Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Cronos402 icon

mcp

by Cronos402

Sec7

A Model Context Protocol (MCP) server providing x402 payment support for the Cronos blockchain, enabling payment-gated tool execution and USDC.e/CRO payments.

Setup Requirements

  • ⚠️Requires a PostgreSQL database (supports Neon HTTP or standard `postgres` driver).
  • ⚠️The server requires `BETTER_AUTH_SECRET`, `DATABASE_URL`, `GITHUB_CLIENT_ID`, and `GITHUB_CLIENT_SECRET` environment variables to be set (as per `src/env.ts` validation).
  • ⚠️Automated USDC.e payments are currently prevented in the `CronosPaymentStrategy` as it awaits secure wallet integration (e.g., MetaMask, WalletConnect). Users must interact manually for now via the web interface.
Verified SafeView Analysis
The server implements a `SecurityHook` to remove sensitive headers and correctly loads secrets from environment variables. Wallet linking (`/api/wallets/link`) uses `viem` for signature verification, which is a standard and secure practice. The `X402WalletHook` explicitly prevents direct insecure private key usage for USDC.e payments by returning an error, acknowledging that proper wallet integration is a future 'TODO'. A notable concern is the reliance on the VLayer service for 'web proofs'; the `VLayer` module's README explicitly states this module performs no cryptographic verification of these proofs itself, delegating trust to the external service. The `/mcp` proxy endpoint utilizes `resolveTargetUrl` which parses target URLs from headers or query parameters, introducing a potential for Server-Side Request Forgery (SSRF) if `targetUrl` validation (specifically the domain filtering in `VLayerHook` if enabled) is not robustly configured. CORS is permissive in development but configurable for production via `TRUSTED_ORIGINS`. No `eval` or obvious malicious patterns were found in the provided code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
lamdt1 icon

mcp-servers

by lamdt1

Sec2

An MCP server that provides tools for AI agents to interact with a music API (ZingMp3) to search for songs, fetch lyrics, streams, and artist/album information.

Setup Requirements

  • ⚠️Requires `npm install` and `npm run build` to compile TypeScript before running the compiled output. The `mp3-server.js` script attempts to automate this but it's a prerequisite.
  • ⚠️The core API client relies on fragile web scraping techniques to obtain cookies from `zingmp3.vn` and interacts with unofficial endpoints, making it highly susceptible to breaking if `zingmp3.vn` changes its website structure or implements anti-scraping measures.
  • ⚠️The `MP3_API_BASE_URL` environment variable, mentioned in the README for overriding the API base URL, is not actually used by the provided `Mp3ApiClient` source code, which hardcodes `https://zingmp3.vn`.
Review RequiredView Analysis
CRITICAL: The `Mp3ApiClient` (src/mp3ApiClient.ts) has hardcoded `SECRET_KEY` and `API_KEY` values. These keys are directly exposed in the source code, posing a severe security risk if they are used for authentication or authorization with the upstream API. Additionally, the `Mp3ApiClient` relies on scraping cookies from `zingmp3.vn` to make API requests, a fragile and potentially unauthorized method that could break or lead to legal issues. The server's stated configuration for `MP3_API_BASE_URL` is also contradicted by the source code, which hardcodes `https://zingmp3.vn` for API calls, preventing the use of a more stable or self-hosted proxy.
Updated: 2025-12-13GitHub
0
0
Low Cost
JoAbyssinia icon

mcp-sentiment

by JoAbyssinia

Sec9

Provides a sentiment analysis API, capable of being integrated into larger AI agent systems or directly used via a web interface.

Setup Requirements

  • ⚠️Requires `textblob` Python library (`pip install textblob`).
  • ⚠️Requires `gradio` Python library (`pip install gradio`).
Verified SafeView Analysis
The MCP server, implemented in `app.py`, performs sentiment analysis using the `TextBlob` library. It does not contain `eval`, obfuscation, hardcoded secrets, or patterns that allow direct code execution from user input. The primary security risk identified in the repository's `mcpgradioclient.py` file (which is a client that connects to an MCP server, and uses a `CodeAgent` that processes user input) does not apply to the server's functionality as defined in `app.py`.
Updated: 2025-12-19GitHub
0
0
Medium Cost
iamsamuelfraga icon

mcp-nevent

by iamsamuelfraga

Sec8

An MCP server providing tools for managing users, marketing campaigns, and event lineups in the Nevent platform.

