Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
WilliamPinto-Olmos icon

project-mcp-server

by WilliamPinto-Olmos

Sec7

Provides a Model Context Protocol server to allow LLM agents to explore and interact with a project's APIs (via OpenAPI) and databases (currently MySQL).

Setup Requirements

  • ⚠️Requires a local OpenAPI specification file (defaults to `openapi-spec.json` in CWD, or specified by `PROJECT_MCP_OPENAPI_SPEC`).
  • ⚠️Database features require MySQL/MariaDB database credentials (`PROJECT_MCP_DB_HOST`, `PROJECT_MCP_DB_USER`, `PROJECT_MCP_DB_PASSWORD`, `PROJECT_MCP_DB_DATABASE`).
  • ⚠️Intended for use with a Model Context Protocol (MCP) compatible client (e.g., Cursor, Claude Desktop), requiring specific client-side configuration.
Verified SafeView Analysis
The server dynamically generates tools for API and database interaction. For APIs, it uses axios with an authentication context, which is standard. For databases, it employs a `SqlValidator` to restrict query types (e.g., read-only, update-only, delete-only) and block dangerous SQL keywords before execution. This is a good layer of defense. Crucially, the most dangerous database tool, `db_run_statement` (allowing arbitrary SQL), is explicitly disabled by default and requires an opt-in via environment variable or programmatic configuration, with clear warnings. However, relying on keyword blocking for SQL validation, while implemented with care (stripping comments/strings and tokenizing), is not 100% foolproof against highly sophisticated or novel SQL injection techniques by a sufficiently capable or adversarial LLM. Users must be cautious with the `enableRunDeleteStatement` and especially `enableRunStatement` permissions.
Updated: 2026-01-19GitHub
0
0
Low Cost
GlacierEQ icon
Sec9

This MCP server provides specialized legal tools to analyze federal civil rights cases, detect judicial bias, track evidence, monitor court deadlines, and assess child welfare for Case 1FDV-23-0001009.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher to run.
Verified SafeView Analysis
The server appears secure. It uses standard I/O for communication via the Model Context Protocol SDK, reducing typical network attack surfaces. There are no instances of `eval` or dynamic code execution found. No hardcoded sensitive secrets or API keys are present in the provided source code. Input handling for tool arguments is structured and responses are generated from predefined templates, minimizing injection risks. The `caseId` is hardcoded as a case identifier, not a credential.
Updated: 2025-11-23GitHub
0
0
High Cost
Pranavashokk icon
Sec2

Manages and automates image generation requests, incorporating a cost approval workflow for bulk operations to manage long-running tasks.

Setup Requirements

  • ⚠️Requires an operational 'MCP server' for the agent to connect to.
  • ⚠️Requires API access to an image generation service (e.g., OpenAI DALL-E, Stability AI), which will incur external costs.
  • ⚠️Likely requires an API key for the image generation service, which needs to be configured securely.
Review RequiredView Analysis
The provided content is limited to a README file; actual source code for the server and agent was not supplied for analysis. Therefore, a comprehensive security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns is impossible. The low score reflects the inability to verify security without the actual code.
Updated: 2025-12-14GitHub
0
0
Medium Cost
Furkanyolcu icon

mcp-simulation

by Furkanyolcu

Sec9

Serves weather forecast and alert data from the National Weather Service API as tools for an MCP-compatible AI agent.

Setup Requirements

  • ⚠️Requires Python 3.10+ and the 'uv' package manager for dependency management and execution.
  • ⚠️An Anthropic API Key is required for the client application to function and should be configured in a .env file (e.g., ANTHROPIC_API_KEY=your_key_here).
Verified SafeView Analysis
The server code (`weather.py`) uses `httpx` for external API calls to the public NWS API. Error handling employs a broad `except Exception` for network requests, which is generally discouraged as it can mask specific issues, but it does not introduce direct security vulnerabilities like arbitrary code execution. No `eval`, `exec`, hardcoded secrets (other than the public NWS API base URL), or malicious patterns were found in the server code. The client code (`client.py`) uses `load_dotenv()` for API keys, which is good practice. The client also executes a specified server script (`uv run <script>`), posing a risk if the script path is sourced from an untrusted origin, but this is a client-side execution risk rather than a server vulnerability.
Updated: 2025-11-26GitHub
0
0
Medium Cost
osins icon

dev-tool-mcp

by osins

Sec8

An MCP (Model Context Protocol) server providing advanced web crawling, browser automation, and content extraction capabilities, with support for multiple output formats and LLM integration.

