Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
dimonb icon

uptrace-mcp

by dimonb

Sec9

Provides a Model Context Protocol (MCP) server for Uptrace, allowing AI clients like Cursor IDE or Claude Desktop to query observability data such as traces, spans, logs, and metrics.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires an existing Uptrace instance (self-hosted or cloud) and a valid API token (note on SSO compatibility).
  • ⚠️MCP client (e.g., Cursor, Claude Desktop) configuration requires careful setup of `cwd` (working directory) to the project root and correct `command` and `args` for Poetry or Python.
Verified SafeView Analysis
The server correctly retrieves API credentials (URL, project ID, API token) from environment variables, avoiding hardcoded secrets. It properly handles HTTP errors during API calls. There are no obvious `eval` calls, code obfuscation, or malicious patterns. Output formatting for display purposes handles JSON data safely without execution.
Updated: 2026-01-04GitHub
0
0
Medium Cost
gautamrajur icon

mcp-saas

by gautamrajur

Sec1

A SaaS platform for visually building, deploying, and managing Model Context Protocol (MCP) servers without writing code.

Setup Requirements

  • ⚠️Node.js 20+ required
  • ⚠️PostgreSQL database required (Supabase/Neon or local/Docker)
  • ⚠️Docker recommended for local PostgreSQL setup and required for deployment
  • ⚠️Manual generation of `NEXTAUTH_SECRET` and `ENCRYPTION_KEY` is required
  • ⚠️Stripe API keys for billing and Redis for queues are optional but needed for full functionality
Review RequiredView Analysis
CRITICAL: The `code-generator.ts` directly injects the `tool.implementation` field from the database into the generated TypeScript server code without sanitization or sandboxing. This allows for arbitrary code execution on the deployed MCP servers if a malicious user can control this field. This is a severe vulnerability. Additionally, `server/trpc/router/connectors.ts` has a `TODO: Encrypt credentials`, implying sensitive connector credentials may currently be stored unencrypted.
Updated: 2025-12-01GitHub
0
0
Low Cost
andersondang icon

mcp-server-demo

by andersondang

Sec1

To demonstrate an MCP (Minecraft Protocol) server implementation.

Review RequiredView Analysis
Only README.md was provided as source code. No executable code for the MCP server was available for analysis, preventing a comprehensive security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. A score of 1 reflects the inability to assess the server's security posture due to lack of information.
Updated: 2025-11-27GitHub
0
0
High Cost
janakhpon icon

mcp-gallery-server

by janakhpon

Sec8

An image gallery API with asynchronous processing, real-time notifications, and an AI assistant capable of managing images via a Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to run the full stack, including Postgres, Redis, Minio, Prometheus, Grafana, and Loki.
  • ⚠️Requires `npx prisma migrate dev` to initialize the PostgreSQL database schema.
  • ⚠️AI assistant functionality (via OpenAI or Google Gemini) requires API keys, which are typically associated with paid services.
Verified SafeView Analysis
The server uses environment variables for sensitive configurations like S3 credentials and AI API keys, which is good practice. In non-production environments (determined by `NODE_ENV`), it sets S3 buckets to public read and enables wide CORS access (origin: `*`), which are common development conveniences but must be properly restricted for production deployments to prevent data exposure and cross-site scripting vulnerabilities. The AI integration via Model Context Protocol (MCP) SDK aims to provide a secure and structured layer for AI interaction with backend tools, limiting direct AI access to the core API logic.
Updated: 2026-01-19GitHub
0
0
Low Cost
ahmedibrahim085 icon

lmstudio-bridge-enhanced

by ahmedibrahim085

Sec8

Bridges local LLMs running in LM Studio with the Model Context Protocol (MCP) ecosystem, enabling autonomous AI agents to use external tools (filesystem, web, knowledge graph, GitHub, vision) with multi-model orchestration, structured JSON output, and intelligent model capability management.

