Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
k5tuck icon
Sec9

Acts as a Model Context Protocol (MCP) server, enabling AI assistants to interact with the SMB AI Command Platform's APIs for business data, task management, security monitoring, and more.

Setup Requirements

  • ⚠️Requires a separate SMB Platform Backend instance running and accessible at the configured `SMB_API_URL`.
  • ⚠️Requires an `SMB_API_TOKEN` (referred to as `SMB_API_KEY` in documentation) for authentication with the backend API.
  • ⚠️Designed for integration with AI clients that support the Model Context Protocol (MCP), such as Claude Desktop.
Verified SafeView Analysis
The server uses environment variables for API keys/tokens, and standard `axios` for network requests. No `eval` or obfuscation found in the provided source code. Responses from the backend API are directly passed back to the AI, meaning the AI might receive raw data which could include sensitive fields if the backend itself doesn't filter appropriately. This is an expected proxy behavior, not a vulnerability in the MCP server itself.
Updated: 2025-11-25GitHub
0
0
Medium Cost
haksndot icon

haksnbot-admin

by haksndot

Sec9

Provides an autonomous agent with administrative tools for file operations, shell command execution, Git integration, and Minecraft server management, designed for safe operation.

Setup Requirements

  • ⚠️Requires mandatory `config.json` with `allowed_paths` (non-empty array) and `server_dir` configured by the user.
  • ⚠️Requires `tmux` to be installed and a `tmux_socket` configured in `config.json` for Minecraft server management tools.
  • ⚠️Minecraft server status and restart tools assume `systemd` and a `minecraft` service, and the user running the MCP server must have `sudo` privileges for `systemctl restart minecraft` configured.
Verified SafeView Analysis
Robust path validation ('allowed_paths') for all file system operations and `cwd` for `run_command`. Explicit blocking of dangerous shell command patterns (e.g., `rm -rf /`, `chmod 777`, piping `curl | sh`). Sensitive commands (e.g., `systemctl`, `reboot`) are logged. Automatic backups are created for file modifications. Minecraft server management relies on `tmux` for console interaction and `sudo systemctl restart minecraft` for restarts, requiring `sudo` privileges to be configured by the user. No `eval` or obfuscation detected. Security effectiveness heavily depends on correct and restrictive `config.json` setup.
Updated: 2026-01-18GitHub
0
0
Low Cost
andreaskhachikyan-ops icon

mcp-server

by andreaskhachikyan-ops

Sec1

The server acts as a flexible tool router and execution engine, allowing an LLM to dynamically select and invoke predefined tools (like web search, Wikipedia, or a local database) via an HTTP API based on user prompts.

Setup Requirements

  • ⚠️Requires a Groq API key for the client (currently hardcoded as 'your-free-key' in client.py, which needs to be replaced for functionality).
  • ⚠️The server's database tool expects a local SQLite database file named 'data.db' to exist in the project root.
  • ⚠️Requires a Node.js runtime and installation of npm dependencies for the server, and a Python environment for the client.
Review RequiredView Analysis
CRITICAL VULNERABILITIES: 1. The client-side `client.py` uses `eval()` on the LLM's function call arguments (`eval(tool_call["arguments"])`), leading to potential Remote Code Execution (RCE) if the LLM can be prompted to generate malicious Python code. 2. The server-side `connections/database.js` directly executes user-provided SQL queries (`db.all(sql)`) without any sanitization or parameterized queries, making it severely vulnerable to SQL Injection attacks.
Updated: 2025-12-10GitHub
0
0
Medium Cost
TechNickAI icon

machina

by TechNickAI

Sec4

Provides AI agents with remote, API-driven access to macOS capabilities like iMessage, WhatsApp, Notes, Reminders, and Contacts via a unified MCP gateway.

Setup Requirements

  • ⚠️Requires GUI access for setup: Must be run directly from Mac's Terminal or via VNC, not over SSH, due to macOS permission prompts.
  • ⚠️Extensive macOS permissions: Requires 'Full Disk Access' (for messages database) and 'Automation' access (for various Apple apps) to be manually granted by the user.
  • ⚠️WhatsApp QR re-authentication: If WhatsApp support is enabled, it requires re-scanning a QR code approximately every 20 days to maintain the session.
Review RequiredView Analysis
The 'system_raw_applescript' operation allows for arbitrary AppleScript code execution via the API. This is an explicit 'escape hatch' but represents a significant security risk, as a compromised token or a jailbroken LLM could execute any command on the host macOS system. While other SQL operations include sanitization, the direct arbitrary AppleScript execution is a critical vulnerability. The 'system_update' command uses 'bun install' which could theoretically execute malicious pre/post-install scripts if the upstream repository is compromised.
Updated: 2026-01-16GitHub
0
0
Low Cost
Rohit2332000 icon

