Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
rharshgit icon
Sec9

Tracks and manages personal or business expenses via an API.

Setup Requirements

  • ⚠️Python 3.11+ required.
Verified SafeView Analysis
The server uses parameterized queries to prevent SQL injection vulnerabilities. No hardcoded secrets, 'eval' statements, or direct shell commands were found. The database is stored in a temporary directory, mitigating path traversal risks. Binding to 0.0.0.0 is standard for a server but means it's accessible from any network interface, requiring appropriate network security in production environments.
Updated: 2025-12-13GitHub
0
0
Low Cost
openpharma-org icon

nlm-codes-mcp

by openpharma-org

Sec8

This server provides a unified tool for AI assistants to search and access various clinical coding systems, medical data tables, and healthcare provider information through the National Library of Medicine's Clinical Tables API.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires `npm install` and `npm run build` prior to execution.
  • ⚠️Relies on the external NLM Clinical Tables API for all data retrieval (publicly accessible, no API key required for the documented features).
Verified SafeView Analysis
The server acts as a proxy to the NLM Clinical Tables API. Input parameters (`terms`, `maxList`, `offset`, `count`) are validated. The `additionalQuery` parameter, which accepts Elasticsearch-like syntax, includes logic (`validateAndProcessAdditionalQuery`) to detect and transform/warn about complex parentheses, mitigating potential query injection issues against the upstream NLM API. No `eval` or obvious hardcoded secrets are present in the provided source. Default CORS is set to '*' with a warning for production environments in the configuration validation. Uncaught exceptions and unhandled rejections are logged but do not cause the process to exit, a design choice for resilience that might require careful monitoring in production.
Updated: 2025-12-16GitHub
0
0
Low Cost
EPS-AI-SOLUTIONS icon

GeminiCLI

by EPS-AI-SOLUTIONS

Sec9

Integrate Ollama and Gemini CLI for advanced LLM operations, including multi-agent task execution, intelligent routing, prompt optimization, and caching, accessible via CLI and a Tauri-based GUI.

Setup Requirements

  • ⚠️Requires a running Ollama server instance (default `http://localhost:11434`) for local LLM operations.
  • ⚠️Requires the `gemini` CLI tool to be installed and configured with `GEMINI_API_KEY` (or `GOOGLE_API_KEY`) for cloud LLM functionality.
  • ⚠️For secure cache storage, `CACHE_ENCRYPTION_KEY` (a 32-byte AES-256-GCM key) should be explicitly configured in the `.env` file.
Verified SafeView Analysis
The server includes a `run_shell_command` tool, which is an inherently high-risk capability. However, the project demonstrates strong security awareness by implementing a robust `CommandSanitizer` (with `DANGEROUS_PATTERNS`, `BLOCKED_COMMANDS`), strict working directory validation, filtering of dangerous environment variables, and comprehensive audit logging. The `CACHE_ENCRYPTION_KEY` is crucial for securing cached data at rest; if not set, cache entries are stored in plain text. Enabling `HYDRA_YOLO` or disabling `HYDRA_RISK_BLOCKING` could significantly reduce safety, but default configurations prioritize security. Overall, strong built-in mitigations are present against common shell injection and data exposure risks.
Updated: 2026-01-19GitHub
0
0
Low Cost
aninibread icon
Sec7

Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers to expose calculator tools to AI clients without requiring authentication.

Setup Requirements

  • ⚠️Requires a Cloudflare Workers account for deployment.
  • ⚠️Connecting local MCP clients (like Claude Desktop) requires an additional `mcp-remote` proxy setup.
  • ⚠️The server is intentionally authless, making it unsuitable for tools or operations requiring security and access control.
Verified SafeView Analysis
The server is explicitly designed to be authless, meaning it does not require authentication to use its calculator tools. While this is a stated feature for a simple calculator, it is a critical security consideration and would be a major vulnerability if deployed with sensitive functionality. The implementation itself appears clean, with input validation using Zod and no obvious malicious patterns or usage of `eval`.
Updated: 2025-12-02GitHub
0
0
Low Cost
hitl-sh icon

mcp.hitl.sh

by hitl-sh

Sec9

Connect AI systems (like ChatGPT and OpenAI Agent Builder) to the HITL.sh Human-in-the-Loop platform for real-time human judgment on tasks.

