Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
ArvidSU icon

contractor

by ArvidSU

Sec1

A deterministic task contract server for agent execution verification with human approval, behaving like CI for individual tasks.

Setup Requirements

  • ⚠️Requires Docker to be installed and running, with its socket accessible for container spawning.
  • ⚠️The `workspacePath` for validation must be an absolute path on the HOST machine, requiring careful client-side configuration.
  • ⚠️The server, as configured in `mcp-toolkit-manifest.json`, needs access to the Docker daemon (by mounting `/var/run/docker.sock`), granting high privileges to its validation containers.
Review RequiredView Analysis
The system presents critical security risks. The `http` validation type allows for direct command injection via the `url` parameter (e.g., `url: "http://example.com'; rm -rf /;"`) which is embedded into a shell script executed within a Docker container. This constitutes a severe Remote Code Execution (RCE) vulnerability. Additionally, the `command` validation type allows agents to propose arbitrary shell commands for execution in a container. While human approval is required, detecting malicious or exploitable command sequences in complex validation specs is extremely difficult and error-prone. The `mcp-toolkit-manifest.json` explicitly mounts the host's Docker socket (`/var/run/docker.sock`) into the server's container and thus into the validation containers, granting them root privileges over the entire Docker daemon, which can lead to host compromise if any RCE vulnerability is exploited. Furthermore, the `ValidationRunner.ts` mounts the `workspacePath` (provided by the client, which could be any host path) into validation containers without explicitly enforcing read-only access (e.g. `src:dest:ro`), meaning by default, these containers have write access to potentially arbitrary host directories, posing a significant data integrity risk if combined with RCE.
Updated: 2025-11-30GitHub
0
0
Low Cost
ServiceStack icon

gemini-gen-mcp

by ServiceStack

Sec9

MCP server for generating images and audio from text using Google Gemini AI models.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (paid service, obtained from Google AI Studio).
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The server primarily relies on the official `google-genai` library for API interaction and `fastmcp` for the server framework. It correctly handles sensitive information by requiring the `GEMINI_API_KEY` via an environment variable, preventing hardcoding. No 'eval' or other highly dangerous functions are used in the core logic. File operations are limited to saving generated media and metadata to a configurable download path, which defaults to a temporary directory. The `tests/diagnose_network.py` file uses network functions for diagnostic purposes only and is not part of the main server execution.
Updated: 2026-01-19GitHub
0
0
Medium Cost
u9401066 icon

medagent-copilot

by u9401066

Sec6

MedAgent Copilot transforms GitHub Copilot into a medical AI agent to interact with FHIR electronic health record systems and complete clinical tasks autonomously for evaluation.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires VS Code with GitHub Copilot extension.
  • ⚠️Requires Docker to run the FHIR server dependency.
  • ⚠️Requires cloning both 'medagent-copilot' and 'MedAgentBench' repositories.
Verified SafeView Analysis
The server's design for 'Task Isolation' implies patient memory is cleared after each task. However, the `PatientMemory` system persists patient notes to individual JSON files (`.med_memory/patient_context/patients/{mrn}.json`) on disk and does not explicitly delete them after a task. While the in-memory context is isolated, patient data remains on the local file system, which could be a privacy risk if not managed carefully in a production environment. The FHIR API base URL (`FHIR_API_BASE`) is configurable, and if pointed to an untrusted or insecure server, could expose sensitive data or other network vulnerabilities. No direct use of `eval` or obvious malicious patterns in processing agent inputs was found.
Updated: 2025-11-28GitHub
0
0
Low Cost
NagilaLopes icon

taskflow

by NagilaLopes

Sec8

Processes documents quickly and cost-effectively using local AI models for tasks like summarization, classification, extraction, and named entity recognition.

