Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
JayaSamuthraDevi icon

mcp-server

by JayaSamuthraDevi

Sec9

A Model Context Protocol (MCP) server for secure access to billing and compute information, authenticated via Keycloak for AI assistant integration.

Setup Requirements

  • ⚠️Requires a running and configured Keycloak server instance with a specific client setup.
  • ⚠️Relies on the `uv` package manager for dependency management and running the server.
  • ⚠️Requires Python 3.14+ as per `pyproject.toml`.
Verified SafeView Analysis
The server uses OAuth2 via Keycloak for authentication, with sensitive configuration loaded from environment variables (no hardcoded secrets). It leverages httpx for secure asynchronous HTTP requests to upstream services. Upstream API keys and secrets are expected as claims within the verified OAuth token, shifting the security burden for these credentials to the Keycloak setup and token issuance process. No 'eval' or obvious malicious patterns found in the provided code. Requires HTTPS in production and careful handling of client secrets as emphasized in the README.
Updated: 2025-12-28GitHub
0
0
Low Cost
sslotsky icon

chess-advice-mcp

by sslotsky

Sec8

A microservice component that provides strategic chess advice based on board state and move history using the OpenAI API.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
Verified SafeView Analysis
Uses process.env for API key. Default cors() allows all origins, which might be too permissive depending on deployment context. Potential for prompt injection through user inputs (moveHistory, difficulty, tone) into the OpenAI prompt, though the prompt itself tries to constrain the LLM. No 'eval' or obfuscation found.
Updated: 2026-01-19GitHub
0
0
Low Cost
omarkamali icon

semango

by omarkamali

Sec2

A hybrid search engine for codebases, documentation, and knowledge bases, combining lexical (BM25) and semantic (vector) search with a web UI and REST API.

Setup Requirements

  • ⚠️Requires Go 1.23+, Node.js 20+, and Yarn for building from source.
  • ⚠️Requires CGO dependencies (FAISS, OpenBLAS, ONNX Runtime) to be manually installed or handled by provided scripts/Docker.
  • ⚠️Requires `OPENAI_API_KEY` environment variable if using OpenAI for embeddings (paid service), otherwise downloads local models (requires disk space and bandwidth).
  • ⚠️Configuration (semango.yml) must be initialized (`semango init`) and content indexed (`semango index`) before running the server.
Review RequiredView Analysis
CRITICAL VULNERABILITIES IDENTIFIED: 1. Authentication Bypass: The REST API (`/api/v1/search`, `/api/v1/health`, `/api/v1/stats`) is advertised as 'Token-authenticated' in the README, but the provided `api/server.go` code *does not implement any authentication middleware*. Requests from the `ui/App.tsx` also do not include an `Authorization` header. This means the API is publicly accessible without any token, which is a critical security vulnerability allowing unauthorized access to search and statistics. This server is unsafe to run in any exposed environment. 2. Arbitrary Code Execution (Plugins): The system supports dynamic loading of plugins (`.so` shared object files) specified in `semango.yml`. This feature allows arbitrary native code execution and presents a severe security risk if plugins are sourced from untrusted origins or if the configuration can be tampered with by an attacker. 3. External Binary Downloads: Installation scripts (`install_faiss.sh`, `install_onnxruntime.sh`) use `curl -L` to download external libraries (FAISS, ONNX Runtime) from GitHub releases. While GitHub is generally trusted, this introduces a dependency on external integrity and can be a supply chain risk. 4. CGO Usage: The project extensively uses CGO for FAISS and ONNX Runtime. This exposes the system to potential C/C++ vulnerabilities (e.g., buffer overflows, memory corruption) that Go's memory safety features typically mitigate. Careful review of CGO-bound code is essential.
Updated: 2025-12-14GitHub
0
0
Medium Cost
vietld-3584 icon

autoTesting

by vietld-3584

Sec3

This server is designed for automated testing, likely related to the Minecraft Protocol (MCP.

Review RequiredView Analysis
No source code provided beyond the README, making a comprehensive security audit impossible. Cannot verify the absence of 'eval', obfuscation, hardcoded secrets, network risks, or malicious patterns. Therefore, a low safety score is assigned as a precaution.
Updated: 2026-01-19GitHub
0
0
Low Cost
bioanywhere icon
Sec9

Provides Docker deployment configuration for an MCP (Managed Cloud Platform) server, including local development and CI/CD setup.

