Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
WaltXin icon
Sec8

Provides credit card fetching and analysis tools, along with educational guides, for integration with AI agents using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Local testing with OpenAI Agent Builder requires exposing the local server via a public tunnel like Ngrok.
  • ⚠️The production deployment targets Cloudflare Workers and utilizes Cloudflare-specific services like Durable Objects ('MCP_OBJECT') and KV storage ('OAUTH_KV'), making it tightly coupled to the Cloudflare ecosystem.
  • ⚠️When deployed to Cloudflare, a custom domain is required for compatibility with OpenAI Agent Builder (generic '.workers.dev' domains are blocked).
Verified SafeView Analysis
The server exposes two tools, 'get-cards' and 'get-guides', both of which fetch data from a hardcoded external AWS API endpoint (https://fqrqqph16l.execute-api.us-west-2.amazonaws.com). While the parameters for 'get-cards' are validated using Zod, the system relies entirely on the security and data integrity of this external API. The server uses permissive CORS headers ('Access-Control-Allow-Origin: *'), which is standard for public APIs but means no origin-based access control is enforced at this layer. No 'eval' or obvious hardcoded secrets beyond public API endpoints were found.
Updated: 2025-12-25GitHub
0
0
Medium Cost
officialpraise icon

mongodb-mcp-server-forked

by officialpraise

Sec8

A Model Context Protocol server for enabling AI assistants to interact with MongoDB databases and MongoDB Atlas resources through natural language.

Setup Requirements

  • ⚠️Requires Node.js v20.10.0 or later.
  • ⚠️The server will not start unless a MongoDB connection string or Atlas API credentials are configured.
  • ⚠️Atlas API credentials require careful management of permissions; only grant the minimum necessary roles to service accounts.
Verified SafeView Analysis
The server uses `mongodb-redact` to hide sensitive data in logs, generates secure, expiring passwords for Atlas database users, and guides users on assigning minimal API key permissions. It features an 'indexCheck' to enforce query optimization and 'readOnly' mode for restricted access. However, like any database-interacting system, its overall security is highly dependent on how MongoDB connection strings and Atlas API credentials (client ID/secret) are configured and managed externally.
Updated: 2025-12-22GitHub
0
0
Medium Cost
PerfLab-io icon

v0-mcp

by PerfLab-io

Sec6

An MCP (Model Context Protocol) server that exposes v0.dev APIs for AI-powered development tools with real-time streaming support, enabling client applications to interact with v0.dev services.

Setup Requirements

  • ⚠️Requires `V0_API_KEY` for v0.dev API access (which may incur costs depending on usage).
  • ⚠️Requires an Upstash Redis (or compatible KV store) with `KV_URL`, `KV_REST_API_URL`, `KV_REST_API_TOKEN`, `KV_REST_API_READ_ONLY_TOKEN` configured.
  • ⚠️Requires a `DATABASE_URL` for a database (e.g., Supabase) connection.
  • ⚠️The OAuth PKCE validation contains a temporary bypass (`lib/oauth-provider.ts`) that, if not removed, creates a critical security vulnerability.
  • ⚠️Uses `pnpm` as the preferred package manager; users should install dependencies with `pnpm install`.
Review RequiredView Analysis
The server implements robust cryptographic practices for API key encryption using AES-256-GCM and SHA256 derivation. It also includes sensitive data redaction in logging and rate limiting for log messages. However, there is a **critical temporary bypass** in `lib/oauth-provider.ts` for PKCE validation (`PKCE validation failed - this might be a client issue // TEMPORARY: Allowing invalid PKCE for testing`). If this bypass is active in production, it poses a significant security vulnerability, allowing an attacker to exchange stolen authorization codes without a valid `code_verifier`. This is a severe weakness that must be addressed immediately for a production environment.
Updated: 2025-12-13GitHub
0
0
Low Cost
PaddyNoonan icon

-fenergo-mcp-server

by PaddyNoonan

Sec2

Provides an AI-powered connector for Claude Desktop and ChatGPT to query Fenergo Nebula document management and customer journey data via a shared AWS AppRunner backend.

