Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
chendanyu icon
Sec7

This MCP server provides a toolset that encapsulates settings and functionalities of the zwplayer HTML5 web player for AI models.

Setup Requirements

  • ⚠️Requires the 'mcp' Python library.
  • ⚠️The returned HTML/JavaScript snippets assume 'zwplayer' frontend assets (e.g., 'zwplayer.js', video files) are available at relative paths on the client's web server.
  • ⚠️The 'zwplayer_bullet_comments' tool's client-side JavaScript connects to an external WebSocket server at `ws://122.51.191.171:3000/`.
Verified SafeView Analysis
The Python server code itself appears relatively safe, primarily wrapping the FastMCP framework and returning static strings; no direct 'eval' or 'exec' on user input, nor hardcoded credentials, were found. However, the `zwplayer_bullet_comments` tool returns client-side JavaScript that establishes a WebSocket connection to an external, hardcoded server at `ws://122.51.191.171:3000/`. While this is a client-side risk, not a direct vulnerability in the Python server's execution, it represents an external dependency and a potential supply chain risk if the external server is untrusted or compromised, impacting users consuming the tool's output.
Updated: 2025-11-30GitHub
0
0
Low Cost
littlebearapps icon

wp-navigator-mcp

by littlebearapps

Sec9

AI-powered WordPress management, enabling natural language control over posts, pages, media, plugins, themes, and Gutenberg blocks via an MCP-compatible client.

Setup Requirements

  • ⚠️Requires the WP Navigator WordPress plugin, which is 'Coming Soon - January 2025' (currently unavailable).
  • ⚠️Requires generating an Application Password in WordPress for authentication.
  • ⚠️Write (create/update/delete) operations are disabled by default and require explicitly setting WPNAV_ENABLE_WRITES=1 in the MCP server configuration.
  • ⚠️Optional neural embedding search feature downloads an approximately 50MB model on first use (if @xenova/transformers is installed).
Verified SafeView Analysis
The server demonstrates strong security awareness: write operations are 'safe by default' (disabled until explicitly enabled via WPNAV_ENABLE_WRITES=1). Content modifications utilize a plan/diff/apply workflow. Destructive batch operations and content creation require explicit confirmation ('confirm_destructive: true', 'force: true'). The wpnav_set_option tool strictly limits modifications to plugin-specific options to prevent accidental changes to core WordPress settings. It supports HMAC request signing for integrity. WordPress application passwords (or Keychain references) are used for authentication, with HTTPS enforcement for non-localhost connections. Dynamic toolsets reduce the attack surface and token exposure by only presenting meta-tools by default.
Updated: 2026-01-12GitHub
0
0
Medium Cost
Sametcanj icon

npm-helper-mcp

by Sametcanj

Sec8

Facilitates NPM package management and dependency updates for large language models (LLMs) via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js v18.18.0+ and npm v8+ installed locally.
  • ⚠️Designed to be used with an MCP (Model Context Protocol) client application (e.g., an LLM agent or specific framework).
  • ⚠️The 'run_doctor' tool's ability to execute custom install/test scripts requires a high level of trust in the calling agent and careful environment isolation if used in untrusted contexts.
Verified SafeView Analysis
The server uses Zod for input validation and implements rate limiting for external API calls to the npm registry. It adheres to MCP protocol best practices by logging all server-side messages exclusively to stderr. No direct use of 'eval' or obvious code obfuscation is present, and no hardcoded secrets are identified. However, its 'run_doctor' tool can execute arbitrary 'doctorInstall' and 'doctorTest' scripts, and other tools can modify 'package.json' files based on the 'packagePath' argument. This powerful functionality, while intended for dependency management, necessitates deployment in trusted environments and careful consideration of inputs provided by the calling LLM or framework to prevent unintended script execution or file modifications.
Updated: 2025-12-15GitHub
0
0
Low Cost
AnuwatThisuka icon

cmms-mcp-server

by AnuwatThisuka

Sec9

Integrates Manufacturing Execution System (MES), Computerized Maintenance Management System (CMMS), and Internet of Things (IoT) data through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js (version 18+).
  • ⚠️Requires manual configuration of an absolute file path to 'dist/index.js' in the MCP client (e.g., Claude Desktop).
  • ⚠️Currently uses only in-memory mock data; real-world functionality requires replacing mock data with actual API integrations.
Verified SafeView Analysis
The server primarily communicates via standard I/O (stdio) as intended by the Model Context Protocol (MCP) design, significantly reducing direct network attack surface. It uses mock data, meaning it does not connect to external databases or APIs in its current form, thus avoiding risks associated with external system credentials or data exposure. Input parameters for tool calls are well-defined with JSON schemas, mitigating injection risks for filtering operations on in-memory mock data. No 'eval', direct child process execution from user input, or hardcoded sensitive credentials are found. The primary security consideration for future development would be when integrating with actual MES/CMMS/IoT systems and ensuring secure handling of real API credentials and network interactions.
Updated: 2025-12-13GitHub
0
0
Medium Cost
AccelByte icon
Sec9

