Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
brzozowskijuanpablo icon

MCP_Server

by brzozowskijuanpablo

Sec5

A C# .NET 8.0 server application designed to manage or orchestrate other processes (referred to as 'mcpServers'), such as a 'sql-query-server' that interacts with a SQL API.

Setup Requirements

  • ⚠️.NET 8.0 SDK Required
  • ⚠️External SQL API Dependency (Implicit for child processes)
Review RequiredView Analysis
The provided source code is limited to project configuration files and a custom configuration file (mcp-config.json). No actual C# application logic is available for a comprehensive security audit. The mcp-config.json demonstrates the server's ability to execute arbitrary commands (`dotnet run`) and set environment variables for child processes. If this configuration file can be dynamically loaded from an untrusted source or manipulated without proper authorization, it would represent a critical remote code execution vulnerability. The `SQL_API_URL` specified is `http://localhost:7000`, which is not a hardcoded secret itself, and points to a local endpoint, minimizing external network exposure from this specific configuration.
Updated: 2025-11-28GitHub
0
0
Low Cost
thiennga52004 icon

OpenAPI-to-MCP-Server-FE

by thiennga52004

Sec4

A frontend web application for managing and converting OpenAPI specifications into Model Context Protocol (MCP) servers, enabling AI assistant interaction.

Setup Requirements

  • ⚠️Requires a separate backend API server (not provided in this repository) to handle user authentication, spec management, and executable building.
  • ⚠️The `REACT_APP_API_DOMAIN` environment variable should be explicitly set to point to a secure (HTTPS) backend API to avoid using the hardcoded insecure HTTP endpoint.
  • ⚠️The signup process is simulated on the frontend (`Auth.js`), implying the backend doesn't yet support this route or it's a placeholder.
Verified SafeView Analysis
The application hardcodes a backend API domain `http://57.158.26.182:8081` in `Auth.js` if `REACT_APP_API_DOMAIN` is not set. Using an HTTP (non-HTTPS) endpoint is a critical security risk as it exposes sensitive data like login credentials and JWT tokens to eavesdropping. Storing JWT tokens in `localStorage` (`localStorage.setItem('JWTtoken', data.data.JWTtoken)`) is susceptible to Cross-Site Scripting (XSS) attacks. No client-side input validation is visible for uploaded files, which should be strictly handled by the backend. The core frontend code itself does not contain obvious malicious patterns like `eval` or obfuscation, but its reliance on a potentially insecure backend connection is a major concern.
Updated: 2025-12-14GitHub
0
0
Medium Cost
amotarao icon
Sec9

Provides an MCP server to interact with GitHub issues and pull requests, especially for managing sub-issues and milestones, facilitating automation and integration with LLM agents.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) for authenticated requests and higher rate limits, which must be obtained and configured either as an environment variable or an HTTP header by the client.
  • ⚠️Requires Node.js and pnpm to install dependencies and run the server.
  • ⚠️Requires specific JSON configuration within the Claude Desktop application for integration.
Verified SafeView Analysis
The server uses standard GitHub API authentication via an 'X-GITHUB-TOKEN' HTTP header, or optionally a 'GITHUB_PERSONAL_ACCESS_TOKEN' environment variable. Input validation for tool arguments is performed using `zod`. All GitHub API calls are directed to a hardcoded base URL (`https://api.github.com`), preventing arbitrary network requests. No `eval` or obvious malicious patterns were found in the provided source code. The security largely depends on the secure handling of the GitHub token by the client interacting with the MCP server.
Updated: 2026-01-14GitHub
0
0
Low Cost
jesuscorral icon

MCP.ToDo

by jesuscorral

Sec9

Demonstrates AI-driven development workflows and serves as a simple client-side ToDo application for proof of concept.

Setup Requirements

  • ⚠️Tasks will not persist between sessions if localStorage is unsupported or disabled in the user's browser.
Verified SafeView Analysis
The application is a client-side JavaScript ToDo app using localStorage for data persistence. User-provided task input is safely escaped using `this.escapeHtml()` before being inserted into the DOM via `innerHTML`, effectively mitigating common XSS vulnerabilities. No server-side components, network requests, or dangerous functions like 'eval' are present in the provided source code. The primary security considerations are limited to client-side browser behavior and localStorage access.
Updated: 2025-11-19GitHub
0
0
Low Cost
ggustin93 icon
Sec6

A full-stack Kanban task management application with a GraphQL API, dual-view (Kanban/Eisenhower Matrix), and AI integration via a Model Context Protocol (MCP) server for natural language task management.

