Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
yashas224 icon
Sec8

This application provides a Spring AI tool for fetching current weather status, designed for integration with large language models or AI agents.

Setup Requirements

  • ⚠️Requires a Weather-Api-Key (likely from weatherapi.com), which might involve registration and usage limits.
  • ⚠️Requires a Java Development Kit (JDK) installed to build and run the Spring Boot application.
Verified SafeView Analysis
The Weather-Api-Key is correctly externalized via @Value, avoiding hardcoding. No 'eval' or malicious patterns found. External API calls to weatherapi.com are standard for such a service, but always introduce third-party dependency risks.
Updated: 2025-12-14GitHub
0
0
Medium Cost
JakubK icon

ProtegeMCP

by JakubK

Sec2

Integrate Protege ontology editing and querying with LLMs/Agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires .NET 10 runtime to be installed.
  • ⚠️Requires JavaSE-11+ runtime to be installed.
  • ⚠️Must be installed and run as a plugin within the Protege ontology editor.
Review RequiredView Analysis
The server copies an embedded .NET DLL to a temporary directory (`java.io.tmpdir`) and executes it via `ProcessBuilder`. This is a significant security risk as temporary directories can sometimes be writable by other users/processes, potentially leading to DLL hijacking or arbitrary code execution if the temporary file is replaced with a malicious executable. Furthermore, the embedded HTTP server listens on port 8080 and processes requests (including ontology modification operations like deleting/creating concepts, adding/removing axioms) without any apparent authentication or authorization mechanisms. This could allow any entity on the local network to manipulate or corrupt the active Protege ontology.
Updated: 2025-12-02GitHub
0
0
Medium Cost
mjanez icon
Sec9

Provides an intelligent MCP agent for CKAN open data portals, enabling semantic search, SQL queries, and geospatial analysis.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Uses `uv` for package management and execution (alternative to pip/python).
  • ⚠️Requires a configured CKAN portal URL (e.g., via `CKAN_URL` environment variable).
Verified SafeView Analysis
The server uses `ckanapi` for interaction, `os.getenv` for sensitive information like `CKAN_API_KEY`, and `pydantic` for input validation. It implements retry logic for network stability. No `eval` or direct command injection points were found within the provided source. The `query_datastore` tool directly passes SQL queries to the CKAN DataStore; while this is an intended feature of CKAN, the security of these queries relies on the underlying CKAN instance's SQL injection prevention mechanisms.
Updated: 2025-12-07GitHub
0
0
Medium Cost
embedded-society icon

altium-designer-mcp

by embedded-society

Sec9

AI-assisted creation and management of Altium Designer PCB footprint and schematic symbol libraries.

Setup Requirements

  • ⚠️Requires Rust 1.75+ to build from source.
  • ⚠️Requires Claude Code CLI for AI integration.
  • ⚠️A `config.json` file with `allowed_paths` must be manually created in `~/.altium-designer-mcp/` (Linux/macOS) or `%USERPROFILE%\.altium-designer-mcp\` (Windows) before first use.
Verified SafeView Analysis
The server explicitly forbids `unsafe` Rust code. File system access is strictly limited to user-configured `allowed_paths` to prevent arbitrary file access or path traversal attacks. Input validation is performed for primitive coordinates, dimensions, and names. The server operates locally via standard I/O (stdin/stdout) and does not open network ports, minimizing network attack surface. Error messages are designed to avoid exposing sensitive internal paths. No hardcoded secrets were found.
Updated: 2026-01-18GitHub
0
0
Medium Cost
EiriniOr icon
Sec8

Automates the creation and management of PowerPoint presentations, including data analysis and custom slide generation, primarily for AI-driven agents.

