Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
lyf100 icon
Sec4

Deploys a Model Context Protocol (MCP) server on Cloudflare Workers to expose simple calculator tools for integration with AI clients, typically without requiring explicit authentication from the client.

Setup Requirements

  • ⚠️Requires a Cloudflare account and the Cloudflare Workers CLI (`wrangler`) for deployment.
  • ⚠️Operates without authentication, making it unsuitable for sensitive applications or public exposure without implementing custom authentication.
  • ⚠️Local testing with clients like Claude Desktop requires the `mcp-remote` proxy to bridge local clients to the remote Cloudflare Worker endpoint.
Verified SafeView Analysis
The server is explicitly designed 'without auth' as indicated by its name and README. This means any client with the deployed URL can invoke its tools without authentication, posing a critical security risk for any sensitive use cases or public deployment. While the tool logic itself (arithmetic operations) is simple and uses Zod for input validation, the absence of an authentication layer is a severe design flaw for production systems. It is intended as an example demonstrating MCP functionality, not a secure production-ready application without further modifications.
Updated: 2025-11-26GitHub
0
0
Low Cost
patrickpxp icon

ibkr-mcp-server

by patrickpxp

Sec6

Exposes Interactive Brokers portfolio, account, and trading data as MCP tools for AI agents like Claude or Codex.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose v2.
  • ⚠️Requires Interactive Brokers Trader Workstation (TWS) or IB Gateway running locally with API access enabled.
  • ⚠️TWS must be configured to allow local API connections.
  • ⚠️No authentication is implemented, making it dangerous to expose publicly.
Review RequiredView Analysis
The server explicitly states 'No authentication is implemented yet'. This is a critical security risk if the server is exposed publicly, allowing unauthorized access to real-money trading accounts. The README also contains a warning: 'You can lose real money if you do not understand what you are doing.' The code itself does not contain obvious malicious patterns or hardcoded secrets, but the lack of authentication for a financial trading interface makes it highly dangerous if not strictly confined to a secure, private network.
Updated: 2026-01-19GitHub
0
0
Medium Cost
scopweb icon
Sec9

Provides multi-language code context analysis and pattern training for AI assistants, specializing in .NET 10 Blazor Server, Rust, Node.js, Python, Go, Java, and PHP projects.

Setup Requirements

  • ⚠️Requires Rust 1.70+ for compilation.
  • ⚠️Manual editing of Claude Desktop's `claude_desktop_config.json` is necessary, requiring absolute paths for the executable and for pattern data storage (via the `MCP_PATTERNS_PATH` environment variable).
  • ⚠️The server communicates via standard I/O (stdin/stdout) and uses Content-Length framing, which requires careful log configuration (no ANSI colors, stderr only) for proper operation and debugging outside of an MCP client.
Verified SafeView Analysis
The project demonstrates a strong commitment to security with explicit path traversal vulnerability fixes (`sanitize_framework_name`), canonical path verification, automated `cargo-audit` scanning (0 vulnerabilities reported in dependencies), `cargo-geiger` for unsafe code, and `stdio` transport limiting direct network exposure. Configuration is managed via environment variables or `config.toml`, avoiding hardcoded secrets. However, as with any software, ongoing vigilance is required.
Updated: 2025-12-08GitHub
0
0
High Cost
kritsxxxiva-sudo icon

Mureka-mcp

by kritsxxxiva-sudo

Sec8

The Mureka Model Context Protocol (MCP) server enables AI clients to generate lyrics, songs, and background music using Mureka's APIs.

Setup Requirements

  • ⚠️Requires Mureka API Key (Paid service)
  • ⚠️Requires `uvx` (Python package manager) for quickstart examples
  • ⚠️Requires Python 3.10 or higher
  • ⚠️Requires internet access to reach api.mureka.ai and download audio files
Verified SafeView Analysis
The server retrieves API keys from environment variables, which is good practice. It uses standard HTTP libraries for external API calls. File system operations are present for saving generated audio, with checks for directory writeability and defaulting to the user's Desktop. However, if a malicious MCP client or agent were to provide crafted `output_directory` inputs, there's a theoretical risk of writing files to unintended locations, especially if `MUREKA_MCP_BASE_PATH` is configured in a less restrictive manner by the user. The `is_file_writeable` check mitigates some risks by preventing writes to unwritable system paths, but it does not prevent overwriting existing user-writable files.
Updated: 2025-12-03GitHub
0
0
Medium Cost
Upasna22 icon
Sec5

Orchestrates and manages multi-step workflows, likely interacting with AWS Step Functions, providing a control plane for complex server-side processes.

