Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Johnny2x2 icon
Sec5

Manages and updates an ExpressionEngine V7 website using CLI commands, integrated with Devil Box and Docker.

Setup Requirements

  • ⚠️Requires Devil Box setup
  • ⚠️Docker required
Review RequiredView Analysis
Security analysis is severely limited as only the README.md file was provided. Critical security checks (e.g., 'eval' usage, obfuscation, network risks, hardcoded secrets, malicious patterns) could not be performed without access to the actual source code. A score of 5 reflects an unknown state rather than a verified safe or unsafe one.
Updated: 2025-12-10GitHub
0
0
High Cost
neubirdai icon

hawkeye-mcp-docs

by neubirdai

Sec7

Facilitates AI-powered autonomous incident investigation and root cause analysis through an MCP server.

Setup Requirements

  • ⚠️Requires an active (paid) Hawkeye account.
  • ⚠️Requires Node.js 20+ to run the MCP server.
  • ⚠️Requires configuration with an MCP-compatible client (e.g., Cursor, Claude Code, GitHub Copilot).
Verified SafeView Analysis
The provided source code is for the documentation site (hawkeye-mcp-docs) and a deployment script, NOT the actual hawkeye-mcp-server application. Therefore, a comprehensive security audit of the server's source code cannot be performed. The documentation itself and the deployment script for the documentation site appear safe and do not contain obvious malicious patterns, direct 'eval' usage, or hardcoded secrets (credentials are specified as environment variables by the user). The server relies on user-provided credentials (HAWKEYE_EMAIL, HAWKEYE_PASSWORD) and a base URL, which are handled as environment variables. The system is designed to use 'read-only' access to cloud resources, which is a good security practice. Without the actual server's source code, assumptions about its internal security, dependency vulnerabilities, or specific runtime risks cannot be made.
Updated: 2025-12-10GitHub
0
0
Medium Cost
BlackWarTurtle icon

pk-mcp-testing

by BlackWarTurtle

Sec9

Manages a parking facility with 300 spots across 3 floors, offering vehicle tracking, reservation, and real-time statistics via an MCP server.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher to be installed locally.
  • ⚠️Requires a running PostgreSQL v14 or higher instance.
  • ⚠️Requires manual configuration of the `DATABASE_URL` environment variable in the `.env` file.
Verified SafeView Analysis
The source code appears to follow good security practices for a Node.js application interacting with a database. It uses Prisma ORM, which inherently protects against SQL injection. Environment variables are correctly used for sensitive data like `DATABASE_URL`, preventing hardcoding. Custom error handling (`formatErrorForMCP`) prevents sensitive internal server details from being exposed to the client. No dangerous functions like `eval` or direct `child_process` calls without clear justification were found. The use of StdioServerTransport reduces the direct network attack surface for the MCP communication itself.
Updated: 2025-11-20GitHub
0
0
High Cost
mejakitadev icon
Sec8

A multi-component platform providing AI-powered omnichannel customer service, intelligent chat agents with knowledge base integration and tool use, OCR for document processing (KTP, STNK, BPKB, KK), analytics, and specialized data management for business operations (orders, support tickets, job vacancies) and agricultural intelligence (plantation data analysis and recommendations).

Setup Requirements

  • ⚠️Requires Google Cloud Platform (GCP) project with enabled APIs (e.g., Vision AI, Vertex AI) and proper authentication setup.
  • ⚠️Requires PostgreSQL database with the pgvector extension enabled for embedding storage.
  • ⚠️Requires running instances of RabbitMQ and Redis for queuing and caching/state management.
  • ⚠️Relies heavily on environment variables for configuration (database connection, Redis, RabbitMQ, GCP settings, encryption keys).
Review RequiredView Analysis
The server generally uses SQLAlchemy ORM for database interactions, which protects against common SQL injection. However, 'api/archive/analytics.py' uses f-strings in SQL query construction for 'date_group', though currently mitigated by using a 'Literal' type. One hardcoded Google Cloud Storage bucket name ('bprks_sarana_temp') is present in 'api/archive/loan_origination.py'. File upload/decryption (`helper/encrypt.py`, `helper/cloud_storage.py`) and GCS interaction flows are implemented, requiring careful management of encryption keys and cloud storage permissions. Binding to '0.0.0.0' for uvicorn should be secured by external firewalling in production environments.
Updated: 2025-12-03GitHub
0
0
Low Cost
SamMorrowDrums icon

mcp-rust-starter

by SamMorrowDrums

Sec9

A feature-complete starter template for developing Model Context Protocol (MCP) servers in Rust.

