Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
nhartman000 icon
Sec1

Implements a basic multiplayer game server, providing TCP and WebSocket connections with a command processing system, including highly dangerous remote code execution capabilities for 'op' users.

Setup Requirements

  • ⚠️Requires Node.js runtime.
  • ⚠️Dependencies 'uuid' and 'ws' must be installed via npm (e.g., `npm install uuid ws`).
  • ⚠️Default server port 25565 might require elevated privileges or careful firewall configuration, and could conflict with other Minecraft servers.
Review RequiredView Analysis
CRITICAL: The server explicitly includes 'eval' and 'exec' commands, allowing 'op' users to execute arbitrary JavaScript code and system commands on the host server. This is a severe security vulnerability, making the server unsafe to run in any non-isolated or production environment. A compromised 'op' account or an exploit to gain 'op' status would lead to full server compromise.
Updated: 2025-11-22GitHub
0
0
High Cost
ameydhavle icon
Sec2

Exposes AI-powered optimization capabilities via a Model Context Protocol (MCP) and REST/WebSocket APIs, enabling seamless integration with various enterprise platforms and AI assistants for natural language problem solving and model execution.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid)
  • ⚠️Requires Mistral AI Key (Paid)
  • ⚠️Requires DeepSeek AI Key (Paid)
  • ⚠️Requires Pyomo-compatible solvers (e.g., HiGHS, SCIP, Gurobi, CPLEX, OR-Tools) to be installed and configured on the server, some of which may be commercial or require academic licenses.
  • ⚠️The client-side UI (`dcisionai_graph/ui/`) is configured with hardcoded AWS/Cognito access tokens, which would need to be replaced with a secure authentication flow (e.g., OAuth/SSO) for production use.
Review RequiredView Analysis
CRITICAL: The codebase uses `eval` and `exec` in multiple places (e.g., `dcisionai_graph/dame/formula_interpreter.py`, `dcisionai_graph/dame/constraint_encoder.py`, `dcisionai_graph/core/tools/formula/pyomo_generator.py`) to process LLM-generated code or potentially user-provided formulas. Without rigorous, explicit sanitization or a robust allowlisting mechanism, this constitutes a severe Remote Code Execution (RCE) vulnerability. Additionally, `dcisionai_graph/ui/src/agentcore-config.js` contains hardcoded AWS/Cognito access tokens and client secrets, which is a critical security flaw for any deployed application.
Updated: 2025-11-25GitHub
0
0
High Cost
insipidityincus22 icon

golf-testing

by insipidityincus22

Sec9

Comprehensive testing framework for MCP (Model Context Protocol) servers, integrating AI agents for automated performance, security, and compliance testing with CI/CD compatibility.

Setup Requirements

  • ⚠️Requires ANTHROPIC_API_KEY for core AI agent functionality (test generation, conversational agent).
  • ⚠️Requires OPENAI_API_KEY for advanced AI features like conversation judging and user simulation.
  • ⚠️Requires the 'mcp' Python SDK to be installed separately for full compliance and security testing features.
Verified SafeView Analysis
The project is a testing framework that connects to and tests external MCP servers. It uses environment variables for API keys (e.g., ANTHROPIC_API_KEY, OPENAI_API_KEY) and can be configured to run local servers via `stdio` transport, executing arbitrary commands specified in user configuration. While this provides powerful testing capabilities, it introduces a risk if configured with untrusted commands. The OAuth callback mechanism starts a local HTTP server, which is standard for OAuth flows but should be noted. The `security_tester` module explicitly crafts malicious payloads to test target servers, but this is a function of the tool, not a vulnerability within it. Overall, the tool itself appears to follow good security practices for its operations, with the primary security considerations revolving around the integrity of user-provided configurations and the trust placed in the target MCP servers.
Updated: 2026-01-19GitHub
0
0
Medium Cost
bonnie-mapipa icon

esri_gis_mcp

by bonnie-mapipa

Sec9

Provides an MCP server to access and query eThekwini municipality's open GIS data for AI agents and cloud applications.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Azure deployment incurs Azure cloud costs.
  • ⚠️Relies on external eThekwini ArcGIS services for data availability and uptime.
Verified SafeView Analysis
The server accesses public ArcGIS REST APIs for data. No hardcoded sensitive secrets, 'eval', or code obfuscation are found. Outbound network calls are inherent to its function, with explicit timeouts and error handling. The Azure Function deployment uses a broad CORS policy (`*`) by default, which is common for public APIs but can be restricted if needed via Azure configuration.
Updated: 2025-11-20GitHub
0
0
High Cost
lashencf icon

kali-mcp-agent

by lashencf

Sec2

Integrate a secure, containerized Kali Linux environment with a local LLM (via LM Studio and MCP) to execute network reconnaissance and penetration testing tools.

