Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Sec9

Provides a universal data exchange buffer to offload large binary data from LLM context between MCP servers, passing tokens instead of raw data.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose to run services.
  • ⚠️Relies on a Redis instance for data storage and persistence.
  • ⚠️Requires creating an API token via the CLI for authorized access to the buffer API.
Verified SafeView Analysis
Implements strong security measures including SHA256 hashed Bearer tokens, rate limiting per token, role-based scopes (read, write, admin), and a detailed audit log. Tokens are shown only once at creation and are impossible to brute force. Redis persistence ensures token survival across restarts. Automatic and manual cleanup mechanisms prevent data accumulation.
Updated: 2025-11-20GitHub
0
0
Medium Cost
freema icon
Sec9

Provides a Model Context Protocol (MCP) server for integrating with Jira, allowing clients to read, write, and manage Jira issues and projects.

Setup Requirements

  • ⚠️Requires Node.js 20.0.0 or higher.
  • ⚠️Requires an active Jira instance (Cloud or Server).
  • ⚠️Requires a Jira API token, email, and base URL for authentication.
Verified SafeView Analysis
Strong input validation is implemented using Zod schemas for all tool arguments, significantly reducing the risk of injection attacks. The `addAttachmentFromUrl` function includes explicit Server-Side Request Forgery (SSRF) protection, blocking requests to localhost and common private IP ranges. Sensitive credentials (Jira Base URL, Email, API Token) are loaded from environment variables, preventing hardcoding. The server handles upstream Jira API rate limits and errors with retry logic and clear error messages. No `eval` or code obfuscation patterns were identified.
Updated: 2026-01-15GitHub
0
0
High Cost
YongjinKim-Dev icon

mcp-banana-ghost

by YongjinKim-Dev

Sec7

An MCP server for Claude that automates image generation using NanoBanana Pro via browser automation.

Setup Requirements

  • ⚠️Requires Chrome browser to be installed locally.
  • ⚠️Requires a specific Chrome profile path (`chrome_profile_path`) to be configured and logged into NanoBanana Pro.
  • ⚠️Browser automation is resource-intensive (CPU, RAM) and can be slow, potentially hitting `timeout` issues if image generation takes too long.
Verified SafeView Analysis
The server uses `undetected-chromedriver` to control a Chrome browser with a user's local profile, which implicitly carries risks associated with browser automation (e.g., potential for vulnerabilities in Chrome or the automation library, or exposure of profile data if the host system is compromised). The `execute_script` function is used, but the script itself is hardcoded and not directly controlled by user input, mitigating injection risks. The `requests.get` call for image URLs could be a minor SSRF risk if `image_src` could be manipulated, but it's derived from the browser's current page. No 'eval' or obvious malicious patterns found.
Updated: 2025-12-06GitHub
0
0
Low Cost
CycleCore-Technologies icon

mcpbodega-cli

by CycleCore-Technologies

Sec9

Universal command-line interface for deploying and managing Model Context Protocol (MCP) servers across various AI platforms.

Setup Requirements

  • ⚠️Requires Node.js (>=18.0.0)
  • ⚠️Requires authentication via `mcpbodega login` followed by `mcpbodega init --token <your-token>` to configure credentials.
  • ⚠️Manual configuration steps are required for AI platforms like ChatGPT (Developer Mode) and Grok after deployment, although the CLI provides clear instructions.
Verified SafeView Analysis
The CLI implements strong security measures for local configuration: AES-256-GCM encryption for auth tokens, machine-specific encryption key derivation (tying tokens to a specific device), 0600 file permissions for config files (owner read/write only), and atomic writes to prevent corruption. It also creates backups when modifying AI platform configuration files (e.g., Claude Desktop config) and handles decryption errors gracefully. Network communication occurs over HTTPS to the MCPBodega platform, relying on its backend security.
Updated: 2025-11-25GitHub
0
0
Low Cost
exquisique icon

Aether

by exquisique

Sec3

An Ollama-powered AI agent client for local LLMs to interact with real-world tools via the Model Context Protocol (MCP) using a Streamlit interface.

