Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
vipincr icon

imagen-mcp

by vipincr

Sec9

Provides an MCP server to manage and configure image generation capabilities using Google's Gemini and Imagen models, often integrated via a VS Code extension.

Setup Requirements

  • ⚠️Requires a Google AI API Key (Paid Service)
  • ⚠️Python 3.9+ must be installed on your system for the server to run (extension manages virtual environment automatically)
  • ⚠️Pillow and pillow-heif dependencies are required for image processing (automatically installed by the extension).
Verified SafeView Analysis
The project prioritizes API key security by not storing keys in workspace files, migrating deprecated settings to Secret Storage, and using environment variables or OS keyring. The use of `child_process.exec` in the VS Code extension for Python environment setup is controlled by internal, hardcoded dependencies and paths, mitigating common execution risks. No signs of malicious patterns or obfuscation.
Updated: 2025-12-24GitHub
0
0
Low Cost
DeepActionPotential icon

NotionMCP

by DeepActionPotential

Sec9

NotionMCP is an AI-powered Modular Context Protocol (MCP) server that integrates Notion with LLM clients like Claude Desktop, enabling advanced search, content reading, summarization, and emotion analysis of Notion data.

Setup Requirements

  • ⚠️Requires a Notion API Key with access to the relevant workspace/pages.
  • ⚠️Initial run will download AI models (t5-small and DistilRoBERTa) from Hugging Face, requiring internet access and some disk space.
  • ⚠️Computational resources (CPU/RAM, optionally GPU) are consumed locally by the AI models, which can be significant for large documents.
Verified SafeView Analysis
The code follows good practices for handling secrets by using environment variables (NOTION_API_KEY, HTTP_TIMEOUT). It uses `httpx` for API calls with built-in retry and backoff, mitigating network-related risks. There are no obvious `eval()` calls, obfuscation, or direct shell command executions from untrusted input. AI models (T5, DistilRoBERTa) are loaded from Hugging Face, which introduces a supply chain dependency but is standard for local model usage. Overall, the server appears robust and secure for its stated purpose.
Updated: 2025-12-06GitHub
0
0
High Cost
LokeshSinhaN icon

mcp-playwright-ts

by LokeshSinhaN

Sec3

An AI-powered web automation server using Playwright that allows AI models to interpret natural language commands to interact with web browsers, perform actions, extract information, and provide real-time visual feedback.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a Google Gemini AI API key (paid service).
  • ⚠️Hardcoded CHROMEDRIVER_PATH in seleniumGenerator.ts points to a Windows path, which might be an issue for non-Windows deployments or if using a different Chromium version than Playwright's default.
Review RequiredView Analysis
The server exposes direct browser automation actions (navigate, click, type) via the `/api/execute` endpoint. If this server is exposed to untrusted external users, it presents significant risks: - **Server-Side Request Forgery (SSRF) / Open Redirect:** The `navigate` action allows an attacker to direct the server's browser to arbitrary URLs, potentially including internal network resources or malicious external sites. - **Arbitrary Browser Interaction:** The `click` and `type` actions take user-controlled selectors and text, enabling arbitrary interaction with web pages, which could lead to data exfiltration or manipulation if sensitive pages are accessed. - **Code Injection (Critical):** The `generateSelenium` function directly embeds user-provided `cmd.target` and `cmd.value` into a Python script string without apparent sanitization. If the `commands` array is controllable by an untrusted entity, this is a severe arbitrary code injection vulnerability, allowing them to execute any Python code on the server. - **Reliance on AI Safety:** While Gemini AI is used to interpret commands, if the AI itself is susceptible to prompt injection attacks, the underlying direct browser control functions remain exploitable.
Updated: 2026-01-19GitHub
0
0
Low Cost
Yasoun icon
Sec6

Provides UI-bearing tools and resources for various demo applications (e.g., pizza map, photo albums, solar system) to be driven by a Model Context Protocol (MCP) client like ChatGPT or the MCP Inspector.

Setup Requirements

  • ⚠️Frontend assets must be built first by running `pnpm run build` from the repository root.
  • ⚠️Requires Python 3.10+.
  • ⚠️Ensure 'modelcontextprotocol' package (if previously installed) is uninstalled to avoid conflicts with the official 'mcp' distribution.
Verified SafeView Analysis
A Mapbox access token is hardcoded in `src/pizzaz/index.jsx`, which is generally discouraged for API keys even if it's a public demo token. Both the Python and Node.js servers enable wildcard CORS (`Access-Control-Allow-Origin: *`), posing a security risk in production for cross-origin attacks. No explicit 'eval' or malicious obfuscation patterns were found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
hnegi01 icon
Sec7

Automates Sisense deployment interactions and migrations via an AI assistant with tool-calling capabilities.