Setup Requirements

  • ⚠️PDF export functionality is not implemented in the Python code and explicitly requires external tools like LibreOffice or Microsoft PowerPoint for operation.
  • ⚠️Integrating with Claude Code or ChatGPT (or other LLMs) requires additional configuration steps or a custom Python wrapper/bridge server, adding complexity beyond just running the server.
  • ⚠️Data analysis features rely on pandas, which might consume significant memory for very large data files or complex operations.
Verified SafeView Analysis
The core server.py does not use 'eval' or direct arbitrary shell commands, minimizing common injection risks. File system operations are controlled (e.g., checking os.path.exists). Primary risks would stem from vulnerabilities in third-party libraries (python-pptx, pandas, qrcode) when processing malicious input files or unexpected external resource access via provided paths. The 'export_to_pdf' is noted as unimplemented and would require external tools, which would introduce new security considerations.
Updated: 2025-12-15GitHub
0
0
Medium Cost
Polaralias icon

ClickUp-MCP-Server

by Polaralias

Sec9

A Model Context Protocol (MCP) server for the ClickUp API, enabling AI agents to interact with a ClickUp workspace for task and project management.

Setup Requirements

  • ⚠️Requires a ClickUp API Key (obtained from ClickUp settings).
  • ⚠️Requires a secure `MASTER_KEY` environment variable (64-character hex string or strong passphrase) for all encryption, without which the server will not fully start or will be insecure.
  • ⚠️Requires a PostgreSQL database for persistent session and configuration storage.
Verified SafeView Analysis
The codebase demonstrates strong security practices. It explicitly requires a `MASTER_KEY` environment variable for encryption of sensitive data (like ClickUp API keys), and validates it during startup, even refusing to start in production with insecure values. OAuth flows implement PKCE (Proof Key for Code Exchange) and enforce a configurable `REDIRECT_URI_ALLOWLIST`. Rate limiting is applied to API key issuance and OAuth endpoints. Secure cookie options (`httpOnly`, `sameSite: strict`, `secure`) are used. User-bound API keys expire after 30 days of inactivity. All API key comparisons use `timingSafeEqual` to prevent timing attacks. Robust logging is in place for requests and authentication failures. `app.set("trust proxy", true)` is correctly used for deployments behind a reverse proxy. The primary area for potential improvement is the broad `origin: "*"` CORS policy, although `credentials: false` mitigates some risks.
Updated: 2026-01-19GitHub
0
0
Medium Cost
tk-logl icon

oci-mcp-server

by tk-logl

Sec1

This project appears to be a server application designed for interaction with Oracle Cloud Infrastructure (OCI). The specific functionality denoted by 'MCP' is unknown without the source code.

Review RequiredView Analysis
Source code was not provided, therefore a security audit could not be performed. Cannot verify the absence of 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Running this project without code review is extremely risky.
Updated: 2025-11-24GitHub
0
0
Medium Cost
siddikshaikh-haptiq icon

mcp-server

by siddikshaikh-haptiq

Sec9

A local Model Context Protocol (MCP) server designed for comprehensive API, web browser, and phone UI testing.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires installation of Playwright browsers (e.g., `playwright install chromium`), which is a separate step after `pip install`.
Verified SafeView Analysis
The server's primary function involves making external HTTP requests and navigating to arbitrary URLs, which is inherent to testing. Users should be aware that directing the server to untrusted external resources could expose the local machine to risks associated with those resources (e.g., malicious websites, APIs with unexpected responses), though the server itself does not introduce direct vulnerabilities beyond its intended testing scope. No hardcoded secrets or 'eval' usage detected.
Updated: 2025-11-20GitHub
0
0
Low Cost
deaddayrevolution icon

arcgis-pro-mcp-server

by deaddayrevolution

Sec7

This server enables Claude Code CLI to programmatically control ArcGIS Pro for GIS operations through a file-based communication bridge.

