Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
shujaakbar2020 icon

mcp-client-server

by shujaakbar2020

Sec5

Implements a server and client for the Minecraft protocol, enabling custom game interactions or proxying.

Setup Requirements

  • ⚠️Requires a specific runtime environment (e.g., Node.js or Python)
  • ⚠️Dependencies must be installed via a package manager (e.g., npm or pip)
Review RequiredView Analysis
Source code was not provided for detailed analysis. The security assessment is based solely on the project name and common patterns for network servers. Potential risks in a network server include improper input validation, unauthenticated command execution, and resource exhaustion. No 'eval', obfuscation, hardcoded secrets, or malicious patterns could be identified without access to the code.
Updated: 2025-11-29GitHub
0
0
Medium Cost
poetryprotocol icon

hermes-mcp

by poetryprotocol

Sec8

A lightweight MCP server providing file, shell, Git, HTTP, and system utilities for Claude Desktop, specifically fixing a common subprocess stdin inheritance bug.

Setup Requirements

  • ⚠️Currently Windows-optimized (uses PowerShell, Git for Windows paths), requiring adaptation for Unix/Mac.
  • ⚠️Requires manual configuration of `ALLOWED_PATHS` directly in `server.py` for file operation security.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json`.
Verified SafeView Analysis
File operations are restricted to `ALLOWED_PATHS` configured by the user, which is good. The `run_powershell` and `run_git` commands use `asyncio.create_subprocess_exec` with `stdin=asyncio.subprocess.DEVNULL` to prevent stdin inheritance issues, which is a critical security and stability fix. Arbitrary commands can be run via `run_powershell` and `run_git` within specified working directories, but inputs are passed as arguments, not via `shell=True`, reducing direct shell injection risk. The `fetch_url` and `http_request` tools allow unrestricted network access to any URL, which is explicitly noted as 'intentional for development' and 'local use only' in the README. This capability means the LLM can make arbitrary network requests from the host machine, which should be considered when assessing overall system security. No hardcoded secrets or 'eval' statements were found.
Updated: 2025-11-19GitHub
0
0
Low Cost
ISubkowskI icon
Sec7

Serves as an intermediary Model Context Protocol (MCP) server with Server-Sent Events (SSE) transport for an Identity Claims API, proxying requests to a backend REST service.

Setup Requirements

  • ⚠️Requires a separate `ae-poc-identity-webapi` backend REST service to be running and accessible.
  • ⚠️The `Authentication__ExpectedToken` environment variable or configuration setting MUST be replaced with a secure, unique token for production or sensitive environments.
  • ⚠️Accessing the backend service from Docker requires careful `IdentityStorageApi__ApiUrl` configuration (e.g., `http://host.docker.internal:5023`).
Verified SafeView Analysis
The repository uses placeholder secret tokens (e.g., 'YOUR_SUPER_SECRET_AND_UNIQUE_TOKEN_REPLACE_ME', 'my-secret-token') in configuration files and templates. While the documentation correctly advises replacing these and provides mechanisms for secure configuration via environment variables, deploying with these default placeholders would pose a critical security risk. No 'eval' or obvious malicious patterns were found in the provided code snippets. Network exposure on ports 3033 (MCP) and 9007 (Health) is expected for server functionality.
Updated: 2025-12-17GitHub
0
0
Low Cost
humanlayer icon

mcp-cli

by humanlayer

Sec5

Facilitates interaction with MCP servers via a command-line interface, primarily for automation and integration with subagents.

Setup Requirements

  • ⚠️Requires an existing MCP server to function.
Review RequiredView Analysis
Insufficient source code provided for a comprehensive security audit; only README.md was available. Therefore, no checks for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could be performed.
Updated: 2025-11-26GitHub
0
0
Low Cost
devtobecurious icon

workshop-mcp

by devtobecurious

Sec7

Demonstrates an OAuth 2.0 protected Model Context Protocol (MCP) server providing external tool access.

