ⚠️Basic input validation is present, but comprehensive security measures (e.g., SQL injection prevention if a database were added, XSS prevention for web frontends) are not fully implemented internally.
Review RequiredView Analysis
The server lacks built-in authentication, authorization, rate limiting, and audit logging. The source code and README explicitly state this endpoint should NOT be exposed directly and mandates routing all requests through an external proxy layer (e.g., ArmorIQ) for security. Data is stored in-memory, meaning all booking and session data is lost upon server restart, which is a significant operational limitation. Basic input validation is present for some tool arguments (e.g., email format, date format, positive integers), but overall security relies heavily on external infrastructure.
Updated: 2025-12-03GitHub
PreviousPage 582 of 713Next