Setup Requirements

  • ⚠️Requires Playwright browsers (e.g., Chromium) and their underlying system dependencies, which need to be installed separately via 'python -m playwright install chromium --with-deps'.
  • ⚠️LLM integration features (e.g., 'instruction' parameter in 'crawl_web_page') implicitly require an API key for the configured LLM provider (e.g., OPENAI_API_KEY for OpenAI models), incurring a paid service cost.
Verified SafeView Analysis
The server demonstrates strong input validation for URLs and file paths, includes Playwright security arguments (--no-sandbox, --disable-setuid-sandbox, etc.), and explicitly states file system security measures. No 'eval' or obvious hardcoded secrets were found. However, the use of `--disable-web-security` in Playwright's launch arguments, while potentially necessary for some advanced crawling scenarios, relaxes the same-origin policy and is a notable security consideration that could, under specific circumstances, pose a risk.
Updated: 2025-11-22GitHub
0
0
Low Cost
marc-shade icon

image-gen-mcp

by marc-shade

Sec7

Provides a multi-provider image generation service with automatic fallback, specialized pixel art mode, and advanced latent space manipulation capabilities.

Setup Requirements

  • ⚠️Requires API keys for most image providers (Cloudflare, Hugging Face, Together AI, Replicate) if not using Pollinations.ai or exceeding free-tier limits.
  • ⚠️Requires a local or accessible Ollama instance running an LLM (e.g., 'llama3.2:3b') for intelligent pixel art prompt generation; otherwise, it falls back to rule-based prompts.
  • ⚠️Python 3.10+ is required.
Review RequiredView Analysis
The `DiffusionLatentHacker` module uses Python's `pickle` library to serialize and deserialize `LatentState` objects to and from disk cache. Deserializing pickled data from an untrusted source can lead to arbitrary code execution. While the cache directory is managed locally by the agent, a compromise of this directory by an external attacker could pose a significant risk. Additionally, the `dspy_prompter.py` module uses an `OLLAMA_HOST` environment variable, defaulting to localhost. If configured to point to an unauthenticated public Ollama endpoint, this could be abused, though this is a configuration rather than a code vulnerability.
Updated: 2025-12-31GitHub
0
0
Medium Cost
Migueel0 icon

mcp-pdf-reader

by Migueel0

Sec5

Extracts text from PDF files, optionally performing OCR on embedded images, and returns the content.

Setup Requirements

  • ⚠️Requires Python >= 3.13 (recommended)
  • ⚠️Requires Tesseract OCR installed and configured (TESSERACT_CMD environment variable)
  • ⚠️Manual configuration of TESSERACT_CMD in a '.env' file is necessary for OCR functionality.
Review RequiredView Analysis
The 'read_pdf' tool accepts a 'file_path' string directly, which is then used to open the PDF. This design is highly susceptible to path traversal vulnerabilities if the MCP server is exposed to untrusted inputs, allowing an attacker to read arbitrary files from the server's file system. Additionally, processing large or maliciously crafted PDF files can lead to resource exhaustion (CPU, memory) due to `pypdf` parsing and `pytesseract` OCR operations. Broad exception handling in image processing (`except Exception: continue`) can also mask underlying issues. The reliance on an external Tesseract executable introduces a dependency on its security posture.
Updated: 2025-12-06GitHub
0
0
Medium Cost
Cloudmeru icon
Sec9

Integrates MetaTrader 5 market data into Model Context Protocol, providing read-only access for advanced technical analysis, charting, and ML-driven forecasting.

Setup Requirements

  • ⚠️Requires Windows OS (MetaTrader5 library is Windows-only).
  • ⚠️MetaTrader 5 terminal must be installed and running.
  • ⚠️Algo trading must be enabled within the MT5 terminal settings.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The server implements robust security measures, especially for the `execute_mt5` tool. It explicitly blocks calls to `mt5.initialize()`, `mt5.shutdown()`, `os.system()`, `subprocess`, `eval()`, `exec()`, and `__import__`. The `mt5` object in the execution namespace is a `SafeMT5` proxy exposing only whitelisted read-only MetaTrader 5 functions. Input validation for `mt5_query` and `mt5_analyze` prevents malformed requests and potential injection attempts. HTTP rate limiting is implemented, and command length limits are enforced. The overall design prioritizes read-only data access and prevents trading operations.
Updated: 2025-12-03GitHub
0
0
Low Cost
aiibygg icon
Sec1

A server component for the AIibygg project, likely handling document processing or management within an AI context.