Setup Requirements

  • ⚠️Docker required
  • ⚠️Docker Compose recommended for orchestration
Verified SafeView Analysis
The provided code consists solely of Docker deployment configurations and scripts. It does not contain application logic. No 'eval' or obvious malicious patterns were found within these configuration files. The server exposes port 3000, which is standard. Data volume mounts './data' locally, which requires attention regarding sensitive data persistence if applicable. 'GITHUB_TOKEN' is mentioned for GitHub Container Registry authentication but is not hardcoded within the deployment configurations.
Updated: 2025-12-01GitHub
0
0
Medium Cost
DMGoose icon
Sec9

Connects Notion workspaces to Claude Desktop, enabling Claude to search, read, and query Notion content with advanced features.

Setup Requirements

  • ⚠️Requires Node.js 24.11.0 (recommended via Volta)
  • ⚠️Requires a Notion account with admin access to create integrations and share content.
  • ⚠️Requires manual configuration within the Claude Desktop application to register the MCP server and set the NOTION_TOKEN environment variable.
  • ⚠️Notion integration needs explicit access to pages/databases you want Claude to access.
Verified SafeView Analysis
Notion API token is handled as an environment variable (NOTION_TOKEN), preventing hardcoding in the codebase. Input validation for tool parameters is performed using Zod schemas. No 'eval' or direct command execution with unsanitized user input is detected in the provided source code. Standard SDKs are used for Notion API integration and MCP communication, reducing direct exposure to common vulnerabilities. General dependency vulnerabilities remain a potential risk, as with any software.
Updated: 2025-11-19GitHub
0
0
High Cost
cvidmar icon
Sec7

Provides Claude Code with an MCP server to get second opinions and code reviews from OpenAI's Codex CLI, acting as a bridge between the two AI assistants.

Setup Requirements

  • ⚠️Requires OpenAI Codex CLI to be installed and available in the system's PATH (validated on server startup).
  • ⚠️Requires Go 1.21+ to build the server executable.
  • ⚠️Requires manual configuration in Claude Code's JSON configuration file (`~/.config/claude/claude_code_config.json`) with the absolute path to the built executable.
Verified SafeView Analysis
The server uses `os/exec` to call external commands ('codex' and 'git'). While user-supplied arguments for `codex exec` are passed after a `--` delimiter, which helps prevent direct shell command injection from the prompt content, the security ultimately depends on the robustness of the underlying `codex` CLI in handling potentially malicious input within its prompt arguments. The `git diff` commands are executed with fixed arguments and do not directly incorporate user-controlled strings as command arguments, posing a lower risk. No hardcoded secrets or network listening are present in the server's own Go code.
Updated: 2025-12-03GitHub
0
0
Medium Cost
davidpadbury icon

music-assistant-mcp

by davidpadbury

Sec9

Controls Music Assistant for multi-room audio, playback management, and music discovery.

Setup Requirements

  • ⚠️Requires a running Music Assistant server instance.
  • ⚠️Requires a long-lived access token from your Music Assistant server.
  • ⚠️Requires 'uv' (package manager) to be installed on the system.
  • ⚠️Requires Python 3.11 or newer.
Verified SafeView Analysis
The server uses Pydantic for input validation on all tool parameters, which helps prevent injection attacks. It relies on the `music-assistant-client` library for interaction with the Music Assistant server. No direct `eval` or `exec` calls are present in the provided source code, nor any direct system command execution without proper sanitization. Secrets (URL, token) are expected via environment variables, not hardcoded. The recommended installation method `uvx` runs the code in an isolated environment.
Updated: 2026-01-19GitHub
0
0
Medium Cost
justincampbell icon

ourgroceries-mcp

by justincampbell

Sec8

Manages grocery lists on OurGroceries.com, allowing users to retrieve, add, remove, update, and toggle items across their lists.

Setup Requirements

  • ⚠️Requires an existing OurGroceries.com account.
  • ⚠️Authentication relies on web scraping which can break if OurGroceries.com changes its login page or HTML structure.
  • ⚠️Node.js version 18 or higher is required.
Verified SafeView Analysis
The server uses a login flow that scrapes HTML and extracts an authentication cookie and team ID from OurGroceries.com. These credentials (authCookie and teamId) are stored locally in a configuration file, with attempts to set restrictive file permissions (0600 on Unix-like systems) for security. While this improves local security, the stored credentials could be compromised if the local machine is breached. The dependency on HTML scraping for login makes it potentially brittle if OurGroceries.com changes its website structure. No 'eval' or obvious malicious patterns were found in the provided code.
Updated: 2025-11-28GitHub
0
0
Low Cost
Rimshasultan11 icon

gemini-cli-mcp-server

by Rimshasultan11

Sec1

Provides a server component that integrates with the Gemini command-line interface, likely facilitating interactions with a backend control plane or specific Gemini services.

