Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
pcnfernando icon

mcp-weather-server

by pcnfernando

Sec9

This server is designed to provide weather-related services, likely interacting with an 'mcp' platform or API.

Setup Requirements

  • ⚠️Requires Ballerina SDK (version 2201.12.3 or compatible) to be installed.
  • ⚠️Requires a Java Runtime Environment (JRE) due to Ballerina's underlying architecture.
  • ⚠️The 'ballerina/mcp' package (version 1.0.2) must be locally available in the Ballerina environment.
Verified SafeView Analysis
The provided source code consists solely of Ballerina configuration files (TOML). These files do not contain executable logic, eval statements, obfuscation, or hardcoded secrets within themselves. The actual security posture of the server depends entirely on the implementation details in the unprovided Ballerina (.bal) source files, especially concerning how security-sensitive dependencies like 'http', 'auth', 'crypto', and 'jwt' are utilized. The 'mcp' dependency is specified as 'local', meaning its security and availability rely on its external implementation.
Updated: 2025-11-27GitHub
0
0
Medium Cost
message-extensions icon

mock-mcp-servers

by message-extensions

Sec2

This repository provides mock Model Context Protocol (MCP) servers for evaluating and testing remote MCP functionality, simulating various authentication methods and Responsible AI scenarios for Declarative Agents (DAs).

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Manual code modification in `server-multi-auth.py` is required as a workaround for fetching tools with certain MCP clients (e.g., VS Code MCP Client) due to FastMCP limitations, and then must be reverted.
  • ⚠️The RAI server (`rai-mcp-server/server.py`) requires a specific CSV file (`RAI_Validation_Dataset.csv`) to be present for content validation functionality.
Review RequiredView Analysis
This repository contains servers explicitly designed to simulate security vulnerabilities for testing purposes, making them inherently unsafe for general deployment. Specific risks include: - `auth-mcp-server/server-multi-auth-old.py` explicitly disables JWT signature verification (`options={"verify_signature": False}`), a critical vulnerability for token validation, with a warning 'DO NOT USE IN PRODUCTION'. - `rai-mcp-server/server.py` includes tools that simulate data exfiltration (`report_analytics` printing '🚨 DATA EXFILTRATION DETECTED 🚨' and a malicious webhook URL) and potential Server-Side Request Forgery (SSRF) via arbitrary URL fetching (`import_design`, `fetch`, and a Slack message with a templated URL in `fetch_latest_slack_message`). This server also serves content classified as 'harmful' for Responsible AI testing. - Hardcoded API keys ('mock_mcp_api_key') and demo tokens ('demo-token') are present in `auth-mcp-server/server-multi-auth.py` and `auth-mcp-server/server-dummy-auth.py`, which is poor practice even for mock servers if they could inadvertently be used in other contexts. - The `github-mock-mcp-server/server.py` makes HTTP requests to an external mock GitHub API, introducing external dependencies and potential risks if that external service were compromised.
Updated: 2026-01-13GitHub
0
0
Low Cost
valksor icon

go-assern

by valksor

Sec8

Aggregates multiple MCP (Model Context Protocol) servers into a single interface, providing project-level configuration for different credentials, environment variables, and tool sets.

Setup Requirements

  • ⚠️Requires specific runtime environments for proxied MCP servers (e.g., Node.js for `npx` commands).
  • ⚠️Requires API tokens/credentials for backend MCP servers (e.g., GITHUB_TOKEN, SLACK_TOKEN).
  • ⚠️Configuration is based on current working directory; misconfigurations can lead to unexpected server or token usage.
Verified SafeView Analysis
The project demonstrates good security practices including checksum and Cosign signature verification for installations, detailed security policy documentation, and pre-commit linting/security checks (`golangci-lint`, `govulncheck`). However, its core functionality involves spawning user-defined commands for backend MCP servers. This inherently means the overall security depends heavily on the trustworthiness and configuration of these backend commands/servers, which is the user's responsibility. Assern itself does not appear to introduce new vulnerabilities but acts as a privileged executor.
Updated: 2026-01-18GitHub
0
0
Medium Cost
yayoboy icon
Sec9

Integrate Home Assistant smart home monitoring and analytics into Claude Desktop via an MCP server.

