Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
simetrik-inc-public icon

a4e-mcp-server

by simetrik-inc-public

Sec8

Enables creators to build conversational AI agents using natural language directly within their IDE, facilitating agent development, management, and local testing.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires an ngrok account and a configured authtoken for 'Dev Mode' functionality (local server sharing).
  • ⚠️Requires IDE-specific JSON configuration (e.g., Cursor, Claude Desktop) for seamless integration.
Verified SafeView Analysis
The server's core function involves executing developer-provided Python code (tools) and generating files, which is an intentional design. It includes a `sanitize_input` function to prevent template injection for agent metadata. `subprocess.run` with `shell=True` is used in `dev_manager.py` for system cleanup commands (e.g., `lsof`, `kill`, `pkill ngrok`), but the inputs to these commands are derived from trusted system outputs or are fixed strings, reducing the risk of direct arbitrary command injection from external users. The `ngrok` authentication token is passed as a distinct argument in a `subprocess` call, not via `shell=True`, making it safe from shell injection.
Updated: 2026-01-16GitHub
0
0
Medium Cost
Linkly-HQ icon

linkly-mcp-server

by Linkly-HQ

Sec4

Provides a Model Context Protocol (MCP) server to manage URL shortener links, analytics, domains, and webhooks for the Linkly platform.

Setup Requirements

  • ⚠️Requires a Linkly API Key and Workspace ID (obtained from the Linkly dashboard).
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The Cloudflare Worker configuration type definition (`worker-configuration.d.ts`) in the public repository includes hardcoded OAuth client ID and secret (`LINKLY_CLIENT_ID`, `LINKLY_CLIENT_SECRET`). While these might be intended for Linkly's internal hosted deployment, their presence in a public repository is a security oversight as it exposes credentials that should be confidential. For self-hosted (npm) usage, API keys (`LINKLY_API_KEY`, `LINKLY_WORKSPACE_ID`) are correctly sourced from environment variables, but they are redundantly sent in both custom HTTP headers and the JSON request body for all API calls, which is an unnecessary exposure and anti-pattern.
Updated: 2026-01-13GitHub
0
0
Medium Cost
ojacques icon

lunr-mcp

by ojacques

Sec8

Searches and retrieves documentation from static sites using Lunr.js search indexes, enabling LLMs to interact with documentation.

Setup Requirements

  • ⚠️Requires `LUNR_SITES` environment variable to be configured with site index URLs.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️First search on large sites may return a 'loading' message, requiring a retry.
Verified SafeView Analysis
The server fetches content from URLs configured via `LUNR_SITES`. Ensure these URLs are trusted to prevent fetching from malicious sources. No 'eval' or obvious hardcoded secrets found. The `httpx` client includes a timeout.
Updated: 2025-11-21GitHub
0
0
High Cost
SUMAIRA-SHAIKH icon
Sec2

This server summarizes PDF documents and generates quizzes (MCQ or mixed format) from the extracted text using the Gemini LLM.

Setup Requirements

  • ⚠️Requires a valid Google Gemini API Key (Paid API usage will apply).
  • ⚠️Python 3.12+ is required due to `pyproject.toml` setting.
  • ⚠️The provided `GEMINI_API_KEY` in `main.py` is a placeholder and should be replaced with a real key from a `.env` file for secure operation.
Review RequiredView Analysis
The Gemini API key is hardcoded directly into `mcp/main.py`, which is a critical security vulnerability. This exposes the API key and should be moved to environment variables and loaded securely. The code also uses `load_dotenv()` but then overrides with a hardcoded value.
Updated: 2025-11-26GitHub
0
0
High Cost
salems-3Dpov icon

ai-agent-pipeline

by salems-3Dpov

Sec9

A production-ready AI agent pipeline for LLM workflows, agent orchestration, document processing, weather queries, and general Q&A with built-in monitoring and debugging.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Requires an OpenAI API Key, which is a paid service.
  • ⚠️Requires an OpenWeatherMap API key for weather queries (may have a free tier but still needs registration).
  • ⚠️Document-based query features require prior PDF document upload and processing into the vector database.
Verified SafeView Analysis
The server uses environment variables for all API keys (OpenAI, OpenWeatherMap, LangChain), which is a good security practice. There are no obvious hardcoded secrets, 'eval' statements, or malicious patterns in the provided source code. External API calls (OpenWeatherMap, OpenAI) are standard. The ChromaDB client explicitly disables anonymized telemetry. Input validation and error handling are implemented for services like PDF processing and weather data fetching, reducing common vulnerabilities.
Updated: 2026-01-19GitHub
0
0
Medium Cost
akkki98 icon
Sec6

Provides a Model Context Protocol (MCP) server for AI assistants and applications to interact with multiple Azure SQL databases.

Setup Requirements

  • ⚠️Requires .NET 8.0 SDK or later
  • ⚠️Requires access to and credentials for Azure SQL databases
  • ⚠️Requires setting multiple environment variables for Azure SQL connection strings
Review RequiredView Analysis
The `run_query` tool accepts raw SQL queries as a string. While the documentation strongly recommends using parameterized queries to prevent SQL injection, the truncated source code does not provide the concrete implementation of `ToolHandlers.cs` or `DatabaseManager.cs`. Without this, there is a significant potential for SQL injection if the queries are not properly parameterized and sanitized internally. The project explicitly states it is a 'development/demonstration project' and warns about implementing 'additional security measures' for production use. Hardcoded secrets are generally avoided by using environment variables for connection strings.
Updated: 2025-12-01GitHub
0
0
Medium Cost
Nsujatno icon
Sec3

This server reformats messy brain dump notes into clean Markdown and saves them directly to an Obsidian vault using Claude's AI capabilities.

