Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
rudipoppes icon

RP_SL1_MCP

by rudipoppes

Sec8

This MCP server integrates with Restorepoint API to enable natural language interaction for network management, serving as a foundation for custom chat interfaces and AI-powered network automation.

Setup Requirements

  • ⚠️Requires Node.js 22+.
  • ⚠️Restorepoint API token must be obtained and configured in `config.json` (or via environment variables as suggested in documentation, though not explicitly implemented for config loading).
  • ⚠️Requires network connectivity to the specified Restorepoint server URL.
  • ⚠️Restorepoint API uses `Authorization: Custom <token>` format, not `Bearer`.
Verified SafeView Analysis
The server uses good security practices including `helmet` for HTTP headers, `cors` with whitelisted origins, and `express-rate-limit`. Input validation is performed using Zod schemas. However, the Restorepoint API token is primarily read from `config.json`, which could pose a risk if file permissions are not properly secured. Additionally, in non-production environments (`NODE_ENV !== 'production'`), it allows `rejectUnauthorized: false` for HTTPS connections, which is a significant security vulnerability if connecting to untrusted or public endpoints.
Updated: 2025-11-19GitHub
0
0
Medium Cost
Aprimo-Connect icon

remote-http-mcp-server

by Aprimo-Connect

Sec7

An OAuth 2.1 proxy and Model Context Protocol (MCP) server enabling AI assistants to securely access enterprise APIs, bridging compatibility gaps with authorization systems.

Setup Requirements

  • ⚠️Requires .NET 8.0 SDK or later.
  • ⚠️Requires an existing Aprimo environment and corresponding client IDs/secrets for OAuth configuration.
  • ⚠️Sensitive configuration values (client IDs/secrets, domain) must be manually configured in `appsettings.json` and managed securely in production.
Verified SafeView Analysis
The server's design incorporates essential security practices like JWT validation, scope enforcement, HTTPS enforcement, and audit logging. However, the repository explicitly states it's provided 'as-is' and 'not intended for direct use in Production without modification,' placing full responsibility on the developer for security, maintenance, and hardening. Configuration values, especially client secrets, are expected in `appsettings.json` and must be securely managed in production environments (e.g., via environment variables or secret managers). The proxy pattern inherently centralizes trust, requiring robust implementation, which cannot be fully assessed without the full C# source code. No 'eval' or obvious malicious patterns were found in the provided snippets.
Updated: 2026-01-12GitHub
0
0
Low Cost
erwanndebelloy icon

strava_mcp

by erwanndebelloy

Sec7

Acts as a simple HTTP proxy to intercept, modify, and forward requests, likely for processing Strava webhooks or similar events.

Setup Requirements

  • ⚠️Requires Node.js installed
Verified SafeView Analysis
The server functions as a basic HTTP proxy. While the code itself does not contain explicit vulnerabilities like 'eval' or hardcoded secrets, its nature as a proxy introduces a potential for Server-Side Request Forgery (SSRF) if 'TARGET_HOST' (configured via environment variables) can be manipulated to point to internal network resources and the proxy is exposed publicly. Proper network segmentation and careful configuration of environment variables are critical for secure deployment.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Sena-Services icon

frappe-mcp-server

by Sena-Services

Sec7

Provides an interface for AI assistants to interact with a Frappe Framework application via its REST API, focusing on document CRUD, schema handling, and programmatic customization of DocTypes and workflows.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher to run.
  • ⚠️Requires a running Frappe instance (version 15 or higher) for all operations.
  • ⚠️Both FRAPPE_API_KEY and FRAPPE_API_SECRET environment variables are mandatory for authentication.
  • ⚠️Specific tools (e.g., blueprint, doctype_operations, WhatsApp/Instagram messaging) rely on corresponding custom Frappe apps (e.g., 'sentra_core', 'senaerp_integrations') being installed and configured on the connected Frappe instance. If these apps are not present, those specific tools will fail.
Verified SafeView Analysis
The server design generally follows good security practices for an MCP. It enforces API key/secret authentication, avoids hardcoded secrets in the main codebase, and uses a well-established Frappe SDK. Direct use of 'eval' or arbitrary code execution from user input is not present. However, the server exposes powerful tools like `call_method` (which can execute any whitelisted Frappe method), `create_doctype`, `update_blueprint`, and messaging tools. The security largely depends on: 1) The permissions granted to the Frappe API key used. 2) The security and whitelisting of methods in the underlying Frappe instance. 3) The control mechanisms of the integrating AI assistant to prevent misuse or unintended operations. Verbose error logging (including `responseData` from Frappe's API) could also expose internal Frappe details to the AI, which should be considered in a production environment.
Updated: 2026-01-18GitHub
0
0
Medium Cost
rdwr-seanr icon