Setup Requirements

  • ⚠️Requires a HITL.sh API key.
  • ⚠️Extensive Auth0 setup (account, API, applications, and custom Action) is required for full OAuth and per-user API key functionality.
  • ⚠️Node.js 18+ runtime is a prerequisite.
  • ⚠️Production deployment is optimized for Vercel, requiring a Vercel account and specific environment variable configuration.
Verified SafeView Analysis
The server uses OAuth 2.1 with Auth0 for authentication, verifying JWT tokens via Auth0's JWKS endpoint, which is a standard secure practice. Per-user API keys are stored in Auth0 user metadata, not directly on the server. Environment variables are used for sensitive credentials, with clear documentation warnings against hardcoding secrets or committing `.env.local`. Management API access for updating user metadata is secured with M2M OAuth. No `eval` or obvious obfuscation was found. Client-side Auth0 configuration (`AUTH0_ISSUER_URL`, `AUTH0_CLIENT_ID`, `AUTH0_AUDIENCE`) is exposed, which is standard for OAuth flows.
Updated: 2025-12-05GitHub
0
0
Medium Cost
Mausino icon
Sec8

Provides persistent, per-project knowledge storage for an AI coding assistant, enabling it to remember facts and context relevant to individual software projects.

Setup Requirements

  • ⚠️Requires Node.js 18+ and Claude Code CLI.
  • ⚠️The `PROJECTS_ROOT` environment variable (`C:/Development/projects` by default) defines the scope for cross-project searches and must be configured if projects are located elsewhere.
  • ⚠️Configuration requires manual copying and path adjustment for the `.mcp.json` file to point to the `dist/index.js` of the knowledge server.
Verified SafeView Analysis
The server uses standard I/O for communication, limiting network attack vectors directly to the server process. File system operations are confined to specific paths (`.claude/knowledge.json`) within projects and a configurable `PROJECTS_ROOT`. While `fs` operations are used for persistence, the server does not execute arbitrary code from stored facts or scan arbitrary files. Input arguments for tools are structured, reducing the risk of command injection. The primary risk would be potential information exposure if `PROJECTS_ROOT` is configured to a highly sensitive location, as it scans for directories containing `.claude/knowledge.json` files.
Updated: 2026-01-19GitHub
0
0
High Cost
DevSkillsIT icon

Skills-MCP-AD

by DevSkillsIT

Sec8

Provides an AI-integrable Model Context Protocol (MCP) server for comprehensive and secure Active Directory management, particularly for multi-tenant environments.

Setup Requirements

  • ⚠️Requires a live Active Directory or Samba AD instance to function beyond unit tests.
  • ⚠️A `ad-config/ad-config.json` file must be accurately populated with Active Directory connection details, credentials, and an authentication token.
  • ⚠️Requires Python 3.11+.
  • ⚠️The configured Active Directory service account (`bind_user`) needs specific read and write permissions for the tools to operate correctly.
Verified SafeView Analysis
The server implements Bearer Token authentication and recommends using LDAPS for secure communication. A `ClientSecurityManager` enforces client isolation and requires confirmation for write operations or a valid automation token. No hardcoded secrets, 'eval', or malicious patterns were found in the provided source code. Security posture is highly dependent on secure management of `ad-config.json` and environment variables containing sensitive credentials and tokens in the deployment environment.
Updated: 2025-12-20GitHub
0
0
Low Cost

xzmcp

by TrBaPhong

Sec4

This project implements a Model Context Protocol (MCP) server that allows AI models to interact with external tools and services through a unified interface.

Setup Requirements

  • ⚠️Requires setting the MCP_ENDPOINT environment variable.
  • ⚠️Hardcoded API key in getcryptoprice.py needs to be replaced with a secure mechanism (e.g., environment variable).
  • ⚠️The use of 'eval()' in calculator.py presents a significant security risk and should be avoided or heavily sandboxed.
Review RequiredView Analysis
The 'calculator.py' file uses 'eval()' which is a significant security risk as it allows arbitrary code execution. While it's intended for a limited scope (math/random), it's still a vulnerability if the input is not strictly controlled. The use of an API key for CoinMarketCap is present but hardcoded in 'getcryptoprice.py', which is not ideal for production environments. Network communication via WebSockets also carries inherent risks if not properly secured.
Updated: 2025-11-21GitHub
0
0
Medium Cost
AuraFriday icon

sqlite_mcp

by AuraFriday

Sec8

Provides a local, private, and zero-cost SQLite database with integrated semantic search and automatic embedding generation for AI memory and data management.

