Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
awehttam icon

mcpclient

by awehttam

Sec3

A flexible PHP client for the Model Context Protocol (MCP) supporting both CLI and web interfaces with multi-server configuration.

Setup Requirements

  • ⚠️Requires manual configuration by copying `mcpconfig.json.example` to `mcpconfig.json`.
  • ⚠️Requires a running MCP server (either a local PHP script for 'process' mode or a network service for 'socket' mode) to connect to.
  • ⚠️PHP 7.4 or higher is required.
Review RequiredView Analysis
The `public_html/api.php` endpoint exposes all configured MCP servers and their tools via an unauthenticated web API. Any HTTP request to this endpoint can initialize connections, list tools, and call tools on any configured backend server. This presents a critical security vulnerability, allowing potential remote code execution or unauthorized access if the MCP servers themselves are not secured and/or expose dangerous tools. No authorization, authentication, or input validation beyond basic type parsing is implemented for the web API, making it unsafe for public exposure. The `proc_open` usage for 'process' connections is somewhat mitigated by `escapeshellarg` but relies on trusting the local `mcpconfig.json`.
Updated: 2025-11-28GitHub
0
0
Medium Cost

mcp-server

by copilot-chan

Sec1

Unable to determine use case as the source code was not provided for analysis.

Review RequiredView Analysis
Source code was not provided, therefore a security audit cannot be performed. It is impossible to assess for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns without the code. Defaulting to the lowest score as safety cannot be guaranteed.
Updated: 2025-11-30GitHub
0
0
Low Cost
BryanHuynh icon
Sec3

A server component designed for an agentic AI workshop, potentially interacting with the Minecraft Protocol.

Review RequiredView Analysis
Cannot perform a meaningful security audit as no source code was provided for analysis beyond a truncated README. This means potential risks like 'eval', obfuscation, hardcoded secrets, network vulnerabilities, or malicious patterns could not be checked. Running unreviewed code is inherently risky.
Updated: 2025-11-23GitHub
0
0
Low Cost
niku3325singh icon
Sec10

A basic, client-side React frontend application generated by Vite, intended for web development. The repository name suggests a server or a different type of project, but the provided source code is exclusively a web user interface.

Verified SafeView Analysis
The provided source code for the React + Vite frontend is minimal and does not contain any obvious security vulnerabilities like 'eval' usage, obfuscation, direct network risks (beyond standard client-side fetching, none shown), or hardcoded secrets. It's a standard development template. However, there is a significant discrepancy between the repository name ('ukrainian-stats-mcp-server') and the provided source code (a React frontend boilerplate). The README.md also contains unusual links pointing to a .zip file in the same repository, which is highly atypical for documentation references and could potentially be part of a larger, unprovided context, or a misleading repository. The analysis is strictly based on the provided, clean frontend code.
Updated: 2026-01-19GitHub
0
0
Medium Cost
dkbearsong icon

Jira-MCP

by dkbearsong

Sec8

This server provides AI models with tools to retrieve information from a Jira site, leveraging both RAG for quick, summarized data and direct Jira API searches for specific or detailed queries.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires a Jira API token with `read:jira-work` and `write:jira-work` scopes (classic permissions).
  • ⚠️Initial setup involves user interaction to input Jira credentials if not pre-populated in the `.env` file.
Verified SafeView Analysis
The server handles API tokens securely by loading them from a .env file and prompting the user if missing, rather than hardcoding. It employs standard and reputable libraries. The main security consideration is the broad scope of the Jira API token (read:jira-work and write:jira-work) which, while necessary for full functionality, grants significant access to the Jira instance if compromised. The code itself does not exhibit malicious patterns or unsafe practices like `eval`.
Updated: 2025-11-29GitHub
0
0
Low Cost
vubon icon
Sec9

A reusable Go package for building MCP (Model Context Protocol) servers that declaratively define tools and their HTTP handlers, managing authorization, structured logging, and different transports.

Setup Requirements

  • ⚠️Requires Go (Golang) runtime and toolchain installed to build and run from source.
  • ⚠️Relies heavily on external JSON/YAML configuration files (`tools.json`/`tools.yaml` and `handlers.json`/`handlers.yaml`) to define tools and their backend integrations.
  • ⚠️Many authorization strategies require environment variables (e.g., API_KEY, usernames/passwords) for sensitive credentials, which must be properly injected and managed.
Verified SafeView Analysis
The server explicitly uses environment variables for sensitive data and warns about HTTPS for Basic Auth. Configuration validation is enforced. No 'eval' or malicious patterns were found. Relying on environment variables means secrets are present in the environment, which is always a potential risk if the environment itself is compromised. Proper secret management and HTTPS are critical for a secure deployment.
Updated: 2025-11-25GitHub
0
0
Low Cost
NikhilAdvani icon

Expense-Tracker-MCP

by NikhilAdvani

Sec9

A Model Context Protocol (MCP) server for tracking personal expenses with Claude, offering tools for managing expense entries in a SQLite database.