Setup Requirements

  • ⚠️Docker/Docker Compose is the recommended setup; Windows users may require WSL2 or 'make' installed.
  • ⚠️Critical environment variables (DJANGO_SECRET_KEY, ALLOWED_HOSTS, NEXT_PUBLIC_GRAPHQL_URL) must be explicitly configured, especially for production, as default values are insecure.
  • ⚠️Requires Python 3.11+ for the backend and Node.js 20+ for the frontend.
Verified SafeView Analysis
The project uses standard, generally secure frameworks (Django ORM, Apollo Client). However, several configurations are insecure for production: `DEBUG=True` is hardcoded, `DJANGO_SECRET_KEY` uses a development default, and `ALLOWED_HOSTS` defaults to localhost. The GraphQL endpoint is `csrf_exempt`, which is common for GraphQL APIs but requires careful consideration of authentication if implemented. The MCP server directly accesses the Django ORM; while Django's ORM protects against SQL injection, the exposure of CRUD operations to an AI via MCP should be controlled in a production environment. Safe to run locally for development/testing, but requires critical configuration changes for production deployment.
Updated: 2025-12-15GitHub
0
0
Medium Cost
BUZDOLAPCI icon

package-intel

by BUZDOLAPCI

Sec9

Query various package registries (npm, PyPI, crates.io) to retrieve metadata, release history, and maintenance signals for software packages.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher to run.
Verified SafeView Analysis
The server makes external HTTP requests to package registries, implementing timeouts and robust error handling for network issues, 404s, and rate limiting. Input validation for `ecosystem` and `name` parameters is performed to prevent invalid requests. Configuration values are loaded from environment variables, preventing hardcoded secrets. There is no usage of `eval` or `child_process` (beyond standard `fetch`) for potentially dangerous code execution. While `JSON.parse` is used for incoming requests, typical Node.js server configurations usually mitigate risks associated with excessively large or malformed JSON payloads.
Updated: 2026-01-17GitHub
0
0
High Cost
Vasallo94 icon
Sec9

An advanced Model Context Protocol (MCP) server that integrates Obsidian vaults with AI agents (Claude Desktop, Cursor) for enhanced knowledge management, automation, semantic analysis, and content creation/editing.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️The `OBSIDIAN_VAULT_PATH` environment variable must be set to the absolute path of your Obsidian vault.
  • ⚠️For semantic search (RAG) features, additional dependencies are required: `pip install "obsidian-mcp-server[rag]"`. This will also download large AI models locally.
  • ⚠️Semantic search defaults to Ollama embeddings (`embeddinggemma` model) which requires a running Ollama server. If not available, it falls back to HuggingFace embeddings, potentially incurring local model download overhead.
Verified SafeView Analysis
The project demonstrates robust security practices, particularly for file system access. It utilizes `validate_path_within_vault` and `is_path_forbidden` to prevent path traversal and restrict access to sensitive areas (e.g., `.obsidian`, `.git`, custom private paths via `.forbidden_paths` or `vault.yaml`). These checks are applied before most file operations (read, write, delete, move). `subprocess.run` is used for `ripgrep` search but is limited to safe parameters and processed outputs. No `eval` or obfuscation found. The primary security consideration outside of the code itself is ensuring the underlying FastMCP server (if exposed via HTTP/SSE) is not publicly accessible without additional authentication/authorization, but its primary use case is local integration.
Updated: 2026-01-19GitHub
0
0
Medium Cost
JoostVanAverbeke icon

leonardo

by JoostVanAverbeke

Sec2

This application serves as a Ruby on Rails-based Model Context Protocol (MCP) server for tracking patient results, orders, healthcare providers, and municipalities.

Setup Requirements

  • ⚠️Requires Ruby 3.3 or later
  • ⚠️Requires Rails 8.0.2 or later
  • ⚠️Requires PostgreSQL 14.13 or later
  • ⚠️Requires Docker and Docker Compose
  • ⚠️Requires NodeJS and npm for the MCP Inspector tool
Review RequiredView Analysis
CRITICAL VULNERABILITY: The Model Context Protocol (MCP) server is configured to be accessible from any host (`localhost_only: false`) and has authentication explicitly commented out (`authenticate: true` commented). This means the /mcp endpoint and its tools are publicly exposed to the network without any authentication, allowing anyone to query or potentially modify sensitive patient and healthcare provider data. Hardcoded database credentials (username 'postgres', password 'postgres') are used in development environment configuration files (`compose.yaml`, `config/database.yml`), which is a risk if these configurations are inadvertently used in production. Many request specs have `skip("Add a hash of attributes valid for your model")`, indicating incomplete controller testing that could lead to input validation or authorization vulnerabilities. No explicit user authentication/authorization for the web interface is visible.
Updated: 2025-11-21GitHub
0
0
Low Cost
ArthurTcs icon
Sec8

