Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
ShayYeffet icon
Sec9

Provides a comprehensive set of tools for development, DevOps, data processing, and automation within an AI-assisted workspace.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher to be installed.
  • ⚠️Critical environment variables `MCP_WORKSPACE_ROOT` and `MCP_ALLOWED_COMMANDS` must be correctly configured for functionality and security.
  • ⚠️Several tools (e.g., `image_process`, `pdf_manipulate`, `csv_process`) provide placeholder implementations and require installation of additional external libraries (e.g., `sharp`, `pdf-lib`) for full functionality. Tools like `docker_manage` and `git_*` require Docker and Git CLI to be installed and accessible.
  • ⚠️The full installer batch file (`install-claude-mcp-complete.bat`) requires 'Run as administrator' on Windows.
Verified SafeView Analysis
The server implements robust path sandboxing, explicitly validates all file paths against the defined workspace root, and resolves symbolic links to prevent traversal attacks. Command execution uses a configurable allowlist and `child_process.spawn` with `shell: false` to prevent shell injection. The `kill_process` tool has safeguards for critical system processes. However, the `encrypt_decrypt` tool uses a hardcoded 'salt' value for password-based key derivation, which is a minor weakness. The `cloud_storage` tool's simplified authentication (Basic auth over potentially non-HTTPS) could be improved by using official SDKs for each provider.
Updated: 2025-12-20GitHub
0
0
Medium Cost
dmarsters icon
Sec9

Generates vintage candy packaging aesthetics by enhancing user prompts through a cost-optimized, three-layer LLM architecture for image generation.

Setup Requirements

  • ⚠️Requires Claude API access (Paid service)
  • ⚠️Requires FastMCP framework (listed as a dependency)
  • ⚠️Python 3.10+ required
Verified SafeView Analysis
The server leverages the FastMCP framework for LLM interactions. No direct use of 'eval', obfuscation, hardcoded secrets, or explicit network risks are present in the provided source code. JSON input parsing includes basic error handling. Security heavily relies on the FastMCP framework's implementation and the secure handling of Claude API keys by the execution environment.
Updated: 2025-11-29GitHub
0
0
Low Cost
newtechcollab icon

chatgpt-agentic-commerce

by newtechcollab

Sec6

Provides e-commerce functionalities like product search and purchasing workflow via custom widgets and tools for integration with a ChatGPT agent.

Setup Requirements

  • ⚠️Requires the `mcp` (Multi-Channel Protocol) Python library and framework.
  • ⚠️Specifically designed for integration with OpenAI's ChatGPT as an agent's tool/plugin, leveraging `window.openai` APIs.
  • ⚠️Client-side XSS vulnerabilities in the provided HTML widgets if `product.title` or `product.image_url` are sourced from untrusted input without proper sanitization.
Verified SafeView Analysis
The server's HTML widgets (specifically 'products.html' and 'products-old.html') embed product data (`image_url`, `title`) directly into `innerHTML` or `img.src` without explicit sanitization. This introduces client-side Cross-Site Scripting (XSS) vulnerabilities if the product data originates from an untrusted source or contains malicious scripts. While the current Python tool outputs static, clean data, this is a significant pattern-level risk for future extensions.
Updated: 2026-01-18GitHub
0
0
Medium Cost
praveenc icon
Sec9

Fetches web content, extracts clean markdown using Trafilatura, discovers links, and supports llms.txt for AI agents.

Setup Requirements

  • ⚠️Requires `uv` for installation and running.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server uses `httpx` for network requests with timeouts, `protego` for robots.txt compliance, and `trafilatura` for content extraction, all of which are well-regarded libraries. It explicitly avoids fetching if `robots.txt` disallows it (unless bypassed manually). The use of `defusedxml` for XML parsing is a good security practice. No `eval` or `exec` calls are present. Regex patterns for link discovery are controlled. No apparent hardcoded secrets or malicious patterns.
Updated: 2025-12-06GitHub
0
0
Medium Cost
Spartantechcompany icon

n8n-mcp

by Spartantechcompany

Sec8

Provides an AI-friendly interface (via Model Context Protocol) for N8n workflow documentation, node configuration, validation, and management. Enables AI agents to discover, build, and maintain automation workflows.

