Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
TurkNet icon

LicenGuard

by TurkNet

Sec7

The LicenGuard MCP server acts as an AI agent tool to discover open-source library metadata, analyze dependency files, and calculate license risk scores by bridging a FastAPI backend with LLMs.

Setup Requirements

  • ⚠️Requires a running MongoDB instance for the backend API.
  • ⚠️Requires an OpenAI API Key (paid service) or a local LLM configured for discovery and risk scoring.
  • ⚠️Requires a `git` client installed for repository cloning functionality.
  • ⚠️Requires Node.js 20+ for the MCP server.
Verified SafeView Analysis
The server uses `subprocess.run` to execute `git clone` with user-provided repository URLs. While `git clone` is generally robust, direct execution of external commands with unsanitized user input (even if partially pre-processed) can introduce a risk of command injection or malicious repository URLs exploiting `git` vulnerabilities. Best practice for `subprocess.run` with untrusted input is to use `shlex.quote` or ensure `shell=False` and all arguments are passed as separate list items, which is mostly done here, but without explicit URL sanitization. Additionally, the FastAPI backend has `allow_origins=['*']` configured for CORS, which is a significant security risk in production environments and should be restricted to known origins. XML parsing for dependency files (e.g., `.csproj`, `packages.config`) uses `xml.etree.ElementTree`, which is generally safe against XXE attacks but could be susceptible to DoS with very large or malformed XML inputs.
Updated: 2026-01-08GitHub
0
0
Medium Cost
gitGalu icon
Sec8

Provides an MCP server to control an Atari 8-bit emulator via a WebSocket bridge, enabling programmatic interaction for AI agents or automated tools.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed.
  • ⚠️Requires a separate `8bitworkshop` Atari emulator bridge to be running concurrently, typically accessible at `ws://localhost:8765`.
Verified SafeView Analysis
The server acts as a proxy, using `zod` for robust input validation on incoming MCP tool calls. It connects via WebSocket (defaulting to localhost) to an external Atari emulator bridge. The primary security consideration is the trustworthiness of the `8bitworkshop` Atari bridge itself; if the bridge were compromised, commands proxied through this MCP server via stdio could potentially impact the local system. No `eval`, hardcoded secrets, or explicit malicious patterns were found within this codebase.
Updated: 2025-12-01GitHub
0
0
Low Cost
sualeh icon
Sec9

Generate MCP-compliant JSON Schemas directly from Jackson-annotated Java classes to ensure consistency between tool code and schema definitions for Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK)
  • ⚠️Requires Maven or Gradle for dependency management
  • ⚠️Relies on Jackson 3 and Jakarta Bean Validation libraries
Verified SafeView Analysis
The project is a utility library designed to generate JSON schemas and deserialize JSON strings for the Model Context Protocol (MCP), rather than a standalone server application. It uses Jackson for JSON processing and includes robust error handling for malformed input, returning null or empty objects rather than propagating exceptions. No signs of code injection ('eval'), hardcoded secrets, or direct network risks were found. The schema generation relies on standard Java reflection and Jackson introspection, which is safe when working with trusted Java classes.
Updated: 2026-01-13GitHub
0
0
High Cost
adamanz icon
Sec8

Enables AI coding assistants to analyze and understand video content using Google's Gemini AI, processing security footage, lectures, tutorials, and more.

Setup Requirements

  • ⚠️Requires a Google AI Studio API Key (free, but needs to be obtained and configured).
  • ⚠️Requires Python 3.10+.
  • ⚠️FFmpeg is an optional dependency but is required for 'analyze_video_segment' functionality.
Verified SafeView Analysis
The project correctly retrieves `GEMINI_API_KEY` from environment variables, avoiding hardcoded secrets. It utilizes `subprocess.run` to invoke `ffprobe` and `ffmpeg` for video segment extraction. While `subprocess` calls can be a vector for command injection, the implementation passes arguments as a list, which is generally safer than using `shell=True` or a single string, reducing the risk. Input video paths are checked with `os.path.exists`.
Updated: 2025-12-27GitHub
0
0
Medium Cost
robusta-dev icon

cli-mcp

by robusta-dev

Sec1

Acts as a central server or control plane for managing and potentially proxying interactions with various Command Line Interface (CLI) tools.

