Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
pudurvenu icon

AI-NextGen

by pudurvenu

Sec1

Provides user-friendly desktop tools for creators to achieve clean results and enhance creative projects.

Setup Requirements

  • ⚠️The application is distributed as pre-compiled binaries (.exe/.dmg) within a ZIP file, with no visible source code for the actual application logic to inspect.
  • ⚠️Requires manual download and installation of an executable from a direct GitHub raw content link, bypassing typical release pages or package managers that might offer more verification.
Review RequiredView Analysis
The provided 'SOURCE CODE' for analysis is exclusively the README file. No actual executable source code for the application's functionality was supplied, making it impossible to perform a comprehensive security audit for potential risks such as 'eval' usage, obfuscation, network vulnerabilities, hardcoded secrets, or malicious patterns. The project instructs users to download and install a pre-compiled ZIP file containing an .exe or .dmg directly from a GitHub raw content link. Running unverified binaries without access to their source code for inspection poses a significant security risk, as their behavior cannot be audited. Therefore, the security score is critically low due to the inability to inspect the underlying application logic.
Updated: 2026-01-19GitHub
0
0
Low Cost
bytefrostdev icon

bytefrost-joplin-mcp

by bytefrostdev

Sec6

An MCP server enabling AI assistants to directly access, search, read, create, and edit Joplin notes stored in a self-hosted PostgreSQL database.

Setup Requirements

  • ⚠️Project is under active development and NOT PRODUCTION READY.
  • ⚠️Requires a self-hosted Joplin Server (>= 2.6.0) with PostgreSQL database.
  • ⚠️Joplin's End-to-End Encryption (E2EE) must be DEACTIVATED for the MCP to access note content.
  • ⚠️Requires Docker or Python 3.11+ runtime.
  • ⚠️Installation, configuration, and usage documentation are 'Coming soon'.
Review RequiredView Analysis
The project is explicitly marked 'UNDER DEVELOPMENT - NOT PRODUCTION READY', indicating inherent risks due to incomplete testing and potential API/schema changes. It connects directly to the PostgreSQL database, bypassing Joplin's official APIs, which requires careful implementation to prevent issues like SQL injection (no code available to verify parameterized queries). Secrets (like the database password) are indicated to be externalized via `.env` files, which is a good practice. A critical requirement for functionality is that Joplin's End-to-End Encryption (E2EE) must be DEACTIVATED, meaning note content is stored unencrypted in the database and accessible by the MCP.
Updated: 2025-12-05GitHub
0
0
Medium Cost
paolodalprato icon
Sec9

Enhances NotebookLM with client-side prompt structuring for source fidelity, enabling professional document analysis, legal research, and fact-checking.

Setup Requirements

  • ⚠️Requires Claude Desktop to be installed and configured to use MCP servers.
  • ⚠️Node.js >= 18.0.0 is required.
  • ⚠️A Google account is required for NotebookLM access, and manual authentication may require closing all Chrome/Chromium instances.
Verified SafeView Analysis
The server uses browser automation (Patchright, a Playwright fork) to interact with NotebookLM and Google authentication services. While browser automation inherently involves interactions with external websites, the server's code does not expose mechanisms for arbitrary code execution or navigation to untrusted sites via tool inputs. Command execution via `child_process.exec` is used for platform-specific Chrome process detection with fixed commands, preventing injection risks. User credentials (`LOGIN_EMAIL`, `LOGIN_PASSWORD`) are not hardcoded and are expected from environment variables. There are no detectable server-side 'eval' calls or obfuscation. The overall design appears secure for its intended purpose.
Updated: 2026-01-01GitHub
0
0
Low Cost
GaneshGMgr icon
Sec8

A backend server for an expense tracking application, leveraging the FastMCP framework for API functionality.

