Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
kmalakoff icon
Sec7

A verification tool for npm packages (modules, CLI tools) to catch common packaging and runtime issues before publishing.

Setup Requirements

  • ⚠️Requires Node.js (>=0.12) and npm to be installed and available in the system's PATH.
  • ⚠️The verification process involves creating temporary directories and installing/building packages, which can be I/O and CPU intensive, and requires sufficient disk space.
  • ⚠️The tool runs `npm run build` on the package being verified; if this command is problematic, it will affect verification.
Verified SafeView Analysis
The project uses 'eval' in its `bin/cli.js` entry point for dual ESM/CJS compatibility. While this is a recognized pattern for this specific use case to ensure a single executable works across module environments without requiring two separate bin files, `eval` is generally a high-risk function and warrants careful scrutiny. However, in this context, it's not used for arbitrary user input. The tool also extensively uses `child_process.execSync` to run `npm` commands and the package's own CLI binaries. These commands are constructed internally from `package.json` fields or hardcoded strings, not directly from untrusted user input, which mitigates the risk. There are no apparent hardcoded secrets or malicious network activity beyond standard npm operations.
Updated: 2025-12-27GitHub
0
0
Medium Cost
karljayg icon

mathison_MCP

by karljayg

Sec6

This server aims to provide an implementation of the Minecraft protocol, enabling Minecraft clients to connect and interact in a multiplayer virtual environment.

Setup Requirements

  • ⚠️Requires sufficient network bandwidth and computing resources (CPU/RAM) for optimal performance, especially with multiple players.
  • ⚠️Port forwarding or firewall configuration will likely be necessary to allow external clients to connect.
  • ⚠️May require a specific Java Runtime Environment if implemented in Java (common for Minecraft-related projects).
Verified SafeView Analysis
Source code was not provided for analysis. Assessment is based solely on the project name 'MCP Server' and general server best practices. No specific vulnerabilities (like 'eval' or hardcoded secrets) could be identified or ruled out. Standard network security practices and input validation are presumed crucial for a public-facing game server.
Updated: 2025-11-23GitHub
0
0
Low Cost
hello--world icon

dufs-mcp-server

by hello--world

Sec8

Acts as a Model Context Protocol (MCP) server, wrapping the dufs API to provide comprehensive file management operations (upload, download, delete, list, move, hash, create directory, download folder as zip) via Server-Sent Events (SSE) or standard I/O (stdio) for integration with MCP clients.

Setup Requirements

  • ⚠️Requires an external 'dufs' server instance to operate, specified by the `DUFS_URL` environment variable.
  • ⚠️Configuration is primarily managed through environment variables; there is no explicit support for a separate configuration file in the provided code.
  • ⚠️If running in HTTP/SSE mode, ensure the specified `PORT` (default 7887) is open and not in use.
Verified SafeView Analysis
The server correctly handles sensitive information (DUFS_URL, username, password) via environment variables, not hardcoding them. It implements basic authentication for calls to the upstream 'dufs' server. File path handling for local operations relies on the integrity of the calling MCP client, meaning malicious input paths could lead to unintended local file system access/modification if the server is deployed with excessive permissions or exposed to untrusted clients without proper access controls. The 'DUFS_ALLOW_INSECURE' environment variable is present in the configuration struct but is not utilized in the provided Go client code to configure TLS, meaning it defaults to secure connections, which is safer but might not meet user expectations for bypassing certificate checks.
Updated: 2025-11-25GitHub
0
0
Low Cost
bioanywhere icon

navidad

by bioanywhere

Sec8

API client for World News API to search, extract, and retrieve news articles and sources.

Setup Requirements

  • ⚠️Requires Python 3.7+ for the Python package.
  • ⚠️Requires pip for installation (for Python).
  • ⚠️Requires an API key for the World News API service (not included in this client library).
Verified SafeView Analysis
The repository primarily contains auto-generated client SDKs for various languages. The C++ client code handles HTTP requests, JSON serialization/deserialization, and OAuth2 flows. There is no evidence of 'eval' usage, obfuscation, or hardcoded secrets. API keys and tokens are expected to be provided by the user. The OAuth implementation uses a local TCP server for redirect URIs, which is a standard and generally safe practice for desktop applications. The client relies on underlying language/framework network stacks (e.g., Qt in C++) for secure communication (SSL/TLS).
Updated: 2025-12-13GitHub
0
0
Medium Cost
rvforest icon