alteon-mcp-server

by rdwr-seanr

Sec5

Provides AI assistants with a Model Context Protocol (MCP) server to monitor, discover, validate, and retrieve real-time operational statistics from Radware Alteon Application Delivery Controllers via their REST API.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Requires an Alteon Application Delivery Controller device with its REST API enabled, and network connectivity (HTTPS) to it.
  • ⚠️The hardcoded `rejectUnauthorized: false` setting for HTTPS connections disables critical SSL certificate validation, making it inherently insecure for production environments outside of a strictly isolated lab.
Review RequiredView Analysis
The server hardcodes `rejectUnauthorized: false` for all HTTPS connections, disabling SSL certificate validation. This critically exposes communications to Man-in-the-Middle (MITM) attacks, potentially allowing an attacker to intercept or tamper with data, including credentials, despite the tools being read-only. While stated as intended for 'lab environments', this setting is not configurable via environment variables or tool arguments in the provided code and constitutes a severe risk for any production deployment. Credentials for Alteon are passed directly in tool arguments, typically sourced from environment variables or client configuration, which is a standard practice for MCP.
Updated: 2025-11-26GitHub
0
0
Low Cost
jeroenmaes icon
Sec9

Provides an ASP.NET Core Model Context Protocol (MCP) server for managing and searching BookStack wiki content via its API.

Setup Requirements

  • ⚠️Requires .NET 10 SDK to run locally.
  • ⚠️An operational BookStack instance with API access enabled is mandatory.
  • ⚠️BookStack API Token ID and Token Secret must be created in BookStack and provided in the Authorization header for each client request.
  • ⚠️The BookStack Base URL must be configured via appsettings.json or environment variables.
Verified SafeView Analysis
The server implements per-request authentication using Bearer tokens, requiring BookStack API credentials for each call, preventing hardcoded secrets in the server itself. Write operations are disabled by default, adding a layer of protection against accidental modifications. Configuration is handled securely via appsettings.json or environment variables. No 'eval' or malicious patterns were observed in the provided truncated source code.
Updated: 2026-01-13GitHub
0
0
Medium Cost
VatsKan icon
Sec8

Provides a Model Context Protocol (MCP) server to allow AI agents to read unread emails and create draft email replies in Gmail.

Setup Requirements

  • ⚠️Requires significant manual setup of a Google Cloud Project, enabling the Gmail API, and configuring OAuth 2.0 credentials (Desktop app type) to generate 'client_secret_oauth_gcp.json'.
  • ⚠️The generated 'client_secret_oauth_gcp.json' and 'token.json' must be saved securely in the project root and are not to be committed to version control.
  • ⚠️Designed for integration with Claude Desktop, requiring manual configuration of 'claude_desktop_config.json' with correct local paths.
Verified SafeView Analysis
The server uses standard Google API client libraries and limited OAuth scopes (`gmail.readonly`, `gmail.compose`). There are no direct uses of `eval` or other obvious malicious patterns. The README provides clear instructions to avoid committing sensitive OAuth credentials (`client_secret_oauth_gcp.json`, `token.json`) to source control, which is crucial for security. The primary security considerations involve the user's secure handling of these local credentials and the inherent risks of granting an AI agent access to email content and drafting capabilities.
Updated: 2025-12-13GitHub
0
0
Medium Cost
marswong icon

kieai-mcp-server

by marswong

Sec8

Provides a Model Context Protocol (MCP) server that wraps the KIE.AI Text-to-Image FLUX 2 Pro API for generating images from text prompts.

Setup Requirements

  • ⚠️Requires `KIEAI_API_KEY` environment variable to function properly.
  • ⚠️Requires Node.js version `^20.19.0 || >=22.12.0` as specified in `package.json`.
  • ⚠️The `uWebSockets.js` dependency (used by `ultimate-express`) is a native Node.js add-on and might require compilation on certain systems, although `npm ci` typically handles this automatically.
Verified SafeView Analysis
The server uses environment variables for API keys and `zod` for robust input validation, which are good security practices. The nested `JSON.parse(data.resultJson)` from an external API response is a minor theoretical concern, as a compromised external API could return maliciously crafted JSON that exploits a parser vulnerability, though modern JavaScript JSON parsers are generally robust against arbitrary code execution. No `eval` or direct system commands with user input are found.
Updated: 2025-12-05GitHub
0
0
Medium Cost
TairuFramework icon

mokei

by TairuFramework

Sec2

TypeScript toolkit for building and orchestrating AI applications using the Model Context Protocol (MCP), providing server/client implementations, multi-context hosting, session management, agent loops, and integrations with various LLM providers (OpenAI, Anthropic, Ollama), including monitoring and CLI tools.