Setup Requirements

  • ⚠️Requires Python 3.10+ (or Docker)
  • ⚠️Requires access to a Sisense Fusion deployment (or multiple for migration)
  • ⚠️Requires API keys/tokens for a supported LLM provider (Azure OpenAI or Databricks Model Serving)
  • ⚠️Requires manual setup of PySisense SDK documentation and examples for full tool registry generation, or running `refresh_registry.sh` to clone it locally.
Review RequiredView Analysis
The system uses LLMs, which introduces inherent prompt injection risks. This is partially mitigated by a confirmation loop for mutating actions and an optional 'no summarization' privacy mode. The CORS middleware in the `mcp_server` and `backend` uses `allow_origins=["*"]`, which is generally unsafe for production environments without external access controls. However, the README explicitly advises deploying behind an organization's authentication/SSO and implementing network restrictions. Sensitive Sisense API tokens and LLM API keys are handled via environment variables and session state (not persisted in the UI), reducing hardcoding risks. No direct `eval` or obvious malicious code patterns were found.
Updated: 2026-01-13GitHub
0
0
Medium Cost
imnumb1 icon
Sec9

Simplifies Terraform code management, generation, and compliance checking across multiple cloud providers.

Setup Requirements

  • ⚠️Requires Python 3.10 or later.
  • ⚠️Terraform CLI must be installed and in PATH for schema-aware validation.
Verified SafeView Analysis
The application is designed with a strong security focus, primarily to identify security risks like hardcoded secrets and sensitive data in Terraform configurations and state files. No 'eval' or similar dangerous patterns were found. Network requests are made to the official Terraform Registry for provider metadata, with a timeout, which is a standard and expected interaction. File I/O for uploaded files in the web UI uses temporary directories. The use of `subprocess.run` to invoke the `terraform` CLI for schema validation is a legitimate function of the tool, assuming the installed `terraform` CLI itself is trusted. The project actively aims to improve the security posture of Terraform workflows rather than introducing new vulnerabilities.
Updated: 2026-01-19GitHub
0
0
Low Cost
tatsunobuMurata icon

splunk_mcp_python_server

by tatsunobuMurata

Sec3

Provides an MCP agent for network fault analysis by integrating with Splunk saved searches to retrieve network performance and topology data.

Setup Requirements

  • ⚠️Requires a running Splunk Enterprise or Splunk Cloud instance.
  • ⚠️Requires the official Splunk MCP Server application/service to be installed and enabled.
  • ⚠️Requires specific Splunk saved searches (e.g., `mcp_get_slow_network_nodes`, `mcp_get_network_topologies`) to be created in the `mcp_demo` app.
  • ⚠️Disables SSL certificate verification by default for Splunk API communication, which must be addressed for secure deployments.
  • ⚠️The `Claude Desktop` setup example uses `npx mcp-remote`, implying Node.js is required to run the remote MCP client component.
Review RequiredView Analysis
The code disables SSL certificate verification (`verify=False`) when making HTTP requests to Splunk (`network_fault_analysis_agent.py` and `splunk_saved_search_mcp_server.py`), which is a critical security vulnerability making it susceptible to Man-in-the-Middle attacks. Additionally, the setup instructions promote using default/weak credentials (`admin/password`) for Splunk access in configuration examples, which is highly insecure.
Updated: 2025-11-26GitHub
0
0
Low Cost
agent-matrix icon

network.matrixhub

by agent-matrix

Sec4

A professional network for AI agents, tools, and MCP servers to discover, connect, and collaborate, inspired by LinkedIn.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the recommended full-stack deployment.
  • ⚠️A PostgreSQL database instance is required and must be configured (SQLite is for local dev only).
  • ⚠️The authentication system (login/register) as provided is for demo purposes only; critical security features (e.g., password hashing, JWT) are explicitly noted as 'TODO' for production. Running in production without these modifications poses significant security risks.
Verified SafeView Analysis
The current authentication system for the backend, as implemented in `backend/app/api/routes/auth.py`, uses in-memory storage with plain-text passwords for demo accounts and simple token generation. This is explicitly stated by the author as 'for demo purposes - replace with database in production' and is a critical vulnerability for actual production deployment without modification. The frontend uses `dangerouslySetInnerHTML` in `MessagesView.tsx` for JSON syntax highlighting; while the `highlightJSON` function appears controlled, `dangerouslySetInnerHTML` always carries an XSS risk if input is not meticulously sanitized. CORS configuration can default to `*` (all origins), which is insecure for production but configurable. On the positive side, the project uses SQLAlchemy ORM to prevent SQL injection, and the documentation clearly outlines security 'TODOs' for production, including password hashing (bcrypt) and JWT tokens.
Updated: 2025-12-30GitHub
0
0
Medium Cost
emrgcl icon
Sec9

Provides an AI-powered toolkit for making informed Azure region selection decisions by combining network latency testing and pricing analysis.