Setup Requirements

  • ⚠️Python 3.12+ only (as per pyproject.toml)
  • ⚠️Requires Claude Desktop app to fully utilize natural language features
  • ⚠️Requires explicit `uv` executable path configuration in Claude Desktop settings
Verified SafeView Analysis
The server uses parameterized SQL queries throughout, effectively preventing common SQL injection vulnerabilities. File paths for the database and categories are relative to the script, preventing arbitrary file access. No hardcoded secrets, `eval`, or other highly dangerous patterns were observed. The primary interaction is local via MCP, minimizing network attack surface from the server's side.
Updated: 2025-11-30GitHub
0
0
Low Cost
ShakibaMirbagheri icon

mcp-postgres-wrapper

by ShakibaMirbagheri

Sec1

Provides PostgreSQL database access for AI agents and chat applications via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Docker and Docker Compose (for quick start)
  • ⚠️Requires an existing PostgreSQL database to connect to
  • ⚠️Critical SQL injection vulnerability (user input directly used in SQL queries)
Review RequiredView Analysis
CRITICAL SQL INJECTION VULNERABILITY: The server directly concatenates user-provided input (e.g., `table_name` and the `query` itself) into SQL statements using f-strings without proper sanitization or parameterized queries. This allows an attacker to execute arbitrary SQL commands by manipulating the input arguments to tools like `postgres_describe_table` or `postgres_query`. Additionally, default PostgreSQL credentials are provided as fallback environment variables, which could be a risk if not overridden.
Updated: 2025-11-24GitHub
0
0
Medium Cost
vladships icon

mcp_server

by vladships

Sec5

Provides a unified operating layer for AI agents, offering standardized context, tools, data access, business rules, memory, logging, and validation for deterministic, auditable outputs.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Native dependencies for FAISS (vector store) and Levenshtein (fuzzy matching) may require build tools on some systems.
  • ⚠️API wrappers for Salesforce and NetSuite are stub implementations; real-world usage requires significant integration work and secure credential management.
  • ⚠️A `server_config.yaml` file is required for configuration, including authentication tokens. Default tokens are hardcoded.
Verified SafeView Analysis
The default configuration (`config/server_config.yaml`) includes hardcoded authentication tokens, which is a critical security risk for any deployment beyond local development/testing. While the `ConfigLoader` supports environment variable overrides, the default allows for insecure operation. API wrappers for external systems (Salesforce, NetSuite) are currently stubs, meaning actual integration would introduce new security considerations for credential management and secure communication. No `eval` or obvious malicious patterns were found.
Updated: 2025-11-19GitHub
0
0
Medium Cost
hessius icon

MeticAI

by hessius

Sec2

MeticAI serves as an AI barista, analyzing coffee bag images and user preferences to generate and upload tailored espresso profiles to a Meticulous Espresso Machine.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (free tier available, but usage costs apply for vision/text).
  • ⚠️Requires Docker and Docker Compose installed and running on the host server.
  • ⚠️Requires a Meticulous Espresso Machine with a known local IP address on the same network.
Review RequiredView Analysis
The `gemini-client` and `coffee-relay` Docker containers mount `/var/run/docker.sock` from the host. This grants these containers root-level access to the host's Docker daemon, effectively bypassing container isolation. If either container is compromised, the entire host system could be compromised. This is a critical security risk. Additionally, the FastAPI application uses `allow_origins=["*"]` for CORS, which is overly permissive, though less critical in a strictly local-only deployment. The system also relies on the `meticulous-mcp` server's tools being inherently safe, as the `gemini-client` executes tool calls in 'yolo' mode (`-y`) without explicit LLM confirmation.
Updated: 2026-01-19GitHub
0
0
High Cost
sarbaniAi icon
Sec9

Provides a Databricks Custom MCP Server with a Streamlit UI for multi-agent investment research, offering various financial data tools from Yahoo Finance.

Setup Requirements

  • ⚠️Requires `mcp` (Model Context Protocol) framework (Databricks specific, version >=1.6.0).
  • ⚠️Requires `yfinance` library for data retrieval.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Intended for deployment within a Databricks environment, though runnable locally.
  • ⚠️Requires active internet connection to access Yahoo Finance data.
Verified SafeView Analysis
The server uses the `yfinance` library to retrieve public financial data. The provided code does not show any signs of `eval`, arbitrary code execution, or direct exposure of sensitive information. User inputs are passed as function arguments and do not appear to allow for code injection. Reliance on a third-party library (`yfinance`) means its internal security is assumed.
Updated: 2025-12-11GitHub
0
0
Low Cost
ddbrx icon
Sec8

This MCP server provides tools for AI agents to search for LinkedIn profiles and company URLs using Google Custom Search.

Setup Requirements

  • ⚠️Requires Google Custom Search API Key (paid/quota limited)
  • ⚠️Requires Google Custom Search Engine ID
  • ⚠️Requires OpenAI API Key (Paid) for Dedalus AI features (as indicated in deployment instructions, even if not directly used by the server's tools)
Verified SafeView Analysis
Secrets are loaded from environment variables. External API calls use a timeout and basic error handling. The server disables DNS rebinding protection (`enable_dns_rebinding_protection=False`), which might be a concern in certain network configurations, though contextually it could be necessary for the `dedalus-mcp` framework's streamable-http transport.
Updated: 2025-12-15GitHub
PreviousPage 653 of 713Next