Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
saifeezibrahim icon

aws-mcp-server-devops-ai

by saifeezibrahim

Sec9

Enables AI assistants to execute AWS CLI commands and access AWS resource context via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires AWS credentials configured on the host machine (via ~/.aws files or environment variables).
  • ⚠️Docker is the strongly recommended deployment method for security and reliability (or Python 3.13+ and AWS CLI installed locally).
  • ⚠️Requires `uv` or `pip` for dependency management if running natively.
Verified SafeView Analysis
The server employs a robust multi-layered command validation system (allow/deny lists, regex rules, Unix command allowlist in pipes) to prevent dangerous AWS CLI operations and command injection. It uses `asyncio.create_subprocess_exec` with `shlex.split` for safe command execution. No hardcoded secrets. Relies on host-provided AWS credentials. Strong emphasis on Docker isolation and IAM least privilege in documentation. The default `stdio` transport is secure; `sse` requires careful network exposure. The code explicitly prevents many common AWS security misconfigurations and dangerous commands.
Updated: 2025-11-26GitHub
0
0
Low Cost
carloshenriquecarniatto icon

Code-Tools

by carloshenriquecarniatto

Sec9

A set of developer utilities for analyzing .NET codebases, including dead code detection and other analysis tools.

Setup Requirements

  • ⚠️Requires .NET 10.0 SDK for the main application.
  • ⚠️Requires Node.js 20+ and npm for CI/CD and release automation tooling.
  • ⚠️The release workflow requires a GitHub token with 'contents: write' permissions, which may conflict with strict branch protection rules (solutions are provided in README).
Verified SafeView Analysis
The core application is a local .NET console tool with no apparent network vulnerabilities or hardcoded secrets in the provided snippets. The CI/CD process involves JavaScript-based tooling (`semantic-release`, `commitlint`) and a Node.js script (`tools/update-csproj.js`) for updating the `.csproj` file. The `update-csproj.js` script uses regex-based string manipulation for file modification, which is noted as potentially fragile, though not a direct security exploit in this context. The main security consideration is the `GITHUB_TOKEN` or `PERSONAL_TOKEN` permissions required for the release workflow to write to the repository, which is a standard and well-documented concern for automated CI/CD releases.
Updated: 2025-11-25GitHub
0
0
Low Cost
Mist-wu icon

blbl-mcp-server

by Mist-wu

Sec9

This MCP server provides a tool to search for users on Bilibili using the Bilibili API.

Setup Requirements

  • ⚠️Python 3.12+ required
Verified SafeView Analysis
The code primarily acts as a wrapper around the `bilibili-api-python` library, exposing a search function. There are no 'eval' or 'exec' calls, hardcoded secrets, or obvious malicious patterns. The input 'keyword' is passed directly to a library function, which is generally considered safe. The server runs via standard I/O, limiting direct network exposure beyond the Bilibili API calls themselves.
Updated: 2025-11-19GitHub
0
0
Low Cost
johanbolofsson icon

mcp-server-test

by johanbolofsson

Sec9

This server exposes historical Champions League winners data via an MCP (Model Context Protocol) interface, allowing AI clients like Claude for Desktop to query sports results.

Setup Requirements

  • ⚠️Requires .NET 8 SDK or higher
  • ⚠️Requires an MCP client (e.g., Claude for Desktop) for interaction
  • ⚠️Manual configuration of the absolute project path is needed in the MCP client's config file
Verified SafeView Analysis
The server appears to be designed for local execution, serving static data from a local JSON file. There are no explicit indications of network risks beyond standard local server operations, 'eval' usage, hardcoded secrets, or malicious patterns in the provided source code and README. It relies on standard .NET framework practices. The primary risk would be potential vulnerabilities in the .NET runtime or third-party libraries, which is common for any application.
Updated: 2025-12-02GitHub
0
0
Low Cost
yadavatul868 icon

