Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
PurlieuStudios icon

comfyui-mcp

by PurlieuStudios

Sec3

AI-powered image generation for Godot games, primarily for creating game assets like character portraits, item icons, and environment textures dynamically.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires ComfyUI to be installed and running separately (default: http://localhost:8188).
  • ⚠️Requires Stable Diffusion models to be downloaded and configured within ComfyUI.
Review RequiredView Analysis
The `load_workflow` MCP tool allows an MCP client to specify an arbitrary `workflow_path` on the server's filesystem. The server then attempts to read this file and return its content as JSON. This constitutes a local file disclosure vulnerability, enabling a potentially malicious or compromised client to read sensitive files (e.g., configuration files, system files) from the server's machine if the server process has read access. There is no explicit path sanitization or restriction to a designated workflow directory for this feature in the provided code. Other aspects like API key handling and parameter substitution seem more robust.
Updated: 2025-11-19GitHub
0
0
Low Cost
gomcpgo icon

email

by gomcpgo

Sec9

A Model Context Protocol (MCP) server for managing email operations via IMAP and SMTP, designed for LLM integration with multi-account support, caching, and draft management.

Setup Requirements

  • ⚠️Requires App Passwords for Gmail/Outlook accounts, necessitating 2-factor authentication setup.
  • ⚠️Configuration is entirely via environment variables, typically managed in a `.env` file.
  • ⚠️IMAP and SMTP access must be enabled for configured email accounts.
Verified SafeView Analysis
The server explicitly uses app passwords for Gmail/Outlook for enhanced security. Sensitive credentials are read from environment variables and are stated to never be logged or exposed in error messages. Communication uses TLS for IMAP/SMTP. Cache files are stored with standard 0644 permissions. No obvious use of 'eval' or other highly dangerous dynamic execution methods within the Go source code. The `.env` file should be secured and not committed to version control.
Updated: 2025-11-29GitHub
0
0
Medium Cost
sampathpulukurthi icon

Codebase-Copilot-MCP

by sampathpulukurthi

Sec9

Provides a sandboxed set of tools for an LLM agent to interact with and analyze a local file system, including listing, reading, and searching files, and generating repository overviews.

Setup Requirements

  • ⚠️Requires the `fastmcp` library to be installed.
  • ⚠️Optimal performance for the `smart_search` tool requires `ripgrep` (`rg`) to be installed on the system; otherwise, it falls back to a slower Python-based search.
Verified SafeView Analysis
The server implements strong path traversal prevention mechanisms using `Path.resolve()` and explicit checks against a defined `BASE_DIR` for all file system operations. It rejects absolute or home-relative paths from user input. The `smart_search` tool uses `subprocess.run` with explicit arguments for `ripgrep`, which is safer than `shell=True`, and includes a Python fallback. No `eval` or `exec` functions are used. Overall, the server appears well-designed for security within its intended scope, making it safe for agent interactions with a local file system.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ashokprodev icon
Sec7

A backend service for remote expense tracking, providing APIs for adding, listing, and summarizing financial transactions, along with managing categories.

Setup Requirements

  • ⚠️Database Persistence: The `expenses.db` database is created in a temporary directory (`tempfile.gettempdir()`). This means all expense data will be lost when the system restarts or the temporary directory is cleaned, unless the `DB_PATH` variable is explicitly reconfigured to a persistent location.
  • ⚠️Asynchronous Execution: The server utilizes Python's `async/await` syntax with `aiosqlite`. It must be run within an asynchronous event loop environment, which `mcp.run()` typically handles (using `uvicorn`). Direct synchronous execution attempts will lead to errors.
  • ⚠️FastMCP Protocol: Interaction with the server's functionality (tools like `add_expense` or resources like `categories`) requires using the FastMCP (Micro-Agent Communication Protocol) client library, not a standard REST API client.
Verified SafeView Analysis
The application uses parameterized SQL queries (e.g., `INSERT INTO expenses(...) VALUES (?,?,?,?,?)`), which effectively mitigates SQL injection vulnerabilities. The SQLite database is created in a temporary directory by default (`tempfile.gettempdir()`), which, while preventing writes to arbitrary locations, means data is not persistent across restarts. The server listens on all network interfaces (`0.0.0.0:8000`), which is a common configuration but requires proper firewalling in production environments. No obvious hardcoded secrets or arbitrary code execution vulnerabilities (like `eval` with untrusted input) are present in the provided application logic.
Updated: 2025-12-12GitHub
0
0
Medium Cost
GOKUL-Kiddzz icon

mcp-server-bridge

by GOKUL-Kiddzz

Sec6

Acts as a bridge to forward Model Context Protocol (MCP) JSON-RPC requests received via stdin to an external HTTP/HTTPS server.