Review RequiredView Analysis
CRITICAL: Unable to perform a security audit due to missing source code. Without code, cannot check for dangerous functions like `eval`, potential network vulnerabilities, hardcoded secrets, or other malicious patterns. **Running this project without a full code review is extremely risky as its security posture cannot be assessed.**
Updated: 2025-12-03GitHub
0
0
High Cost
fuzzylabs icon
Sec9

A comprehensive security validation framework for Model Context Protocol (MCP) servers, including static code analysis, dependency scanning, and MCP-specific threat detection.

Setup Requirements

  • ⚠️Requires Node.js 16+ and npm to run scripts and manage JavaScript dependencies.
  • ⚠️Requires Python 3.8+ and pip for Python-based scanning scripts and dependencies.
  • ⚠️Requires 'uv' (installed via curl script) to manage and run 'mcp-scan' tool effectively.
  • ⚠️A GitHub Token (GITHUB_TOKEN environment variable) is required for full functionality, particularly for version and vulnerability monitoring, and repository cloning.
Verified SafeView Analysis
This project is a security validation framework, not an MCP server itself. Its code demonstrates strong security practices for a scanner: leveraging temporary directories for cloning, retrieving sensitive tokens from environment variables, and utilizing established security tools like Bandit, ESLint, Semgrep, npm audit, safety, and mcp-scan. The project explicitly states it performs no live testing or runtime analysis of scanned code, significantly mitigating the risk of executing untrusted code. Some scan results in `data/servers.json` show errors with `mcp-scan` invocation, which indicates operational fragility, but not a fundamental security design flaw in the scanner itself. Overall, it is robustly designed for its stated purpose.
Updated: 2026-01-19GitHub
0
0
Medium Cost
scopweb icon
Sec4

Provides PDF manipulation functionalities (split, compress, info) accessible via HTTP API and as an MCP server for Claude Desktop.

Setup Requirements

  • ⚠️Requires Go 1.24+ for compiling from source.
  • ⚠️Requires Claude Desktop installed and configured for MCP functionality if using the `mcp-server` binary.
  • ⚠️PDF file paths provided to the MCP server must be absolute (not relative or user-relative), and the server process needs explicit read/write access to these paths.
  • ⚠️Temporary files are created for PDF processing operations, requiring sufficient disk space and potentially manual cleanup on server crashes.
Review RequiredView Analysis
The project includes a comprehensive security test suite (`test/security`) that identifies potential vulnerabilities like path traversal (CWE-22), command injection (CWE-78), race conditions, dangerous imports, and hardcoded secrets, and also acknowledges known CVEs in the `pdfcpu` dependency. However, critical gaps exist: 1. **Path Traversal (CWE-22):** User-provided file paths (`pdf_path`, `output_dir`, `output_path`) in both the `cmd/mcp-server` and `cmd/server` are passed directly to file system operations (e.g., `os.CreateTemp`, `os.MkdirAll`, `os.Rename`, `pdf.SplitPDFFile`, `pdf.CompressPDFWithDefaults`) without explicit, robust sanitization or validation at the application's entry points. While a simple `isSafePath` function exists in tests, it is not applied in the main server logic, creating a significant risk of arbitrary file access, reading, writing, or deletion outside intended directories. 2. **Denial of Service (DoS) - Malicious PDF input:** The `isValidPDFFile` function, which performs basic PDF header and size validation for DoS prevention, is present only in the test suite (`test/security/cves_test.go`) and is not explicitly applied to user-uploaded PDF files in `cmd/server` or user-specified `pdf_path` in `cmd/mcp-server`. This leaves the system vulnerable to resource exhaustion or crashes when processing malformed or extremely large untrusted PDF files, especially given `pdfcpu` has known DoS-related CVEs. 3. **Temporary File Handling:** Although temporary files are deferred for removal in `cmd/server`, an application crash or forceful termination could leave these files on disk, potentially leading to disk space exhaustion or information leakage. Cleanup of split parts is done in a delayed goroutine, which is not robust against immediate server termination. 4. **Dependency Risk:** The core `pdfcpu` library has known vulnerabilities, including path traversal and DoS. The lack of robust application-level input validation exacerbates these inherent risks.
Updated: 2026-01-07GitHub
PreviousPage 644 of 713Next