Review RequiredView Analysis
Source code provided is heavily truncated, preventing a comprehensive security audit. No analysis possible for common vulnerabilities (eval, network risks, hardcoded secrets, obfuscation, or malicious patterns). As a server, it inherently poses a higher risk if not properly secured. Cannot deem safe without full code access and review.
Updated: 2025-11-20GitHub
0
0
Low Cost
Canbow icon
Sec5

Provides network diagnostic capabilities (site health checks) for the Cline autonomous coding agent, allowing developers to verify API endpoints and deployment status directly within their chat interface.

Setup Requirements

  • ⚠️Requires Node.js (>=18 according to `@modelcontextprotocol/sdk` dependency) to be installed.
  • ⚠️Requires the Cline CLI for integration as an MCP server.
  • ⚠️Node.js module type mismatch: `package.json` declares `"type": "commonjs"` but `index.js` uses ES module `import` syntax. The `type` field in `package.json` may need to be changed to `"module"` for `node index.js` to execute correctly, or the script might need to be run with `node --input-type=module index.js`.
Verified SafeView Analysis
The server's 'check_site_health' tool performs a fetch request to a user-provided URL without apparent validation or sanitization. This introduces a Server-Side Request Forgery (SSRF) risk. An attacker could potentially use this tool to scan internal networks, access local services (e.g., `localhost`), or send requests to arbitrary external endpoints on behalf of the server running the agent. While the tool's core functionality is to fetch URLs, direct exposure of arbitrary URLs to an external agent without host-level restrictions or input validation is a significant security concern.
Updated: 2025-12-14GitHub
0
0
Low Cost
Legitate icon
Sec8

A dual-transport (HTTP/STDIO) Model Context Protocol server for managing employee records, featuring OAuth 2.0 authentication for HTTP and JSON-RPC 2.0 for STDIO.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️The HTTP API strictly enforces OAuth 2.0 client credentials flow; clients must register and obtain an access token before making API calls.
  • ⚠️The STDIO server (for MCP clients) supports optional token authentication, but current Claude Desktop clients may not natively support passing tokens in the 'initialize' request, potentially requiring server modifications for mandatory authentication or relying on its 'local process' security assumption.
Verified SafeView Analysis
The server implements OAuth 2.0 client credentials flow for its HTTP API, including token registration, generation, and validation with expiration. All HTTP API calls are authenticated. The STDIO server, intended for local MCP clients like Claude Desktop, allows for optional token-based authentication during initialization; if no token is provided, requests are processed unauthenticated. While this is justified by its 'local process' use case in the documentation, it means the STDIO server is effectively unsecured unless manually configured with a token. There are no direct 'eval' or arbitrary code execution patterns identified from user input. Employee data and OAuth tokens are stored in local JSON files.
Updated: 2025-12-06GitHub
0
0
Low Cost
rajshah11 icon

sherpa-mcp-server

by rajshah11

Sec9

A remote Model Context Protocol (MCP) server designed as a personal assistant, managing calendar events, tasks, notes, and health data with secure Auth0 OAuth authentication.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Extensive environment variable configuration is required for Auth0 authentication and each integration (Google Calendar, TickTick).
  • ⚠️Manual setup of OAuth applications and generation of tokens (via provided scripts) is necessary for each integrated service and Auth0.
  • ⚠️Requires a Google Cloud Project and OAuth Desktop app credentials for Google Calendar integration.
  • ⚠️Requires a TickTick Developer application and OAuth credentials for TickTick integration.
Verified SafeView Analysis
The server utilizes Auth0 OAuth 2.1 with OIDC and PKCE for robust authentication, emphasizing secure defaults and production readiness. It relies heavily on environment variables for sensitive data (API keys, tokens, client secrets), explicitly warning against hardcoding them and providing setup scripts to generate tokens locally for environment variable use. The `AUTH0_SETUP.md` provides comprehensive security best practices including using HTTPS, enabling consent screens, restricting redirect URIs, and monitoring. No 'eval' or similar dangerous patterns were found. While the default `allowed_client_redirect_uris` in the code is broad (`http://localhost:*`), the documentation clearly guides users to configure specific, secure production URLs in Auth0, mitigating this potential risk.
Updated: 2026-01-19GitHub
0
0
Medium Cost
sparsh3104 icon

MCP-SERVER

by sparsh3104

Sec2

A stateless, multi-tenant Model Context Protocol (MCP) server that exposes MySQL database operations as callable tools over various transports.