Setup Requirements

  • ⚠️Requires an active AWS account and properly configured AWS credentials (e.g., via environment variables or IAM roles).
  • ⚠️Deployment of specific AWS Step Functions and associated resources (Lambdas, SQS, etc.) is likely a prerequisite, incurring additional setup and costs.
Review RequiredView Analysis
A thorough security audit is impossible due to the absence of the actual source code. General risks for a server application include insecure API endpoints, unhandled exceptions, unvalidated inputs, reliance on potentially vulnerable dependencies, and the risk of hardcoded credentials if not properly managed. Without code, specific threats like 'eval' or malicious patterns cannot be detected.
Updated: 2026-01-16GitHub
0
0
Low Cost
eddie-rembrandt icon

MCP-CodeV

by eddie-rembrandt

Sec3

A Model Context Protocol (MCP) server enabling Claude AI to access, analyze, and work with local Code V optical design scripts and PDF documentation.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a Linux environment (or WSL on Windows) due to shell scripts and typical deployment environment.
  • ⚠️Requires Claude Desktop to be installed and manually configured with absolute paths to the server executable and content directories in its `claude_desktop_config.json`.
  • ⚠️Current PDF text extraction (reading raw content) may be inadequate for complex, encrypted, or image-based PDFs; robust functionality would require installing additional libraries like `pdf-parse` and potentially OCR tools (e.g., Tesseract).
Review RequiredView Analysis
The server's communication relies on local stdio, mitigating network-based attack vectors. However, a critical vulnerability exists: the server's tool handlers (e.g., `read_codev_file`, `analyze_codev_syntax`, `read_pdf_content`, `search_codev_commands`) do not sanitize the `filename` argument. This allows for directory traversal attacks, enabling a malicious prompt or user to request and read arbitrary files outside the configured `CODEV_DIR` and `PDF_DIR` (e.g., `/etc/passwd` or sensitive user files). While the architecture document mentions path sanitization, it is not implemented in the provided `src/index.ts`. The PDF text extraction is basic and might struggle with complex PDFs, but this is a functionality limitation rather than an immediate security risk. The server is designed to be read-only, preventing file modification.
Updated: 2025-11-25GitHub
0
0
Medium Cost
white07S icon
Sec9

This MCP server provides tools for semantic search over pre-indexed documents using Azure OpenAI embeddings and Qdrant, alongside robust PostgreSQL database health monitoring, query optimization, and index recommendations.

Setup Requirements

  • ⚠️Requires Azure OpenAI API Key and Endpoint (Paid service for embeddings and LLM optimization).
  • ⚠️Requires a running Qdrant instance for document search.
  • ⚠️Requires a PostgreSQL database with `pg_stat_statements` and `hypopg` extensions installed.
  • ⚠️Python 3.11 or higher is required.
  • ⚠️Database statistics must be up-to-date (`ANALYZE` needs to be run on the target database being analyzed).
Verified SafeView Analysis
The PostgreSQL component (`postgres-mcp`) implements a `SafeSqlDriver` which uses `pglast` to parse and validate SQL queries, whitelisting allowed statement types (SELECT, ANALYZE, VACUUM, EXPLAIN, SHOW) and functions, providing strong protection against SQL injection and arbitrary DML/DDL operations when in 'restricted' access mode. It explicitly rejects `EXPLAIN ANALYZE` within `SafeSqlDriver` and prohibits locking clauses on `SELECT`. Secrets for Azure OpenAI and database connection strings are correctly handled via environment variables, not hardcoded. No `eval` or obfuscation detected. The primary security consideration is the broad power of SQL access if the server is run in 'unrestricted' mode, which is an explicit configuration choice.
Updated: 2025-12-11GitHub
0
0
Low Cost
Digital-Defiance icon

mcp-server

by Digital-Defiance

Sec8

Provides a foundational server implementation and utility framework, likely for a specific protocol or application.

Verified SafeView Analysis
Only the `README.md` file was provided as 'SOURCE CODE' for analysis. No executable code, configuration files, or other source files were available for a comprehensive security audit. The `README.md` itself contains no malicious patterns, hardcoded secrets, or dangerous function calls.
Updated: 2025-12-03GitHub
0
0
Medium Cost
FlywheelStudio icon

findmy-typescript-mcp

by FlywheelStudio

Sec8

This MCP server enables AI agents to semantically analyze, navigate, and query TypeScript and Next.js codebases by indexing symbols and providing rich metadata.