Setup Requirements

  • ⚠️Requires manual registration of OIDC client (`mcp-client`) with Fenergo's identity provider, including a specific redirect URI (`https://tc8srxrkcp.eu-west-1.awsapprunner.com/signin-oidc`).
  • ⚠️Contains hardcoded default client secrets (`d67105c0-52ca-164e-d0ea-b107cbbfdbc3` and `secret`) in source files (`oidc-auth.js`, `oauth-auth.js`) that override environment variables if not properly configured, posing a critical security risk.
  • ⚠️Uses an in-memory session store for SSO state and tokens, which means sessions are not persistent across server restarts and is not scalable for multiple instances (explicitly noted as 'development only').
  • ⚠️Requires deployment to AWS AppRunner for the backend service, implying AWS account setup and configuration.
Review RequiredView Analysis
The codebase contains hardcoded default sensitive values for `clientSecret` in `oidc-auth.js` and `oauth-auth.js`, which is a severe security vulnerability. Additionally, the `apprunner-backend.js` explicitly logs the full value of `FENERGO_OIDC_CLIENT_SECRET` (if set) during startup and diagnostics, which exposes credentials in application logs. The in-memory session store is not suitable for production and could lead to session loss or vulnerability if not properly managed in a distributed environment. While HTTPS and secure protocol settings are used, these critical issues significantly compromise the security posture.
Updated: 2025-12-12GitHub
0
0
Low Cost
freeshineit icon

mcp-server-rust

by freeshineit

Sec7

The server implements a simple protocol for exposing tools and resources, primarily for an agent to interact with various functionalities.

Setup Requirements

  • ⚠️Requires Rust toolchain (Cargo) for local development and execution.
  • ⚠️The provided `mcp-config.toml` is currently ignored; tools and resources are hardcoded in the server logic.
  • ⚠️Docker and Docker Compose are required for containerized deployment.
Verified SafeView Analysis
The server implements a custom JSON-RPC-like protocol over TCP. While the current implementation of 'search_files' and 'read_resource' methods *simulates* file system interactions and returns hardcoded responses, the interface for accepting user-provided paths and patterns (e.g., 'pattern', 'directory', 'uri') carries a high potential for path traversal and arbitrary file access vulnerabilities if these operations were to be fully implemented with actual file system I/O without robust input sanitization and access control. No hardcoded secrets or 'eval'-like patterns are present. The 'mcp-config.toml' file is provided but currently ignored by the server's hardcoded tool and resource definitions.
Updated: 2026-01-19GitHub
0
0
Low Cost
nlupitaviza icon

mcp-server

by nlupitaviza

Sec5

A Node.js Express server designed to stream real-time data, specifically initial model loading and periodic updates (pings), to client applications using Server-Sent Events (SSE).

Setup Requirements

  • ⚠️Requires Node.js to be installed on the host system.
  • ⚠️The default CORS policy allows all origins (`*`), which is generally not recommended for production. Configure specific allowed origins or use a proxy to restrict access.
  • ⚠️No authentication or authorization is implemented for the data streaming endpoint, making the data publicly accessible to any client that connects.
Verified SafeView Analysis
The server uses `cors()` without specific origin configuration, allowing requests from any domain, which is a significant security risk for production environments if sensitive data were to be exposed. There is no authentication or authorization implemented for the `/mcp` SSE endpoint, meaning any client can connect and receive data. No apparent malicious patterns, hardcoded secrets, or usage of `eval` were found.
Updated: 2026-01-18GitHub
0
0
Low Cost
manju07 icon
Sec3

A minimal Model Context Protocol (MCP) server that provides secure file read and write operations within a sandbox directory for AI agents.

Setup Requirements

  • ⚠️Requires `GOOGLE_API_KEY` environment variable for the optional Gradio web interface (app.py) to connect to Gemini API.
  • ⚠️The MCP Python SDK may need to be installed directly from GitHub (`pip install git+https://github.com/modelcontextprotocol/python-sdk.git`) if not available on PyPI.
  • ⚠️MCP client configurations (e.g., for Cursor) require specifying the absolute path to the `server.py` file.
Review RequiredView Analysis
The `resolve_sandbox_path` function in `server.py` is vulnerable to directory traversal. While it correctly handles absolute paths by taking only the file name relative to the sandbox, it fails to sufficiently normalize or validate relative paths (e.g., `../../../filename`) against the sandbox boundary. This allows an attacker to read or write files outside the intended `sandbox/` directory by crafting malicious relative paths.
Updated: 2025-11-29GitHub
0
0
Medium Cost
tuongle-learn icon

testlink-mcp-server

by tuongle-learn

Sec8

Manages TestLink QA system entities (test cases, plans, suites) via AI agents (Claude, Cursor) using the Model Context Protocol.

