Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
mikegcoleman icon
Sec8

This repository serves as a template to bootstrap a new interactive educational Labspace environment.

Setup Requirements

  • ⚠️Requires Docker to be installed and running locally.
  • ⚠️Requires GitHub Action Secrets (DOCKERHUB_USERNAME, DOCKERHUB_TOKEN) for publishing/deployment.
  • ⚠️Requires manual renaming of the `.github/workflows/publish-labspace.yaml.temp` file and updating `DOCKERHUB_REPO` within it.
Verified SafeView Analysis
The project relies on an external Docker OCI image (`oci://dockersamples/labspace-content-dev`) for its core development environment, the contents of which are not auditable from the provided source. Assuming the `dockersamples` source is trusted, the provided configuration and markdown content do not contain immediate high-severity security risks. Hardcoded secrets are not present; GitHub Actions secrets are properly specified for deployment.
Updated: 2025-11-21GitHub
0
0
High Cost
Useelk icon
Sec8

Automating cryptocurrency trading operations, market data retrieval, technical analysis, and opportunity scanning by integrating with Claude Desktop.

Setup Requirements

  • ⚠️Requires API keys and secrets for a cryptocurrency exchange (e.g., MEXC_API_KEY, MEXC_SECRET) to operate in 'live' mode.
  • ⚠️Requires Node.js (>=18.0.0) and npm/npx for installation and execution.
  • ⚠️Designed to run as an MCP server for Claude Desktop, not as a standalone application, requiring configuration within Claude Desktop.
Verified SafeView Analysis
The server uses `ccxt` for exchange interactions and `Decimal.js` for precise financial calculations, which are good practices. API keys and secrets are correctly sourced from environment variables, not hardcoded. Communication with Claude Desktop occurs via standard I/O (stdin/stdout), limiting direct network exposure for the server itself. Rate limiting is implemented for exchange API calls. There is no usage of `eval` or obvious code obfuscation. The primary security consideration for users is the inherent risk of live trading with real funds, for which a 'demo' mode is provided and strongly recommended.
Updated: 2025-12-07GitHub
0
0
Medium Cost
tarekbadrsh icon

git-commit-helper

by tarekbadrsh

Sec10

This MCP server helps Claude generate professional git commit messages by providing context from the local git repository's status, staged changes, all changes, and commit history.

Setup Requirements

  • ⚠️Requires Rust toolchain installed for building from source.
  • ⚠️Requires Git to be installed and accessible in the system's PATH.
  • ⚠️The absolute path to the compiled binary must be precisely configured in Claude Desktop's `claude_desktop_config.json`.
  • ⚠️Claude Desktop must be completely quit and restarted after configuration changes.
  • ⚠️macOS Gatekeeper may block the binary (requires `xattr -d com.apple.quarantine` to fix).
Verified SafeView Analysis
The server executes `git` commands locally via `std::process::Command`. All command arguments are strictly controlled within the source code (e.g., `["status"]`, `["diff", "--cached"]`), and the `repo_path` parameter is used to set the working directory for `git`, preventing arbitrary command injection. The `git_log` limit is clamped to 50 commits. There is no network exposure as communication occurs over stdio, no dynamic code execution (`eval`), and no hardcoded secrets were found. Robust error handling is implemented for `git` command failures and cases where `git` is not installed.
Updated: 2025-11-22GitHub
0
0
Low Cost
qwe5507 icon
Sec8

Provides AI tools for managing TODO list items through a Spring AI Multi-Modal Chat Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK 17+ recommended for Spring Boot 3).
  • ⚠️Designed to run as a Spring AI MCP server, typically interacting with a larger AI application via standard I/O.
Verified SafeView Analysis
Standard Spring Boot application using JPA and an in-memory H2 database. No 'eval', obfuscation, or malicious patterns found. The H2 database credentials ('sa'/empty password) are hardcoded but are for an in-memory development database and do not pose a significant risk in this context. As a server exposing tools, proper access control and input validation (beyond what Spring AI's tool parameters might implicitly provide) would be necessary in a production environment, but are not inherently lacking in the provided snippet.
Updated: 2025-11-27GitHub
0
0
Medium Cost
aranej icon
Sec9

Enables AI assistants to interact with the Betfair Exchange betting platform for market intelligence and account information.