Setup Requirements

  • ⚠️Requires a running MySQL server.
  • ⚠️Requires Python and specific dependencies (e.g., `pymysql`, `mcp-sdk`).
  • ⚠️Requires configuration via environment variables or a `.env` file for API keys and tenant MySQL credentials.
Review RequiredView Analysis
CRITICAL SQL INJECTION VULNERABILITIES: The `run_select_impl` function directly executes user-provided SQL queries, allowing for arbitrary SQL injection. Furthermore, `get_table_schema_impl` and `insert_row_impl` construct SQL queries using f-strings with user-provided `table_name` and `row` dictionary keys (for column names) without proper escaping for identifiers, which could also lead to SQL injection. This makes the server highly vulnerable to malicious database operations.
Updated: 2025-12-05GitHub
0
0
Low Cost
hengky-kurniawan-1 icon

mcp-intro-slides

by hengky-kurniawan-1

Sec9

A comprehensive presentation introducing the Model Context Protocol (MCP) for AI models to interact with external data and tools.

Setup Requirements

  • ⚠️Requires Node.js and a package manager (npm/yarn/pnpm) to run Slidev.
  • ⚠️The Python `FastMCP` framework and `OpenAI Agents` mentioned are external tools/SDKs being demonstrated, not part of this project's direct runtime dependencies.
Verified SafeView Analysis
This repository contains presentation slides built with Slidev. It is a static content project that describes the Model Context Protocol (MCP) and related tools (FastMCP, MCP Inspector, OpenAI Agents). It does not implement an MCP server itself, nor does it contain active server-side logic or user input processing that would introduce common security vulnerabilities. The code snippets for external tools (e.g., Python `MCPServerSse`) are illustrative and do not run within this project. No 'eval' or malicious patterns were found. The primary risk would be in the consumption of the content if served from an untrusted source, or if a user were to execute the example commands for external tools without understanding them.
Updated: 2025-11-26GitHub
0
0
Medium Cost
Tony-Enninful icon

sqltools_mcp

by Tony-Enninful

Sec1

SQLTools MCP provides AI assistants with unified support for various relational databases (MySQL, Postgres, SQL Server, Dameng, SQLite) via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires database drivers (pymysql, psycopg2-binary, pymssql, jaydebeapi) to be installed separately based on the databases you wish to connect to.
  • ⚠️Connecting to Dameng (DM8) requires Java/JRE to be installed for `jaydebeapi`.
Review RequiredView Analysis
CRITICAL SQL INJECTION VULNERABILITY: The `execute_sql` tool directly passes user-provided SQL queries to `cursor.execute()` in all database adapters without proper parameterization. This allows for arbitrary SQL injection by a malicious actor or an unconstrained AI agent, leading to data exfiltration, modification, or deletion. The README's claim of 'Built-in SQL injection protection' is misleading for the core SQL execution functionality. Additionally, some metadata queries (e.g., in `DM8Adapter`) use basic string formatting with schema/table names, which, while attempting to escape single quotes, can still be brittle against more complex injection patterns.
Updated: 2026-01-19GitHub
0
0
Low Cost

ssh-mcp-server

by dangchani

Sec1

Provides SSH access to manage a Master Control Program (MCP) or similar server environment.

Setup Requirements

  • ⚠️CRITICAL: No source code or README provided to identify setup requirements. May require specific port configurations, user management, and SSH key setup.
Review RequiredView Analysis
CRITICAL: No source code was provided for analysis, making it impossible to perform a security audit for 'eval', obfuscation, hardcoded secrets, or malicious patterns. Running an unreviewed custom SSH server is extremely risky and not recommended without a thorough code audit by a security professional.
Updated: 2025-11-29GitHub
PreviousPage 587 of 713Next