Setup Requirements

  • ⚠️Requires LM Studio v0.3.29+ running with a model loaded locally.
  • ⚠️For manual installation, `PYTHONPATH` environment variable must be correctly set to the project root for Python module imports.
  • ⚠️LMS CLI is optional but highly recommended for robust model lifecycle management (e.g., preventing 404 errors due to auto-unloading models) and requires separate installation (`brew install lmstudio-ai/lms/lms` or `npm install -g @lmstudio/lms`).
  • ⚠️Configuration via `.mcp.json` is crucial for defining other MCP servers, which must be trusted sources.
Verified SafeView Analysis
The server acts as an MCP client, dynamically discovering and executing other MCP servers defined in a user-configurable `.mcp.json` file. While input parameters like `mcp_name` and `working_directory` are properly validated (e.g., `validate_mcp_name` regex, `validate_working_directory` for path traversal, fixed in v3.2.1), the `command` and `args` fields read directly from `.mcp.json` for spawning subprocesses are inherently trusted. A malicious or compromised `.mcp.json` file could still lead to arbitrary command execution on the host system if the user's configuration is not secured. HTML escaping (`html.escape`) is used for LLM reasoning output to prevent XSS. `GITHUB_PERSONAL_ACCESS_TOKEN` is handled via environment variables, not hardcoded. Logging is standardized and bare `except` clauses are replaced (fixed in v3.2.1). Overall, generally safe with the strong recommendation to ensure the `.mcp.json` configuration file is secure and trusted.
Updated: 2025-11-27GitHub
0
0
Low Cost
rchakra4 icon
Sec9

This MCP server provides a demo implementation of Legal Tech tools, allowing an AI agent to query mock legal matter financials, check billing compliance, and retrieve upcoming docketing deadlines from simulated Aderant systems.

Setup Requirements

  • ⚠️Requires the 'mcp' Python package to be installed (e.g., 'pip install mcp').
  • ⚠️Uses hardcoded mock data for all Aderant integrations, meaning it is purely a demo and not suitable for real-world legal practice management without significant modification to connect to actual systems.
Verified SafeView Analysis
The server uses hardcoded mock data and communicates via standard I/O (stdio), which inherently limits direct exposure to network-based attacks. No 'eval' or obvious obfuscation, hardcoded secrets, or malicious patterns were found. Input is primarily processed via defined tool schemas. The 'command' and 'args' in claude_desktop_config.json are empty, which isn't a direct security risk, but indicates an incomplete configuration for an external launcher.
Updated: 2025-11-19GitHub
0
0
High Cost
doppelgangersai icon

context-mcp-server

by doppelgangersai

Sec8

Accessing contextualized Twitter/X post data for semantic search and comprehensive user post analysis via the Doppelgangers.ai Social Media Context API.

Setup Requirements

  • ⚠️Requires an API key from dev.doppelgangers.ai (paid service).
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️The 'get_all_user_posts' tool can return a very large amount of data (up to 1024 contextualized XML renderings), potentially incurring high token costs and exceeding context window limits for some LLMs.
Verified SafeView Analysis
The server correctly retrieves the API key from environment variables (CONTEXT_API_KEY) and throws an error if it's missing, preventing hardcoding. It uses the Model Context Protocol SDK, which is a standard library. Input parameters are validated for required fields. All data fetching is delegated to a third-party API (dev.doppelgangers.ai), meaning trust in that external service's security practices is paramount. The code itself does not appear to contain 'eval', obfuscation, or other overt malicious patterns.
Updated: 2025-12-08GitHub
0
0
Medium Cost
tradmangh icon
Sec9

Connect AI assistants to real-time weather data from Windy.com by providing tools for weather forecasts, webcam discovery, and map link generation.

Setup Requirements

  • ⚠️Requires a Windy.com API Key (may be paid depending on usage tiers).
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server correctly uses environment variables for API keys (`WINDY_API_KEY`, `WINDY_POINT_FORECAST_KEY`, `WINDY_WEBCAMS_KEY`), preventing hardcoding in production code. Input validation is robustly implemented using Zod schemas for all tool arguments, mitigating common injection risks. Error handling catches Zod validation errors and general exceptions, returning structured MCP errors or generic messages to avoid leaking sensitive internal details. The `verify_real_api.ts` file contains hardcoded API keys, but this is clearly for a testing/verification script and not part of the main server logic, making it safe to run.
Updated: 2025-12-18GitHub
0
0
Medium Cost
gigq icon

HEBMCP

by gigq

Sec7

An MCP server enabling AI assistants to search HEB products and manage a shopping cart for curbside pickup or delivery.