Setup Requirements

  • ⚠️Requires a Betfair account and an Application Key, which can be a paid 'Live' key for real-time market data (£299).
  • ⚠️Certificate-based authentication, recommended for production, requires manual generation and secure configuration of SSL certificates.
  • ⚠️Access to market data is geo-blocked for German IP addresses, potentially requiring hosting outside of Germany (e.g., a home PC setup).
Verified SafeView Analysis
Secrets (Betfair credentials) are correctly loaded from environment variables. Certificate private key file permissions are explicitly checked (chmod 600) for enhanced security. The server is designed for read-only access, significantly mitigating risks associated with automated betting.
Updated: 2025-11-21GitHub
0
0
Low Cost
samreensami icon

mcp_server

by samreensami

Sec1

A simple bank system API that allows users to create accounts, authenticate, deposit/transfer funds, and view transaction history, along with unprotected administrative endpoints to view all accounts and transactions.

Setup Requirements

  • ⚠️Requires Python dependencies: fastapi, uvicorn, sqlalchemy, pydantic, bcrypt, requests, colorama. These must be installed (e.g., `pip install -r requirements.txt` if a requirements file exists, or individually).
  • ⚠️The server (`main.py`) and CLI frontend (`cli_frontend.py`) are separate applications that need to be run concurrently for a full experience.
  • ⚠️A local SQLite database file `bank.db` will be created in the application's root directory.
Review RequiredView Analysis
Critical authorization bypass: All core financial operations (deposit, transfer, view balance, view transactions) and administrative endpoints (view all accounts, view all transactions) are exposed without any authentication or authorization. An attacker merely needs to know an `account_id` (which is returned upon initial login) to perform unauthorized transactions or view all sensitive data. No proper session management, JWT, or OAuth is implemented. The authentication endpoint also distinguishes between 'account not found' and 'invalid PIN', which aids in account enumeration. No rate limiting is present.
Updated: 2025-11-23GitHub
0
0
Medium Cost
vinay-ram1999 icon

databricks-mcp-server

by vinay-ram1999

Sec9

Exposes Databricks Unity Catalog metadata and read-only SQL query capabilities to LLMs and agents in an optimized, structured format for automated data discovery and SQL generation.

Setup Requirements

  • ⚠️Requires Python 3.13+ for installation based on pyproject.toml.
  • ⚠️Mandates an active Databricks Workspace with Unity Catalog enabled and a configured SQL Warehouse.
  • ⚠️Requires Databricks Personal Access Token (PAT) or OAuth client-credentials, along with specific permissions (USE CATALOG, USE SCHEMA, SELECT on tables, CAN_USE on SQL Warehouse) configured via environment variables.
Verified SafeView Analysis
The server explicitly uses environment variables for all sensitive credentials (Databricks host, tokens, client secrets, warehouse IDs), avoiding hardcoded secrets. The 'execute_spark_sql_query' tool is intentionally restricted to read-only SELECT queries, which is a critical security control when exposing SQL execution to AI agents. No usage of `eval`, `exec`, or obfuscation was found. The project promotes the principle of least privilege in its documentation.
Updated: 2025-11-25GitHub
0
0
Medium Cost
takanoriyanagitani icon

go-mcp-js-eval-wasi

by takanoriyanagitani

Sec7

Provides a Model Context Protocol (MCP) server for securely evaluating JavaScript code within a WASM sandbox.