nox-mcp

by rvforest

Sec9

An MCP server enabling AI assistants to discover and execute nox automation sessions for Python projects.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires 'nox' to be installed and available in the system's PATH.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, VS Code with GitHub Copilot) to function.
Verified SafeView Analysis
The server uses subprocess.run to execute the 'nox' command. Input validation for 'sessions' and 'tags' parameters with a strict regex ('^[A-Za-z0-9_-]+$') helps prevent command injection. 'keywords' and 'python' parameters are passed as direct nox arguments, which are generally safe within the nox context. 'shutil.which' is used to locate the nox executable. Error details are masked to prevent information leakage. The underlying 'nox' tool itself is trusted.
Updated: 2025-11-30GitHub
0
0
Low Cost
pand40x icon

stocks-mcp

by pand40x

Sec9

Provides a Model Context Protocol (MCP) server for comprehensive, token-optimized stock market data, technical analysis, and screening, primarily designed for LLMs and Telegram bots.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server primarily communicates over standard I/O (stdio), significantly limiting its external network attack surface. It relies on the 'yahoo-finance2' library for data fetching, which is a common and generally reliable package. Input parameters are validated and formatted (e.g., getTicker), and there are no apparent uses of 'eval', obfuscation, hardcoded secrets, or direct system calls from user input. The main potential risk is any undiscovered vulnerability within the 'yahoo-finance2' dependency itself, which is a common supply-chain risk for any project using external libraries.
Updated: 2025-11-29GitHub
0
0
Medium Cost
codewithpassion icon

cf-mcp-server-clerk

by codewithpassion

Sec8

This server provides a Model Context Protocol (MCP) server with Clerk OAuth authentication, enabling secure remote AI tool access.

Setup Requirements

  • ⚠️Requires a Clerk application and OAuth configuration (Client ID, Client Secret, Secret Key, Frontend API URL).
  • ⚠️Requires setting multiple secrets via Wrangler (CLERK_CLIENT_ID, CLERK_CLIENT_SECRET, CLERK_SECRET_KEY, CLERK_FRONTEND_API, COOKIE_ENCRYPTION_KEY).
  • ⚠️Requires creating a Cloudflare KV namespace named 'OAUTH_KV' and updating the Wrangler configuration with its ID.
  • ⚠️Role-Based Access Control (RBAC) for tools like 'generateImage' requires setting user roles in the Clerk Dashboard via 'Public metadata'.
Verified SafeView Analysis
The project demonstrates good security practices for OAuth, including RFC 9700 compliant CSRF and state validation with one-time use tokens stored in KV. Secure cookies (`__Host-` prefix, HttpOnly, Secure, SameSite=Lax) and signed client approval cookies are used. Input URLs and text for display in the approval dialog are sanitized (`sanitizeText`, `sanitizeUrl`) to prevent XSS. The `JSON.parse(atob(encodedState))` is used, but it's protected by prior CSRF validation and later state validation against KV and a session-bound hash, mitigating injection risks. The `README` explicitly warns it's a demo and requires further production-level security measures.
Updated: 2026-01-07GitHub
0
0
Medium Cost
ZenHive icon

whatsapp_mcp

by ZenHive

Sec9

Provides full read/write access to WhatsApp for AI agents via an Elixir MCP server and Go bridge.

Setup Requirements

  • ⚠️Requires Elixir 1.15+ and Go 1.21+ installed locally.
  • ⚠️Requires a WhatsApp account and scanning a QR code for initial authentication.
  • ⚠️The Go bridge ('cd bridge && go run .') must be manually started in a separate terminal and kept running concurrently with the Elixir MCP server.
Verified SafeView Analysis
The system is designed for local operation, storing all WhatsApp data in local SQLite databases. Communication between the MCP server and Claude Code is via standard I/O, and the Go bridge exposes its API only on 'localhost:8080', significantly limiting external network exposure. SQL queries in the Go bridge are parameterized to prevent injection vulnerabilities. User authentication relies on WhatsApp's secure QR code linking mechanism. No 'eval' or obvious obfuscation was found. Any direct WhatsApp integration carries inherent risks from the third-party API, but the project itself appears well-hardened against common vulnerabilities.
Updated: 2026-01-03GitHub
0
0
Medium Cost
nomad3 icon
Sec3

A comprehensive digital marketing AI agency platform for creating, managing, and optimizing paid advertising campaigns with AI-generated content across multiple platforms.