Setup Requirements

  • ⚠️Requires 'NEVENT_JWT_TOKEN' environment variable to authenticate with the Nevent API; the server will exit if it's not set.
  • ⚠️Users need to obtain the 'NEVENT_JWT_TOKEN' by logging into the Nevent admin panel and generating an API token with appropriate permissions.
  • ⚠️Local setup requires building the TypeScript project (`npm run build`) before execution and providing the correct path to the compiled 'dist/index.js' file.
Verified SafeView Analysis
The server correctly retrieves the Nevent JWT token from environment variables, preventing hardcoding of sensitive credentials. It acts as a wrapper around the Nevent API, meaning its security depends on the confidentiality of the provided JWT token and the robustness of the underlying Nevent API. No obvious 'eval', code obfuscation, or other malicious patterns were found. While the MCP SDK is expected to handle input schema validation, the internal tool handlers in `src/index.ts` use type assertions, which could be a minor concern if schema validation is bypassed. The communication with the Nevent API uses HTTPS.
Updated: 2025-11-24GitHub
0
0
High Cost
osins icon
Sec9

An MCP server providing web crawling, browser automation, and content extraction capabilities with support for multiple output formats and LLM integration.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires Playwright browser installation (`python -m playwright install chromium --with-deps`) after pip installation, which involves downloading a browser binary and its system dependencies.
  • ⚠️LLM integration (using `litellm` with `openai/gpt-4o-mini`) implicitly requires an `OPENAI_API_KEY` or a compatible API key to be set in the environment variables for full functionality.
Verified SafeView Analysis
The server demonstrates good security awareness with explicit URL validation and sanitization, Playwright browser hardening (headless mode, no-sandbox), and clear statements on file system security (files saved only to specified paths, no arbitrary access). Input validation is performed for tool arguments, including URL length limits. There are no obvious 'eval' or hardcoded secrets. Potential risks include: 1) if the 'save_path' argument for crawl_web_page is sourced from untrusted input, it could lead to directory traversal in some edge cases if not properly handled by the calling system (though os.path.join provides some protection); 2) LLM integration with an 'instruction' parameter could be susceptible to prompt injection if the user input is not sanitized by the calling agent.
Updated: 2025-11-22GitHub
0
0
Low Cost
egg-breads icon

lookFor

by egg-breads

Sec5

This application functions as a Model Context Protocol (MCP) server, exposing tools for fetching weather forecasts and parking zone information, primarily intended for use by an AI agent.

Setup Requirements

  • ⚠️Requires `gov.share.api.key` to access the eShare public data portal. It is currently hardcoded in `application.yml` but should be managed securely.
  • ⚠️The `RestClient` in `ConnectConfig` is configured with `gov.share.api.host` (eshare.go.kr), which conflicts with the weather forecast service (`ExamWeatherServiceImp`) expecting `api.weather.gov`. The weather forecast tool will likely fail unless the RestClient configuration is modified or a separate RestClient bean for api.weather.gov is provided.
  • ⚠️While the server runs independently, its full intended functionality as an MCP server implies integration with an LLM like Ollama, as suggested by the `compose.yaml`.
Verified SafeView Analysis
The `gov.share.api.key` is hardcoded directly in `application.yml` and also within the `findParkingZoneByCityName` method in `ParkingZoneServiceImp.java`. This is a significant security risk as secrets should never be hardcoded and instead loaded securely at runtime. The `SecureConfig` disables CSRF, form login, and basic auth, and permits all requests (`anyRequest().permitAll()`). While common for API-only servers expecting external authentication, it means the application itself provides no authentication layer for its endpoints. There's no explicit input validation on tool parameters (e.g., latitude/longitude, city names), which could lead to malformed requests to external APIs.
Updated: 2026-01-04GitHub
0
0
Low Cost
Sudhanvaha icon
Sec9

Provides a Model Context Protocol (MCP) server for tracking personal expenses, integrated with Claude Desktop for natural language management.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires 'uv' package manager for installation and execution.
  • ⚠️Requires Claude Desktop application for interaction (Claude Pro subscription is needed for direct remote server access; Free plan works with local or proxy setups).
Verified SafeView Analysis
The server uses parameterized SQLite queries for all database operations (INSERT, SELECT, UPDATE, DELETE), effectively preventing SQL injection vulnerabilities. Data is stored locally in an 'expense.db' file by default, enhancing privacy for local deployments. No 'eval' or code obfuscation is present. No hardcoded secrets (e.g., API keys, passwords) were found. The 'update' tool has a minor bug returning a Python set instead of a dictionary for the 'no fields provided' scenario, but this is not a security flaw.
Updated: 2025-12-26GitHub
0
0
Medium Cost
VOID-TECHNOLOGY-INC icon

PyBun

by VOID-TECHNOLOGY-INC

Sec3

Programmatic interaction with the PyBun CLI for automation or AI agent integration, serving as a backend for system-level Python tooling.