Setup Requirements

  • ⚠️The core server logic (API endpoints, orchestration) is not yet implemented, as the project is in its very early 'Week 1' development phase.
  • ⚠️The primary installation method described for end-users involves downloading and running an installer from a .zip file, which may not align with typical developer workflows for source-code based projects.
  • ⚠️Trained models are not part of the main repository and require separate handling (e.g., Git LFS or external storage), which might add complexity to local setup for developers.
Verified SafeView Analysis
The provided source code consists solely of documentation and planned project structure (READMEs, changelog). No executable code (e.g., Python scripts, server logic) was available for a deep security analysis. Therefore, no immediate code-level vulnerabilities like 'eval', obfuscation, or hardcoded secrets could be identified within the provided snippets. The project's main README describes an installation method via downloading a .zip file and running an installer, which inherently requires trust in the provided executable. Security vulnerabilities related to network risks, data handling, or system access could exist once the planned API and client application are fully implemented, but cannot be assessed from the current documentation.
Updated: 2026-01-19GitHub
0
0
High Cost
shueisha-arts-and-digital icon

docbase-mcp-server

by shueisha-arts-and-digital

Sec9

Provides an MCP server interface to manage DocBase notes, enabling search, retrieval, creation, and updating of posts.

Setup Requirements

  • ⚠️Requires Node.js 20+ and NPM 10+
  • ⚠️Requires DOCBASE_API_TOKEN environment variable (obtained from DocBase settings)
  • ⚠️Requires DOCBASE_DOMAIN environment variable (your DocBase subdomain)
Verified SafeView Analysis
The server uses `zod` for input validation and strictly relies on environment variables (`DOCBASE_API_TOKEN`, `DOCBASE_DOMAIN`) for sensitive information, preventing hardcoded secrets. API interactions are handled via `axios` with basic error handling. No `eval` or obfuscation found. Standard API interaction with good security practices for an MCP server.
Updated: 2025-12-10GitHub
0
0
Medium Cost
9506hqwy icon
Sec8

Provides a Model Context Protocol (MCP) server to expose GitLab API functionality as tools consumable by AI agents.

Setup Requirements

  • ⚠️Requires a GitLab server URL (defaults to 127.0.0.1 which is likely incorrect).
  • ⚠️Requires a GitLab server token with appropriate permissions.
  • ⚠️The server registers a large number of API tools, which might consume a significant portion of an LLM's context window during initial tool ingestion.
Verified SafeView Analysis
The server retrieves sensitive GitLab tokens from environment variables or command-line flags, which is a standard and generally secure practice. It relies on an external Go GitLab client library, whose internal security is not audited here. No 'eval' or obvious malicious patterns were found in the provided server code. The main security risk is improper configuration of the GitLab URL and token.
Updated: 2025-12-08GitHub
0
0
Low Cost
lingga1997 icon
Sec2

Deploys a self-hosted n8n instance with an NGINX reverse proxy and SSL certificates (Let's Encrypt or self-signed) using Docker Compose.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed and running (installation handled by `install.sh` but requires `sudo` privileges and system modifications).
  • ⚠️Requires user input for `DOMAIN_NAME`, `SUBDOMAIN`, `LETSENCRYPT_EMAIL`, and `LOCAL_TIMEZONE` which are critical for configuration.
  • ⚠️For `localhost` setups, `mkcert` is installed via `git clone` and `go build` to generate self-signed SSL certificates, adding dependencies on `git`, `go`, and `nss-tools`.
  • ⚠️The installation script automatically sets `/var/run/docker.sock` permissions to `666`, which has significant security implications by granting all local users root-level access via Docker commands.
Review RequiredView Analysis
The `install.sh` script sets `/var/run/docker.sock` permissions to `666`, which grants full control over the Docker daemon to all users on the system, effectively providing root access to anyone. This is a critical security vulnerability and should be avoided, especially in multi-user environments. Additionally, the script downloads and compiles `mkcert` from GitHub via `git clone` and `go build`, and directly `curl`s the Docker Compose binary from GitHub releases. While common practices, these introduce supply chain risks if the external repositories or download sources are compromised.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Hyeong-soo icon

x402-fetch-mcp

by Hyeong-soo

Sec9

Enables AI agents to automatically pay for and access paywalled web content using the x402 payment protocol on the Base network.