Setup Requirements

  • ⚠️An `AUTH_TOKEN` is mandatory for HTTP and SSE modes, requiring secure generation (e.g., `openssl rand -base64 32`) and configuration as an environment variable.
  • ⚠️Workflow management tools (create, update, delete workflows) require an active N8n instance with its API configured via `N8N_API_URL` and `N8N_API_KEY` environment variables.
  • ⚠️The node database (`nodes.db`) must be built initially by running `npm run rebuild` from the project root. Failure to do so will result in a 'Database not found' error.
  • ⚠️Node.js version mismatches for the `better-sqlite3` dependency can occur, leading to build failures. The recommended fix is `npm rebuild better-sqlite3` or reinstalling dependencies.
Verified SafeView Analysis
The server correctly enforces an `AUTH_TOKEN` for HTTP/SSE modes, which must be securely generated and configured as an environment variable. `CORS_ORIGIN` is configurable. The codebase uses `axios` for external API calls to n8n.io and a configured n8n instance, which should be secured. A debug script (`src/scripts/debug-n8n-auth.ts`) contains a hardcoded `N8N_API_KEY` example, which is a minor risk if accidentally used in production. The internal `WorkflowValidator` and `NodeSpecificValidators` include warnings for potential SQL injection vulnerabilities in user-provided queries, indicating a proactive approach to security within the code's own validation logic. File system access is for local data (database, node sources) and build processes.
Updated: 2025-11-25GitHub
0
0
Low Cost
pivotal-ben-chacko icon

mcp-weather-server

by pivotal-ben-chacko

Sec8

Provides weather forecast and alert tools via the Model Context Protocol (MCP) for AI clients like Claude Desktop and Claude Code CLI.

Setup Requirements

  • ⚠️Requires Java 17 or higher.
  • ⚠️Requires Maven 3.6+ (or use the included Maven wrapper).
  • ⚠️Dependencies rely on Spring Snapshot repositories, which might be unstable or require specific Maven configuration to access `https://repo.spring.io/snapshot`.
Verified SafeView Analysis
The server interacts with the public `api.weather.gov` using `RestClient`. No 'eval' or similar dangerous functions are used. URL construction for the 'getAlerts' tool uses direct string concatenation for the 'state' parameter; while 'state' is expected to be a two-letter code, this pattern could introduce minor URL injection risks if input validation were less strict or if special characters were allowed by the MCP client. No hardcoded sensitive secrets or API keys are present in the provided source.
Updated: 2025-12-15GitHub
0
0
Medium Cost
jonmmease icon

jons-mcp-imessage

by jonmmease

Sec8

Query and send iMessages on macOS using AI assistants, with hybrid keyword and semantic search capabilities.

Setup Requirements

  • ⚠️macOS Specific (requires macOS and Messages.app)
  • ⚠️Permission Intensive (requires Full Disk Access, Automation, and optional Contacts permissions on macOS)
  • ⚠️OpenAI API Key (Paid) required for semantic search features
Verified SafeView Analysis
The server executes AppleScript via `osascript` for sending messages. Input for AppleScript is sanitized using `_escape_applescript_string` to prevent injection. This approach, while necessary for iMessage automation on macOS, carries a slight risk if sanitization were incomplete. However, the current implementation appears robust for typical attacks and relies on macOS's explicit permission model. `OPENAI_API_KEY` is loaded from environment variables, which is good practice. The tool requires significant macOS permissions (Full Disk Access, Automation, Contacts), which are clearly documented and necessary for its functionality.
Updated: 2025-12-14GitHub
0
0
Medium Cost
jagarlamudisrinath icon

openpyxl-mcp-server

by jagarlamudisrinath

Sec1

Provides a Flask-based web API to programmatically interact with and manipulate Excel files using the openpyxl library.

