Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
benoitblais-hashicorp-demo icon

terraform-mcp

by benoitblais-hashicorp-demo

Sec9

This project serves as a demonstration for provisioning an MCP (Master Control Program or Multi-Cloud Platform) Server using Terraform.

Setup Requirements

  • ⚠️Requires Terraform CLI to be installed and configured on the local machine.
  • ⚠️Requires a valid and configured account with a cloud provider (e.g., AWS, GCP, Azure) to provision resources via Terraform.
Verified SafeView Analysis
The provided source code only contains a README.md file. There is no executable code to analyze for common security risks such as 'eval' statements, obfuscation, hardcoded secrets, or network vulnerabilities. The high score reflects the safety of the *provided textual snippet*, not the full, unprovided project source code.
Updated: 2025-11-21GitHub
0
0
Medium Cost
dotcomrow icon

k8s-mcp

by dotcomrow

Sec6

The server provides a Kubernetes Management Plane (MCP) via an OpenAPI interface, designed for AI integration, offering both read-only and administrative access to Kubernetes resources.

Setup Requirements

  • ⚠️Requires a running HashiCorp Vault instance with the Kubernetes auth method configured and initial root token for setup.
  • ⚠️Requires a running YugabyteDB cluster with a pre-existing 'vaultadmin' user role.
  • ⚠️Requires a running Redis instance.
Review RequiredView Analysis
The deployment utilizes Vault for secret management, which is a strong security practice. It separates read-only and admin access with distinct Kubernetes RBAC roles and service accounts. However, the `mcp-server-admin` role grants broad administrative privileges (`verbs: ["*"]`) making the admin instance a high-value target. A significant security concern is the `NetworkPolicy` allowing ingress from `0.0.0.0/0` to port 8080, which means any pod in the cluster can communicate with these services, increasing the attack surface. The CORS configuration is also overly permissive (`allow_origins: ["*"]`). Some initContainers run as root, which is generally discouraged, though often necessary for setup and limited in scope.
Updated: 2026-01-01GitHub
0
0
Medium Cost
nickweedon icon

mcp_resource_server

by nickweedon

Sec9

A Model Context Protocol (MCP) server for blob storage operations, providing a two-phase architecture for ingesting (uploading) and retrieving files/images via blob:// URIs.

Setup Requirements

  • ⚠️Requires Python 3.10+ and 'uv' package manager.
  • ⚠️Requires Docker for containerized deployment and shared volume setup for blob storage (`/mnt/blob-storage`).
  • ⚠️Integration with Claude Desktop requires manual configuration in `claude_desktop_config.json`.
Verified SafeView Analysis
The server uses environment variables for sensitive configurations and implements input validation for parameters like image quality and blob IDs. File system interactions are abstracted through `mcp-mapped-resource-lib` and confined to designated storage roots, reducing direct path traversal risks. Error details can be masked in production via `RESOURCE_SERVER_MASK_ERRORS`. Standard risks associated with image processing libraries (Pillow) and external dependencies apply, but no 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-01GitHub
0
0
Medium Cost
sirius-cc-wu icon

mcp-md-notes

by sirius-cc-wu

Sec9

Serves local markdown documents in a read-only manner to an LLM via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires 'uv' package manager for installation.
Verified SafeView Analysis
The server implements robust path sanitization using `_get_safe_path` to prevent path traversal attacks by ensuring all access is contained within the `NOTES_DIR`. It explicitly disallows absolute paths and checks if resolved paths start with the base directory. There are no `eval` calls, obvious obfuscation, or hardcoded secrets. File operations are read-only. The server runs locally by default, limiting network exposure.
Updated: 2025-12-14GitHub
0
0
Low Cost

pr-checker-mcp

by halkutkar

Sec8

A Model Context Protocol (MCP) server that enables Claude to check GitHub Pull Request build status and analyze Buildkite CI failures.

Setup Requirements

  • ⚠️Requires GitHub CLI (`gh`) and `jq` to be installed and available in PATH.
  • ⚠️Requires GitHub and Buildkite API tokens with specific scopes (e.g., read_builds, read_build_logs), and GitHub SSO authorization for organization repositories.
  • ⚠️The MCP server configuration in `~/.claude/config.json` must use an absolute path to the `index.js` file.
Verified SafeView Analysis
The server uses standard system commands (`gh`, `curl`, `jq`) via `child_process.exec`. Environment variables are used for sensitive tokens (`GITHUB_TOKEN`, `BUILDKITE_TOKEN`) and are not hardcoded. Input for PR number is sanitized with regex in the shell script. The primary security considerations are the permissions granted to the GitHub and Buildkite API tokens and ensuring proper token management (e.g., using fine-grained tokens, configuring SSO).
Updated: 2025-11-25GitHub
0
0
High Cost
Cloudmeru icon
Sec3

AI-powered trading assistant that bridges LLMs to MetaTrader 5 via the Model Context Protocol (MCP) for real-time market analysis, technical indicators, and ML-based forecasting.