Setup Requirements

  • ⚠️Python 3.13 or newer required
Verified SafeView Analysis
The provided code snippet is minimal and does not contain obvious security risks such as 'eval', obfuscation, hardcoded secrets, or malicious patterns. A comprehensive security audit would require examining the full application logic, defined API endpoints, and data interactions once implemented, as well as the underlying FastMCP framework itself. Based solely on the provided code, there are no immediate red flags.
Updated: 2025-12-01GitHub
0
0
Low Cost
augustcaio icon

mcp-servers

by augustcaio

Sec9

Manages Docker containers, stacks, volumes, networks, and images by interacting with the Portainer API.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Portainer (CE or BE) must be installed and accessible via the provided URL.
  • ⚠️Requires access to the Portainer API, which may involve network configuration and API key/password management.
  • ⚠️Users must manage the JWT token returned by `authenticate_portainer` for all subsequent API calls.
Verified SafeView Analysis
The server's core functionality involves making HTTP requests to a user-specified Portainer instance, including passing credentials for authentication and JWT tokens for subsequent operations. This is standard for API interaction. No hardcoded secrets, 'eval', or obfuscation were found. The security relies heavily on the secure configuration and accessibility of the target Portainer instance itself, which is outside the scope of this server's code. Users must ensure their Portainer instance and network access are secure.
Updated: 2026-01-06GitHub
0
0
Low Cost
Pintaro icon

mem0

by Pintaro

Sec4

OpenMemory is a personal AI memory management server with a web dashboard, allowing users to store, retrieve, and manage facts and preferences for AI agents and applications. It provides a centralized knowledge base for various client applications.

Setup Requirements

  • ⚠️Requires API keys for chosen LLM and Embedder providers (e.g., OPENAI_API_KEY) configured via environment variables or the UI.
  • ⚠️Python 3.x environment needed for the API server, and Node.js for the Next.js UI. Docker/Docker Compose is the recommended setup.
  • ⚠️Defaults to SQLite, but can be configured to use various vector databases (Qdrant, Chroma, Redis, Elasticsearch, etc.), each with its own setup requirements.
Review RequiredView Analysis
The underlying `mem0` library, used by this server, appears to use `eval()` for parsing tool call arguments in some contexts (observed in `mem0-ts/src/oss/src/llms/langchain.ts` and `mem0/proxy/main.py`). This is a critical security vulnerability if attacker-controlled input can reach these `eval` calls, potentially leading to arbitrary code execution. While the immediate server code might sanitize inputs, the dependency introduces a high risk. Other aspects, such as using environment variables for API keys and local API communication, are generally good practices.
Updated: 2026-01-19GitHub
0
0
Medium Cost
firo icon
Sec8

Provides technical and fundamental analysis, and portfolio management tools for financial assets via an MCP server.

Setup Requirements

  • ⚠️Requires Python dependencies (`yfinance`, `pandas`, `numpy`, `pandas_ta`, `mcp`, `FastAPI`, `uvicorn`, `sse_starlette`).
  • ⚠️Requires internet access to fetch financial data from Yahoo Finance.
  • ⚠️Manual configuration of Claude Desktop JSON file for local integration.
Verified SafeView Analysis
The server primarily relies on the `yfinance` library for fetching market data. While `yfinance` is a widely used library, the server does not perform extensive sanitization of ticker symbols beyond what `yfinance` implicitly handles. No direct `eval` or `exec` calls with user input were found. The core logic involves data processing and calculations, not direct system interaction or arbitrary code execution based on external input. The application exposes port 8000, which requires appropriate network security if exposed publicly.
Updated: 2026-01-18GitHub
0
0
Medium Cost
MCDxAI icon
Sec3

Integrates Model Context Protocol (MCP) servers and Google Gemini AI with Meteor Client for tool execution and AI interaction within Minecraft.

Setup Requirements

  • ⚠️Requires Meteor Client (Minecraft mod) to function.
  • ⚠️External MCP servers (e.g., Node.js, Python) must be installed and configured separately by the user.
  • ⚠️Optional: Google Gemini API key (paid service) is required for AI integration.
Review RequiredView Analysis
The addon allows users to configure and run arbitrary local commands as MCP servers via `StdioClientTransport`. This means any configured MCP server can execute arbitrary code on the user's system, controlled by the `command`, `args`, `workingDirectory`, and `env` parameters in `MCPServerConfig`. This poses a significant security risk if untrusted MCP servers are added or if the addon is compromised to add malicious servers. Gemini API keys are lightly obfuscated (XOR with a hardcoded salt) before NBT storage, not strongly encrypted.
Updated: 2026-01-07GitHub
0
0
Medium Cost
cyril-goud-foodsmart icon

redshift-mcp-server

by cyril-goud-foodsmart

Sec7

This server acts as a Model Context Protocol (MCP) agent for AWS Redshift, enabling programmatic access to Redshift schemas, table metadata, and allowing execution of read-only SQL queries.

