Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
Lakshaychauhan1811 icon

TrackExpensio

by Lakshaychauhan1811

Sec8

A comprehensive AI-powered financial intelligence assistant for tracking expenses, managing budgets, analyzing investments, and generating insights through natural language.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires MongoDB instance (local or cloud)
  • ⚠️Requires Groq API key (paid service)
  • ⚠️Full Google OAuth features require setting up Google Client ID, Secret, Project ID, and Redirect URI
Verified SafeView Analysis
The server demonstrates good security practices including using environment variables for sensitive API keys, hashing passwords (though the login_user tool in main.py claims 'not implemented yet' for password-based login, auth.py shows a login_user implementation that hashes passwords), and proper session management with UUIDs. File uploads are processed using temporary files and a maximum size limit is enforced (10MB). Authentication checks are performed for most tool calls. No direct 'eval' or obvious shell injection vulnerabilities were found. Potential areas for further hardening could include more explicit output sanitization before rendering on the frontend to prevent XSS (a common web concern), and robust input validation for all string-based arguments, as well as mitigating prompt injection risks inherent in LLM interactions.
Updated: 2025-11-30GitHub
0
0
Medium Cost
karel1980 icon
Sec8

Provides RAG search capabilities over Koog documentation using ChromaDB.

Setup Requirements

  • ⚠️Requires `git` to be installed for initial cloning of the Koog repository if not present.
  • ⚠️First startup requires significant time for indexing documentation into ChromaDB.
  • ⚠️Requires manual setup of a Python virtual environment and `pip install -r requirements.txt`.
Verified SafeView Analysis
The server uses `subprocess.run` to clone the `koog` repository from a hardcoded trusted URL (`https://github.com/JetBrains/koog.git`) if it doesn't exist. This is generally safe, as the source is known. The `koog_repo_path` is taken from `sys.argv`, allowing users to specify a local path, but operations on these files (reading, chunking) are not inherently dangerous for typical markdown content. No `eval()` or direct network risks beyond the initial git clone.
Updated: 2025-11-24GitHub
0
0
High Cost
gmossy icon
Sec9

A comprehensive Model Context Protocol (MCP) server providing AI assistants with full document lifecycle management, including CRUD, multi-format parsing, full-text search, version control, and content analysis.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires `libmagic` system dependency (e.g., `brew install libmagic` on macOS) for enhanced file type detection. Will use mimetypes fallback if not installed.
  • ⚠️Requires an MCP client (e.g., MCP Inspector or Claude Desktop) to interact, as it uses STDIO transport.
Verified SafeView Analysis
The server appears robust, utilizing standard Python libraries and SQLite for local storage. No 'eval' or direct code execution from arbitrary user input is observed. File parsing is handled by the `document_parsers.py` module, which includes checks for file existence. Potential risks could arise from insufficient sanitization of file paths if external file operations were directly exposed to untrusted user input without validation, though the provided `document_mcp_server.py` primarily handles content internally. The implementation of `Path.expanduser()` and `file_path.exists()` in the example `document_create_from_file` suggests good practices would be followed for external file interactions. No hardcoded secrets or malicious patterns were found.
Updated: 2025-12-03GitHub
0
0
Low Cost
parn-jain icon

test_mcp_server

by parn-jain

Sec9

A basic server providing arithmetic tools and server information via the FastMCP framework.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires fastmcp library
Verified SafeView Analysis
The code is simple and does not contain obvious security vulnerabilities like 'eval', hardcoded secrets, or malicious patterns. Binding to 0.0.0.0 is standard for a server, but exposes it to all network interfaces, requiring proper infrastructure-level security if deployed publicly.
Updated: 2025-12-14GitHub
0
0
Low Cost
abshingate icon

mcp-server-course

by abshingate

Sec9

A training course and framework for building Model Context Protocol (MCP) servers that enable AI assistants to interact with external tools, resources, and data sources.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed.
  • ⚠️The 'tsx' package is used for running examples and needs to be installed (or used via npx).
  • ⚠️Specific examples, like the API integration server, require environment variables such as `API_BASE_URL` and `API_KEY` for full functionality.
Verified SafeView Analysis
The server code demonstrates strong security awareness, especially in the file system example where it explicitly prevents path traversal via `validateFilePath`. Environment variables are used for sensitive configurations like API keys, rather than hardcoding. There are no obvious signs of 'eval', obfuscation, or other immediately exploitable malicious patterns. The architecture using JSON-RPC 2.0 over various transports (stdio, HTTP/SSE) is standard and handled with common best practices. Overall, it implements robust security measures for a developer training course.
Updated: 2026-01-19GitHub
0
0
Medium Cost
stilllovee icon