test-remote-mcp-server

by yadavatul868

Sec9

This server provides a simple remote API for basic arithmetic operations and random number generation using the FastMCP framework.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer
Verified SafeView Analysis
The server exposes simple arithmetic and random number generation functions. There is no use of 'eval', 'exec', or other inherently dangerous functions that could lead to arbitrary code execution. It listens on '0.0.0.0' by default, which means it is accessible from all network interfaces; ensure appropriate firewalling if exposed to untrusted networks. No hardcoded secrets or sensitive information are identified within the provided source code.
Updated: 2025-11-24GitHub
0
0
Medium Cost
alexcpn icon
Sec6

Provides an MCP server for code review, offering tools to analyze Python, Go, and C++ GitHub repositories via AST parsing.

Setup Requirements

  • ⚠️Requires `uv` package manager.
  • ⚠️Requires local git client installed.
  • ⚠️Requires Python version 3.10 or 3.11.
  • ⚠️Requires internet access to clone GitHub repositories.
Review RequiredView Analysis
The server clones arbitrary GitHub repositories provided by the `github_repo` parameter. While cloning occurs in a temporary directory and only shallow clones (`depth=1`) are performed, there is an inherent risk that a malicious repository could contain `.git` hooks that execute during the clone operation. The server then parses the code but does not directly execute it.
Updated: 2025-12-19GitHub
0
0
Low Cost
Akungapaul icon

wp-seo-mcp

by Akungapaul

Sec8

This server provides a Model Context Protocol (MCP) interface to optimize WordPress sites for SEO and performance by leveraging WordPress REST API and WP-CLI.

Setup Requirements

  • ⚠️Requires WordPress application passwords for REST API authentication.
  • ⚠️Extensive environment variable configuration is required for WordPress REST API access and optional WP-CLI functionality (e.g., WORDPRESS_URL, WORDPRESS_USERNAME, WORDPRESS_APP_PASSWORD).
  • ⚠️If WP-CLI is enabled, proper setup of WP-CLI and potentially SSH access (with SSH keys) on the server running this MCP client is necessary.
Verified SafeView Analysis
The server handles sensitive WordPress credentials and SSH details via environment variables, which is a good practice. It utilizes a shared WordPress MCP SDK, implying a layer of abstraction and potentially secure handling of API interactions. There are no direct `eval` or arbitrary command injection points visible in the provided tool handlers. The `WPCLIClient`, if enabled and configured for SSH, represents a powerful execution context, but its use in the provided tools is confined to specific WordPress actions and not arbitrary shell commands, minimizing direct exploitability from the client's perspective. Overall, the security relies heavily on the secure configuration of the environment (e.g., strong application passwords, restricted SSH access) and the robustness of the `@akungapaul/wp-mcp-shared` library.
Updated: 2025-11-28GitHub
0
0
High Cost
Goudham03 icon

mcp-server

by Goudham03

Sec8

AI-powered release management assistant that fetches and analyzes DevOps metrics from a Release Hound API via an MCP server.

Setup Requirements

  • ⚠️Requires Azure OpenAI API Key (MODEL_TOKEN, MODEL_ENDPOINT) - Paid service.
  • ⚠️Requires an external Release Hound API endpoint (RH_API_ENDPOINT).
  • ⚠️Requires a running MCP server instance (MCP_SERVER) for client communication.
  • ⚠️Missing authentication implementation for `RH_API_ENDPOINT` as per `TODO`.
Verified SafeView Analysis
No hardcoded secrets or 'eval' found. Sensitive API keys and endpoints are correctly loaded from environment variables. A `TODO` comment explicitly mentions 'Implement RH API Authentication Logic' for the Release Hound API (`RH_API_ENDPOINT`), indicating a potentially incomplete security feature for external API calls, which could lead to unauthorized access or functional issues if the external API requires it. The `requests.post` call in `_post` uses `params=json_body` instead of `json=json_body`, which is a functional bug that might expose data in URLs or prevent the payload from being sent correctly, but not a direct security vulnerability within this code itself.
Updated: 2025-11-24GitHub
0
0
Medium Cost
trangpl193 icon
Sec9

Provides a Model Context Protocol (MCP) interface for performing PostgreSQL database operations, enabling AI models or other systems to interact with a database via an HTTP API.