Setup Requirements

  • ⚠️Requires installation of the MCP-Link Server for proper functioning.
  • ⚠️First use requires an ~250MB download of the local Qwen embedding model.
  • ⚠️Requires Python 3.8+.
Verified SafeView Analysis
The tool uses parameterized queries, which mitigates standard SQL injection risks. Embedding generation occurs locally, eliminating external API data leakage. The `TOOL_UNLOCK_TOKEN` is dynamically generated to ensure documentation awareness. However, the use of `conn.enable_load_extension(True)` for `sqlite-vec` (though disabled immediately after) could be a theoretical vector if a malicious extension were to be loaded, but in this context, it loads a known, required extension. The handling of multiple SQL statements by splitting on semicolons without full SQL parsing could potentially introduce complex injection scenarios if an attacker could control the input SQL, though parameterized queries reduce this risk for data values.
Updated: 2025-12-02GitHub
0
0
Medium Cost
panigrahyvivek icon
Sec7

Provides an Express.js API and an MCP server for AI-driven analysis of product usage data stored in CSV files using Google Gemini.

Setup Requirements

  • ⚠️Requires a Google API Key (Paid) for Gemini AI functionality.
  • ⚠️Requires Node.js to be installed.
  • ⚠️Assumes the existence of a sibling directory named 'dm_usage_analytics' for serving static frontend files.
Verified SafeView Analysis
The AI analysis endpoint is vulnerable to prompt injection as user input is directly interpolated into the LLM context. The file upload (`multer`) and delete endpoints use `file.originalname` and `req.params.name` respectively, which, while `path.join` helps mitigate basic path traversal, could still be problematic if filenames are not rigorously sanitized for characters beyond simple names. Additionally, the `data` directory, where uploaded files reside, is served statically, meaning any uploaded file can be publicly accessed.
Updated: 2025-12-03GitHub
0
0
Low Cost
weber8thomas icon

claude-vault

by weber8thomas

Sec9

AI-assisted HashiCorp Vault management for secure secret handling and migration, especially for Docker services.

Setup Requirements

  • ⚠️Requires an existing HashiCorp Vault server with OIDC authentication configured.
  • ⚠️Requires a local Python 3.11+ environment with the 'mcp-vault' package installed (via pip or uvx).
  • ⚠️Requires a WebAuthn-compatible browser (e.g., Chrome, Firefox, Safari, Edge) for biometric/hardware key approvals.
Verified SafeView Analysis
The server employs a strong 'defense-in-depth' security model. It tokenizes all sensitive secret values before they reach the AI, ensuring zero-knowledge. All write operations and even file scanning operations require WebAuthn biometric or hardware key approval (human-in-the-loop), significantly mitigating prompt injection risks. Robust input validation is implemented to prevent command injection and path traversal attacks. Vault tokens are session-based, short-lived, and stored only in memory. A comprehensive local audit log tracks all operations. The local approval server runs on localhost by default, with clear instructions for securing it with HTTPS/Nginx in production. The primary risks are the user's responsibility: explicitly warning not to commit locally generated plaintext .env files or the temporary pending-operations.json file, and the initial 'curl | sudo bash' installation method common in Bash CLIs.
Updated: 2025-12-26GitHub
0
0
Medium Cost
aerospace-mcp-tools icon

outgassing-mcp-server

by aerospace-mcp-tools

Sec7

Provides a Model Context Protocol (MCP) server for querying NASA's outgassing database, enabling large language models to access aerospace material properties and compliance.

Setup Requirements

  • ⚠️Docker required
  • ⚠️Python 3.14+ is required (base image)
  • ⚠️Corporate network users must handle Zscaler/proxy certificates and potentially use the `DISABLE_SSL_VERIFY=true` environment variable for data access
  • ⚠️VS Code with GitHub Copilot extension is the primary intended client for integration
Verified SafeView Analysis
The server explicitly disables SSL certificate verification when the `DISABLE_SSL_VERIFY` environment variable is set to `true`, primarily for corporate network compatibility (e.g., Zscaler proxies). This is a known and documented security trade-off that makes data downloads from NASA's public database susceptible to Man-in-the-Middle (MITM) attacks in that specific configuration. However, the data is public and read-only, and no credentials are transmitted. The server itself uses stdio for MCP communication, not exposing network ports directly. No other critical vulnerabilities like 'eval' or hardcoded secrets were found.
Updated: 2026-01-18GitHub
PreviousPage 602 of 713Next