This MCP server enables interaction with Google's Chronicle Security Operations SOAR suite for case management, entity investigation, and dynamic integration with various security tools.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires `uv` package installer/runner, and macOS users might need the full path to `uv` binary, as well as running `/Applications/Python\ 3.12/Install\ Certificates.command` for `certifi`.
  • ⚠️Critical environment variables (SOAR_URL, SOAR_APP_KEY) must be securely configured.
  • ⚠️Dynamic integrations are loaded based on a `--integrations` flag or `SOAR_INTEGRATIONS` environment variable, and their availability depends on active instances within the SOAR platform.
Verified SafeView Analysis
The server itself primarily acts as a proxy, passing commands and parameters from the MCP client to the backend SOAR platform. It uses standard HTTP libraries (aiohttp, httpx) and JSON serialization. Direct code execution vulnerabilities (like 'eval' or unsafe shell commands) are not apparent within the provided snippets of this server's code. However, the 'script_params' are JSON-dumped and sent to the SOAR's 'EXECUTE_MANUAL_ACTION' endpoint. The overall security depends heavily on the robustness of the downstream SOAR platform's API and its handling of these script parameters. Malicious input crafted for 'script_params' could potentially exploit vulnerabilities in the SOAR if it doesn't adequately sanitize or validate incoming commands/scripts.
Updated: 2025-12-01GitHub
0
0
Medium Cost
michielhdoteth icon

squish

by michielhdoteth

Sec8

Local-first persistent memory for AI agents, providing auto-capture of interactions, context injection, and advanced memory management features including deduplication.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service) if 'SQUISH_EMBEDDINGS_PROVIDER' is set to 'openai' for high-quality semantic embeddings.
  • ⚠️Requires a local Ollama instance running if 'SQUISH_EMBEDDINGS_PROVIDER' is set to 'ollama' for local embeddings.
  • ⚠️For 'Team Mode' features (PostgreSQL, Redis cache, multi-user support), Docker and manual database/Redis configuration via 'DATABASE_URL' and 'REDIS_URL' environment variables are required.
Verified SafeView Analysis
The web UI (http://localhost:37777) exposes API endpoints (e.g., /api/memories, /api/observations) which currently serve mock data but, if fully implemented with real data, would require robust authentication and authorization to prevent unauthorized access to potentially sensitive project memories. Default PostgreSQL credentials in `docker-compose.yml` (`squish`/`squish_dev`) are insecure for production and must be overridden. The project effectively mitigates SQL injection risks by utilizing Drizzle ORM and parameterized queries for database interactions. Secret detection and private tag filtering are implemented to enhance privacy, and API keys are loaded via environment variables, not hardcoded. The `npx-installer.js` script uses `execSync` for installation, which is generally a risk, but it downloads from the official GitHub releases.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Ki-Magie icon

propstack-mcp

by Ki-Magie

Sec5

It serves as a central control or management plane, providing backend services for a distributed system or application.

Setup Requirements

  • ⚠️Requires a compatible runtime environment (e.g., Node.js or Docker) to be installed.
  • ⚠️Database connection might be required depending on server functionality (e.g., PostgreSQL, MongoDB).
  • ⚠️Configuration relies heavily on environment variables, which must be correctly set up.
Review RequiredView Analysis
Source code was not provided for a comprehensive security audit. Therefore, common security risks like 'eval' usage, obfuscation, hardcoded secrets, or malicious patterns could not be checked. The score reflects an unknown risk, requiring caution as safety cannot be confirmed without code review.
Updated: 2025-12-02GitHub
0
0
Medium Cost
gymkathirza icon

MCP

by gymkathirza

Sec1

A server implementation written in C#/.NET for a specific communication protocol, likely related to Minecraft (MCP).

Setup Requirements

  • ⚠️Requires .NET SDK (e.g., .NET 6.0 or 8.0) to build and run the C# project.
Review RequiredView Analysis
Crucial source code for security analysis was explicitly stated as part of the input but was not provided. As a result, a thorough security audit could not be performed, and the safety of running this server cannot be guaranteed. Significant unknown risks are present, and the server should not be run without a complete code review.
Updated: 2026-01-19GitHub
PreviousPage 618 of 713Next