Setup Requirements

  • ⚠️Requires Rust 1.75+ and Cargo to build and run.
  • ⚠️Full MCP elicitation features (e.g., user confirmation, feedback forms) are currently placeholder implementations in the tool macros, requiring custom `call_tool` implementation and client support for full interactive functionality.
Verified SafeView Analysis
The project uses standard Rust libraries and practices, including `unsafe_code = "forbid"` in Cargo.toml. The HTTP transport uses CORS `Any` which is broad for a production environment but acceptable for a starter. The 'calculator' tool currently only returns a hint, avoiding direct evaluation of user-provided arithmetic expressions, thus mitigating a potential injection risk. No hardcoded secrets or 'eval' functions are present. Placeholder elicitation tools do not pose a direct security risk in their current form.
Updated: 2026-01-18GitHub
0
0
Low Cost
Scarmonit icon

my-mcp-server

by Scarmonit

Sec9

This server exposes an AI-centric microservice API using the MCP protocol, providing tools, resources, and prompt templates.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher
Verified SafeView Analysis
The provided source code does not contain 'eval', hardcoded secrets, or obvious malicious patterns. It is a standard FastAPI web server, and its exposure via '0.0.0.0:8000' is typical, with inherent network risks common to any publicly accessible service. The 'mcp' library itself would need separate scrutiny, but based on the provided usage, it appears safe.
Updated: 2025-11-30GitHub
0
0
Low Cost
bhandary icon

my-mcp-server

by bhandary

Sec9

A sample server demonstrating the Multi-modal Communication Protocol (MCP) with OAuth authentication using Auth0.

Setup Requirements

  • ⚠️Requires Auth0 for OAuth authentication.
  • ⚠️Requires `AUTH0_DOMAIN` environment variable.
  • ⚠️Requires `RESOURCE_SERVER_URL` environment variable.
  • ⚠️Requires `AUTH0_AUDIENCE` environment variable.
Verified SafeView Analysis
The server correctly utilizes environment variables for sensitive configuration like Auth0 domain and resource URL, avoiding hardcoded secrets. OAuth token verification is implemented using standard JWT practices with audience, issuer, and signature verification. The JWT client's synchronous operations are appropriately offloaded to a thread pool in the asynchronous context. Binding to '0.0.0.0' is standard for containerized applications but requires proper firewalling in production environments. No 'eval' or obvious malicious patterns were found.
Updated: 2026-01-19GitHub
0
0
Medium Cost
UnitVectorY-Labs icon

mcp-tf-provider-docs

by UnitVectorY-Labs

Sec9

Indexes and serves Terraform/Tofu provider documentation from a local Git repository to power accurate, context-aware code generation for MCP agents.

Setup Requirements

  • ⚠️Requires the `TF_CONFIG` environment variable to be set, pointing to a valid YAML configuration file.
  • ⚠️Requires a local clone of the target Terraform/Tofu provider's Git repository, with the `docs_path` configured to the documentation subdirectory (e.g., `/website/docs`).
Verified SafeView Analysis
The server reads file content from a configured `docs_path` and uses a regex `match_pattern` from a YAML configuration file to identify resources. Misconfiguration (e.g., `docs_path` pointing to sensitive system areas, or a malicious `match_pattern` in an untrusted config file) could lead to unintended file exposure. However, the code itself does not exhibit dynamic code execution (like `eval`), listen on network ports (it communicates via standard I/O for MCP), or contain hardcoded secrets. It relies on `os.ReadFile` and standard Go libraries, indicating generally safe coding practices for its intended function.
Updated: 2026-01-17GitHub
0
0
Medium Cost
masaki39 icon

obsidian-mcp

by masaki39

Sec9

Provides the active Obsidian file (path and content) to an LLM via the Obsidian Local REST API.