Setup Requirements

  • ⚠️Requires Windows and MetaTrader 5 installed and logged in for full functionality (MCP Mode).
  • ⚠️Requires an API Key for a Large Language Model (LLM) provider (e.g., OpenAI, Anthropic), which may incur costs.
  • ⚠️The 'execute_mt5' tool allows execution of custom Python code, posing a significant remote code execution (RCE) security risk if exposed or misused.
Review RequiredView Analysis
The presence of the `execute_mt5` tool, which explicitly allows 'Execute custom Python code against MT5,' introduces a critical remote code execution (RCE) vulnerability. An LLM agent, if prompted maliciously or if an attacker gains control, could instruct this tool to execute arbitrary Python code, potentially compromising the host system or MetaTrader 5 instance. While API keys are handled via environment variables, which is a good practice, this does not mitigate the inherent RCE risk posed by this tool. Running the server with `--host 0.0.0.0` exposes it to the network, increasing the attack surface.
Updated: 2025-12-02GitHub
0
0
Medium Cost
arpitSrinet icon

ReachMcp

by arpitSrinet

Sec2

The Reach Mobile MCP server provides conversational commerce capabilities, enabling users to interact with an AI to browse mobile plans, devices, check coverage, manage their shopping cart, and complete purchases.

Setup Requirements

  • ⚠️Requires SSL certificates for HTTPS (self-signed certs need manual acceptance in ChatGPT Desktop).
  • ⚠️Requires Reach Mobile API credentials (REACH_ACCOUNT_ACCESS_KEY_ID, REACH_ACCOUNT_ACCESS_SECRET_KEY, REACH_XAPI_KEY) configured as environment variables for production environments.
  • ⚠️Requires OpenSSL installed on the system to generate SSL certificates.
  • ⚠️Utilizes MongoDB for persistent storage if `MONGODB_URI` is configured, otherwise falls back to JSON files. A MongoDB instance needs to be provisioned if this option is desired.
Review RequiredView Analysis
Critical security risks identified: Hardcoded API keys and authorization tokens are present in `config/tenantConfig.js` (for Reach API development defaults), `services/deviceService.js` (for Shopware API access key and protection API authorization token). These exposed secrets could allow unauthorized access or misuse of connected APIs. Additionally, the CORS configuration in `server.js` defaults to allowing all origins (`*`) if `ALLOWED_ORIGINS` is not explicitly set, which is a significant security vulnerability in web deployments. The `rejectUnauthorized: false` for HTTPS in test scripts is acceptable for testing self-signed certs but should not be in production code for external connections.
Updated: 2026-01-19GitHub
0
0
Low Cost
vicsante-aseniero icon

mcp-server-template-rust

by vicsante-aseniero

Sec6

This server provides weather alerts and forecasts via the Model Context Protocol (MCP) using HTTP transport, serving as a template for building MCP servers in Rust.

Setup Requirements

  • ⚠️Requires Docker with DevContainer support (VS Code Remote-Containers extension recommended) or Rust 1.75+ toolchain installed locally.
  • ⚠️Testing with the official MCP Inspector tool requires installing `@modelcontextprotocol/inspector` via npm and setting `HOST` and `ALLOWED_ORIGINS` environment variables for proper CORS handling.
Verified SafeView Analysis
The server uses `CorsLayer::permissive()` which allows requests from any origin, posing a significant security risk for production environments. There is no built-in authentication or rate limiting. These issues are explicitly noted in the project's `ANALYSIS.md` as areas for improvement. However, Rust's memory safety and type safety mitigate many common vulnerabilities, and there are no signs of 'eval', obfuscation, hardcoded secrets, or malicious patterns in the code.
Updated: 2025-12-10GitHub
0
0
Medium Cost
nikolai-cardinal icon