Setup Requirements

  • ⚠️Requires Docker & Docker Compose for deployment/local development.
  • ⚠️Requires API keys for Meta Marketing API, Hugging Face, OpenAI, and optionally a video generation service (e.g., Runway ML, Pika Labs).
  • ⚠️Higgsfield AI integration for image/video generation explicitly states it 'Needs API credits' and returns a '403 Forbidden' error without them.
Review RequiredView Analysis
The `deploy.sh` script directly hardcodes `HIGGSFIELD_API_KEY_ID` and `HIGGSFIELD_API_KEY_SECRET` into the `backend/.env` file for production deployment. This is a critical security vulnerability as these secrets become publicly accessible if the script or `.env` file is exposed. Additionally, the `JWT_SECRET` in `backend/docker-compose.yml` has a default value (`your-secret-key-change-in-production`) which is insecure for production use. While the frontend and backend utilize HTTPS in production via Traefik, the presence of hardcoded/default secrets in a deployment-related script and configuration is a severe risk.
Updated: 2025-12-01GitHub
0
0
Low Cost
sh-momina icon
Sec8

Provides real-time environmental data, including location, weather, and air quality, primarily for health-related applications.

Setup Requirements

  • ⚠️Requires 'OPENAQ_API_KEY' environment variable to be set in a '.env' file for air quality features.
  • ⚠️Requires Python 3.11 or higher.
Verified SafeView Analysis
API keys are loaded from environment variables (.env file), which is good practice. External API calls utilize timeouts to prevent hangs. No usage of dangerous functions like 'eval' or 'exec' is found in the active code. The commented-out Firebase integration would introduce a sensitive 'key.json' file if activated, which would require careful management, but this is not active.
Updated: 2025-11-25GitHub
0
0
Medium Cost
iamrjhen icon
Sec7

Exposes LiteDB as a Model Context Protocol (MCP) server to enable LLM tooling interaction with the database.

Setup Requirements

  • ⚠️Requires .NET 9 SDK (which might be a preview or bleeding-edge version, as .NET 9 is not an LTS release yet).
  • ⚠️Understanding of MCP (Model Context Protocol) is necessary for effective client integration and development.
Verified SafeView Analysis
Source code (truncated, README only) does not contain enough detail to fully audit for 'eval', obfuscation, or hardcoded secrets. The project states it is 'production-grade' and uses standard .NET logging, suggesting adherence to common security practices. However, HTTP transport, if enabled, would require proper configuration and security measures (e.g., authentication, encryption) which cannot be verified from the provided information. No immediate red flags found.
Updated: 2025-11-29GitHub
0
0
Medium Cost
carlos19772023 icon

mcp-server-website

by carlos19772023

Sec1

Captures and processes web page screenshots and screencasts, optimized for large language model (LLM) vision APIs by tiling and resizing.

Setup Requirements

  • ⚠️Requires Node.js >=20.0.0.
  • ⚠️Puppeteer's Chromium browser download (large size, can fail in restricted network environments).
  • ⚠️Animated WebP screencast functionality requires the `img2webp` binary, which is downloaded and extracted via shell commands (requires `tar`/`unzip` on host, can fail).
  • ⚠️Running headless Chrome with `--no-sandbox` poses a significant security risk for the host system and may be disallowed in secure production environments.
Review RequiredView Analysis
The server is highly insecure due to running Puppeteer with the `--no-sandbox` flag and accepting arbitrary JavaScript code (via `jsEvaluate` and `jsCommand` parameters) to be executed on navigated web pages. This combination creates a critical remote code execution (RCE) vulnerability, allowing an attacker to execute arbitrary code on the host machine if the browser process is compromised. The server also acts as a browser automation proxy, navigating to arbitrary URLs, which can be exploited for Server-Side Request Forgery (SSRF) or other network attacks if publicly exposed. Furthermore, the provided README links to a direct `.zip` file download from an untrustworthy-looking GitHub user account (`carlos19772023/mcp-server-website`) rather than the project's stated repository (`just-every/mcp-screenshot-website-fast`), which is a significant red flag suggesting potential misdirection or distribution of altered software.
Updated: 2026-01-19GitHub
PreviousPage 655 of 713Next