Setup Requirements

  • ⚠️Requires Node.js runtime (>=16.0.0).
  • ⚠️Requires an external MCP-compatible HTTP/HTTPS server running to forward requests to.
  • ⚠️MCP_AUTH_KEY environment variable MUST be overridden with a strong, unique secret in production environments due to the weak default.
Review RequiredView Analysis
The `MCP_AUTH_KEY` has a hardcoded default ('test-token-123') if the environment variable is not set, posing a significant security risk for production deployments. It relies on `MCP_SERVER_URL` pointing to a trusted server and input from stdin being trusted. Log files (`mcp-bridge.log`) could grow indefinitely, but the path is configurable.
Updated: 2025-11-28GitHub
0
0
Medium Cost
jamesb97 icon

MCP-Server

by jamesb97

Sec3

A TCP server exposing various system interaction tools for an AI system (LLM) to consume via a structured JSON-based protocol.

Setup Requirements

  • ⚠️Requires Node.js and npm to be installed.
  • ⚠️The `dev` script uses `ts-node`, which needs to be installed (handled by `npx` if present in `devDependencies`).
  • ⚠️Potential for port conflicts on port 3000.
Review RequiredView Analysis
CRITICAL: The server is vulnerable to path traversal attacks. The `listDir`, `searchFiles`, and `fileContent` tools directly use the `path` parameter provided by the client without sanitization. An attacker could provide paths like `../../../../etc/passwd` to read sensitive system files or `../../../../tmp/malicious.txt` to write arbitrary content, potentially leading to remote code execution or data exfiltration. This makes the server highly unsafe to run in any untrusted environment.
Updated: 2025-11-26GitHub
0
0
Medium Cost
ujwesh09 icon
Sec8

Automates interaction with Atlassian Jira and Confluence Cloud services through AI assistants within VS Code for enhanced developer workflows.

Setup Requirements

  • ⚠️Requires Node.js to be installed locally.
  • ⚠️Requires Python 3.8+ (for `confluence_query.py` and other scripts that might use `requirements.txt`).
  • ⚠️An Atlassian account and generated API token are mandatory for authentication.
  • ⚠️The `@sethford/atlassian-mcp-server` package is downloaded via `npx` on first run.
Verified SafeView Analysis
The project follows good practices for handling secrets by recommending environment variables and `.gitignore` for credential files (.env, .vscode/mcp.json). No explicit 'eval' or obfuscation is present in the provided source code. The `confluence_query.py` disables SSL warnings (`urllib3.disable_warnings`) which could mask legitimate certificate issues in some network environments, but this is explicitly noted for 'corporate environments with self-signed certificates'. The primary security risk lies in the user's secure management of their Atlassian API token.
Updated: 2025-12-03GitHub
0
0
High Cost
srinath1 icon
Sec3

Provides a Model Context Protocol (MCP) server with calculator tools, documentation access, and prompt templating for integration with AI clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Manual configuration (editing a JSON file) is required for integration with Claude Desktop, including providing absolute paths to the Python executable and server script.
  • ⚠️The recommended 'uv' package manager requires a separate installation step if not already present on the user's system.
Review RequiredView Analysis
The 'calculate' tool uses Python's `eval()` function to evaluate mathematical expressions. Although a `safe_dict` is used to limit available functions, `eval()` is inherently dangerous and notoriously difficult to secure against all forms of malicious input. An attacker capable of controlling the `expression` input could potentially exploit this for arbitrary code execution, privilege escalation, or denial-of-service, even with a restricted environment. This represents a critical vulnerability.
Updated: 2025-12-14GitHub
0
0
Medium Cost
AlexisTrouve icon

vba-mcp-server

by AlexisTrouve

Sec2

Serves as a Model Context Protocol (MCP) server for Claude, enabling extraction, analysis, injection, and automation of VBA code within Microsoft Office files (Excel, Word, Access).