Setup Requirements

  • ⚠️Requires ArcGIS Pro with a specific 'Claude Pro Add-In' installed and running.
  • ⚠️Requires Python 3.10+ (system Python, not ArcGIS Pro's bundled Python).
  • ⚠️Requires 'Claude Code CLI' with MCP support.
Verified SafeView Analysis
The server communicates with ArcGIS Pro via local JSON files (`input.json`, `output.json`) in a user's home directory. This design is relatively isolated from direct network attacks. However, any local process with write access to `~/.arcgis_mcp/test/` could potentially inject commands to ArcGIS Pro or read its output. The ArcGIS Pro add-in implicitly trusts the content of `input.json`. No 'eval' or other directly dangerous functions are present in the provided Python code. Security largely depends on the user's local system security and the integrity of the ArcGIS Pro add-in.
Updated: 2026-01-18GitHub
0
0
Medium Cost
mumong icon
Sec1

Provides a unified gateway to expose various MCP tools (local Python scripts and external npm/uv packages) as SSE endpoints for AI agent integration.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx for `supergateway` and external npm/uv MCP packages.
  • ⚠️Requires the `helm` command-line tool to be installed and accessible if the `helm-tools` are enabled.
  • ⚠️The default Kubernetes deployment grants `cluster-admin` privileges, which is a significant security risk and should be reduced for production use.
Review RequiredView Analysis
CRITICAL: The `servers/test_server.py` module uses `eval(expr)` for a calculator function, which is an extremely dangerous practice and can lead to arbitrary code execution if the input is not perfectly sanitized. The RBAC configuration in `deploy/rbac.yaml` grants the `mcp-server-manager` service account `cluster-admin` privileges, giving it full administrative control over the entire Kubernetes cluster. A compromise of this pod (e.g., through the `eval` vulnerability or a malicious npm package) would lead to complete cluster takeover. Additionally, sensitive information like `ES_PASSWORD` is configured directly in ConfigMaps (`mcp_config.yaml` and `deploy/configmap.yaml`), which are not encrypted and expose credentials in plain text.
Updated: 2025-12-18GitHub
0
0
Medium Cost
hellst0rm icon

modern-cli-mcp

by hellst0rm

Sec7

An MCP server exposing over 100 modern command-line interface (CLI) tools to AI/LLM agents, providing structured JSON-RPC access for filesystem, Git forges, containers, Kubernetes, and data transformation, optimized for AI consumption.

Setup Requirements

  • ⚠️Requires Nix or Docker for zero-config dependency management, otherwise over 100 CLI tools must be manually installed.
  • ⚠️GitHub and GitLab tools require authentication (token-based or interactive login).
  • ⚠️Filesystem tools like 'File - Read/Write/Edit/Append/Patch' explicitly require absolute paths.
  • ⚠️Users need to configure `.agentignore` files to restrict AI access to sensitive directories and files.
Verified SafeView Analysis
The server is designed to expose powerful system commands (`shell_exec`, `nix_shell_exec`), extensive filesystem manipulation, network requests, and full Kubernetes/container management. While this is its intended purpose, it means a compromised or misconfigured AI agent could execute arbitrary commands and modify the system with significant privileges. Mitigations include: arguments passed as slices to prevent basic shell injection (though the command itself is agent-controlled), and an `.agentignore` mechanism to restrict AI access to sensitive paths. Authentication for Git forges is handled, but relies on user-provided tokens or interactive login. The inherent power of the exposed tools means security is highly dependent on the controlling AI agent's permissions and the user's trust.
Updated: 2025-12-18GitHub
0
0
Medium Cost
genaiunplugged14 icon

mcp-masterclass

by genaiunplugged14

Sec9

Enables AI agents to learn from their experiences by tracking outcomes, identifying patterns, and automatically improving strategies over time.

Setup Requirements

  • ⚠️Requires Claude Desktop application as the MCP Host.
  • ⚠️Requires Python 3.10 or higher for server execution.
  • ⚠️Manual configuration of Claude Desktop's `mcpServers` section is necessary, including absolute paths to the Python executable and `server.py` file, followed by a full Claude Desktop restart.
Verified SafeView Analysis
The server primarily performs file I/O operations on a dedicated 'learning_data.json' file within its own directory. No arbitrary file paths are accepted from user input, and there are no direct shell command executions, 'eval' calls, or hardcoded sensitive credentials. Its operation is localized and appears safe within the context of the Model Context Protocol (MCP) framework.
Updated: 2025-12-05GitHub
PreviousPage 625 of 713Next