Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
nskw-d icon
Sec9

Auth0-protected MCP server and client demonstrating authenticated tool access for AI agent integration.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires an Auth0 account and application setup for domain, client ID/secret, audience, and a configured callback URI.
  • ⚠️Requires a Selenium WebDriver (ChromeDriver, geckodriver, or EdgeDriver) to be installed and accessible via PATH for automated browser interactions during client authentication.
Verified SafeView Analysis
The server correctly implements JWT verification using Auth0's JWKS endpoint, validating tokens for algorithms, audience, and issuer. Secrets are appropriately loaded from environment variables. The client's OAuth authorization code flow involves a local HTTP server for callbacks, a standard practice for CLI applications. Error handling for JWT and OAuth processes is present. While the client relies on Selenium WebDriver, which requires a correct setup, and a GOOGLE_API_KEY is used, these are managed through environment variables and standard library usage.
Updated: 2025-12-15GitHub
0
0
Medium Cost
manee1112 icon

yachtsy-mcp-server

by manee1112

Sec9

Provides AI-powered intelligent insights and access to a comprehensive marketplace for yacht buyers and enthusiasts.

Setup Requirements

  • ⚠️Requires a Yachtsy API key (obtained from https://www.yachtsy.ai/signup).
  • ⚠️Requires Node.js (>=18.0.0) and npm to be installed.
  • ⚠️Requires an active internet connection to access boat listings and expert advice.
Verified SafeView Analysis
The server correctly handles sensitive API keys by requiring them as environment variables or via a .env file, avoiding hardcoding. It uses standard dependencies and no obvious malicious patterns like 'eval' with unsanitized input were found. The primary interaction is with a designated external API, limiting unexpected network exposure.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Prasad1612 icon

NseKit-MCP

by Prasad1612

Sec9

Provides real-time and historical data from the National Stock Exchange of India (NSE) via a FastMCP server, suitable for AI agents, trading bots, and research.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Recommends using 'uv' for installation instead of 'pip'.
  • ⚠️Needs a specific JSON configuration entry added to an MCP server configuration file to be utilized by an MCP client.
Verified SafeView Analysis
The server's code for exposing tools, rate limiting, and data conversion (Pandas to JSON) appears straightforward and does not contain obvious direct vulnerabilities like 'eval', arbitrary code execution, or hardcoded sensitive information. It utilizes `threading.Lock` for thread-safe rate limiting, which is good practice. The primary security posture relies heavily on the underlying `NseKit` and `Moneycontrol` libraries it wraps, which are external dependencies making network calls. Assuming these upstream libraries are secure, the `nsekit-mcp` wrapper itself presents low direct risk.
Updated: 2026-01-14GitHub
0
0
Low Cost
GenAiWithMF icon
Sec8

Converts an existing FastAPI expense tracker application into a FastMCP server, enabling integration with clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Utilizes 'uv' (Ultrafast Python package installer and resolver) for running the server, which needs to be installed.
  • ⚠️For production deployment, persistence and management of the local 'expenses.db' SQLite file would need external handling.
Verified SafeView Analysis
The application uses parameterized queries for all database operations (SQLite), which effectively prevents SQL injection vulnerabilities. No 'eval' or other arbitrary code execution patterns were found. No hardcoded secrets are present in the provided source. The primary security considerations would be network exposure and access control when deploying (e.g., making the FastMCP server public without proper authentication if sensitive data is involved), which are deployment-level concerns rather than inherent code vulnerabilities.
Updated: 2025-11-28GitHub
0
0
Low Cost
danielftl icon

windows-mcp-server

by danielftl

Sec1

Provides a set of Windows desktop automation tools via an MCP (Multi-Modal Communication Protocol) Server-Sent Events (SSE) stream.

Setup Requirements

  • ⚠️Requires Python 3.x and Windows operating system.
  • ⚠️Requires installation of `pyautogui`, `keyboard`, `pywinauto`, `psutil`, `flask`, `pillow` via pip.
  • ⚠️Needs to run as an interactive user to properly interact with the GUI.
Review RequiredView Analysis
This server exposes powerful system-level controls (mouse, keyboard, application execution, process termination, screenshots) via an unauthenticated API. The `tool_open_app` function allows a connected client to execute any arbitrary program on the host machine by providing a path, leading to arbitrary code execution. The `tool_close_app` function allows termination of any process given its PID. While it defaults to `127.0.0.1`, any local process can connect and fully control the machine. This is an extremely high-risk setup and should only be run in highly controlled, isolated environments with trusted clients.
Updated: 2025-11-25GitHub
0
0
Medium Cost
JoshuaRamirez icon

threads-mcp

by JoshuaRamirez

Sec9

This MCP server exposes Threads CLI data and operations, enabling AI agents or other Model Context Protocol clients to manage tasks, projects, and organizational structures through defined resources and tools.

Setup Requirements

  • ⚠️Requires Node.js and npm for installation and execution.
  • ⚠️The example configuration for Claude Desktop specifies an absolute file path, which users will need to adjust to their local installation directory.
  • ⚠️Data is stored locally in `~/.threads/threads.json`, meaning state is persistent on the user's machine and shared with the Threads CLI.
Verified SafeView Analysis
The server uses stdio transport, meaning it doesn't open network ports directly. Data is stored locally in `~/.threads/threads.json`, with backup creation on writes. This assumes a trusted local execution environment for file system access. No `eval` or other dynamic code execution patterns were found. No hardcoded secrets are present in the provided source.
Updated: 2026-01-17GitHub
0
0
Medium Cost
hjtapia74 icon

agiloft-mcp-server

by hjtapia74

Sec8

An MCP (Model Context Protocol) server for AI assistants to perform CRUD operations and search functionality on Agiloft contracts via its REST API.