Setup Requirements

  • ⚠️Requires Windows OS (due to COM automation with pywin32).
  • ⚠️Requires Microsoft Office (Excel, Word, Access) to be installed.
  • ⚠️Critical: 'Trust access to the VBA project object model' MUST be enabled in Office security settings, which significantly lowers Office security.
  • ⚠️For HTTP/SSE transport, network configuration and Windows Firewall adjustments might be needed, with no authentication by default.
Review RequiredView Analysis
The server fundamentally requires the user to enable 'Trust access to the VBA project object model' in Microsoft Office settings, which is a major security bypass, allowing external programs to programmatically access and modify VBA projects. This inherently makes the system highly vulnerable to malicious VBA code injection or execution. While the Pro version implements pre/post-validation (for ASCII and basic syntax) and automatic rollback, these do not mitigate the risk of executing intentionally malicious but syntactically valid VBA code. The HTTP/SSE transport, if used, creates an unauthenticated network endpoint, further increasing risk if exposed beyond a trusted local network. It is designed to perform privileged operations, and security largely depends on the user's discretion and the source of the VBA code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
JafarKhQ icon
Sec8

Manage Pi-hole instances and DNS settings programmatically via AI applications using predefined commands.

Setup Requirements

  • ⚠️Requires Java 21 JDK and Maven for building from source.
  • ⚠️Requires a running Pi-hole instance to connect to.
  • ⚠️Mandatory environment variables: PIHOLE_HOST and PIHOLE_APP_PASSWORD for Pi-hole connection.
Verified SafeView Analysis
The Pi-hole application password (`PIHOLE_APP_PASSWORD`) is correctly managed as an environment variable and used for authentication with proper token caching, invalidation, and retry mechanisms. Input validation for domain and list management helps prevent malformed requests to the Pi-hole API. No 'eval' or other direct code injection vulnerabilities were found. The 'GroupsService' has a placeholder implementation for `getGroupId` returning a default of '0', which is a functional limitation rather than a security vulnerability for the server itself, but could lead to unintended group assignments if the Pi-hole API uses non-zero default groups.
Updated: 2025-12-05GitHub
0
0
Low Cost

dooray-mcp-server

by john33fiao

Sec9

Provides a read-only Model Context Protocol (MCP) server to query Dooray API data for projects, posts, and wikis, intended for use with MCP-compatible clients like MCP Inspector or AI agents.

Setup Requirements

  • ⚠️Requires a Dooray personal API authentication token, which must be manually generated from Dooray's personal settings.
  • ⚠️Requires Node.js 18 or higher for runtime compatibility.
  • ⚠️Requires npm 9 or higher (or pnpm/yarn) for dependency management.
Verified SafeView Analysis
The server is designed for read-only access to the Dooray API, reducing risks associated with data modification. It correctly uses environment variables for the API token, preventing hardcoded credentials. No 'eval' or other directly dangerous patterns are present in the provided source code snippets or project description. The Python files are separate examples and also follow secure practices for handling API tokens. It's crucial that the Dooray API token itself is managed securely outside the application.
Updated: 2025-11-25GitHub
0
0
Medium Cost
aviro092 icon
Sec9

Integrate AI assistants with ServiceNow for comprehensive incident, change request, and incident task management.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires a configured ServiceNow instance with OAuth2 client credentials for API access.
  • ⚠️Requires setting up environment variables in a '.env' file for ServiceNow API configuration (e.g., SERVICENOW_BASE_URL, SERVICENOW_CLIENT_ID, SERVICENOW_CLIENT_SECRET).
Verified SafeView Analysis
The server uses `pydantic-settings` and `python-dotenv` to manage secrets via environment variables, which is good practice. OAuth2 client credentials are not hardcoded. SSL verification is enabled by default. `httpx` is used for network requests with retry logic. Input validation is performed using Pydantic models. Mock tokens are explicitly for testing/development and not production credentials. No `eval` or other dangerous dynamic code execution patterns were found.
Updated: 2025-11-24GitHub
PreviousPage 626 of 713Next