Setup Requirements

  • ⚠️Requires Home Assistant running and accessible.
  • ⚠️Requires a Home Assistant Long-Lived Access Token (manual creation and copy).
  • ⚠️Manual installation requires Node.js 18+ and command-line configuration if drag & drop fails.
Verified SafeView Analysis
The Base v1.0 version is explicitly stated as 'Read-Only', significantly reducing security risks related to device control. It requires a dedicated, revocable Home Assistant Long-Lived Access Token, which is a good practice. The server runs locally and claims 'No data sent to external servers'. Environment variables (HA_URL, HA_TOKEN) are used for sensitive configuration, preventing hardcoded secrets. No obvious 'eval' or obfuscation is mentioned or implied.
Updated: 2025-12-13GitHub
0
0
Medium Cost
RSanzzzzz icon
Sec9

Optimized execution of AI models with complex multi-tool calls, including integration with Model Context Protocol (MCP) servers, by programmatically generating and running JavaScript code in a Vercel Sandbox to reduce LLM inference costs.

Setup Requirements

  • ⚠️Vercel Token Required: The `@vercel/sandbox` dependency necessitates setting a `VERCEL_TOKEN` environment variable or linking with Vercel CLI for local development and deployment.
  • ⚠️Node.js & Next.js Environment: This is a Next.js application, requiring a Node.js environment (v22 as per Sandbox runtime in `lib/sandbox.ts`) and Next.js framework understanding for setup and operation.
  • ⚠️MCP Server Configuration: Integrating external MCP tools (like Firecrawl or CLI) requires explicit configuration in `lib/mcp/mcp-config.ts` and ensures the external MCP servers/commands are accessible.
Verified SafeView Analysis
The project executes LLM-generated JavaScript code within a Vercel Sandbox, a crucial security measure that provides isolated cloud execution, significantly mitigating risks associated with arbitrary code execution. Inter-process communication via `/tmp` files is contained within this sandboxed environment. No direct 'eval' or obvious malicious patterns are present. The primary security risk is shifted to the robustness of the Vercel Sandbox itself and proper configuration of external MCP servers.
Updated: 2026-01-19GitHub
0
0
Low Cost
hegner123 icon

stump

by hegner123

Sec8

Provides compact, token-efficient directory tree visualization optimized for LLM consumption, acting as an MCP server.

Setup Requirements

  • ⚠️Requires Zig 0.15.2 or later installed.
  • ⚠️Only supports Unix/Linux and macOS (Windows support planned for v2).
Verified SafeView Analysis
The tool directly interacts with the filesystem based on user-provided paths. Safeguards are mentioned, such as UUID generation for output files to prevent overwrites, symlink cycle detection when following symlinks, large directory detection to prevent accidental over-processing, and UTF-8 validation for filenames. No explicit network connectivity is mentioned for the tool itself (it uses stdio transport), which reduces network-related risks. As a systems-level tool written in Zig, vulnerabilities could arise from subtle implementation flaws in filesystem interactions, but the described features indicate a strong focus on defensive programming.
Updated: 2026-01-19GitHub
0
0
Low Cost
punnyhuimin icon

qconmcp

by punnyhuimin

Sec10

This server provides an MCP-enabled tool to query information about attendees for specific workshops at QCon 2025.

Setup Requirements

  • ⚠️Java Development Kit (JDK) required
  • ⚠️Requires a Model Context Protocol (MCP) compatible client/inspector to interact with the tool endpoints
Verified SafeView Analysis
The provided code snippet is minimal and does not contain any obvious security vulnerabilities like dynamic code execution, hardcoded secrets, or direct network risks. The tool merely returns a static list of strings.
Updated: 2025-11-25GitHub
0
0
Low Cost
eagleisbatman icon
Sec1

External service for managing user profiles and conversation-based memory, including LLM-powered fact extraction from chat.