Setup Requirements

  • ⚠️.NET 9.0+ SDK required
  • ⚠️Requires a running `TestOAuthServer` from the same repository (typically at `https://localhost:7029`)
  • ⚠️Requires trusting the ASP.NET Core development certificate (`dotnet dev-certs https --trust`)
  • ⚠️Ensure ports 7071 (for `ProtectedMcpServer`) and 7029 (for `TestOAuthServer`) are available.
Verified SafeView Analysis
The server uses standard OAuth 2.0 with JWT bearer token authentication. The `ProtectedMcpClient` README notes the use of 'demo-client' and 'demo-secret' which are hardcoded for demonstration and must be changed for production. `AllowedHosts: "*"` is configured in `appsettings.json`, which is too permissive for production environments. No apparent direct code injection or 'eval' usage in provided snippets.
Updated: 2025-12-01GitHub
0
0
Medium Cost
tf1997 icon

mcp-gateway

by tf1997

Sec2

The MCP Gateway acts as an API gateway for the Model Context Protocol (MCP) ecosystem, facilitating secure communication, tool invocation, and prompt management for various backend services.

Setup Requirements

  • ⚠️Requires Go (version 1.18 or higher recommended).
  • ⚠️Requires Redis for session and authentication storage if configured.
  • ⚠️Requires Kafka brokers if configured for logging or session storage.
Review RequiredView Analysis
The server exhibits critical security risks. The `StdioTransport` executes external commands (`cfg.Command` with `cfg.Args`) based on configuration. If this configuration can be modified by an authenticated but malicious actor via the exposed `/api/v1/configs` endpoint, it could lead to arbitrary Remote Code Execution (RCE) on the gateway server. Additionally, the `text/template` package is used for rendering `tool.Endpoint`, `tool.RequestBody`, and `tool.Headers`, which exposes the `os.Getenv` function through the `.Env` context. This creates a potential template injection vulnerability for information disclosure (e.g., environment variables containing secrets). The `installService` and `uninstallService` commands involve high-privilege operations (moving executables, `systemctl` commands) that, while not direct code execution, demand careful handling and trust in the executable source. While OAuth2 and JWT are integrated, their implementation and secure configuration are crucial and require thorough auditing.
Updated: 2026-01-19GitHub
0
0
Low Cost
rishit2264 icon

mcp-servers

by rishit2264

Sec8

This project demonstrates setting up and interacting with multiple MCP servers (Multi-Compute Protocol) using a client and a ReAct agent powered by an LLM for tool orchestration.

Setup Requirements

  • ⚠️Python 3.12+ required
  • ⚠️GROQ_API_KEY environment variable is required (paid service)
  • ⚠️Requires separate 'mathserver.py' (not provided) and 'weather.py' processes to be running concurrently for the client to function as intended.
Verified SafeView Analysis
The code loads API keys from environment variables, which is a good practice. Servers run locally by default (127.0.0.1) using HTTP, which is generally safe for local execution. No 'eval', obfuscation, or hardcoded secrets were found. The primary security considerations would stem from how the underlying 'mcp' library handles tool execution and if the HTTP server is exposed to external networks without proper security.
Updated: 2025-11-19GitHub
0
0
Medium Cost
techmad220 icon

code-quality-mcp

by techmad220

Sec9

A Rust-based MCP server for comprehensive code quality analysis, designed to work alongside harness enforcement gates for proactive self-correction in code generation.

Setup Requirements

  • ⚠️Requires Rust toolchain installed for building (`cargo build`).
  • ⚠️Full functionality of `dependency_audit` requires specific language ecosystem auditors (e.g., `cargo-audit`, `npm`, `pip-audit`, `go` with `govulncheck`) to be installed and accessible in the system PATH.
  • ⚠️The `pattern_history` tool requires a separate 'cognitive-memory' MCP server running, defaulting to `http://localhost:8050`.
Verified SafeView Analysis
The server's own codebase appears robust, using safe Rust practices like `std::process::Command` for external tool execution, which prevents shell injection within the server itself. It actively scans for common security vulnerabilities (SQLi, XSS, CMDi, hardcoded secrets, etc.) in user code, demonstrating good security awareness. It makes HTTP calls to a configurable 'cognitive-memory' server, which is a known external dependency and not an inherent vulnerability in this server's code. No 'eval', code obfuscation, or hardcoded secrets were found within the provided source code of the MCP server.
Updated: 2025-12-14GitHub
0
0
Low Cost
rjmarin icon
Sec5

This project likely provides a server-side utility or modification for the Minecraft Protocol, focused on editing or manipulating text-based content within the game or its related server environment.