Setup Requirements

  • ⚠️Requires a pre-built WebAssembly (WASM) JavaScript engine binary (e.g., `js-eval-boa.wasm`) to be present on the system. This binary typically needs to be compiled separately (e.g., using `cargo install --target wasm32-wasip1`).
  • ⚠️Requires the Go toolchain to build the server executable.
  • ⚠️Depends on the Model Context Protocol (MCP) Go SDK for its API functionality.
Review RequiredView Analysis
The server's core function is to evaluate arbitrary JavaScript code, which is inherently a high-risk operation. However, it implements significant security measures: * Execution occurs within a WebAssembly (WASM) sandbox using `wazero`. * WASM memory limits are enforced (`WithMemoryLimitPages`). * Execution timeouts are applied (`context.WithTimeout`). * Standard HTTP server hardening (body size limit, read/write timeouts, max header bytes) is used. * Input/output is explicitly handled for JSON. The primary remaining risk lies in potential vulnerabilities within the `wazero` runtime or WASI implementation, or in the supplied WASM JavaScript engine itself (e.g., `js-eval-boa.wasm`). The `example.sh` explicitly warns about supply chain attacks for the WASM bytecode, highlighting this dependency as a critical trust boundary.
Updated: 2025-12-10GitHub
0
0
Low Cost
YasKam24 icon

MCP

by YasKam24

Sec1

Provides client-server communication capabilities.

Review RequiredView Analysis
Security audit is impossible as only the README.md file was provided; no actual source code was available for analysis. Cannot confirm absence of 'eval', hardcoded secrets, or malicious patterns, making it unsafe to assume security.
Updated: 2025-11-19GitHub
0
0
Low Cost
techwithmi19 icon

test_remote_mcp_server

by techwithmi19

Sec9

This server provides an API for tracking personal expenses, allowing users to add, list, and summarize financial transactions.

Setup Requirements

  • ⚠️Expense data is stored in a temporary directory (`tempfile.gettempdir()`) and may not persist across system restarts or temporary file cleanup operations.
Verified SafeView Analysis
The server uses parameterized SQL queries, which effectively prevents SQL injection vulnerabilities. It binds to `0.0.0.0`, meaning it's accessible from all network interfaces; proper network isolation should be ensured if deployed in a production environment beyond localhost. No 'eval' or other highly dangerous patterns were observed.
Updated: 2025-12-02GitHub
0
0
Low Cost
Toyoclara233 icon

registry

by Toyoclara233

Sec9

The MCP Registry is a community-driven metadata repository for Model Context Protocol (MCP) servers, facilitating their discovery, publishing, and management.

Setup Requirements

  • ⚠️Local development requires Pulumi CLI and a local Kubernetes cluster (e.g., Minikube) configured via kubeconfig.
  • ⚠️Production deployment on GCP is complex, requiring a GCP account, specific IAM roles for a service account, and a GCS bucket for Pulumi state, along with a Pulumi passphrase file.
  • ⚠️Publisher CLI authentication for publishing servers requires GitHub OAuth/OIDC, or DNS/HTTP domain verification with Ed25519 private keys.
Verified SafeView Analysis
The project demonstrates strong security practices for production deployments, utilizing Pulumi secrets for sensitive configurations (GitHub client secrets, JWT private keys) and OIDC for admin authentication. Local development uses hardcoded, non-sensitive defaults, which is acceptable. The `server.json` schema explicitly warns about command injection risks for clients, indicating proactive security awareness. Shell scripts for administrative tasks correctly handle environment variables for tokens, preventing hardcoding. Overall, the architecture minimizes direct exposure of secrets in code and relies on established secure deployment and authentication mechanisms.
Updated: 2026-01-19GitHub
0
0
Medium Cost
gchavez83 icon

inegi-mcp-server

by gchavez83

Sec9

Provides an MCP server to access official INEGI (Mexico's National Institute of Statistics and Geography) APIs, enabling Claude Desktop to query statistical, economic, demographic, and establishment data from Mexico.

Setup Requirements

  • ⚠️Requires INEGI API Tokens (registration required)
  • ⚠️Python 3.10+ required
  • ⚠️Requires .env file configuration
Verified SafeView Analysis
The server uses environment variables for API tokens, which is a good security practice. It leverages standard HTTP client libraries (httpx) and includes basic input validation and error handling. No 'eval' or direct shell command execution is observed. The client for searching the full catalog mimics browser behavior to handle session cookies, which is a specific implementation detail, but does not introduce obvious new security vulnerabilities within the server itself.
Updated: 2025-12-05GitHub
PreviousPage 647 of 713Next