Setup Requirements

  • ⚠️Requires OpenAI API Key for OpenAI provider (paid service).
  • ⚠️Requires Ollama server running locally for Ollama provider.
  • ⚠️MCP server source code needs to be built into JavaScript files (e.g., `lib/serve.js`) before running `addContext`.
Review RequiredView Analysis
The toolkit includes example MCP servers and documentation that demonstrate patterns with significant security risks if deployed or used with untrusted inputs: - **SQL Injection**: The `@mokei/mcp-sqlite` server directly executes SQL statements provided as tool arguments (`db.prepare(req.arguments.sql)`). If tool arguments originate from an untrusted source (e.g., a malicious LLM prompt), this is a critical SQL injection vulnerability. - **Server-Side Request Forgery (SSRF)**: The `@mokei/mcp-fetch` server fetches URLs provided as tool arguments (`await fetch(req.arguments.url)`). If tool arguments are untrusted, this can be exploited for SSRF. - **Remote Code Execution (RCE) via child process spawning**: `ContextHost.addLocalContext` and `Session.addContext` allow spawning arbitrary child processes (`command`, `args`). If these parameters can be influenced by untrusted input (e.g., from an LLM generating tool calls), it can lead to RCE on the host system. - **RCE via `Function()` constructor (documentation example)**: The documentation for `Session`'s local tools includes an example `calculate` tool that uses `Function(`"use strict"; return (${expression})"`)()` to evaluate a math expression. While not directly `eval()`, the `Function` constructor still allows arbitrary code execution if the `expression` input is untrusted, posing an RCE risk on the client-side when an LLM is given control over this tool's arguments.
Updated: 2026-01-18GitHub
0
0
Medium Cost
tdx-benheard icon

tdx-tickets-mcp

by tdx-benheard

Sec9

Provides a Model Context Protocol (MCP) server allowing AI agents to interact with TeamDynamix tickets, reports, users, and groups through a structured API.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires a Windows operating system for DPAPI password encryption/decryption.
  • ⚠️Requires a TeamDynamix account with API access and configured application IDs.
  • ⚠️Credentials must be configured interactively using `npm run setup` and stored in specific local paths (~/.config/tdx-mcp/).
  • ⚠️Requires Claude Code to be launched from the project directory containing the `.mcp.json` configuration file for proper integration.
Verified SafeView Analysis
The server handles sensitive TeamDynamix credentials. It employs Windows DPAPI for password encryption and strongly encourages storing credentials outside the repository in user-specific configuration files (~/.config/tdx-mcp/). The `decodePassword` utility validates base64 input to prevent PowerShell command injection when decrypting DPAPI passwords. The authentication process uses JWT tokens with a 23-hour cache and automatic refresh on 401 errors, along with retry logic for transient network issues. No 'eval' or direct obfuscation is present. The `execSync` usage is within a controlled context for DPAPI decryption on Windows, with input validation.
Updated: 2025-12-17GitHub
0
0
Medium Cost
sharonsky94 icon

mcp_server_python

by sharonsky94

Sec1

An MCP server for LM Studio to extend LLM capabilities with web search, page fetching, arbitrary Python code execution, and package installation.

Setup Requirements

  • ⚠️Requires a local LM Studio installation to function as an agent tool.
  • ⚠️Requires manual configuration of the LM Studio mcp.json file with correct absolute paths.
Review RequiredView Analysis
CRITICAL: The 'console' tool executes arbitrary shell commands using `subprocess.run(command, shell=True)`, leading to immediate Remote Code Execution (RCE) on the host system. The 'python' tool executes arbitrary Python code using `exec()`, which, despite attempts at isolation, allows importing sensitive modules (e.g., `os`, `subprocess`) to achieve RCE. The 'install' tool allows installing arbitrary Python packages, which could introduce malicious code. The 'fetch' tool also presents a Server-Side Request Forgery (SSRF) risk by fetching arbitrary URLs provided by an LLM.
Updated: 2025-12-16GitHub
0
0
High Cost
rem5357 icon

ufm

by rem5357

Sec4

A cross-platform MCP server for comprehensive and secure file management, enabling AI clients to interact with the local filesystem.

Setup Requirements

  • ⚠️P2P networking on Linux requires 'avahi-publish' and on Windows requires 'dns-sd' (Bonjour) for mDNS registration/browsing, which may not be installed by default.
  • ⚠️The auto-update feature relies on a specific HTTP server ('http://goldshire:8080/ufm') which must be running and accessible for updates to function.
  • ⚠️Building from source requires the Rust toolchain (Rustup, Cargo).
Review RequiredView Analysis
The server implements strong sandboxing, path traversal protection, sensitive file blocking, and granular operation controls for local file system access. However, the auto-update mechanism (enabled by default) fetches version information, including checksums, over unencrypted HTTP. This makes it vulnerable to Man-in-the-Middle (MITM) attacks, where an attacker could intercept the `version.json` response, provide a malicious binary's download URL, and a matching (but fake) SHA256 checksum for that malicious binary. The client would then download and apply the malicious update, leading to arbitrary code execution. P2P connections do not currently enforce TLS, though it is planned for the future.
Updated: 2025-12-15GitHub
PreviousPage 637 of 713Next