Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
charanadi4u icon

MCP_SERVER_DEMO

by charanadi4u

Sec9

This server acts as a tool to search for and store academic papers from arXiv, primarily for use in Retrieval-Augmented Generation (RAG) systems.

Setup Requirements

  • ⚠️Requires local file system access for data storage (`papers` directory).
  • ⚠️Relies on the `arxiv` Python library for external paper searches.
Verified SafeView Analysis
The server sanitizes user input for creating directory names, preventing common path traversal vulnerabilities. No `eval` or obvious malicious patterns are present. It interacts with the local filesystem for data storage and makes external API calls to arXiv, which is expected functionality. No hardcoded secrets were found.
Updated: 2025-11-19GitHub
0
0
Low Cost
Hevagog icon

ap-mcp

by Hevagog

Sec3

Orchestrates LLM-powered tool selection and invocation for natural language interactions with external Python functions.

Setup Requirements

  • ⚠️Requires Ollama to be installed and 'ollama serve' running locally.
  • ⚠️Requires the Ollama model 'qwen2.5:1.5b' to be pulled (or specified via OLLAMA_MODEL).
  • ⚠️Requires Python 3.12 or higher.
Review RequiredView Analysis
The server's `/register` endpoint allows external tools to register themselves, providing a `base_url` for subsequent tool invocations. If a malicious tool registers with a `base_url` pointing to an internal network resource or a sensitive external service, the MCP server could be tricked into performing Server-Side Request Forgery (SSRF) when invoking that tool. The use of `network_mode: "host"` in Docker Compose further increases the risk by giving containers direct access to the host's network interfaces, potentially exposing local services to compromised containers. While no direct `eval()` or hardcoded secrets were found, the ability for external entities to define proxy targets is a critical vulnerability.
Updated: 2026-01-19GitHub
0
0
Low Cost
heyibad icon

quickbook-mcp

by heyibad

Sec8

Provides a Model Context Protocol (MCP) server for integrating with QuickBooks Online, offering tools to manage various financial entities.

Setup Requirements

  • ⚠️Requires a QuickBooks Developer Account with a Client ID and Client Secret.
  • ⚠️Manual OAuth authentication flow is required to obtain `QUICKBOOKS_REFRESH_TOKEN` and `QUICKBOOKS_REALM_ID`, which are then saved to the `.env` file. This involves running a separate local authentication server.
  • ⚠️The callback URI for the OAuth flow must be configured as `http://localhost:8000/callback` in the Intuit Developer Portal (Note: the MCP server itself runs on port 3000, so distinguish the auth redirect from the MCP endpoint).
  • ⚠️Requires Node.js version 18.x or higher.
Verified SafeView Analysis
The server uses `dotenv` for environment variables, preventing hardcoded secrets. Outbound QuickBooks API calls use `URLSearchParams` for query parameters and `JSON.stringify` for bodies, reducing direct injection risks. SQL query construction for search operations includes manual escaping (`.replace(/'/g, "\\'")`) which is a critical point but appears to be handled. The OAuth flow involves a temporary local server for callback, scoped to `localhost:8000`. Input schemas use Zod for validation, but many employ `.passthrough()`, meaning extra fields in input might be passed to QuickBooks API, which relies on the upstream API's validation. No explicit `eval` or direct command injection vectors were found.
Updated: 2025-11-27GitHub
0
0
Low Cost
flor3z-github icon

navermap-mcp-server

by flor3z-github

Sec9

Provides programmatic access to Naver Map API functionalities like geocoding, directions, static map generation, and usage tracking as a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Naver Cloud Platform API keys (NAVER_CLIENT_ID, NAVER_CLIENT_SECRET) for all functionalities.
  • ⚠️Requires additional Naver Cloud Platform API keys (NCLOUD_ACCESS_KEY, NCLOUD_SECRET_KEY) for the `navermap_get_usage` tool.
  • ⚠️Requires Node.js >=20.0.0.
Verified SafeView Analysis
The server demonstrates strong security practices: API keys are loaded from environment variables and never hardcoded, with `src/config.ts` ensuring proper validation and presence checks. Input validation is rigorously enforced using Zod schemas for all tool arguments, preventing common injection vulnerabilities. Error handling differentiates between user-facing messages and internal details, limiting sensitive information exposure. API calls use `fetch` with explicit timeouts and exponential backoff retry logic, enhancing resilience. The Billing API client implements HMAC-SHA256 signing for requests. All tools are declared as read-only, reducing the scope of potential exploits. No direct use of `eval` or unsanitized `child_process` execution is apparent. The `README` explicitly warns users about API key security and potential costs.
Updated: 2025-12-05GitHub
0
0
Medium Cost
andreibesleaga icon

