Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
junkreef icon
Sec8

Provides an MCP server for AI agents to efficiently access structured, token-efficient content from PDF manuals using bookmarks for navigation and semantic search.

Setup Requirements

  • ⚠️Requires Python 3.11+ and `uv` to be installed.
  • ⚠️PDF manuals must be manually placed into the `data/pdfs` directory and then processed by the `db_manager build` command before the server can provide content.
  • ⚠️The `builder` functionality, which processes PDFs into the vector database, has complex dependencies (`docling`, `langchain-text-splitters`, `sentence-transformers` or `fastembed`, and potentially `torch` for GPU acceleration on Linux), which can be challenging to set up and configure for optimal performance.
Verified SafeView Analysis
The server runs locally by default (127.0.0.1:8000) and processes PDF files from a predefined directory, reducing direct external attack surface. It uses SQLAlchemy for database interactions, mitigating SQL injection risks. File operations are constrained by `PDF_ROOT_DIR` to prevent path traversal. There are no obvious hardcoded secrets or 'eval' calls. The primary security consideration arises from the `docling` library's PDF processing, as vulnerabilities in this external dependency could be exploited if malicious PDFs are placed in the configured input directory. However, the `docling` processing is done via a separate `builder` script, not directly by the live server exposed to AI agents.
Updated: 2026-01-11GitHub
0
0
Low Cost
ncipollo icon

magick-mcp

by ncipollo

Sec2

Provides an MCP server interface for executing ImageMagick commands and managing reusable image processing functions.

Setup Requirements

  • ⚠️Requires ImageMagick to be installed on the host system.
  • ⚠️Requires Rust and Cargo to be installed for compilation/installation.
  • ⚠️Designed to be run as an MCP server, requiring an MCP-compatible client (e.g., Cursor, Claude) for interaction.
Review RequiredView Analysis
The server uses `std::process::Command` to invoke ImageMagick, passing arguments as a string slice after splitting by whitespace, which helps prevent basic shell injection for direct ImageMagick commands. Environment variables are explicitly cleared before execution, with only the `PATH` variable preserved, enhancing security against malicious environment injection. However, a **CRITICAL VULNERABILITY** exists in the function management tools (`func_save`, `func_load`, `func_delete`). The `name` parameter, which is user-controlled (e.g., from an MCP client/agent), is directly incorporated into file paths using `PathBuf::join` (e.g., `functions_dir().join(format!("{name}.json"))`). This allows for **path traversal attacks**. A malicious actor can provide a function `name` containing `../` sequences (e.g., `../../../../../../etc/passwd`) to read, write, or delete arbitrary files on the file system outside the intended function storage directory. This could lead to data exfiltration, system corruption, or privilege escalation if the server is run with elevated permissions.
Updated: 2025-12-01GitHub
0
0
Low Cost
pooja-bhavani icon

StyleHub

by pooja-bhavani

Sec8

This is an e-commerce website for fashion and lifestyle products, serving as a modern online shop frontend.

Setup Requirements

  • ⚠️Docker required
  • ⚠️Docker Compose required
  • ⚠️Kubernetes cluster for 'MCP Server' deployment
Verified SafeView Analysis
The provided server code (Docker and Kubernetes configurations) primarily serves static web assets. No 'eval', obfuscation, or hardcoded sensitive secrets were found in the server configuration files. The client-side JavaScript (`login-script.js`, `script.js`) uses `localStorage` for simulating login, cart, and wishlist functionality, which is highly insecure for a real e-commerce backend but is explicitly presented as a demo/simulation. The server itself, as a static file host, is relatively secure given the provided code snippets. The `architecture.md` mentions HTTPS and JWT, but the provided `docker-compose.yml` maps to HTTP port 80, indicating local demo setup. Overall, the server is safe to run as a demonstration, but the client-side logic is not production-ready for secure transactions.
Updated: 2025-12-02GitHub
0
0
Low Cost
amshamah419 icon

CortexSynapse

by amshamah419

Sec8

CortexSynapse acts as a Model Context Protocol (MCP) server, enabling AI-powered IDEs and agents to interact with live Palo Alto Cortex XSOAR/XSIAM instances for security development, testing, and automation tasks.