test-remote-mcp-server

by Rohit2332000

Sec8

A local expense tracker that allows adding, listing, and summarizing expenses via an API.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Dependencies 'fastmcp' and 'aiosqlite' must be installed (e.g., via 'pip install fastmcp aiosqlite').
  • ⚠️The SQLite database is created in a temporary directory and will likely not persist across system reboots or cleanups, leading to data loss unless moved or configured otherwise.
Verified SafeView Analysis
Uses parameterized queries to prevent SQL injection. No hardcoded secrets or 'eval' usage found. The database is stored in a temporary directory, which may lead to data loss on system restart or cleanup, and could be accessible by other processes on the same machine. The server listens on '0.0.0.0', making it accessible from the local network.
Updated: 2025-11-24GitHub
0
0
Low Cost
Ibrahimsabir icon

Mcp_server_resume

by Ibrahimsabir

Sec1

Manages and potentially automates the state or lifecycle of a server, likely a game server like Minecraft.

Review RequiredView Analysis
No source code beyond the README title was provided for analysis. Therefore, a comprehensive security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns is impossible. The score reflects the inability to verify safety.
Updated: 2025-12-03GitHub
0
0
High Cost

remote-mcp-servers

by chatboxai

Sec4

Provides a suite of AI-powered and developer-focused tools for documentation retrieval, sequential problem-solving, web content fetching, academic paper search, and HTML deployment.

Setup Requirements

  • ⚠️Requires deployment on Cloudflare Workers with configured Durable Object bindings for each service (MCP_SEQUENTIAL_THINKING, MCP_FETCH, etc.).
  • ⚠️Requires a Cloudflare AI binding (env.AI) for AI-powered operations like HTML to Markdown conversion and potentially other agentic reasoning.
  • ⚠️All requests must include an 'x-chatbox-license' HTTP header.
  • ⚠️Relies on external 'Context7' (via @upstash/context7-mcp) and 'EdgeOne Pages' (via https://mcp.edgeone.site) services for core functionality.
Review RequiredView Analysis
The `FetchMCP` tool allows fetching arbitrary URLs based on user input (`url: z.string()`). Without strict URL validation to whitelist allowed domains or protocols, this presents a significant Server-Side Request Forgery (SSRF) vulnerability, potentially allowing access to internal network resources or sensitive external services. While an `x-chatbox-license` header is required for all endpoints, the server itself does not validate the content of this license, making it a weak access control mechanism. The use of external services like Context7 and EdgeOne Pages also introduces dependency risks.
Updated: 2025-11-25GitHub
0
0
Low Cost
uday21308 icon
Sec9

This server is designed to track and manage personal expenses, allowing users to add, list, and summarize financial transactions categorized for better overview.

Setup Requirements

  • ⚠️Requires Python 3.10+ as specified in pyproject.toml.
  • ⚠️Requires the 'fastmcp' library (version >=2.13.1) to be installed.
  • ⚠️The `async with sqlite3.connect(...)` construct is used, but the standard `sqlite3` module is not an asynchronous context manager. This will likely cause a `TypeError` at runtime unless an asynchronous SQLite driver like `aiosqlite` is implicitly used (e.g., through a FastMCP wrapper) or explicitly imported and installed.
Verified SafeView Analysis
SQL queries use parameterized statements, effectively preventing SQL injection vulnerabilities. No 'eval', 'exec', or other high-risk functions are used without justification. No hardcoded secrets or API keys are present in the provided source code. The server binds to '0.0.0.0', making it accessible externally if not behind a firewall, which is a standard configuration for a server.
Updated: 2025-11-30GitHub
0
0
High Cost
Divagnz icon
Sec9

Provides comprehensive development guidance, analysis, and automated remediation tools for React Native and Expo projects, covering performance, security, testing, and package management.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or later.
  • ⚠️Expo CLI and EAS CLI (globally installed) are required for full functionality of Expo-related tools.
  • ⚠️Android SDK and Java Development Kit (JDK 17+) are required for Android-related build tools when running local or cloud builds.
Verified SafeView Analysis
The server includes robust security analysis tools that detect common vulnerabilities like hardcoded secrets, insecure network requests (HTTP instead of HTTPS), sensitive data logging, and potential code injection vectors (e.g., `eval()`, `Function` constructor). It also offers automatic remediation for some of these issues. For its own operation, the `ExpoExecutor` explicitly sanitizes command-line arguments (`DANGEROUS_CHARS` regex) and uses `shell: false` in `spawn` to mitigate command injection risks. The primary security concern comes from the inherent nature of a tool that executes arbitrary CLI commands and analyzes external code, but the codebase demonstrates strong defensive programming practices to handle these risks.
Updated: 2025-11-25GitHub
0
0
Medium Cost
ba1nch0d icon

dflow-mcp

by ba1nch0d

Sec8

Serves as an MCP (Model Context Protocol) server to provide real-time and historical prediction market data from DFlow/Kalshi APIs through 25 specialized tools.