Setup Requirements

  • ⚠️Docker Desktop is required to run the server.
  • ⚠️Mandatory environment variables: TESTLINK_URL and TESTLINK_API_KEY.
  • ⚠️A running TestLink QA management system is required for functionality.
  • ⚠️Users must distinguish between TestLink Internal IDs (for linking/actions) and External IDs (for lookup).
Verified SafeView Analysis
The server correctly uses environment variables for TestLink API credentials. It does not contain direct arbitrary code execution vulnerabilities (e.g., 'eval' on user input). The 'robust_call' mechanism calls predefined TestLink API methods or their raw XML-RPC equivalents, not arbitrary user-supplied method names. The main security considerations are ensuring the TestLink API itself is secured and that the client-side configuration (e.g., Claude Desktop, Cursor) protects the `TESTLINK_API_KEY` from unauthorized access.
Updated: 2025-12-03GitHub
0
0
Medium Cost
sadym-chromium icon

webdriver-spec-mcp

by sadym-chromium

Sec9

Provides a RAG-powered Model Context Protocol (MCP) server for searching, reading, and asking questions about WebDriver BiDi and Classic specifications using Google's Gemini models.

Setup Requirements

  • ⚠️Requires Node.js v20 or higher.
  • ⚠️Requires a Google Gemini API Key to be configured in a `.env` file or environment variables.
  • ⚠️Initial data ingestion (`npm run ingest`) is mandatory before server usage and involves API calls to Gemini for embeddings.
  • ⚠️MCP Client configuration requires the absolute path to the repository.
Verified SafeView Analysis
The project demonstrates good security practices by loading the API key from environment variables (GEMINI_API_KEY) rather than hardcoding. Input schemas for tools are validated using `zod`. Network interactions for data ingestion (`scripts/ingest-specs.ts`) are directed to hardcoded W3C specification URLs, mitigating SSRF risks from user input. AI model calls are made to Google Gemini APIs, which is expected functionality. LanceDB is used for local storage in a dedicated `.mcp-data` directory within the project's working directory. The `read_spec_section` tool retrieves content only from the locally ingested LanceDB store, not by fetching live URLs based on user input, further enhancing security.
Updated: 2026-01-19GitHub
0
0
Medium Cost
rncz icon
Sec8

Automate Nextcloud note management using an LLM by providing a set of WebDAV-based tools.

Setup Requirements

  • ⚠️Requires a Nextcloud instance with WebDAV enabled and accessible.
  • ⚠️Requires `uv` (ultra-violet) for Python environment and package management.
  • ⚠️Requires an LLM software (e.g., LM Studio) capable of tool calling and configured to use this MCP server.
Verified SafeView Analysis
The server loads WebDAV credentials from a `.env` file, which is good practice. It interacts with Nextcloud via `webdavclient3`. The operations are restricted to defined WebDAV actions (CRUD on notes/categories) and do not involve direct `eval` or `exec` of user input. The main security considerations are protecting the `.env` file and ensuring the LLM interaction is controlled to prevent misuse of the WebDAV tools.
Updated: 2025-12-13GitHub
0
0
Medium Cost

MCP-server-Hebrew

by yossimmmm

Sec5

A server application likely related to Minecraft (MCP usually refers to Minecraft Coder Pack or Minecraft Protocol), potentially localized for Hebrew speakers.

Setup Requirements

  • ⚠️Docker required
  • ⚠️Node.js environment
  • ⚠️Potential Minecraft client/server version dependencies
Review RequiredView Analysis
Cannot perform a full security audit without code content. 'node_modules' indicates external dependencies, and 'MCP server' suggests network exposure. 'Dockerfile' can improve isolation but does not guarantee application security. Potential for unknown vulnerabilities in dependencies.
Updated: 2025-11-19GitHub
0
0
Medium Cost
Sec8

Automates and intelligently manages Tableau Server and Tableau Cloud environments, providing comprehensive control and AI-powered operations with a human-in-the-loop safety system.

Setup Requirements

  • ⚠️Requires Tableau Server or Tableau Cloud instance access (PAT authentication)
  • ⚠️Requires OpenRouter API Key (Paid service for AI-powered features)
  • ⚠️Requires Python 3.11+
  • ⚠️Requires a running Redis server (for HITL queue and caching)
Verified SafeView Analysis
The server uses Pydantic Settings for secure environment variable loading and implements a Human-in-the-Loop (HITL) approval system for all critical operations, significantly enhancing safety. It leverages established libraries like httpx and tableauserverclient. A potential XML injection risk exists in `src/api_clients/prep_client.py` where user-provided or LLM-generated strings are directly formatted into XML request bodies without explicit sanitization within the provided source code. This relies on upstream components (e.g., the LLM Web Agent or Unified Intelligence Interface) to perform robust input sanitization before reaching the tools. If not properly sanitized upstream, this could lead to unexpected API behavior.
Updated: 2025-11-29GitHub
PreviousPage 616 of 713Next