Setup Requirements

  • ⚠️Requires Docker for containerized deployment (primary use case for AI IDEs).
  • ⚠️Requires active XSOAR and/or XSIAM instances with API access.
  • ⚠️Mandatory environment variables must be set for API URLs and keys (e.g., XSIAM_API_URL, XSOAR_API_KEY).
  • ⚠️Requires an MCP-compatible AI IDE (e.g., Windsurf, Cursor, Roo Code).
Verified SafeView Analysis
The server demonstrates strong security practices including explicit use of environment variables for credentials, Docker hardening recommendations (`--read-only`, `no-new-privileges`), built-in rate limiting, and sanitization of error messages to prevent information leakage. Input validation (`sanitize_input`, `validate_inputs`) is implemented for string parameters, checking for length and common injection patterns. However, for complex JSON request bodies, the code doesn't explicitly show deep, recursive sanitization by the server itself before passing the body to the downstream XSOAR/XSIAM API via `httpx.request(json=body)`. While the target APIs are expected to handle their own input validation, this could be a point of concern if an AI agent is coerced into crafting a malicious JSON payload that the target API might interpret unexpectedly, and the proxy itself does not apply deeper content validation.
Updated: 2025-11-20GitHub
0
0
Medium Cost
omkarwazulkar icon

OpenAI-MCP-WeatherStack

by omkarwazulkar

Sec8

A full-stack AI agent that retrieves real-time weather information for a specified city using OpenAI's Agents SDK and a Python-based Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires specific Python (3.11) and Node.js (22.14.0) versions
  • ⚠️Involves running three separate services (Python MCP server, Node.js Express backend, React frontend) concurrently
Verified SafeView Analysis
The project uses standard libraries and frameworks. The OpenAI API key is handled via environment variables, which is a good practice. The exposed MCP tool performs a simple HTTP GET request to wttr.in, limiting direct command injection risks in the tool itself. User queries are passed directly to the Agent SDK, which relies on the SDK's internal safety mechanisms for prompt injection and tool execution. Given it's primarily designed for local development, it is generally safe, but full confidence in security would require an audit of the @openai/agents SDK.
Updated: 2025-12-10GitHub
0
0
Low Cost
vivekkeditz icon

Awesome-MCP-ZH

by vivekkeditz

Sec10

This repository serves as a curated collection of resources, guides, and tools for the Multi-Channel Platform (MCP) community, providing information on MCP server setup and client usage.

Verified SafeView Analysis
The provided source code is solely a Markdown README file, which contains no executable logic or server implementation to audit for security vulnerabilities. It describes resources and guides, but does not include the code for an MCP server itself. Therefore, a security audit of an 'MCP server' cannot be performed with the information given. The README itself poses no direct security risks, though it links to external `example.com` URLs which are not auditable here.
Updated: 2026-01-19GitHub
0
0
Medium Cost
vaibhavparihar icon
Sec9

A local Model Context Protocol (MCP) server enabling ChatGPT to perform data quality checks and exploratory data analysis (EDA) on local datasets via natural language prompts.

Setup Requirements

  • ⚠️Requires `ngrok` to expose the local server to ChatGPT (manual setup).
  • ⚠️Requires manual configuration of a custom MCP connection in ChatGPT.
  • ⚠️Datasets must be placed in the local `data/` directory (CSV format only).
Verified SafeView Analysis
The server primarily operates locally, reading CSV files from a dedicated 'data/' directory and writing Markdown reports to a 'reports/' directory. File operations are contained within these directories. There are no explicit uses of `eval`, `exec`, `pickle`, `subprocess`, or `os.system` with arbitrary user input. The primary security consideration is the deliberate exposure of the local server via `ngrok`, which makes it publicly accessible. Users should be aware of the implications of exposing a local endpoint and only process trusted data. The code itself appears well-contained and focused on its stated purpose without obvious vulnerabilities.
Updated: 2025-11-27GitHub
0
0
Medium Cost
gvishnoi icon

mysql-server-mcp

by gvishnoi

Sec7

An MCP server that exposes MySQL database operations as tools for AI assistants and other compatible clients.

Setup Requirements

  • ⚠️Requires a running and accessible MySQL server.
  • ⚠️Requires Node.js (v16 or higher) to be installed.
  • ⚠️Requires configuration of MySQL connection details (MYSQL_HOST, MYSQL_PORT, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE) via environment variables or a .env file.
Verified SafeView Analysis
The server's source code is clear and does not contain 'eval' or obfuscation. It communicates over stdio, not exposing direct network ports. However, it relies on environment variables for MySQL credentials (MYSQL_HOST, MYSQL_PORT, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE), with generic placeholder defaults ('username', 'password', 'database_name'). While the README explicitly warns against committing credentials and advises using environment variables, relying on these generic defaults without explicit configuration poses a risk if deployed carelessly. The server executes arbitrary SQL queries provided by the client, making it susceptible to SQL injection if the calling client/AI assistant does not properly sanitize its inputs before generating the SQL query. The code includes basic statement classification to route queries to appropriate handlers, preventing some accidental misuse (e.g., calling a SELECT with 'execute_sql'), but it does not perform advanced SQL injection prevention or input sanitization itself. The README advises implementing additional query validation and sanitization for production use, acknowledging this inherent risk.
Updated: 2025-11-25GitHub
0
0
Medium Cost
pkutsch icon
Sec8

Provides a Model Context Protocol (MCP) server for AI agents, offering Retrieval-Augmented Generation (RAG) capabilities with file-based data sources (PDF, TXT, Markdown) and a Streamlit UI for management.