Setup Requirements

  • ⚠️Requires a running PostgreSQL database instance accessible from the server host.
  • ⚠️Requires specific environment variables (DB_NAME, DB_USER, DB_PASSWORD, MCP_API_KEY) to be set for CLI usage.
  • ⚠️The server exposes an HTTP endpoint, requiring proper network configuration and security measures (e.g., firewalls, access control) in production environments.
Verified SafeView Analysis
The server uses parameterized queries ($1, $2, etc.) for all database operations (SELECT, INSERT, UPDATE, DELETE, transactions, schema introspection), which is a robust defense against SQL injection. Configuration, including database credentials and API keys, is loaded from environment variables or passed programmatically, avoiding hardcoded secrets. API key authentication is implemented to control access to the server's endpoints. No 'eval' or other direct dynamic code execution from user input is apparent in the provided source code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ThatOtherAndrew icon

discord-search-mcp

by ThatOtherAndrew

Sec9

Retrieves data from Discord servers via a bot account for information retrieval and OSINT purposes.

Setup Requirements

  • ⚠️Requires creating a Discord bot, granting it necessary permissions, and enabling specific Discord Intents (message_content, members).
  • ⚠️The `DISCORD_TOKEN` environment variable must be set with the bot's token.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server requires a Discord bot token (DISCORD_TOKEN) to be set as an environment variable, which users must manage securely. All Discord API interactions are handled through the well-vetted `discord.py` library. No 'eval', 'exec', or direct arbitrary command execution from user input is evident. The server binds to localhost, limiting its direct external network exposure.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Jocko-Fuel icon

mcp-promo-order

by Jocko-Fuel

Sec9

MCP server for sales team to create 100% discount promo/sample orders and manage customer accounts via chat.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Shopify Private Apps with specific permissions to be installed on both Promo (read/write) and Wholesale (read-only) stores. This involves a multi-step manual OAuth flow to obtain the necessary API tokens.
  • ⚠️Requires `SHOPIFY_CLIENT_ID` and `SHOPIFY_CLIENT_SECRET` (and optionally `WHOLESALE_CLIENT_ID`, `WHOLESALE_CLIENT_SECRET`) to be set as environment variables to obtain the Shopify access tokens during initial setup.
Verified SafeView Analysis
Secrets (API tokens) are correctly loaded from environment variables, preventing hardcoding. OAuth token exchange scripts handle credentials and tokens securely. The local OAuth callback server is temporary and isolated to localhost. No 'eval' or malicious patterns were found.
Updated: 2025-12-14GitHub
0
0
Low Cost
deb-sahu icon

mcp-skeleton

by deb-sahu

Sec7

A generic template for building Model Context Protocol (MCP) servers to expose custom business logic as tools for AI models and clients.

Setup Requirements

  • ⚠️Requires Poetry for dependency management and execution.
  • ⚠️Requires Python 3.10+.
  • ⚠️The example tools (calculator, weather, HTTP, text analysis) are for demonstration ONLY and MUST be replaced with domain-specific business logic for production use.
Verified SafeView Analysis
The server infrastructure (Docker, Kubernetes configurations, Pydantic settings) is robust. However, the `http_tools.py` example tool allows making arbitrary HTTP requests to any URL provided by the client. If deployed as-is and exposed to untrusted clients, this tool could be exploited for Server-Side Request Forgery (SSRF) attacks or internal network scanning. Developers are explicitly instructed to replace all example tools with their own, so the risk is contingent on proper implementation and security hardening of custom business logic.
Updated: 2025-11-26GitHub
PreviousPage 613 of 713Next