Exposes AccelByte Extend SDK functions and models as contextual information to language models, enabling AI coding assistants to generate code and answer related questions.

Setup Requirements

  • ⚠️Requires Docker to run the provided container image
  • ⚠️Requires an MCP client (e.g., Cursor, Claude Desktop, Gemini CLI, Visual Studio Code) for interaction
  • ⚠️Requires setting 'CONFIG_DIR' environment variable to specify the target Extend SDK language configuration (e.g., 'config/go') for meaningful functionality.
Verified SafeView Analysis
The server employs several good security practices for an HTTP server, including 'helmet' for security headers, configurable CORS (defaulting to same-origin), 'express-rate-limit' to prevent abuse, and request body size limits ('10mb'). Session IDs are generated using 'randomUUID()', and DNS rebinding protection is enabled. File access for loading symbols explicitly checks paths to prevent directory traversal. No direct 'eval()' calls or obvious hardcoded secrets were found in the provided code snippets.
Updated: 2026-01-14GitHub
0
0
Low Cost
ben-mad-jlp icon

claude-mermaid-collab

by ben-mad-jlp

Sec7

A real-time collaborative Mermaid diagram and UI wireframe editor with markdown document support and integration for Claude Code, designed for rapid prototyping and team communication.

Setup Requirements

  • ⚠️Requires Bun runtime (1.0.0+).
  • ⚠️Designed for trusted local networks and runs without authentication by default, binding to `0.0.0.0`. Do NOT expose to untrusted internet without additional authentication and access controls.
  • ⚠️The web server auto-starts on port 3737 (default). Ensure this port is available and not in use by other applications.
Verified SafeView Analysis
The server is designed for trusted local networks and operates without authentication by default, binding to `0.0.0.0`. This makes it unsuitable for deployment on untrusted networks without additional security measures. User input for diagram/document names is sanitized to prevent path traversal. File size limits are enforced. The JSDOM environment for Mermaid rendering integrates DOMPurify for XSS protection. `Bun.spawn` is used to execute a known internal script for web server management, which is a controlled operation.
Updated: 2026-01-19GitHub
0
0
High Cost
SANARP98 icon

chromamcp-vespo

by SANARP98

Sec8

This server extends ChromaDB with advanced file processing, EXIF extraction, folder watching, and duplicate detection capabilities, integrated as an MCP-compliant backend for AI coding assistants like Codex CLI.

Setup Requirements

  • ⚠️Requires Docker Desktop to be installed and running.
  • ⚠️Requires Node.js (v14 or higher) for running setup scripts.
  • ⚠️Requires Codex CLI to be installed globally.
  • ⚠️Requires a complete restart of VS Code (not just a reload) after setup to apply configuration changes.
Verified SafeView Analysis
The architecture relies on Docker for isolation. User-provided paths are passed through a `translateToWorkspacePath` function, which is critical for preventing path traversal by ensuring paths are within the mounted `/workspace` directory. Setup scripts use `spawnSync` with explicitly defined commands and arguments (arrays), reducing command injection risks compared to direct shell execution of unsanitized input. No direct `eval` or hardcoded sensitive credentials were found. Reliance on Docker's security and correct path sanitization are key.
Updated: 2026-01-16GitHub
0
0
Medium Cost
myvfc icon
Sec8

Search and retrieve Oklahoma Sooners video highlights and information from a CSV data source via an MCP API.