Review RequiredView Analysis
Cannot perform a security audit due to the complete lack of source code. Only a README file was provided. It is impossible to check for common vulnerabilities like 'eval', hardcoded secrets, network risks, or malicious patterns without any executable code to analyze.
Updated: 2025-11-19GitHub
0
0
High Cost
nasuni-labs icon

nasuni-mcp-desktop

by nasuni-labs

Sec8

Provides an AI agent (like Claude Desktop) with controlled, local access to files on mounted Nasuni SMB shares for experimental data analysis.

Setup Requirements

  • ⚠️Requires 'uv' (Python package manager/installer) to be installed globally.
  • ⚠️Requires one or more Nasuni SMB shares to be mounted locally on the desktop.
  • ⚠️The 'FILE_SYSTEM_PATH' environment variable is mandatory and must be configured correctly, pointing to the mounted SMB share.
Verified SafeView Analysis
The server implements robust path traversal protection using `os.path.abspath` and `os.path.commonpath` to ensure file access is confined to the specified base directory. It enforces file size limits (`MAX_READ_FILE_SIZE`, `MAX_RETURN_FILE_SIZE`) and folder exclusions (`exclude_folders`) to mitigate resource exhaustion and unauthorized access to sensitive areas. However, processing arbitrary file contents (PDF, DOCX, images) using third-party libraries (`pypdf`, `python-docx`, `Pillow`, `hachoir`) inherently introduces a potential attack surface through malformed or malicious files, though the code does not appear to directly execute or mishandle extracted content. No direct `eval` or `exec` commands were found. A separate `process_traffic.py` script for repository analytics uses `GH_TOKEN` from environment variables, which is good practice for credentials. The project explicitly states it's for 'experimentation only - not intended for production use'.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Marco-O94 icon

server-mcp

by Marco-O94

Sec7

AI-powered natural language interface for querying and managing data across multiple databases (MongoDB for paints, MySQL for food industry).

Setup Requirements

  • ⚠️Requires Docker Desktop with at least 8GB RAM and ~20GB disk space.
  • ⚠️Users must manually download an Ollama LLM model (e.g., `llama2` or `mistral`) after initial setup using `./docker-utils.sh pull-model <model-name>`.
  • ⚠️The `.env` file must be copied from `.env.example` and its default credentials should be updated for security.
Verified SafeView Analysis
The core MCP server application correctly utilizes environment variables for database credentials, which is good practice. However, the `docker-utils.sh` script, used for common operations, hardcodes default passwords ('mongopassword', 'mysqlrootpassword') when accessing the database shells (e.g., `mongosh -u admin -p mongopassword ...`). While the README advises users to update their `.env` file with strong credentials, this helper script does not reference those `.env` variables for shell access, creating a potential exposure if a user updates `.env` but forgets about the script's hardcoded defaults, or if the script itself is run in an insecure environment. Additionally, `curl` commands in `docker-utils.sh` hardcode `localhost` ports (8080, 3000) for health checks, which may not align with custom `MCP_SERVER_PORT` or `FRONTEND_PORT` values in `.env`.
Updated: 2025-11-30GitHub
0
0
Low Cost
lamplite-dev icon
Sec9

This server acts as a communication bridge, enabling a Multi-Agent Communication Protocol (MCP) agent to send notifications to specific Slack channels.

Setup Requirements

  • ⚠️Requires SLACK_BOT_TOKEN environment variable configured with appropriate Slack app permissions.
  • ⚠️Requires Python 3 environment with 'fastmcp' and 'slack_sdk' libraries installed.
Verified SafeView Analysis
The code retrieves the Slack bot token from environment variables, which is a good practice. There are no 'eval' or obvious obfuscation techniques. Inputs for 'title' and 'message' in 'send_notification' are directly inserted into the Slack message text; while this isn't a server-side code execution risk, care should be taken if these inputs originate from untrusted sources to prevent potential malicious rendering or social engineering via Slack's markdown capabilities.
Updated: 2025-11-22GitHub
PreviousPage 649 of 713Next