Review RequiredView Analysis
No source code was provided for analysis. Cannot perform a security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. The score is a placeholder, as safety cannot be guaranteed without code.
Updated: 2025-12-02GitHub
0
0
Low Cost
bioanywhere icon
Sec9

Provides Docker deployment configuration and CI/CD setup for a generic 'MCP server' application.

Setup Requirements

  • ⚠️Docker required
  • ⚠️GCP Service Account (with appropriate permissions) and Project ID required for CI/CD pushing to Google Artifact Registry
  • ⚠️Port 3000 must be available on the host system
Verified SafeView Analysis
Standard Docker deployment configuration. No hardcoded secrets or malicious patterns observed in the provided deployment scripts. Secrets like GCP_CREDENTIALS and GCP_PROJECT_ID are externalized as repository secrets for CI/CD, which is a good practice. The server exposes port 3000, which is typical for a web service.
Updated: 2025-12-02GitHub
0
0
Medium Cost
GUESTVALENCIA icon

mcp-enterprise-server

by GUESTVALENCIA

Sec1

A multimodal AI platform integrating Qwen3 models for enterprise-level system interaction, real-time multimedia generation, and communication capabilities.

Setup Requirements

  • ⚠️Requires multiple paid API keys for external services (Groq, Cartesia, Deepgram, Twilio, Render).
  • ⚠️Node.js version >=18.0.0 is required for execution.
  • ⚠️Image and video generation features are currently placeholders or simulated, requiring further integration for full functionality.
  • ⚠️Requires manual `.env` file configuration with all necessary API keys.
Review RequiredView Analysis
CRITICAL: The server is highly vulnerable to command injection and path traversal. The `child_process.exec` function is used directly with unsanitized user input (`req.body.command`) in the `/mcp/command/execute` endpoint and within the `execute_command` Qwen tool. Similarly, `fs.readFile` directly uses unsanitized user input (`req.body.path`, `req.body.uri`) in `/mcp/resources/read` and the `read_file` Qwen tool. These vulnerabilities allow remote code execution and arbitrary file access on the host system. Furthermore, the `RENDER_API_KEY` is hardcoded as a fallback in the Render API client services, and a 'mcp-secret' authentication header ('sandra_enterprise_2025') is hardcoded in test files and used for authentication, making it publicly exposed and trivial to bypass.
Updated: 2025-12-14GitHub
0
0
Medium Cost
binahm icon
Sec9

Manages a private registry of Model Context Protocol (MCP) servers by combining selections from public registries and organization-specific private server definitions, to control what developers can install for tools like GitHub Copilot.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Relies on an external proxy service (not part of this repo) to serve the GitHub-hosted registry in the MCP format.
  • ⚠️Client applications (e.g., GitHub Copilot) require specific administrative configuration to use this private registry.
Verified SafeView Analysis
The code primarily involves fetching JSON data from configured public registries and loading local JSON files. It explicitly states that secrets never go into the repository, mitigating hardcoded credential risks. Schema validation is used for configuration and server definitions. While fetching remote data always carries inherent risks (e.g., a compromised public registry serving malformed data), the codebase itself does not appear to execute arbitrary remote code on the host running the registry scripts. The actual execution of MCP servers (especially package-based ones) is intended to happen client-side, making client configuration critical for end-to-end security. The use of URL encoding for server names in network requests is a good practice.
Updated: 2026-01-19GitHub
PreviousPage 615 of 713Next