Setup Requirements

  • ⚠️Requires a valid EVM private key (0x... format) with access to USDC and ETH (for gas) on either Base Sepolia or Base mainnet.
  • ⚠️Integration is specifically designed for Claude Code and similar Model Context Protocol (MCP) compatible AI agents.
  • ⚠️Users must acquire testnet ETH/USDC for Base Sepolia or real assets for Base mainnet to use the payment functionality.
Verified SafeView Analysis
Private keys are stored in `~/.x402/config.json` with `600` permissions, restricting access to the owner, which is a good security practice. The README explicitly discourages using environment variables for private keys to prevent exposure, though the code includes environment variables as a fallback for backward compatibility. There is no evidence of `eval` or dynamic code execution from untrusted sources. The core functionality involves blockchain transactions and fetching arbitrary URLs, inherent to its design, relying on the security of underlying libraries (`viem`, `@x402/fetch`).
Updated: 2026-01-19GitHub
0
0
High Cost
natecole1 icon

arxiv-mcp-server

by natecole1

Sec9

Provides AI Agents with the ability to search and retrieve scientific papers and authors from the Arxiv public API.

Setup Requirements

  • ⚠️Requires Docker or NPX for local execution/remote connection.
  • ⚠️Requires internet access to query the Arxiv public API.
  • ⚠️The default server port (3000) might conflict with other services.
Verified SafeView Analysis
The server uses standard Node.js libraries and the Model Context Protocol SDK. It interacts with the public Arxiv API without requiring any credentials. There is no usage of 'eval' or similar dangerous functions, nor any apparent obfuscation or hardcoded secrets. The primary risk would be potential vulnerabilities in its dependencies or the Arxiv API itself, which are outside this project's direct control.
Updated: 2025-12-30GitHub
0
0
Medium Cost
ptnghia icon
Sec7

Provides an MCP server for automated universal task management, workflow automation, and AI-powered insights, integrated with GitHub Copilot Chat for natural language control.

Setup Requirements

  • ⚠️Requires Node.js 18+ and Visual Studio Code with the GitHub Copilot extension (a paid service).
  • ⚠️Common 'taskflow command not found' issues during initial setup requiring PATH configuration or using 'npx'.
  • ⚠️Strictly requires the new npm package '@ptnghia/taskflow-mcp'; installation of the old 'taskflow-mcp' package leads to outdated tools and warnings.
  • ⚠️Manual configuration of '.vscode/mcp.json' is critical, requiring the exact path to the installed 'index.js' and setting the 'WORKSPACE_ROOT' environment variable.
Verified SafeView Analysis
The server integrates deeply with a user's local development environment, including features like auto-committing and pushing to Git repositories. This grants it significant privileges within the project's codebase. Control via natural language (GitHub Copilot Chat) introduces a potential risk vector for command injection or unintended actions if the natural language processing and command execution are not robustly secured and validated. Analyzing codebase and generating content also means it accesses project files, which could pose a data exposure risk if not handled carefully. Without direct source code, specific vulnerabilities cannot be identified, but the powerful capabilities warrant a careful assessment of its implementation.
Updated: 2025-11-25GitHub
0
0
Low Cost
guilhermetechmakers icon
Sec10

A basic frontend web application boilerplate using React, TypeScript, and Vite for rapid development.

Setup Requirements

  • ⚠️React Compiler is not enabled by default and requires manual configuration for potentially improved performance.
  • ⚠️Default ESLint configuration is basic; production applications are recommended to update it for type-aware and React-specific lint rules.
  • ⚠️Uses @vitejs/plugin-react (Babel) by default; users preferring SWC for Fast Refresh would need to switch to @vitejs/plugin-react-swc.
Verified SafeView Analysis
The provided source code for this frontend application is minimal and does not contain any server-side logic, 'eval' statements, hardcoded secrets, or suspicious network calls. It appears to be a safe, standard boilerplate.
Updated: 2025-11-25GitHub
0
0
Medium Cost
ikanc icon

workzen-mcp

by ikanc

Sec1

Acts as an AI-powered Model Context Protocol server to manage WorkZen operations including job, client, invoice, and task management.

Setup Requirements

  • ⚠️Setup instructions are explicitly stated as 'Coming soon...' in the README.
  • ⚠️Authentication 'via WorkZen API' implies dependency on external WorkZen services and credentials.
  • ⚠️As an 'AI-powered' server, it is highly likely to require an external AI service API key (e.g., OpenAI) or local AI model setup.
Review RequiredView Analysis
Cannot perform a security audit as no actual source code (only README.md) was provided. Presence of 'eval', obfuscation, hardcoded secrets, or malicious patterns cannot be checked. Running this software without code review is extremely risky.
Updated: 2025-11-21GitHub
PreviousPage 621 of 713Next