Setup Requirements

  • ⚠️Requires Node.js runtime (v18+ recommended)
  • ⚠️The target project must contain a valid `tsconfig.json` file
  • ⚠️The path to the target project must be provided as a command-line argument when running the server
Verified SafeView Analysis
The server loads a TypeScript project using `ts-morph` based on a `rootDir` provided as a command-line argument. Symbol lookup and file enumeration are restricted to files within this configured project scope, as `project.getSourceFile` will return undefined for paths outside the `tsconfig.json`'s resolved files. This prevents arbitrary file system traversal or reading of sensitive files outside the intended project. No direct use of `eval` or hardcoded secrets found in the provided source code. The server communicates via standard I/O (stdio), which inherently has a smaller network attack surface than a traditional HTTP server, but still processes external input.
Updated: 2025-12-08GitHub
0
0
Low Cost
aharvard icon

mcp-bubble-wrap

by aharvard

Sec8

Provides an interactive bubble wrap simulator as an MCP (Model Context Protocol) widget, compatible with OpenAI Apps SDK and native MCP Apps.

Setup Requirements

  • ⚠️Requires pnpm package manager for dependency installation.
  • ⚠️Widgets must be built (`pnpm build:widgets`) before running the server in development or production.
  • ⚠️For production deployment, the `BASE_URL` environment variable should be explicitly set to the deployed assets URL (e.g., HTTPS CDN URL).
Verified SafeView Analysis
The server uses CORS with an allow-all origin ('*') which, while common for development and embeddable widgets, could be a minor concern in certain production scenarios if not properly restricted or understood. The widget also uses `window.parent.postMessage` with a wildcard target origin ('*'), which is standard for iframe communication but relies on a secure host to validate incoming messages. Content Security Policy (CSP) is explicitly defined, which is a good security practice. No hardcoded secrets or malicious patterns were identified.
Updated: 2026-01-15GitHub
0
0
High Cost
fern-api icon
Sec8

The MCP server acts as an intermediary, translating Model Context Protocol (MCP) commands into Webflow Designer Extension API calls via a local WebSocket, enabling AI models to programmatically interact with and modify Webflow page designs.

Setup Requirements

  • ⚠️Requires a separate WebSocket server to be running on `ws://localhost:3055` for communication between the MCP server and the Webflow extension (the code for this server is not provided, though the `mcp-socket` folder suggests its existence).
  • ⚠️This server is designed to work with a Webflow Designer Extension (e.g., `mcp-extension` provided in the repository) which must be installed and running within the Webflow Designer for the commands to have any effect.
Verified SafeView Analysis
The server's primary communication is over a local WebSocket (`ws://localhost:3055`), which reduces external attack surface directly on the server itself. Input validation for MCP commands is handled via Zod schemas by the Model Context Protocol SDK. No hardcoded secrets, `eval` usage, or code obfuscation were found. However, the system relies on an external, unprovided WebSocket server running on port 3055 for both the MCP server and the Webflow extension to communicate. The security of this external WebSocket server and the data it handles is critical and not covered by the provided code.
Updated: 2025-11-20GitHub
0
0
Medium Cost
micheleboni icon

mcp-content-extractor

by micheleboni

Sec2

A powerful multi-tool agent server for the Model Context Protocol (MCP), enabling sophisticated RAG operations, web crawling, file processing, and code analysis through a dynamically loaded middleware architecture.

Setup Requirements

  • ⚠️Requires a local Ollama server running with specific embedding models (e.g., `nomic-embed-text:latest`) and vision models (e.g., `qwen3-vl:235b-cloud`).
  • ⚠️Requires a local ChromaDB server instance running on `localhost:8000` for all RAG and collection management functionalities.
  • ⚠️Many middleware components depend on external command-line tools such as `yt-dlp`, `soffice` (LibreOffice), `pdftoppm`, `convert` (ImageMagick), and `gs` (Ghostscript) for file processing and media extraction.
Review RequiredView Analysis
CRITICAL: The server exposes an `/mcp/execute` endpoint without any authentication. Several middleware components, such as `run_in_terminal`, `pdf_image_extraction` (using `pdftoppm`, `convert`, `gs`), `extract_youtube_transcript` (using `yt-dlp`), and `mcp-io-github-git-push-files`/`mcp-io-github-git-create-or-update-file` (using `git` commands), directly execute shell commands with input that can originate from API calls. This creates a severe remote code execution (RCE) vulnerability if exposed to untrusted networks or users. Extensive local filesystem read/write access is also granted via `vscode-file` tools, posing data integrity and confidentiality risks. Running this server in a non-sandboxed environment or with untrusted inputs is highly dangerous.
Updated: 2026-01-17GitHub
PreviousPage 591 of 713Next