Setup Requirements

  • ⚠️Requires access to an existing Agiloft instance with REST API enabled.
  • ⚠️Mandatory configuration: Agiloft base URL, username, password, and knowledge base name.
  • ⚠️Python 3.8 or higher is required.
Verified SafeView Analysis
The server demonstrates good security practices by recommending environment variables for sensitive credentials (AGILOFT_PASSWORD), masking passwords in log output, and handling token refresh proactively. It uses `aiohttp` for secure asynchronous HTTP communication. No use of `eval` or obvious malicious patterns found. The server operates in stdio mode, limiting its direct network exposure from the MCP client perspective. However, like any system handling credentials and making external API calls, proper operational security for the host environment is critical.
Updated: 2025-11-20GitHub
0
0
Medium Cost
peterdewit icon

mcp-openarchieven

by peterdewit

Sec9

Exposes the OpenArchieven public API as Model Context Protocol (MCP) tools for LLM agents to perform genealogical searches and data retrieval.

Setup Requirements

  • ⚠️Requires Python 3 and installation of `mcp`, `requests`, `uvicorn` packages.
  • ⚠️Relies on the availability and stability of the external OpenArchieven API (api.openarchieven.nl).
  • ⚠️Designed specifically for consumption by MCP-compatible LLM frontends like MetaMCP or OpenWebUI.
Verified SafeView Analysis
The server acts as a proxy for a public external API (OpenArchieven.nl). It uses `requests.get` with a timeout, which is good practice. Basic input validation is present for required parameters and some integer bounds. No 'eval' or similar dangerous functions were found. No hardcoded secrets were identified. On HTTP errors, `resp.text[:2000]` is logged, which is a minor potential information leak if the upstream API ever returned sensitive data in error messages, but given it's a public API, the risk is low.
Updated: 2025-11-19GitHub
0
0
Low Cost
Harsh21-design icon

Dairy_Management

by Harsh21-design

Sec9

A full-stack dairy management system for recording milk entries, customer details, and calculating monthly bills.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️The FastMCP server (main.py) must be running before the Streamlit client (streamlit_client.py) can connect.
  • ⚠️The 'streamlit_client.py' is configured to connect to a remote FastMCP server by default; for local operation, the local client transport ('client = Client(transport="http://localhost:8000/mcp")') needs to be uncommented and the remote one commented out.
Verified SafeView Analysis
The application uses parameterized SQLite queries, effectively preventing SQL injection. No 'eval' or malicious patterns were found. The FastMCP server binds to 'localhost' by default, limiting direct external exposure. However, if deployed publicly without proper authentication/authorization, the exposed API endpoints could lead to sensitive data exposure (customer lists, milk entries). No hardcoded secrets were identified.
Updated: 2025-11-25GitHub
0
0
High Cost
Komorebi-yaodong icon

ketchup-draw-mcp-server

by Komorebi-yaodong

Sec8

Enables MCP clients (like Claude Desktop) to generate and optimize images using Ketchup AI and automatically upload them to URUSAI! for permanent URLs.

Setup Requirements

  • ⚠️Relies on external Ketchup AI API which might have usage limits or future authentication requirements (currently no API key explicitly mentioned).
  • ⚠️Relies on URUSAI! for image hosting, an external service.
  • ⚠️Users in mainland China *must* configure a local HTTP/HTTPS proxy via the `HTTPS_PROXY` environment variable to access Ketchup AI and URUSAI!.
Verified SafeView Analysis
The server's code appears generally safe. It doesn't use `eval` or exhibit obfuscation. Network requests are made to `ketchup-ai.com` and `api.urusai.cc` which are external services; their security is assumed. Proxy support via `undici` is implemented correctly using environment variables, preventing hardcoded proxy details. No hardcoded secrets were found. An unused `node-catbox` dependency is present in `package.json`, but the image upload logic in `src/index.ts` uses direct `fetch` calls, which is a minor inefficiency but not a security flaw.
Updated: 2025-12-01GitHub
0
0
Low Cost
Manicka98 icon

MCP-Server

by Manicka98

Sec7

This server facilitates real-time multiplayer interactions for a game client, handling player positions, attacks, block placements, and general messaging, likely for a Minecraft-like game.

Setup Requirements

  • ⚠️Requires a MongoDB instance running, accessible at 'mongodb://localhost:27017/' by default.
Verified SafeView Analysis
The server uses Socket.IO to receive client data (e.g., player positions, block placements) and interacts with MongoDB. While `pymongo` generally handles basic parameterization, it's critical that all incoming client-provided data is thoroughly validated and sanitized before being used in database operations or other server-side logic to prevent potential injection attacks (e.g., MongoDB injection) or unexpected data manipulation. No 'eval', hardcoded secrets, or explicit network-level vulnerabilities were immediately apparent in the provided truncated code. MongoDB connection string is hardcoded.
Updated: 2025-12-01GitHub
0
0
Low Cost
ayush-dudhani icon

openweather-mcp-server

by ayush-dudhani

Sec8

Provides current weather data via an SSE endpoint for MCP clients and acts as an AI tool for fetching weather information.

Setup Requirements

  • ⚠️Requires an OpenWeather API key, which may involve registration and could have usage limits depending on the chosen plan.
  • ⚠️Requires Java 17+ and Maven 3.6+ to build and run the application.
Verified SafeView Analysis
The server's design is straightforward, using environment variables for API keys and standard Spring Boot practices. No 'eval', code obfuscation, or hardcoded secrets were found. A minor potential concern is the direct string concatenation of the 'city' parameter into the URL in WeatherService. While RestTemplate typically handles basic URL encoding, explicit URI building or more robust input validation could further mitigate risks of malformed requests if highly unusual characters are used in the city name.
Updated: 2025-12-14GitHub
PreviousPage 603 of 713Next