ocm-demo

by andreibesleaga

Sec9

A web application and independent Model Context Protocol (MCP) server for searching EV charging stations using the Open Charge Map API, primarily designed for integration with AI tools.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️OCM_API_KEY is optional but recommended for higher Open Charge Map API rate limits.
  • ⚠️Relies on the `ocm-mcp` npm package, which is executed via `npx` and incurs a process spawning overhead for each MCP command, and requires network access for initial installation.
Verified SafeView Analysis
The server primarily acts as a client to the `ocm-mcp` package, communicating via the Model Context Protocol. User input commands are parsed and converted into structured parameters for tool calls (e.g., `list_poi`), reducing direct command injection risks. External API calls (Nominatim, Open Charge Map) use `encodeURIComponent` for safe parameter handling. The use of `child_process.spawn` for `npx ocm-mcp` is with a fixed command, not user-controlled input. The main security consideration would be potential vulnerabilities within the `ocm-mcp` npm package itself, which is an external dependency not directly auditable in this codebase.
Updated: 2025-12-02GitHub
0
0
Low Cost
Abhishek3689 icon

Remote_MCP_Server_test

by Abhishek3689

Sec10

Generates word scramble and number sequence puzzles via a FastMCP server.

Setup Requirements

  • ⚠️Python 3.12+ required
Verified SafeView Analysis
The provided `generate_puzzle` function does not use any dangerous functions like `eval` or `exec`. It primarily manipulates strings and uses standard library random functions. No hardcoded secrets or direct external network calls are present within the tool's logic.
Updated: 2025-11-30GitHub
0
0
Medium Cost
UniversalStandards icon

mcp

by UniversalStandards

Sec3

A self-expanding, intelligent Model Context Protocol (MCP) server hub that automatically discovers, installs, and provisions external tools and services for AI applications on-demand, handling request normalization and centralized credential management.

Setup Requirements

  • ⚠️Requires OpenAI or Anthropic API Key (Paid Service) for AI normalization.
  • ⚠️Requires GitHub Personal Access Token (`GITHUB_TOKEN`) for registry searches and GitHub API interactions. Specific permissions (repo, workflow, read:packages) are needed.
  • ⚠️Critical security risk if `ENCRYPTION_KEY` and `JWT_SECRET` environment variables are not set to strong, unique values, defaulting to insecure hardcoded strings.
Review RequiredView Analysis
CRITICAL: The `src/installer/npm-installer.ts` module directly uses `child_process.exec` to run `npm install ${serverId}` where `serverId` is derived from external registry search results (`bestMatch.id` or `bestMatch.npmPackage`). If a malicious actor can register a server with an `id` or `npmPackage` containing shell command injection (e.g., `malicious-package && rm -rf /`), it would lead to **Remote Code Execution (RCE)** on the host machine. This is a severe supply chain attack vector, as the server automatically discovers and installs packages from external sources. HIGH: The `src/auth/credential-store.ts` module uses hardcoded, insecure default values for `ENCRYPTION_KEY` and `JWT_SECRET` if these environment variables are not explicitly set. This makes stored credentials trivially decryptable and JWTs easily forgeable in production environments if not configured correctly. While the `SECURITY.md` warns about this, the default fallback in code remains a high risk. MEDIUM: The system implicitly trusts external registries (mcp.run API, GitHub search, other official registries) for discovering new MCP servers. A compromised registry could serve malicious package metadata, leading to the installation of compromised tools.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Mandark-droid icon

TraceMind-mcp-server

by Mandark-droid

Sec9

Provides AI-powered analysis tools for agent evaluation data, transforming raw evaluation data (leaderboards, traces, metrics) into actionable insights to help developers understand agent performance, debug failures, and optimize costs.