Setup Requirements

  • ⚠️Requires Docker Desktop to run the Kali Linux container.
  • ⚠️Requires LM Studio to act as the LLM and orchestrator.
  • ⚠️Requires Python 3.10+ for local development/setup (though container manages its own Python).
  • ⚠️Requires manual configuration of LM Studio's `mcp.json` file.
Review RequiredView Analysis
Critical command injection vulnerability exists in `run_nmap`, `ping_target`, `run_burpsuite`, and `run_sqlmap` functions. The `target` parameter is directly passed to `subprocess.run()` without any sanitization or quoting. This allows an attacker (or a misaligned LLM) to inject and execute arbitrary shell commands within the Docker container by crafting malicious input for the 'target' argument (e.g., '192.168.1.1; rm -rf /'). While running in a Docker container provides some isolation, this severe flaw can lead to a compromise of the container environment and potential network exposure, undermining the stated goal of 'safely' executing tools. The `run_metasploit` function also misleadingly accepts a 'target' argument in its signature but does not use it in the `subprocess.run` call, which while not an injection point in itself, suggests incomplete or inconsistent design.
Updated: 2025-12-05GitHub
0
0
Medium Cost
Cronos402 icon

mcp-indexer

by Cronos402

Sec8

Provides a data persistence and analytics service for Cronos402 MCP servers, indexing their details and ingesting RPC usage logs.

Setup Requirements

  • ⚠️Requires DATABASE_URL environment variable (PostgreSQL database)
  • ⚠️Requires INGESTION_SECRET environment variable for ingesting RPC logs
  • ⚠️Requires MODERATION_SECRET environment variable for administrative moderation and quality score recomputation
Verified SafeView Analysis
The application uses environment variables for secrets (INGESTION_SECRET, MODERATION_SECRET) which is a good practice. Admin endpoints are protected by MODERATION_SECRET. The `/ingest/rpc` endpoint is protected by INGESTION_SECRET. The CORS policy is permissive ('*'), which means it allows requests from any origin, but sensitive endpoints are authenticated. The `inspectMcp` function makes outgoing network requests to arbitrary MCP server origins, which could expose the indexer to risks like DoS if a malicious or poorly performing `origin` is provided. The `zodToJson` helper adds a defensive layer to prevent non-serializable data from being stored directly.
Updated: 2026-01-18GitHub
0
0
Low Cost
palakshah-47 icon

mcp-server-weather

by palakshah-47

Sec9

This server provides a tool to fetch current weather conditions for a specified geographic location using the Open-Meteo API.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Depends on the 'mcp[cli]' framework, indicating it's designed to run within an MCP (Microservice Component Platform) environment.
Verified SafeView Analysis
No significant security vulnerabilities found. The server utilizes a public, unauthenticated API (Open-Meteo). Input parameters 'latitude' and 'longitude' are expected to be floats, which are safely embedded into the URL. There are no hardcoded secrets or dangerous functions like 'eval' observed.
Updated: 2025-11-20GitHub
0
0
Low Cost
RyutaSuzuki77 icon

mcp-server-test

by RyutaSuzuki77

Sec10

A minimal example of an MCP server that implements a simple 'ping' tool, demonstrating basic server functionality and tool registration within the Model Context Protocol SDK.

Setup Requirements

  • ⚠️Requires Node.js runtime (v18+ recommended due to SDK dependencies, as indicated by package-lock.json).
  • ⚠️Requires `@modelcontextprotocol/sdk` to be installed.
  • ⚠️Requires `ts-node` for direct execution of TypeScript source without prior compilation.
Verified SafeView Analysis
The server implements a single, extremely simple tool ('ping') that returns a static string 'pong' without processing any external input, making it inherently safe. It utilizes `StdioServerTransport` for communication, which typically involves inter-process communication rather than direct network exposure. No dynamic code execution (like 'eval') or sensitive information handling is present, and no hardcoded secrets were found.
Updated: 2026-01-17GitHub
0
0
High Cost
salesforcebob icon

sf-doc-scraper

by salesforcebob

Sec8

Scrapes Salesforce developer documentation and converts it to Markdown for consumption by MCP-compatible AI assistants.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️Relies on Chrome/Chromium for headless browsing (Puppeteer automatically installs, but may require specific setup for server deployments like Heroku).
  • ⚠️Primarily designed for interaction with MCP-compatible clients (e.g., Cursor, Claude Desktop), not a standalone user-facing application.
Verified SafeView Analysis
The server uses Puppeteer to scrape web pages. It includes `--no-sandbox` and `--disable-setuid-sandbox` arguments for Puppeteer to run in resource-constrained environments like Heroku, which is a common practice but slightly reduces isolation compared to a full sandbox. Input URLs are validated to ensure they belong to Salesforce documentation domains, preventing arbitrary URL scraping. No obvious hardcoded secrets are present; environment variables are used for configuration. The disclaimer correctly advises hardening for production deployment, including authentication/authorization and rate limiting for HTTP endpoints.
Updated: 2025-12-12GitHub
0
0
Medium Cost
ChainSafe icon

canton-mcp-server

by ChainSafe

Sec8

A development platform for generating and validating provably safe DAML smart contract code using canonical resources and formal verification capabilities.