Setup Requirements

  • ⚠️Requires Azure CLI and authentication via `az login`.
  • ⚠️Requires Python 3.10+.
  • ⚠️Requires VS Code Insider (as of Jan 2026) for the integrated AI experience with GitHub Copilot.
Verified SafeView Analysis
The server uses `DefaultAzureCredential` for Azure authentication, which is a standard and secure practice relying on the user's `az login` or environment variables. It creates temporary Azure resource groups and storage accounts for latency testing and includes robust cleanup mechanisms, even in case of cancellation or errors. No `eval` or obfuscation detected. No hardcoded secrets were found in the provided source code. Network operations (TCP connections) are for legitimate latency measurement.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ningen icon
Sec9

Provides an MCP (Model Context Protocol) server for searching and browsing articles on Qiita and Qiita Team.

Setup Requirements

  • ⚠️Requires a Qiita Access Token (QIITA_ACCESS_TOKEN environment variable) to avoid strict API rate limits.
  • ⚠️Users of Qiita Team must set the QIITA_TEAM environment variable.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json` to connect, specifying the server's SSE URL.
Verified SafeView Analysis
The server uses environment variables for sensitive data like Qiita API tokens (QIITA_ACCESS_TOKEN) and implements Zod for robust input validation on all tool parameters, which is a strong security practice. There is no usage of 'eval' or other inherently dangerous functions. Network requests are made to the official Qiita API endpoints based on validated inputs and environment configurations. The server acts as a secure proxy, wrapping the Qiita API. The direct use of `http.createServer` with manual request/response handling for Hono and SSE is slightly less abstract than a dedicated framework adapter, but it's implemented correctly for its purpose.
Updated: 2025-12-14GitHub
0
0
Low Cost
Thomas-Leung-852 icon

housekeeper-bee-mcp-server

by Thomas-Leung-852

Sec3

The MCP Server integrates an LLM client (Claude Desktop) with a Housekeeper Bee application to dynamically manage storage box records and system administration tasks through natural language interactions.

Setup Requirements

  • ⚠️Requires NodeJS v22 for compatibility.
  • ⚠️Relies on Claude Desktop as the LLM client, requiring its installation and configuration.
  • ⚠️Requires a separate 'Housekeeper Bee Server' instance (v1.1.0+) to be running.
  • ⚠️Extensive environment variable configuration is needed within the Claude Desktop `claude_desktop_config.json` file for API keys, server URLs, and output paths.
Review RequiredView Analysis
CRITICAL VULNERABILITIES IDENTIFIED: 1. **Disabled TLS Certificate Verification**: The line `process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';` explicitly disables SSL/TLS certificate validation for all outbound HTTPS requests. This makes the application highly vulnerable to Man-in-the-Middle (MITM) attacks, allowing an attacker to intercept and tamper with communication to the Housekeeper Bee server without detection. 2. **Unverified JWTs**: The `decodeToken` function uses `jwt.decode(token)` without any signature verification. This means that an attacker could forge a JWT (e.g., modify user ID, set an arbitrary expiration date) and the application would consider it valid, completely bypassing authentication and authorization mechanisms for sensitive operations like deletion, renaming, and schedule changes. 3. **Path Traversal and Potential Remote Code Execution (RCE)**: Several file operations (`writeToTextFile`, `exportToJsonFile`, `exportToHtmlFile`) use a user-controlled `filename` or a constructed `filePath` based on `exportFilePath` (from environment variables). If an attacker can inject path traversal sequences (e.g., `../../`) into the `filename` via an LLM prompt, they could write files to arbitrary locations on the server. The `exportToHtmlFile` then uses `open(`${filePath}`)` to open the generated HTML file. If a malicious script is written via path traversal, `open` could execute it, leading to Remote Code Execution (RCE) on the host running the MCP server. 4. **SSRF Risk**: The `serverUrl` and `adminUrl` are read from environment variables and used for internal API calls. While typically configured securely, if these environment variables are compromised, an attacker could potentially direct the server to make requests to internal network resources, leading to Server-Side Request Forgery (SSRF).
Updated: 2025-12-12GitHub
0
0
Medium Cost
Applitest-co-il icon

test-runner-mcp

by Applitest-co-il

Sec8

Connect AI assistants to web and mobile testing infrastructure, enabling natural language control and generating reusable test automation scripts.

Setup Requirements

  • ⚠️Requires Node.js 20+ (24+ recommended)
  • ⚠️For mobile testing: Requires a locally running Appium server and configured simulators/emulators
  • ⚠️Requires compatible AI client (Claude Desktop 0.7+, Gemini CLI) and specific client-side configuration
Verified SafeView Analysis
The server primarily acts as a wrapper around the `@applitest/test-runner` SDK. Direct command injection risks in the server's own code (e.g., `eval`, `child_process.exec` with unsanitized input) are not apparent. The `do-step` tool allows AI to execute various automation commands and selectors; the security posture largely depends on how well the underlying `test-runner` library and the browser/Appium environments are hardened against malicious inputs (e.g., malformed selectors, scripts in URLs). Session validation helps prevent cross-session interference.
Updated: 2025-12-24GitHub
PreviousPage 606 of 713Next