mssql-mcp-server

by stilllovee

Sec6

Provides a Model Context Protocol (MCP) server for interacting with Microsoft SQL Server databases, supporting various SQL operations and connection methods.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires SQL Server with an appropriate ODBC driver installed (e.g., 'ODBC Driver 17 for SQL Server').
  • ⚠️Windows Authentication requires the server to be running on Windows with necessary permissions and the `msnodesqlv8` driver.
  • ⚠️API Key mapping mode (`USE_API_KEY_MAPPING=true`) requires an Azure Table Storage account and its connection string (`AZURE_STORAGE_CONNECTION_STRING`).
  • ⚠️Database passwords stored in Azure Table Storage for API key mapping are not encrypted by the server; users must implement external encryption.
Review RequiredView Analysis
SQL injection is mitigated for parameterized queries using `request.input()`. The HTTP transport includes API key-based authentication with Azure Table Storage for multi-database support. However, `AzureTableStorageService.upsertConnectionConfig` stores database connection configurations, including passwords, as a JSON string without explicit server-side encryption. This means if a user adds an API key with a password, it will be stored in plaintext in Azure Table Storage, requiring users to handle encryption externally before storing sensitive data. The various `execute` methods (DQL, DML, DDL) rely on method-level validation, but a malicious actor with access to the tool can craft destructive queries if allowed by permissions.
Updated: 2025-12-12GitHub
0
0
Medium Cost
BCL-FOSS icon

umjiniti-probe

by BCL-FOSS

Sec2

Turns a Large Language Model (LLM) into a network administrator by providing network utility tools and a persistent connection to a cloud platform.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed on the host.
  • ⚠️The `init.sh` script is designed for Debian/Ubuntu systems and modifies system-wide firewall rules (iptables), disabling UFW.
  • ⚠️Requires assigning an A record for the probe's URL and updating the Caddyfile accordingly.
  • ⚠️High-privilege Docker container setup (`network_mode: "host"`, `cap_add: NET_RAW`, `NET_ADMIN`) implies significant trust in the application and potential for host compromise if exploited.
Review RequiredView Analysis
The application relies heavily on executing shell commands (`nmap`, `iperf3`, `traceroute`, `tcpdump`, `dnstraceroute`) via `asyncio.create_subprocess_shell` and `sshpass` with user-provided string inputs (`options`, `host`, `target`, `scripts`, `packetlength`, `server`, `interface`, `cap_count`, `duration`). There is no visible input sanitization or escaping of these parameters before they are interpolated into shell commands. This creates critical command injection vulnerabilities, allowing an attacker (or a compromised LLM) to execute arbitrary commands on the host system (due to `network_mode: "host"` and `cap_add: NET_ADMIN` in Docker) or remote SSH targets. The use of `sshpass` directly with passwords in `run_ssh_cmd` is also a security concern for credential handling. The `init.sh` script modifies host firewall rules, disabling UFW and opening several ports, which alters the host's security posture. A hardcoded `SNMP_COMMUNITY='public'` is present.
Updated: 2026-01-19GitHub
0
0
Low Cost
raghuvansh-sahil icon

freecodecamp-mcp

by raghuvansh-sahil

Sec9

This server provides tools for AI assistants to search FreeCodeCamp articles and YouTube tutorials via RSS feeds.

Setup Requirements

  • ⚠️Requires Python 3
  • ⚠️Dependencies must be installed via 'pip install -r requirements.txt'
Verified SafeView Analysis
The server fetches data from well-known RSS feed URLs (freeCodeCamp and YouTube) using the 'feedparser' library. It performs simple string matching and does not execute arbitrary code from user input or external sources. There are no 'eval' calls, obfuscation, or hardcoded secrets. The primary risk would be if the external RSS feeds themselves were compromised to serve malicious titles/descriptions, but the processing within the server is safe.
Updated: 2025-11-23GitHub
0
0
High Cost
LouisEggermont icon

research-zine-generator

by LouisEggermont

Sec8

A self-contained web interface for creating print-ready zines using AI chat, image processing, and PDF generation with Typst.