Setup Requirements

  • ⚠️Requires the Obsidian Local REST API community plugin to be installed and configured in Obsidian.
  • ⚠️Requires Node.js 20+ to be installed.
  • ⚠️Requires an API key generated from the Obsidian Local REST API plugin settings.
Verified SafeView Analysis
The server primarily operates locally, connecting to the Obsidian Local REST API at a default localhost address (http://127.0.0.1:27123). Authentication is handled via an API key passed through environment variables (OBSIDIAN_API_KEY), which is a secure practice for secrets. No 'eval' or obvious malicious patterns are present. The primary security consideration would be the local Obsidian REST API plugin's own configuration and network exposure, which this server relies upon but does not control.
Updated: 2025-12-14GitHub
0
0
Medium Cost
kaxxx icon
Sec8

A Spring AI MCP server exposing AI-powered code explanation and review tools to an IDE like IntelliJ.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for operation.
  • ⚠️Requires JDK 17 for compilation and execution.
  • ⚠️Requires specific JSON configuration within IntelliJ IDEA's AI Assistant settings to integrate as an MCP server.
Verified SafeView Analysis
The application relies on an external OpenAI API, which is standard practice for AI integrations. The application itself does not exhibit immediate code injection vulnerabilities or dangerous patterns like 'eval'. Hardcoded API keys are avoided by using a DUMMY_KEY_FOR_BUILD placeholder and requiring the user to provide a valid key via environment variables. Prompt injection is a theoretical risk inherent to LLM interactions but not a vulnerability of the server's codebase itself.
Updated: 2025-12-12GitHub
0
0
Low Cost
Horizon-Digital-Engineering icon

fpe-demo-mcp

by Horizon-Digital-Engineering

Sec4

Demonstrates authentication and FF3 Format Preserving Encryption (radix-10 digits) for LLM tools via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Critical Security Defaults: Hardcoded FPE keys/tweak and authentication secrets (e.g., 'demo-secret') are used by default. These must be overridden with strong, unique values via environment variables for production (FPE_KEY, FPE_TWEAK, AUTH_TOKEN, AUTH_JWT_SECRET).
  • ⚠️Insecure Authentication Modes: AUTH_MODE defaults to 'authless'. For secure deployments, it must be explicitly set to 'production' (or 'test' for a stricter demo) and requires JWT configuration.
  • ⚠️Node.js Version Requirement: Requires Node.js version >=20.0.0.
  • ⚠️FF3 Encryption Limitations: The underlying FF3 library only supports radix-10 (digits 0-9) for inputs between 6 and 56 characters after non-digit stripping. Format reconstruction (e.g., hyphens in SSNs) is not preserved.
Verified SafeView Analysis
The server defaults to hardcoded FPE keys/tweak and authentication secrets (e.g., 'demo-secret'). It also offers 'authless' and 'debug' authentication modes that bypass security. These are intended for demo/testing and are critical security risks if deployed to production without overriding relevant environment variables (FPE_KEY, FPE_TWEAK, AUTH_TOKEN, AUTH_JWT_SECRET) and configuring AUTH_MODE='production'.
Updated: 2026-01-19GitHub
0
0
Medium Cost
schieblerchris icon
Sec8

This project is a small demo for Spring AI, providing an MCP-Server for local LLMs and a web frontend for a chat client to aggregate data from various sources (persons, hobbies, events, vacations).

Setup Requirements

  • ⚠️Requires a locally running LLM with tool support (e.g., LM Studio) configured for MCP Server and API access.
  • ⚠️Requires PostgreSQL and an SMTP server (both provided via Docker Compose).
  • ⚠️Configuration of LLM base URL and API Key is required via application.properties or environment variables.
  • ⚠️Initial Vaadin build can take a while.
Verified SafeView Analysis
The codebase is generally well-structured for a Spring Boot application, with no direct 'eval' or malicious patterns. Sensitive configurations like API keys are expected to be environment variables. Potential risks include Cross-Site Scripting (XSS) if LLM-generated Markdown or HTML (via the MailTool) is rendered by a client without adequate sanitization, but this is often a broader LLM safety concern rather than a specific code vulnerability within this application itself. Administrative features like database cleanup are explicit and require user confirmation.
Updated: 2025-11-20GitHub
PreviousPage 614 of 713Next