Setup Requirements

  • ⚠️Requires CSV_URL environment variable pointing to the video data CSV.
  • ⚠️Requires Node.js runtime.
Verified SafeView Analysis
The server employs broad `Access-Control-Allow-Origin: *` CORS headers, which might be overly permissive if not specifically required. It relies on `CSV_URL` and `PUBLIC_URL` environment variables, assuming these URLs are trusted and not user-controlled to prevent potential Server-Side Request Forgery (SSRF) or data integrity issues. No `eval` or direct code injection vulnerabilities were found.
Updated: 2025-11-25GitHub
0
0
Medium Cost
datapilot-canada icon

gitea-mcp

by datapilot-canada

Sec8

This server allows AI agents to interact with a self-hosted Gitea instance for repository and issue management via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Gitea instance and an associated access token.
  • ⚠️Requires `mcp`, `httpx`, and `python-dotenv` Python packages (or `datapilotgiteamcp` Docker image).
  • ⚠️Docker is required for Docker-based deployment.
Verified SafeView Analysis
Secrets (GITEA_ACCESS_TOKEN, GITEA_MCP_API_URL) are correctly handled via environment variables, reducing hardcoding risks. The `compare_branches.sh` script directly uses provided branch names in git commands; while standard for shell scripts within a trusted Git environment, it's worth noting for general security principles regarding arbitrary user input. No `eval` or obfuscation found. Network requests are made using `httpx` with proper error handling.
Updated: 2025-11-30GitHub
0
0
Medium Cost
vikashvsp icon
Sec9

Empowers LLMs with web scraping capabilities for deep technical research by searching technical documentation and fetching web page content.

Setup Requirements

  • ⚠️Requires an Apify account and a paid Apify API Token to use the underlying scraping services.
  • ⚠️Requires deployment as an Apify Actor and configuration in `claude_desktop_config.json` for integration with Claude Desktop.
  • ⚠️The recommended run command uses `npx`, implying Node.js/npm must be installed for that specific setup.
Verified SafeView Analysis
The server uses environment variables for the Apify API token, which is a secure practice. It relies on the Apify client to interact with trusted Apify actors (`google-search-scraper`, `website-content-crawler`), mitigating direct injection risks from user input into raw HTTP requests. No `eval` or obfuscation found. The primary external risk would be the integrity of the Apify actors themselves or potential abuse of the scraping services, which is outside the scope of this server's code.
Updated: 2025-12-11GitHub
0
0
High Cost
CodefiLabs icon
Sec9

Enables Claude Desktop to perform network requests, execute host CLI commands, and manage files by bypassing its sandbox restrictions.

Setup Requirements

  • ⚠️Requires 'cloudflared' to be installed on the host system if public file serving functionality is desired.
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Initial usage of 'proxy_fetch' and 'network_exec' for new domains/commands will require explicit user approval ('approve: "once"' or '"always"'), adding an interactive step.
Verified SafeView Analysis
The server demonstrates robust security considerations. It explicitly blocks common SSRF targets (localhost, private IPs, AWS metadata endpoint) and dangerous CLI commands (rm, sudo, chmod, package managers like apt/brew). It uses `spawn()` instead of `exec()` for CLI execution, preventing shell injection, and validates arguments against dangerous shell operators. Sensitive file paths (e.g., ~/.ssh, /etc/shadow) are blocklisted for reading and serving. An explicit approval flow is required for new domains and commands, adding a layer of user consent. Rate limiting is implemented to prevent abuse. The main external dependency, `cloudflared` for public tunnels, is checked for installation, but its inherent security is external to this codebase. Overall, the project prioritizes security given its function of extending system access.
Updated: 2026-01-17GitHub
0
0
Medium Cost
DhunganaKB icon
Sec7

Implements a Model Context Protocol (MCP) server for BigQuery, enabling conversational analytics and schema inspection of specified datasets and tables.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with BigQuery enabled (involves billing).
  • ⚠️Requires a Google API Key for Gen AI services.
  • ⚠️Manual configuration of Google Cloud Project ID, Location, and specific BigQuery tables is required in `constants.py` and `tools.yaml`.
Verified SafeView Analysis
The system relies on the Google ADK Framework and an external 'toolbox' binary (Gen AI Toolbox for Databases) to interact with BigQuery. The `execute_sql` tool, exposed to the LLM agent, is powerful and could potentially execute arbitrary SQL if the agent is compromised or misconfigured. While the ADK framework and agent instructions aim to guide safe tool usage, the underlying 'toolbox' binary is a black box without its source code for auditing. The FastAPI endpoint lacks built-in authentication/authorization and is intended for local access; exposing it externally without additional security layers would pose a significant risk. No 'eval' or obvious obfuscation found.
Updated: 2025-12-13GitHub
PreviousPage 641 of 713Next