Setup Requirements

  • ⚠️Requires 'bun' runtime for execution.
  • ⚠️Needs a stable internet connection to connect to the external DFlow/Kalshi API.
  • ⚠️Primarily designed as an MCP (Model Context Protocol) server for tool-use by LLMs/AI via stdio, not a standalone HTTP server by default (though a web server variant exists).
Verified SafeView Analysis
The server primarily acts as a proxy for an external prediction market API. It does not use 'eval' or obvious code obfuscation. CORS headers are set to '*' allowing broad access, which is standard for public API proxies but should be noted. No hardcoded secrets are visible. Input validation is handled via JSON schemas for tool arguments. The overall security depends on the robustness of the underlying 'prediction-markets-api.dflow.net' API.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ryanmat icon
Sec9

Enables AI assistants to interact with LogicMonitor monitoring data through structured tools and the Model Context Protocol (MCP). It provides comprehensive API coverage for managing alerts, devices, metrics, dashboards, SDTs, and more within the LogicMonitor platform.

Setup Requirements

  • ⚠️Requires a LogicMonitor API Bearer Token (LM_BEARER_TOKEN) or LMv1 Access ID/Key pair (LM_ACCESS_ID, LM_ACCESS_KEY) for authentication. LMv1 is specifically required for ingestion APIs like `ingest_logs` and `push_metrics`.
  • ⚠️Requires Python 3.11 or higher and `uv` for efficient dependency management and execution.
  • ⚠️Write operations are disabled by default for safety and require setting the environment variable `LM_ENABLE_WRITE_OPERATIONS=true` to enable tools that modify LogicMonitor data.
Verified SafeView Analysis
The project demonstrates strong security practices. Credentials (LM_BEARER_TOKEN, LM_ACCESS_ID, LM_ACCESS_KEY) are loaded from environment variables, which is a secure method, and the bearer token enforces a minimum length of 10 characters. Write operations (create, update, delete) are disabled by default and require an explicit opt-in via `LM_ENABLE_WRITE_OPERATIONS=true`, promoting a 'security-first' approach. Network communication uses `httpx` with built-in retry logic for rate limits and server errors, enhancing reliability without compromising security. There is no usage of `eval` or evident obfuscation. Input validation for specific fields is present, and API calls are structured, relying on the upstream LogicMonitor API for deeper input sanitization.
Updated: 2026-01-15GitHub
0
0
Medium Cost
drewcrawford icon

exfiltrate

by drewcrawford

Sec9

Remote debugging and runtime inspection of Rust applications, including WASM/browser environments, to facilitate interaction with AI agents.

Setup Requirements

  • ⚠️WASM debugging requires running the `exfiltrate_proxy` (WebSocket/TCP bridge) separately, connecting to `ws://localhost:1338` from the WASM app and `127.0.0.1:1337` from the CLI.
  • ⚠️The `exfiltrate::begin()` function must be called early in the target application's lifecycle to initialize the debugging server.
  • ⚠️Running the debugging server on certain systems might encounter `Permission denied` errors if port 1337 or 1338 is in use or restricted, especially in sandboxed environments.
Verified SafeView Analysis
The `exfiltrate` server primarily binds to `127.0.0.1` by default, limiting direct external network attack surface. Communication uses a length-prefixed binary protocol (`rmp-serde`), which is generally more robust against parsing vulnerabilities than text-based protocols. No explicit 'eval' or dynamic code execution found. The proxy (`exfiltrate_proxy`) handles WebSocket handshakes and message framing, including checks for unsupported opcodes. The primary 'risk' is inherent to its debugging nature: custom commands can be implemented by the application developer to expose any internal state or operations, including sensitive data or system calls (e.g., `terminate` command for native targets). Developers must be mindful of what they expose, especially if the application is deployed in a less trusted environment or connected to by unauthorized clients (though local-only binding mitigates this).
Updated: 2025-12-21GitHub
PreviousPage 585 of 713Next