Setup Requirements

  • ⚠️Requires Google Gemini API Key (free tier available with daily limits).
  • ⚠️HuggingFace Token (with write permissions) is required for pushing datasets to the HuggingFace Hub; reading public datasets does not strictly require a token.
  • ⚠️Interaction with datasets is restricted to repositories following the 'smoltrace-' naming convention for security.
Verified SafeView Analysis
API keys are managed via environment variables (recommended) or session-based UI input, preventing hardcoding. Input validation (e.g., 'smoltrace-' prefix for datasets) limits data access. External network calls are made to trusted services (HuggingFace, Google Gemini). Sensitive UI actions utilize `api_name=False` in Gradio to prevent API key exposure. Overall, strong focus on secure practices.
Updated: 2025-11-30GitHub
0
0
Low Cost
rodolfo-terriquez icon

workflowy-mcp

by rodolfo-terriquez

Sec9

Connects AI assistants to Workflowy for reading, creating, updating, and managing notes and tasks.

Setup Requirements

  • ⚠️Requires a Neon database connection string for persistent bookmark storage.
  • ⚠️Requires a Workflowy API Key obtained from beta.workflowy.com/api-reference/.
  • ⚠️Client authentication requires combining the server's ACCESS_SECRET and your Workflowy API Key with a colon in the Authorization header (e.g., 'Bearer ACCESS_SECRET:WORKFLOWY_API_KEY').
  • ⚠️Vercel Fluid Compute must be enabled for efficient execution.
Verified SafeView Analysis
The server employs a robust two-part authentication scheme using an environment-variable-stored ACCESS_SECRET and a per-request Workflowy API Key from the client, preventing the server from persistently storing the sensitive API key. Database interactions with Neon (`@neondatabase/serverless`) utilize tagged template literals for SQL queries, which inherently protect against common SQL injection vulnerabilities. No 'eval' or direct command execution patterns were found. URLs for the Workflowy API are constructed from hardcoded base paths and user-provided parameters are URI-encoded, mitigating path traversal risks. Secrets are managed via environment variables as recommended.
Updated: 2025-12-13GitHub
0
0
Low Cost
kukapay icon
Sec9

Streams the latest OKX exchange announcements directly to AI agents, categorized into listings, delistings, earn programs, and Jumpstart events.

Setup Requirements

  • ⚠️Requires Node.js ≥ 18 to be installed.
  • ⚠️Requires active internet access to fetch announcements from OKX API.
  • ⚠️Requires an MCP client (e.g., Claude Desktop, Cursor) to run and interact with the server.
Verified SafeView Analysis
The server fetches data from a public OKX API endpoint. Input 'limit' parameters are validated to prevent excessive data fetching. It operates via stdio transport, typically within a secure sandbox environment provided by an MCP client. No hardcoded secrets or arbitrary code execution from user input were identified. Dependencies are standard and widely used.
Updated: 2025-12-06GitHub
0
0
Low Cost
MarwahManan icon

mcp-server-yt

by MarwahManan

Sec1

To host and manage a custom Minecraft server, likely for YouTube content creation or community engagement.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE) to be installed.
  • ⚠️Requires specific network port forwarding (e.g., 25565) to be configured for external access.
  • ⚠️Potential for high RAM usage depending on player count and installed modifications.
Review RequiredView Analysis
Full source code for 'mcp-server-yt' was not provided for analysis. Therefore, a comprehensive security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could not be performed. Running unverified code carries significant risk as its behavior cannot be confirmed.
Updated: 2025-12-06GitHub
0
0
Medium Cost
paskalex1 icon
Sec9

Provides a secure and feature-rich Micro-Control Plane (MCP) server for performing various filesystem operations, serving as a unified backend.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Docker and `docker-compose` are the primary deployment method, especially for integration with 'Command Center'.
  • ⚠️Relies on an external Docker network named `command_center_mcp-net` which must be pre-configured or created by the surrounding infrastructure.
Verified SafeView Analysis
The server explicitly implements robust security features like `_safe_join` to prevent path traversal, `_ensure_not_root` to protect the root directory, and zip-slip prevention in `fs_unzip`. No `eval` or obvious malicious patterns are present. `FS_ROOT` is configurable via an environment variable. The overall security also relies on the inherent security of the `FastMCP` SDK and its deployment environment (e.g., proper CORS setup if accessed cross-origin).
Updated: 2025-11-27GitHub
PreviousPage 651 of 713Next