google-apps-script-mcp

by nikolai-cardinal

Sec9

Automate Google Apps Script development, deployment, and execution through an AI agent via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a Google Cloud Platform project with the Apps Script API and Google Drive API enabled.
  • ⚠️Requires creating an OAuth 2.0 Client ID (Desktop Application type) and downloading the credentials as 'oauth.json' into the 'credentials/' directory.
  • ⚠️An interactive authentication step (`npm run auth`) must be completed once to authorize the application and save refresh tokens.
  • ⚠️For 'External' OAuth consent screen user types, the user's Google account must be explicitly added as a 'test user' in the GCP console.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server uses standard and robust OAuth2 for authentication, requiring explicit user consent and handling tokens atomically. There is no use of 'eval' or other obvious malicious patterns in the provided source code. The server itself communicates via stdio, reducing direct network exposure. The primary security consideration is the broad permissions granted to the Google Apps Script API via OAuth, which is necessary for its intended functionality; a compromised AI agent or misuse could extensively manage Google Apps Script projects.
Updated: 2025-12-21GitHub
0
0
Medium Cost
Sec4

The server provides god-level intelligence for Salesforce administration, development, and architecture tasks, offering a comprehensive toolset for managing data, Apex, and metadata across various Salesforce orgs.

Setup Requirements

  • ⚠️Requires Node.js 22+
  • ⚠️Requires Salesforce org credentials (username/password/security token or OAuth 2.0 config)
  • ⚠️Docker required for containerized deployment
  • ⚠️Hostinger VPS with Docker and Traefik configured for advanced deployment scenarios
Review RequiredView Analysis
The system presents several potential injection vulnerabilities. The `sf_schedule_apex` tool uses direct string concatenation for constructing an Apex anonymous execution, which is a critical risk if user-controlled input (e.g., `jobName`, `cronExpression`, `className`) is not strictly sanitized against Apex injection. SOQL/SOSL queries (`sf_query`, `sf_query_aggregate`, `sf_search_sosl`) directly use user-provided query strings; while `sf_query` invokes `validateSOQL`, this is primarily for best practices and may not provide full injection prevention. Operations using `conn.request` (`sf_debug_logs_retrieve`, `sf_undelete_records`) with interpolated parameters (`logId`, `sobject`) are also susceptible to path or URL manipulation if input is not rigorously validated. Furthermore, the main server handler uses `args as any` when passing arguments to tool functions, indicating a potential lack of robust runtime validation against the `inputSchema` definitions, allowing for potentially malicious or malformed input to reach the underlying tool logic.
Updated: 2025-11-26GitHub
0
0
Low Cost
CMEDUCATIVA icon
Sec7

An HTTP REST adapter that exposes the OpenProject v3 API via the Model Context Protocol (MCP), providing comprehensive project management functionalities.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires an OpenProject instance (self-hosted or cloud) with a v3 API key and sufficient permissions for the API key.
  • ⚠️The default HTTP Basic Auth password 'changeme' (if enabled, which it is by default in Easypanel setup) MUST be changed for production deployments.
  • ⚠️The default `CORS_ORIGINS='*'` should be restricted to specific client domains in production environments for security.
Verified SafeView Analysis
The server uses FastAPI with secure practices like `secrets.compare_digest` for HTTP Basic Auth. Rate limiting, configurable CORS, and GZIP compression are implemented. Critical secrets like `OPENPROJECT_API_KEY` are loaded from environment variables. Potential risks include: 1. Default `HTTP_AUTH_PASSWORD` is set to 'changeme' in deployment files (`docker-compose.yml`, `easypanel-compose.yml`). In `easypanel-compose.yml`, `HTTP_AUTH_ENABLED` defaults to `true`, making this a severe vulnerability if the password is not updated in production. The `install.sh` script mitigates this by prompting for a password and enabling auth. 2. Default `CORS_ORIGINS='*'` allows all origins, which should be restricted to specific domains in production environments. 3. The service exposes HTTP without SSL/TLS by default; documentation advises using a reverse proxy for HTTPS.
Updated: 2025-12-04GitHub
0
0
Low Cost
marcelmoritz1-rgb icon

scb-mcp-server

by marcelmoritz1-rgb

Sec5

Provides backend server functionality, likely related to Minecraft (MCP) protocol interactions or extensions.

Review RequiredView Analysis
Cannot perform a meaningful security audit as no source code was provided for analysis. The score reflects a neutral stance due to complete lack of information, meaning neither risks nor safety features could be identified. 'is_safe_to_run' is set to false as safety cannot be verified without inspecting the code.
Updated: 2025-11-30GitHub
PreviousPage 634 of 713Next