Setup Requirements

  • ⚠️Requires PostgreSQL database with `DATABASE_URL` environment variable.
  • ⚠️Requires OpenAI API Key (Paid) for LLM-based fact extraction.
  • ⚠️Requires Node.js version 18 or higher.
Review RequiredView Analysis
CRITICAL SQL INJECTION: The `update_profile` endpoint dynamically constructs the SQL `SET` clause by interpolating field keys (`${key}`) directly from `req.body.fields` into the SQL string. This allows for SQL injection if a malicious user provides crafted keys in the `fields` object, potentially leading to unauthorized data manipulation or deletion. INFORMATION LEAKAGE: Error messages expose internal server details, which could aid attackers. The default CORS origin `*` is broad and should be tightened in production deployments to specific origins to prevent unintended cross-origin access, though it might be intended for internal use as an MCP server.
Updated: 2025-11-28GitHub
0
0
Low Cost
jarecsni icon

dep-context-mcp

by jarecsni

Sec9

Provides AI coding assistants with API context about project dependencies by reading directly from node_modules, enabling semantic search and local-first operations.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0.
  • ⚠️Semantic search requires either an OpenAI API Key (paid service) for the 'openai' embedding provider, or a locally running Ollama server for the 'ollama' provider.
  • ⚠️GitLab source enrichment (an optional tool) requires a GitLab Personal Access Token.
  • ⚠️The first-time use of semantic search (or after dependencies change) will trigger a one-time indexing process which can take several seconds to minutes depending on the number of packages, and may require user confirmation.
Verified SafeView Analysis
The server prioritizes a 'local-first' architecture, reading directly from `node_modules` without external network calls for core functionality. Optional features like vector search (with OpenAI) or GitLab source enrichment are clearly documented as requiring external network access and environment variables for sensitive API keys/tokens. The use of `cross-spawn` (via `@modelcontextprotocol/sdk`) is present, but it's for managing dependencies (e.g., potentially triggering `npm install` for internal tasks) which is an expected capability for such a server. No `eval` or obvious malicious patterns are present in the provided source code. User input is not directly passed to shell commands without sanitization in the analyzed code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
CrowdStrike icon

aidr-mcp-proxy

by CrowdStrike

Sec9

Protect Model Context Protocol (MCP) server communications by proxying all I/O through the CrowdStrike AIDR service for threat detection, prompt injection blocking, and content filtering.

Setup Requirements

  • ⚠️Requires Node.js v22.15.0 or greater.
  • ⚠️Requires a CrowdStrike AIDR API token, which must be set via the `CS_AIDR_TOKEN` environment variable.
  • ⚠️Requires the CrowdStrike AIDR base URL template, which must be set via the `CS_AIDR_BASE_URL_TEMPLATE` environment variable.
Verified SafeView Analysis
The proxy is designed to enhance security by routing all Model Context Protocol (MCP) server inputs and outputs through the CrowdStrike AIDR service. It correctly enforces the use of environment variables for API tokens (`CS_AIDR_TOKEN`) and base URLs (`CS_AIDR_BASE_URL_TEMPLATE`). Input and output content are serialized to JSON for analysis by the AIDR service, with error handling in place for parsing transformed output. No 'eval' calls, code obfuscation, or immediately identifiable malicious patterns were found within the provided source code. The overall security effectiveness is highly dependent on the underlying CrowdStrike AIDR service.
Updated: 2026-01-13GitHub
0
0
Low Cost
Sec9

This server acts as a Model Context Protocol (MCP) server, exposing user and order data as tools for integration with external services like Intercom.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
Verified SafeView Analysis
The code does not contain 'eval' or any obviously malicious patterns. It uses Zod for schema validation which is good. It relies on the `@modelcontextprotocol/sdk` which is assumed to be safe. No hardcoded secrets are visible. Network risks are minimal as it's designed to be exposed via a proxy like ngrok for external access.
Updated: 2025-11-20GitHub
0
0
Medium Cost
Afnankazi icon

mcp_server_test

by Afnankazi

Sec5

A test server application to simulate or provide a backend for a Master Control Program or similar distributed system, inferred from the repository name.

Review RequiredView Analysis
Source code was not provided for analysis. Therefore, a comprehensive security audit for specific risks like 'eval', hardcoded secrets, network vulnerabilities, or malicious patterns is impossible. The score reflects an unknown security posture rather than a verified safe or unsafe one.
Updated: 2025-12-03GitHub
PreviousPage 610 of 713Next