Setup Requirements

  • ⚠️Requires Python 3.8 - 3.13 (Python 3.14+ not supported due to dependency issues).
  • ⚠️AZURE_INFERENCE_ENDPOINT and AZURE_INFERENCE_CREDENTIAL must be set as console environment variables, not in .env files.
  • ⚠️Node.js 18+ is required for the exif-mcp server functionality (otherwise optional).
  • ⚠️Optional Image Analyzer MCP server requires Ollama with a vision model (e.g., llama3.2-vision:11b) and specific setup steps.
  • ⚠️Optional imagesorcery-mcp server requires installation via pipx and a post-installation setup step.
Verified SafeView Analysis
The project uses environment variables for sensitive API keys, implements robust path validation to prevent directory traversal attacks (ensuring all file paths are within a defined 'MCP_ROOT'), and explicitly disallows potentially dangerous tools within the AI agent's configuration. It logs to stderr to prevent stdout corruption. The use of FastMCP and its underlying subprocess execution for servers is expected, and the commands invoked are for known Python/Node.js scripts within the project. The primary risk would be if the underlying MCP server scripts (e.g., Typst or image processing) were compromised or given arbitrary shell access, but the provided code shows good confinement practices.
Updated: 2025-12-05GitHub
0
0
Low Cost
mapdevsaikat icon

quantaroute-geocoder

by mapdevsaikat

Sec8

Provides Model Context Protocol (MCP) tools for geocoding addresses, performing location lookups, and processing DigiPin codes using the QuantaRoute Geocoding API.

Setup Requirements

  • ⚠️Requires a QuantaRoute API Key, available from developers.quantaroute.com (a free test key is provided in documentation).
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️The 'find_nearby_boundaries' tool is not yet implemented in the backend API and will return an error.
Verified SafeView Analysis
No 'eval' or code obfuscation was found. API keys are handled securely via environment variables or request headers for outbound requests to the QuantaRoute API. Input validation is implemented for all exposed tools. The 'find_nearby_boundaries' tool gracefully handles its 'not yet implemented' status by returning an appropriate error message. Permissive CORS headers ('Access-Control-Allow-Origin: *') are configured, which is common for public APIs but means it accepts requests from any origin.
Updated: 2025-12-10GitHub
0
0
Medium Cost
getwaroo icon

fathom-mcp

by getwaroo

Sec8

An MCP server for local file knowledge, bridging file systems with large language models (LLMs) to enable full-text search, fuzzy matching, and hierarchical context access across PDFs and codebases.

Setup Requirements

  • ⚠️Requires system-level installation of `ugrep` and `poppler-utils` (for PDF processing).
  • ⚠️Requires Python 3.12 or higher.
  • ⚠️For HTTP transport in production, external authentication via a reverse proxy (e.g., Caddy, Nginx, Traefik) or a VPN is critically required, as the server provides no built-in authentication.
Verified SafeView Analysis
The server explicitly states and is designed with **no built-in authentication for HTTP transport**, strongly recommending external solutions like reverse proxies (Caddy, Nginx, Traefik) with authentication or VPNs (Tailscale, WireGuard) for production deployments. This is a critical design decision requiring user action for security. It implements robust **path traversal prevention** (`FileAccessControl`) and **filter command validation** (`FilterSecurity`) to prevent malicious execution or access outside the knowledge root. All filter commands (e.g., `pdftotext`, `pandoc`) are whitelisted by default, and `subprocess.run(shell=True)` is used conditionally and only for pre-validated commands with shell operators, reducing the risk of command injection. CORS handling includes checks against wildcard origins in production environments. Overall, the security model is well-documented and thoughtfully implemented for its specific purpose, but its external authentication dependency is a key factor.
Updated: 2026-01-19GitHub
0
0
High Cost
Digital-Defiance icon

ai-capabilities-suite

by Digital-Defiance

Sec9

Provides AI agents with advanced debugging, system control, and environmental observation capabilities via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 18+ and NPM 8+ for most common installation methods (NPM, source).
  • ⚠️MCP ACS Process requires a `mcp-process-config.json` to define `allowedExecutables` for security, making its initial setup more involved.
  • ⚠️Certain functionalities (e.g., `mcp-screenshot`) may require platform-specific native dependencies (e.g., Python setuptools on Linux/macOS, Visual Studio Build Tools on Windows) for compilation or runtime.
Verified SafeView Analysis
The core MCP servers (Debugger, Process, Filesystem, Screenshot) are designed with extensive, layered security validations (e.g., executable allowlists, argument validation, workspace jails, PII masking). Direct command execution (`execSync`) is primarily confined to build and release automation scripts, not the runtime server components that interact with AI agents. Environment variables are used for sensitive tokens, preventing hardcoding. The quick install scripts (e.g., `curl | bash`) carry inherent third-party risk common to such methods, but the application's runtime security model is robust.
Updated: 2026-01-17GitHub
PreviousPage 623 of 713Next