Setup Requirements

  • ⚠️Requires Python 3.x and pip to install dependencies (listed in `requirements.txt`).
  • ⚠️Requires file system access for temporary file storage and processing, which is critical given the path traversal vulnerability.
Review RequiredView Analysis
CRITICAL: The server is vulnerable to path traversal. The `file_name` parameter in API requests (e.g., for file deletion via `os.remove`) is directly taken from user input (`request.json.get('file_name')`) and combined with a temporary directory path using `os.path.join`. This allows an attacker to specify relative paths (e.g., `../../../../etc/passwd`) to access and potentially delete arbitrary files on the server's filesystem. This is a severe vulnerability and makes the server unsafe to run in its current state.
Updated: 2025-11-22GitHub
0
0
Low Cost
Josepavese icon

nido

by Josepavese

Sec7

Nido is a retro-futuristic VM manager designed for AI agents, enabling rapid spawning, execution, and destruction of QEMU-based virtual machines using linked clones.

Setup Requirements

  • ⚠️Requires QEMU to be installed (e.g., `brew install qemu`, `sudo apt install qemu-system-x86 qemu-utils`, `choco install qemu`).
  • ⚠️Linux users may need to grant KVM permissions (`sudo usermod -aG kvm $USER && newgrp kvm` or session restart).
  • ⚠️Windows requires PowerShell 5.1+ (for quick install) and Hyper-V enabled for WHPX acceleration.
  • ⚠️Building from source requires Go 1.21+.
Verified SafeView Analysis
The project uses `exec.Command` extensively, which is expected for a VM management tool interacting with QEMU and system utilities. User inputs like VM names are sanitized. Image downloads use checksum verification. SSH connectivity is local to the host (127.0.0.1). A minor risk exists if `SSH_USER` (configurable via `nido config set`) is maliciously set with shell commands, as it is directly used in `ssh` commands. However, `ssh` itself has internal safeguards against arbitrary command injection in username fields, and setting this requires local administrative privileges.
Updated: 2026-01-19GitHub
0
0
High Cost
Sujal261 icon
Sec3

The FFmpeg MCP Server provides programmatic FFmpeg-based video and audio processing capabilities to LLMs, enabling tasks like format conversion, trimming, and merging.

Setup Requirements

  • ⚠️Requires FFmpeg to be installed and accessible in the system PATH or explicitly configured via FFMPEG_EXECUTABLE environment variable.
  • ⚠️Requires 'mcp' and 'fastmcp' Python libraries to be installed.
  • ⚠️Integration with Claude requires manual configuration of `claude_desktop_config.json` with absolute paths.
Review RequiredView Analysis
The server executes FFmpeg commands using `subprocess.run` where various input parameters (e.g., `video_path`, `txtfile_path`, `audio_format`, `preset`, `crf`, `framerate`, `start_time`, `end_time`, `scale` components) are directly taken from the `data` dictionary (user input) and interpolated into the command arguments. While `subprocess.run` with a list (rather than a shell string) mitigates simple shell injection, it does not prevent command injection if crafted input arguments are interpreted maliciously by FFmpeg itself. A significant risk is present in the `video_merge` tool, which uses `'-safe', '0'` with the `concat` demuxer. This option explicitly disables path validation, making it vulnerable to arbitrary file access or manipulation if the `txtfile_path` or its contents are user-controlled and contain paths to sensitive files or external commands that FFmpeg might process.
Updated: 2025-12-15GitHub
0
0
Low Cost
mihaelamj icon

homebrew-tap

by mihaelamj

Sec9

Provides a local server to search Apple documentation, Swift Evolution proposals, and sample code.

Setup Requirements

  • ⚠️Requires macOS
  • ⚠️Requires macOS Sequoia or later
  • ⚠️Initial 'cupertino setup' command required to download documentation databases
Verified SafeView Analysis
The Homebrew formula itself does not contain obvious security vulnerabilities like 'eval' or hardcoded secrets. It downloads a pre-compiled binary from a GitHub release with SHA256 verification. The security of the 'cupertino' binary itself is not auditable from the provided source code.
Updated: 2025-12-31GitHub
0
0
Low Cost
soumyaprasadrana icon

maximo-mcp-artifacts

by soumyaprasadrana

Sec1

This repository acts as a distribution point for installable components and artifacts related to the maximo-mcp server.

Review RequiredView Analysis
No executable server source code was provided for analysis. The repository contains only a README indicating it stores 'installable and artifacts' for a server. Therefore, a security audit of the actual maximo-mcp server for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns is impossible based on the given information. Running any artifacts from this repo without independent verification of their contents would be highly risky.
Updated: 2025-12-06GitHub
PreviousPage 604 of 713Next