Setup Requirements

  • ⚠️Requires an AWS Redshift instance and corresponding credentials (host, database, user, password).
  • ⚠️Explicitly sets Redshift SSL `rejectUnauthorized: false`, which might require awareness of its security implications or specific network configurations.
  • ⚠️Requires Node.js (>=18) and npm/yarn to build and run the TypeScript project.
Verified SafeView Analysis
The server connects to AWS Redshift, leveraging environment variables for credentials. The `execute_query` tool is restricted to `SELECT`, `WITH`, and `EXPLAIN` statements, significantly mitigating SQL injection risks for write/destructive operations. However, the Redshift connection explicitly sets `ssl: { rejectUnauthorized: false }`, which weakens SSL security by not verifying the server's certificate. While sometimes necessary in specific enterprise configurations (e.g., custom CAs), it introduces a potential man-in-the-middle vulnerability if not properly understood and managed.
Updated: 2025-12-14GitHub
0
0
Medium Cost
kekzl icon
Sec8

Manages on-demand Model Context Protocol (MCP) servers using Docker Compose to provide AI coding assistants with task-specific tools and reduce token context overhead.

Setup Requirements

  • ⚠️Docker and Docker Compose must be installed.
  • ⚠️Requires obtaining and configuring various API tokens (GitHub, Database, Slack, Jira, Brave Search) in a `.env` file.
Verified SafeView Analysis
The project uses official MCP server Docker images and emphasizes secure practices like `.env` for secrets, least privilege, and sandboxed filesystem access. The Puppeteer server, however, requires `SYS_ADMIN` capability and `seccomp=unconfined`, which significantly relaxes security for that specific service and increases the attack surface if used for untrusted web content. No 'eval' or malicious patterns found in the shell script, which primarily wraps Docker commands.
Updated: 2025-12-06GitHub
0
0
Low Cost
Kuxha icon
Sec9

This server demonstrates autonomous workforce orchestration for post-acute care by automating scheduling, detecting conflicts, and enforcing compliance for a synthetic home-care workforce using an AI agent.

Setup Requirements

  • ⚠️Requires Python 3.12+
Verified SafeView Analysis
The server operates primarily with an in-memory data store, significantly reducing risks associated with database injections. Communication for the MCP server is via standard I/O ('stdio') using 'mcp dev', which limits direct network exposure. The code does not contain 'eval', 'exec', or other obvious dynamic code execution vulnerabilities. There are no hardcoded secrets or external API keys visible in the provided source. The system processes synthetic data, further reducing real-world impact of potential exploits. Overall, the architecture and implementation appear secure for its intended demonstration purpose.
Updated: 2026-01-15GitHub
0
0
High Cost
guojun21 icon
Sec5

Orchestrates long-running, agent-based LLM tasks, generating content and continuously or periodically re-executing prompts based on initial goals and input materials.

Setup Requirements

  • ⚠️Requires `agent` CLI to be installed and logged in.
  • ⚠️The `agent` CLI needs access to the fixed model: `gpt-5.2-codex-xhigh-fast`.
  • ⚠️The output directory must be writable by the server and the `agent`.
Review RequiredView Analysis
The server delegates task execution to an external `agent` CLI, which is invoked using `child_process.spawn`. User-controlled arguments like `agent_bin`, `workspace_dir`, `output_dir`, and `input_materials` are passed directly to `spawn` and file system operations (`fs` module). This introduces risks of arbitrary command execution if `agent_bin` is manipulated to point to a malicious binary, or path traversal if directory paths are not sufficiently sanitized. The `agent` is also run with `--force-allow-all-commands` (`-f`), giving it broad permissions within its workspace. Requires trust in the `agent` CLI and careful handling of user inputs to prevent exploitation.
Updated: 2026-01-18GitHub
PreviousPage 617 of 713Next