Setup Requirements

  • ⚠️Requires cloning official DAML documentation repositories (digital-asset/daml, digital-asset/canton, digital-asset/daml-finance) and setting the CANONICAL_DOCS_PATH environment variable.
  • ⚠️Requires an Anthropic API Key (Paid) if LLM-enhanced features like authorization extraction and enrichment are enabled (ENABLE_LLM_AUTH_EXTRACTION=true, ENABLE_LLM_ENRICHMENT=true).
  • ⚠️Requires ChromaDB for semantic search functionality (`pip install chromadb`).
  • ⚠️Requires Python 3.10 or higher and a package manager like `uv` (recommended) or `pip`.
Verified SafeView Analysis
The server employs a 'DAML-Safe by Construction' philosophy with 'Gate 1' enforcement for code validation, which significantly enhances security. The `daml_automater` tool has been refactored to return client-side instructions rather than executing commands on the server, greatly reducing server-side execution risks. The `daml_reason` tool handles missing DAML compiler gracefully, falling back to LLM-only analysis for compilation aspects. The `DirectFileResourceLoader` uses `git` subprocess commands for metadata retrieval, which is generally low risk. The `x402` payment bypass via `X-Internal-API-Key` introduces a potential risk if compromised. While `docker-py` is present for `CantonManager` in the codebase, it is not directly invoked by the public-facing tools for server-side operations post-refactor.
Updated: 2025-11-26GitHub
0
0
Low Cost
IdrissPro icon

MCP

by IdrissPro

Sec5

A Python server providing a Multi-Component Protocol (MCP) interface for AI agents to interact with financial tools via JSON-RPC over WebSocket or STDIO.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️The data for financial tools (`clients.csv`, `transactions.csv`, `risk_metrics.csv`, `regulations.txt`, `reports.txt`) must be generated first by running `python data_generation/generate_data.py`.
  • ⚠️Missing implementations for `list_files_tool` and `search_in_files_tool` registered in `server_stdio.py`, posing potential unknown security risks if run in that mode.
Review RequiredView Analysis
The server's core (`mcp_core.py`) uses `jsonschema` for input validation, which is good. No direct `eval` or `exec` on user input is observed in the provided code. However, the `server_stdio.py` configuration registers tools like `list_files` and `search_in_files` (from an unseen `tools.py` module). The provided JSON schemas for these tools only validate type (`string` for `path`) and do not prevent path traversal (`../`) or access to sensitive system files. Without strict input sanitization or robust sandboxing of the tool execution environment, this could lead to information disclosure or arbitrary file reading vulnerabilities. The `README.md` explicitly notes that for production, authentication, TLS, stricter sandboxing, and rate-limiting are required, acknowledging these security limitations.
Updated: 2025-12-21GitHub
0
0
High Cost
SirKanaad26 icon
Sec9

Enables AI agents, assistants, and chatbots to interact with GitHub for repository management, issue/PR automation, CI/CD insights, code analysis, and team collaboration through natural language.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) for authentication, which must be securely managed with appropriate scopes.
  • ⚠️For local deployment, requires Docker installed and running, or a Go development environment (Go 1.24+).
  • ⚠️Requires a compatible Model Context Protocol (MCP) host application (e.g., VS Code, JetBrains, Claude Desktop, Gemini CLI), with configuration varying significantly by host.
Verified SafeView Analysis
The server implements a robust stateful authorization policy, locking sessions to a single repository to prevent cross-repo access within a conversation. Client IDs are hashed to avoid logging sensitive data like Personal Access Tokens (PATs). Extensive documentation details security best practices, access controls (PATs, OAuth, GitHub Apps, SSO), and a 'Lockdown Mode' for public repositories. No 'eval' or similar dangerous patterns are found in the application's core logic; the 'wasm_exec.js' is standard Go WebAssembly runtime. Test scripts may contain placeholder tokens, but the core application and documentation emphasize secure token handling.
Updated: 2026-01-19GitHub
PreviousPage 584 of 713Next