Setup Requirements

  • ⚠️Requires `uv` or `pip` to be available in PATH for virtual environment management.
  • ⚠️System utilities like `curl`, `tar`, `sha256sum`/`shasum` are required for downloading and verifying Python runtimes.
  • ⚠️Default Python versions supported are 3.9, 3.10, 3.11, 3.12; older/unlisted versions may require manual setup or fail.
Review RequiredView Analysis
The MCP server (`pybun mcp serve`) exposes JSON-RPC methods (`call_run`, `call_gc`, `call_doctor`) that execute `pybun` commands as subprocesses. While Rust's `std::process::Command::args` API generally prevents shell injection, allowing an external entity (e.g., an AI agent) to call `call_run` with arbitrary Python script paths or inline code without robust input validation or mandatory sandboxing is a severe privilege escalation risk. The `--sandbox` feature in `pybun run` provides a lightweight Python-level sandbox (blocking subprocesses, optional network access), but it is an opt-in argument, not enforced by the MCP server's `call_run` method. If the MCP server is exposed to untrusted inputs, it effectively grants arbitrary code execution on the host machine.
Updated: 2026-01-14GitHub
0
0
High Cost
SayamAlt icon
Sec9

An AI travel assistant that uses an LLM agent and modular MCP servers to provide real-time information for flight, hotel, weather, places, and timezone during trip planning.

Setup Requirements

  • ⚠️Requires multiple paid API keys for various services (OpenAI, Amadeus, OpenWeatherMap, Foursquare, RapidAPI).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires manually starting 5 separate MCP server processes (flights_mcp.py, hotels_mcp.py, weather_mcp.py, places_mcp.py, math_mcp.py) before running the main Streamlit application.
Verified SafeView Analysis
The system correctly loads API keys from environment variables or Streamlit secrets, avoiding hardcoded credentials. All external network requests are made to well-known, legitimate APIs (OpenAI, Amadeus, OpenWeatherMap, Foursquare, Booking.com/RapidAPI). The architecture relies on an LLM agent orchestrating tool calls, which inherently means the LLM's interpretation of prompts dictates tool usage. This is a design choice for agentic systems, not a specific vulnerability in the code itself, assuming the LLM is well-constrained. No 'eval' or other directly dangerous patterns were found.
Updated: 2025-11-27GitHub
0
0
High Cost
sendsta icon
Sec7

The MCP server provides document parsing, OCR, and advanced analytical tools to extract key information (requirements, deadlines, contacts, evaluation criteria) from tender documents for the tri-tender system.

Setup Requirements

  • ⚠️Requires system dependencies like pandoc, poppler-utils, tesseract-ocr, and LibreOffice Writer for full functionality (especially OCR and document conversion).
  • ⚠️Python 3.10+ is required.
  • ⚠️FastMCP Cloud deployment requires setting an entrypoint (`server.py:mcp`).
Verified SafeView Analysis
The server primarily relies on external libraries (pdfplumber, python-docx, pytesseract, pandoc) for core document processing, which introduces dependencies on their security. The `subprocess.run` calls to `pandoc` and `soffice` directly use `str(file_path)` which is generally safe against shell injection, but could still be vulnerable if the external tools themselves have vulnerabilities when processing malicious files. The `import_document` tool in `server.py` supports only base64 encoding, mitigating URL-based SSRF risks present in an older implementation (tender_docs_mcp.py). No direct `eval()` calls or hardcoded secrets were found. File handling uses system temporary directories and explicit Path objects which is good.
Updated: 2025-11-29GitHub
0
0
Low Cost
ianiver9 icon
Sec7

Automates the setup of a local filesystem server for Claude Desktop on Windows, enabling the AI to securely access and manage local files.

Setup Requirements

  • ⚠️Requires Windows 10 or 11
  • ⚠️Requires Administrator privileges to run the PowerShell script
  • ⚠️Requires `Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser` to be set before execution
  • ⚠️Default configuration grants Claude access to the entire `C:\` drive
Verified SafeView Analysis
The script requires Administrator privileges to run and by default configures Claude Desktop to have read/write access to the entire `C:\` drive. While operations require explicit user approval within Claude, this grants substantial potential control to the AI. Users should understand these implications and consider restricting access paths as described in the README. The security relies on the trustworthiness of the `setup-claude-mcp-filesystem.ps1` script itself and the `@modelcontextprotocol/server-filesystem` package. No `eval`, obfuscation, or hardcoded secrets are evident in the provided documentation.
Updated: 2026-01-04GitHub
0
0
Low Cost
admin-e2ec icon
Sec10

This repository serves as a curated list and directory of resources related to the ModelContextProtocol (MCP), including servers, tools, and related research papers.

Verified SafeView Analysis
The provided source code only contains a README.md file. There is no executable code to analyze for runtime security risks (e.g., 'eval', network vulnerabilities, hardcoded secrets). The repository itself is a static list of external resources.
Updated: 2025-11-23GitHub
PreviousPage 590 of 713Next