Setup Requirements

  • ⚠️Requires an active HEB account with curbside/delivery enabled.
  • ⚠️Requires manual export of browser cookies (including 'sat', 'JSESSIONID', and Incapsula/security cookies) from a logged-in HEB session into a `cookies.tsv` file.
  • ⚠️Requires manually identifying and configuring an HEB Store ID.
  • ⚠️Node.js 18+ is a prerequisite.
Verified SafeView Analysis
The server's core functionality relies on session cookies exported from a user's browser, which are then passed as an environment variable (HEB_COOKIE_TSV) to the Node.js process. The README explicitly warns users not to commit `cookies.tsv` or `.env` files, which is critical. If these files are compromised, an attacker could gain full session control over the user's HEB account. The server itself does not contain obvious malicious patterns or dynamic code execution vulnerabilities like 'eval' and restricts its network activity to `heb.com/graphql`. Robust error handling for authentication (401/403) and rate limits (429) is present. The primary security risk lies in the user's secure handling of their session cookies.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ShreeMulay icon

mcp-ui-playground

by ShreeMulay

Sec3

Building interactive UI components for AI chat applications using the MCP-UI SDK.

Setup Requirements

  • ⚠️Requires Bun >= 1.0.0 (or Node.js >= 18 as an alternative).
  • ⚠️Requires integration with an MCP client (e.g., Claude Desktop or a custom client application) to render UIResources and handle user actions.
Review RequiredView Analysis
The server generates UIResources with `text/html` content by directly embedding tool input parameters (e.g., `title`, `description`, `name`, `text`, `location`) into HTML strings without proper HTML escaping. This creates a significant Cross-Site Scripting (XSS) vulnerability if any of these inputs originate from untrusted sources (e.g., user prompts to an AI agent that invokes these tools). For example, if a tool's `title` parameter contains `<script>alert('XSS')</script>`, it would be directly rendered and executed in the client's iframe. The `application/vnd.mcp-ui.remote-dom` content type involves sending JavaScript code to the client for dynamic DOM manipulation; while the client is intended to run this in a sandboxed environment, this approach inherently carries higher risk compared to static HTML if client-side sandboxing mechanisms are compromised or misconfigured.
Updated: 2025-12-14GitHub
0
0
High Cost
Darkstar326 icon

csv-editor

by Darkstar326

Sec6

Provides AI assistants with powerful data manipulation, analysis, and validation tools for CSV files, including auto-save and history tracking.

Setup Requirements

  • ⚠️Requires 'uv' (ultra-fast package manager) for recommended installation and execution.
  • ⚠️The package name 'csv-editor' conflicts on PyPI, requiring installation directly from GitHub using `pip install git+https://github.com/santoshray02/csv-editor.git` or `uv pip install git+https://github.com/santoshray02/csv-editor.git`.
  • ⚠️Supports processing CSV files up to 1GB, and operations on such large datasets can be memory-intensive and may result in large data outputs (e.g., data previews, profiling reports) that consume significant LLM tokens.
Verified SafeView Analysis
The server utilizes `pandas.DataFrame.eval()` for adding calculated columns, combined with a self-admitted 'simplified check' in `validate_expression` to prevent unsafe code execution. While Pandas' `eval` has built-in safety, and the project attempts validation, this pattern can be a vector for code injection if `formula` input is not perfectly sanitized. All file paths and URLs are validated to prevent traversal and restrict schemes.
Updated: 2025-11-28GitHub
0
0
Medium Cost
ZebraRoy icon

repo-reader-mcp

by ZebraRoy

Sec3

Provides LLMs and agents with targeted and efficient access to specific parts of a repository, acting as a context management protocol.

Setup Requirements

  • ⚠️Requires Node.js and `npx` to run.
  • ⚠️Requires a local Git client installation to clone repositories.
  • ⚠️Optimal configuration for source repositories requires creating a `repo-reader.config.json` file to specify relevant files and depth.
Review RequiredView Analysis
The server has a critical ReDoS (Regular Expression Denial of Service) vulnerability in the `search` function (`src/utils/search.ts`). If the `regex` parameter is set to `true`, the user-provided `query` string is used directly to construct a regular expression without sanitization. An attacker could craft a malicious regex (e.g., `(a+)+b`) to cause catastrophic backtracking, leading to high CPU usage and a denial of service for the server. Additionally, while the `simple-git` library handles token insertion for various git hosts, passing `--personal-token` via CLI arguments means the token could be visible in process listings or logs, although this is common practice for CLI tools. The cloning of arbitrary repositories to a temporary directory could also pose risks if subsequent actions were to execute code from a malicious repo, but this server primarily reads files.
Updated: 2025-11-28GitHub
PreviousPage 586 of 713Next