Setup Requirements

  • ⚠️Requires Python 3.12.7+.
  • ⚠️Requires a running Ollama server (for local embeddings) or an OpenAI API Key (a paid service) for core RAG functionality.
  • ⚠️The `rag-core` dependency is installed directly from a Git repository, which mandates `git` to be installed and can sometimes introduce installation complexities.
Verified SafeView Analysis
The server employs environment variables for configuration, a recommended security practice, and uses parameter binding for all SQLite operations in the logging module, effectively preventing SQL injection. File parsing, which can be an attack surface for RAG systems, relies on well-known external libraries (pypdf, chardet). The Streamlit UI binds to `0.0.0.0` by default, which is standard for web interfaces but necessitates awareness regarding external exposure if deployed publicly. The MCP server primarily uses secure STDIO transport, though a network-exposed SSE mode is configurable. No direct `eval` calls, code obfuscation, or other overtly malicious patterns were identified in the provided source.
Updated: 2026-01-19GitHub
0
0
Low Cost
Ramakrishna-Gedala icon

mcp-web-knowledge-coach

by Ramakrishna-Gedala

Sec8

A demo and training platform for the Model Context Protocol (MCP), providing structured recommendations and resources related to AI/LLM concepts via a Python backend and React frontend.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires 'uv' (Astral's package manager) ≥ 0.9
  • ⚠️Requires Node.js 20+ for the web client
  • ⚠️The MCP server must be running before starting the React client.
Verified SafeView Analysis
The server uses FastAPI with explicit CORS settings, limiting access to specified origins, which is good. Configuration is managed via environment variables. The core 'coach_resources' tool performs a keyword search against an in-memory knowledge base, mitigating direct prompt injection risks related to LLM calls (as no LLM is called by this specific tool). 'subprocess.run' is used in the CLI for launching the inspector, but it's for a known tool and not based on user input. No direct use of 'eval' or obvious obfuscation. As a demo, it's not designed for high-stakes production, but appears robust for its intended purpose.
Updated: 2025-11-26GitHub
0
0
Medium Cost
PurpleSquirrelMedia icon

ibmz-mcp-server

by PurpleSquirrelMedia

Sec4

Integrate Claude Code with IBM Z mainframe capabilities for HSM-backed key management and exposing z/OS applications as REST APIs, enabling AI-powered enterprise operations and security.

Setup Requirements

  • ⚠️Requires an IBM Cloud account with active Key Protect service (and potentially other IBM services like NLU, watsonx.ai, Cloudant, TTS for full demo functionality).
  • ⚠️Requires access to an IBM mainframe with z/OS Connect Enterprise Edition (EE) installed and configured for using z/OS Connect tools.
  • ⚠️Crucial environment variables (IBM_CLOUD_API_KEY, KEY_PROTECT_INSTANCE_ID, ZOS_CONNECT_URL, ZOS_CONNECT_USERNAME, ZOS_CONNECT_PASSWORD) must be configured correctly; the hardcoded secrets in demo files should NOT be used in a production or shared environment.
Verified SafeView Analysis
The repository contains numerous hardcoded API keys and instance IDs within its demo scripts, which is a significant security risk as it can lead to accidental exposure or misuse if not properly managed. While the main server (`index.js`) correctly uses environment variables for sensitive configuration, the presence of hardcoded secrets in related files is a major concern. The `zos_connect_call_service` tool allows constructing arbitrary requests to a configurable mainframe URL; although path parameters are encoded and payloads are JSON stringified, this tool presents a potential Server-Side Request Forgery (SSRF) risk if `ZOS_CONNECT_URL` can point to internal networks, and a risk of exploiting vulnerabilities in target mainframe applications if Claude is prompted to craft malicious API calls.
Updated: 2025-12-15GitHub
0
0
High Cost
Tsarri icon
Sec8

A multi-agent Retrieval-Augmented Generation (RAG) system for legal tech, focusing on document intelligence, deadline extraction, and strategic analytics.

Setup Requirements

  • ⚠️Requires Supabase account with PostgreSQL and pgvector extension.
  • ⚠️Requires Anthropic API Key (Paid API usage for Claude models).
  • ⚠️Requires Google Gemini API Key (Paid API usage for Gemini models; optional but disables preprocessing/validation if missing).
  • ⚠️Requires Claude Desktop (for MCP server integration).
Verified SafeView Analysis
The server handles API keys via environment variables, which is good practice. File system operations for document storage and deletion are restricted to client-specific subdirectories, mitigating arbitrary file access risks. The Supabase client library is used, which typically prevents SQL injection. However, as an LLM-powered application, it is inherently susceptible to prompt injection attacks against the underlying Claude and Gemini models, where a malicious input could potentially manipulate AI behavior. No direct use of `eval` or obvious obfuscation was found.
Updated: 2025-12-23GitHub
PreviousPage 592 of 713Next