Setup Requirements

  • ⚠️Requires Ollama to be installed and a language model (e.g., Mistral) pulled locally.
  • ⚠️Requires `uv` (or `pip`) for dependency installation.
  • ⚠️Many MCP servers, like the example 'filesystem' and 'git' servers, require NodeJS/npm to be installed (`npx`).
  • ⚠️User must manually create and configure `mcp_config.json` to enable external tools.
Review RequiredView Analysis
CRITICAL: The `generate_plot` function in `app.py` uses `exec()` to run arbitrary Python code provided by the LLM. While there's a weak attempt at sandboxing, this is a major security vulnerability that can be exploited to run malicious code. Additionally, the core Model Context Protocol (MCP) functionality allows users to configure and run arbitrary external commands (`command` and `args` in `mcp_config.json`), which is a design feature but inherently poses a high risk if the configuration is malicious or compromised.
Updated: 2025-12-03GitHub
0
0
Medium Cost
SuperPyonchiX icon

excel_mcp_server

by SuperPyonchiX

Sec8

AI agents automate Excel file operations for data entry, editing, formatting, and export.

Setup Requirements

  • ⚠️All Excel and CSV file paths must be absolute paths; relative paths will cause errors.
  • ⚠️Requires Node.js v18 or newer to run, as indicated by package dependencies.
  • ⚠️The Node.js process must have appropriate read/write file system permissions for the specified Excel and CSV file paths.
Verified SafeView Analysis
The server uses stdio (standard input/output) for communication, which means it does not expose any network ports, significantly reducing network-based attack surfaces. Extensive Zod schemas are implemented for input validation, ensuring arguments like file paths, cell addresses, and values adhere to expected formats. This prevents many common input-based vulnerabilities such as basic path traversal (by requiring absolute paths and specific file extensions) and SQL injection (though not directly applicable here, it demonstrates robust input handling). The primary security consideration arises from the server's core functionality: direct manipulation of the local file system. If the AI client or its prompts are compromised, and the Node.js process running the server has broad file system permissions, a malicious agent could theoretically instruct the server to read from or write to sensitive locations on the host system using valid absolute paths. Therefore, it is safe to run within a controlled environment with appropriately restricted user permissions for the Node.js process.
Updated: 2026-01-18GitHub
0
0
Low Cost
rakeshpc icon
Sec3

A web-based interface for managing Splunk indexes with a modern UI.

Setup Requirements

  • ⚠️Requires Splunk Enterprise or Splunk Cloud instance to be running and accessible.
  • ⚠️Requires Splunk's management port (8089) to be enabled and network firewalls configured to allow access from the MCP server.
  • ⚠️The application uses an unverified SSL context for Splunk connections, which is a critical security vulnerability and should be addressed with proper SSL certificate validation for any production deployment.
Review RequiredView Analysis
CRITICAL: The application explicitly uses `ssl._create_unverified_context()` for connecting to Splunk, which disables SSL certificate validation. This makes the connection highly vulnerable to Man-in-the-Middle attacks, especially in production environments. Additionally, default hardcoded credentials for both the MCP console (mcpadmin/mcpadmin123) and Splunk (admin/changeme) are present in `app.py` if environment variables are not set, posing a significant security risk. The Flask `SECRET_KEY` also has a weak default. Console authentication is a basic username/password comparison without advanced security features.
Updated: 2026-01-17GitHub
0
0
Low Cost
Curator4 icon
Sec8

Fetches current weather data for a specific city and country using the OpenWeatherMap API.

Setup Requirements

  • ⚠️Requires an OpenWeatherMap API Key (may require registration and adhere to usage limits for free tiers).
  • ⚠️Requires Go runtime installed.
Verified SafeView Analysis
Generally safe. The OpenWeatherMap API key is securely loaded from environment variables (or .env file) and not hardcoded. No 'eval' or other dynamic code execution patterns were found. Minor concern: user-provided 'city' and 'country' inputs are directly concatenated into the OpenWeatherMap API URL via `fmt.Sprintf` without explicit URL encoding/escaping, which could potentially cause issues with unusual characters in the city or country names, though unlikely for typical weather queries.
Updated: 2025-11-30GitHub
0
0
Medium Cost
santoshpatil85 icon

online-service-mcp-server

by santoshpatil85

Sec9

A production-grade FastMCP Server acting as an intermediary to expose backend services (user management, ticketing, data querying) as typed tools, secured with Azure Workload Identity for microservice communication in Kubernetes.