Setup Requirements

  • ⚠️Requires Claude Desktop app installed.
  • ⚠️Requires `uv` for dependency management (or `pip` as an alternative).
  • ⚠️Requires `OBSIDIAN_VAULT_PATH` to be set in a `.env` file.
Review RequiredView Analysis
The server has critical path traversal vulnerabilities. The `create_note`, `append_to_note`, and `list_notes` functions do not properly validate paths derived from user/AI input (filename, folder). If an attacker or a misbehaving AI provides input like `../../sensitive_file.txt` for `filename` or `../` for `folder`, the server could potentially write to, append to, or list files/directories outside the specified `OBSIDIAN_VAULT_PATH`. While `get_note` includes a necessary `is_relative_to` check, this crucial validation is missing from other file-modifying and listing functions. This poses a significant risk to the integrity and confidentiality of files on the host system.
Updated: 2026-01-17GitHub
0
0
High Cost
cobra30299 icon

MCP_SERVER_JAVA

by cobra30299

Sec2

A Model Context Protocol (MCP) server implementation in Java, demonstrating core MCP features with tools, resources, and prompts, including an AI chat integration.

Setup Requirements

  • ⚠️Requires Java 17 or higher
  • ⚠️Requires Maven 3.6+
  • ⚠️Requires Azure OpenAI API Key (Paid service) for AI chat functionality
  • ⚠️Requires open internet access to Azure AI Foundry
Review RequiredView Analysis
The server is explicitly rated as 'HIGH RISK for Production Use' in its own documentation due to critical vulnerabilities. It lacks authentication, has open CORS ('Access-Control-Allow-Origin: *'), does not support HTTPS (HTTP only), and has insufficient input validation. Error messages can expose internal details. By default, it binds to all network interfaces (0.0.0.0), making it publicly accessible without security measures.
Updated: 2025-12-03GitHub
0
0
Low Cost
aakankshagupta18 icon

custom-mcp-server

by aakankshagupta18

Sec8

A learning project demonstrating how to build a Model Context Protocol (MCP) server with basic tools and Google ADK integration.

Setup Requirements

  • ⚠️Google ADK integration is a placeholder and requires significant additional setup (Google Actions Project, webhook server, etc.) for full functionality beyond internal logging.
  • ⚠️File operations are relative to the server's launch directory (`process.cwd()`), requiring careful consideration of where the server is executed.
  • ⚠️When configuring for Claude Desktop, an absolute path to `dist/index.js` is required, which is a common source of user error.
Verified SafeView Analysis
The File Operations Tool includes path validation to prevent directory traversal and disallow absolute paths, which is a good security practice. The server communicates via stdio, reducing direct network exposure. However, the `workspaceRoot` for file operations defaults to `process.cwd()`, meaning improper deployment in a sensitive directory could still pose risks. Error messages are not uniformly sanitized across all tools, potentially exposing more detail than intended during failures.
Updated: 2025-12-02GitHub
0
0
High Cost
JEdward7777 icon
Sec8

Provides a unified proxy for Translation Helps APIs, exposing them through various interfaces including direct TypeScript, MCP over HTTP, stdio for desktop clients, and OpenAI-compatible REST/TypeScript for LLM integrations.

Setup Requirements

  • ⚠️Requires Node.js >= 20.17.0.
  • ⚠️OpenAI API Key (a paid service) is required for LLM-integrated interfaces (Interfaces 4 & 5).
  • ⚠️Cloudflare Workers deployment requires the 'wrangler' CLI and a Cloudflare account.
Verified SafeView Analysis
The server's design inherently involves proxying network requests and handling API keys (passed from clients to OpenAI). While no 'eval' or obvious malicious patterns are found, the reliability of JSON parsing for tool arguments and the secure handling of API keys rely on external contexts (e.g., client security, LLM provider API security). The proxy itself does not hardcode sensitive secrets. Overall, it follows common proxy design patterns and appears safe for its intended purpose.
Updated: 2025-11-25GitHub
0
0
Low Cost
rdwj icon

usda-mcp

by rdwj

Sec1

A basic real-time chat application that uses WebSockets for multi-user communication.

Setup Requirements

  • ⚠️Node.js required
  • ⚠️Install 'ws' package (npm install ws)
Review RequiredView Analysis
Critical Cross-Site Scripting (XSS) vulnerability in `client.js`. User-provided messages from the WebSocket server are directly inserted into the DOM using `innerHTML` without sanitization, allowing malicious users to execute arbitrary JavaScript in other clients' browsers. The server broadcasts messages without sanitization, enabling this client-side flaw.
Updated: 2026-01-16GitHub
0
0
High Cost
anton-proto icon

mcp-imagen

by anton-proto

Sec9

Generates images from text prompts and performs image processing tasks like style transfer, background removal, and auto-cropping using Google Imagen API.

Setup Requirements

  • ⚠️Requires Python 3.13 or later.
  • ⚠️Requires Google Cloud credentials (either GOOGLE_API_KEY for Gemini API or authenticated gcloud with GOOGLE_CLOUD_PROJECT for Vertex AI).
  • ⚠️Requires 'uv' for package management and running the server.
  • ⚠️Internet access is required for Google Imagen API calls.
Verified SafeView Analysis
The server uses standard Google Cloud authentication methods (Gemini API key or Vertex AI credentials). It validates that all user-provided paths for input/output directories and files are absolute to mitigate path traversal risks. It uses subprocess only to read gcloud configuration. No eval, obfuscation, or hardcoded secrets were found.
Updated: 2025-12-06GitHub
PreviousPage 589 of 713Next