Setup Requirements

  • ⚠️Requires Azure Kubernetes Service (AKS v1.28+) with Workload Identity enabled for production deployment.
  • ⚠️Requires a separate Backend REST API to integrate with, configured via BACKEND_API_URL.
  • ⚠️Python 3.11+ is required.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly its use of Azure Workload Identity for credential-less authentication in AKS, avoiding hardcoded secrets. It implements structured logging for auditability, runs containers with least privilege (non-root, read-only filesystem), and has explicit network security and vulnerability scanning guidelines. No 'eval' or malicious patterns were found. The primary remaining security considerations are the security of the integrated backend services and external APIs.
Updated: 2026-01-18GitHub
0
0
Low Cost
Loctree icon

rmcp_memex

by Loctree

Sec8

A local Model Context Protocol (MCP) server providing Retrieval-Augmented Generation (RAG) capabilities with embedded vector storage and local embeddings/reranking.

Setup Requirements

  • ⚠️Requires Rust toolchain with Cargo (stable)
  • ⚠️Requires Protobuf compiler at build time
  • ⚠️Optional MLX HTTP server required for MLX-based embeddings/reranking (otherwise falls back to fastembed)
Verified SafeView Analysis
The server runs as a local process, communicating via stdin/stdout using JSON-RPC, which inherently limits direct network attack surface. It relies on well-established Rust libraries for HTTP (reqwest), data serialization (serde_json), and vector storage (lancedb). No 'eval' or similar dynamic code execution patterns were found. Environment variables are used for configuration, preventing hardcoded secrets. Processing external files (PDFs via pdf-extract, arbitrary text) does introduce a potential risk if these libraries or the parsing logic are vulnerable to malformed inputs. The MLX bridge relies on a separate, assumed-to-be-trusted, local MLX HTTP server.
Updated: 2026-01-11GitHub
0
0
Medium Cost
hsiangjenli icon

mcp-tw-gpss

by hsiangjenli

Sec8

An AI-ready Model Context Protocol (MCP) server for searching patents in the Global Patent Search System (GPSS).

Setup Requirements

  • ⚠️Requires GPSS API access code set as `USER_CODE` environment variable (access to GPSS API is likely paid or restricted).
  • ⚠️Requires Python 3.12+ for local execution.
  • ⚠️Docker is recommended for easier deployment and environment consistency.
Verified SafeView Analysis
The server correctly retrieves the `USER_CODE` for API authentication from environment variables, preventing hardcoded secrets. It makes external HTTP requests to the GPSS API, which is inherent to its function. While Pydantic schemas provide input validation for the tool's parameters, the handling of `keywords` for potential injection into the external GPSS API relies on the GPSS API's own sanitization, which is a common pattern for API wrappers but an external dependency for security.
Updated: 2025-11-26GitHub
0
0
Medium Cost

DevBuddy

by dazinator

Sec9

Analyzes .NET codebases and executes shell commands in a secure, containerized environment via the Model Context Protocol (MCP) for AI agents.

Setup Requirements

  • ⚠️Docker Desktop required for server deployment
  • ⚠️.NET 8.0 SDK required for local development or generating local dev certificates
  • ⚠️Claude Desktop requires specific configuration (Docker bridge or remote connector)
  • ⚠️Git Personal Access Tokens (PATs) are needed for remote Git operations
Verified SafeView Analysis
The server features robust security, including direct process spawning to prevent command injection, comprehensive path validation, configurable command allow/deny lists, and enforced timeouts. Container hardening utilizes non-root user execution, dropped capabilities, and no-new-privileges. Error messages are sanitized for production, and detailed audit logging with sensitive data redaction is implemented. The default `docker-compose.yml` uses a read-write workspace for development, which is a known flexibility for development but is clearly noted to be read-only (`:ro`) for production deployments.
Updated: 2025-11-27GitHub
PreviousPage 656 of 713Next