Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
hackerdogs-ai icon

mcpservers-and-tools

by hackerdogs-ai

Sec3

A generic, plugin-based MCP server designed to automatically discover and expose reconnaissance tools, supporting both pure Python and command-line application wrappers.

Setup Requirements

  • ⚠️Requires `fastmcp` and `hd-logging` Python packages.
  • ⚠️Relies on system-installed command-line tools (e.g., `ping`, `nslookup`, `nmap` for examples) which must be available in the system's PATH.
  • ⚠️Requires Python 3.
  • ⚠️The `PYTHONPATH` environment variable must be correctly set to include the `mcpservers` directory for plugin discovery to work properly.
Review RequiredView Analysis
The `mcpservers/prowler/prowler_mcp.sh` script, which is part of the provided source, contains a hardcoded `PROWLER_APP_API_KEY`. This is a critical security vulnerability, as it exposes sensitive credentials directly in the source code. The `recon_mcpserver.py` component uses `subprocess.run` for external commands, which is implemented safely by passing arguments as a list. However, its dynamic plugin loading from the `recon/tools` directory means any code placed there will be executed, requiring strict trust and control over plugin sources to prevent arbitrary code execution.
Updated: 2026-01-17GitHub
0
0
Low Cost
premkalyan icon
Sec1

Provides intelligent context, agent management, SDLC guidance, and tool configurations for AI-powered software development workflows, acting as an AI intelligence layer within the VISHKAR MCP ecosystem.

Setup Requirements

  • ⚠️Requires Node.js >=18.17.0.
  • ⚠️Requires API keys (VISHKAR_API_KEY, REGISTRY_UPDATE_TOKEN) obtained from Project Registry, potentially requiring separate project setup.
  • ⚠️Production deployment on Vercel requires Vercel Blob and KV setup for storage and caching.
  • ⚠️Multiple build troubleshooting steps noted in VERCEL-BUILD-TROUBLESHOOTING.md suggest potential deployment complexities.
Review RequiredView Analysis
CRITICAL: The system has multiple confirmed, severe vulnerabilities. 1. VULN-001 (CVSS 9.8 - Broken Authentication): Any API key is accepted, leading to complete authentication bypass. 2. VULN-002 (CVSS 9.1 - Path Traversal): Vulnerable to reading arbitrary files on the server (e.g., '/etc/passwd'). 3. VULN-003 (CVSS 9.8 - YAML RCE): Uses 'yaml.load()' which is susceptible to remote code execution. 4. Missing Rate Limiting (CVSS 7.5): No protection against Denial of Service (DoS) attacks despite being configured to enable it. These issues must be fixed immediately before any deployment or sensitive use.
Updated: 2025-12-15GitHub
0
0
Medium Cost
elliemci icon

mcp-adk

by elliemci

Sec1

Develops and connects AI agents to interact with either a local SQLite database or a remote Notion workspace via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3 and Google ADK library (`google.adk`).
  • ⚠️Local SQLite database must be created manually via `python3 local_mcp/create_db.py` before running the local agent/server.
  • ⚠️Notion API Key (NOTION_API_KEY) is required for the remote Notion agent setup.
  • ⚠️Running the remote Notion agent requires Node.js and npm/npx to install and run `@notionhq/notion-mcp-server`.
Review RequiredView Analysis
The `local_mcp/server.py` is highly vulnerable to SQL injection. The `get_table_schema`, `query_db_table`, and `delete_data` functions directly interpolate user-provided parameters (`table_name`, `columns`, `condition`) into SQL queries using f-strings without any sanitization or parameterized queries. An attacker could craft malicious input to execute arbitrary SQL commands, access unauthorized data, or delete records. This makes the local server unsafe to run with untrusted input. The `remote_mcp/agent.py` relies on an external `npx @notionhq/notion-mcp-server` command, introducing a dependency on a third-party package whose security is not directly auditable from this source code, though it's assumed to be official.
Updated: 2025-11-22GitHub
0
0
Low Cost
OpenBankProject icon

OBP-MCP

by OpenBankProject

Sec9

Provides a Model Context Protocol (MCP) server for AI assistants to interact with the Open Bank Project (OBP) API.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires access to an OBP API instance (configured via OBP_BASE_URL and OBP_API_VERSION).
  • ⚠️The `uv` package manager must be installed to run scripts and the server.
  • ⚠️Endpoint and glossary indexes must be generated (`scripts/generate_endpoint_index.py`, `scripts/generate_glossary_index.py`) for full functionality, though `startup_updater.py` attempts to automate this on server start.
Verified SafeView Analysis
The codebase appears well-structured and free from obvious malicious patterns, 'eval' usage, or hardcoded secrets. It correctly uses environment variables for sensitive configurations like API base URLs and authentication details. OAuth is optionally configurable, adding to security. The use of `subprocess.run` to generate indexes is for internal scripts and uses `sys.executable` and `Path` objects, minimizing shell injection risks. Network requests are made to configurable OBP endpoints, assuming those endpoints are trusted. The primary security consideration is ensuring the `OBP_BASE_URL` points to a legitimate and trusted OBP API instance and that API keys/tokens used via headers are managed securely by the AI assistant accessing this MCP server.
Updated: 2026-01-14GitHub
0
0
Medium Cost
mgerhards icon

mcp_docfetcher

by mgerhards

Sec4

Provides tools to programmatically fetch raw text content from any specified URL and perform site-specific searches on Google.

Setup Requirements

  • ⚠️Requires Python 3
  • ⚠️Requires installation of dependencies from requirements.txt (including 'requests' and 'mcp' libraries)
Review RequiredView Analysis
The 'fetch_docs' tool allows fetching arbitrary URLs, posing a Server-Side Request Forgery (SSRF) risk. This could enable an attacker to access internal network resources or cloud metadata services from the server's host. The 'search_docs' tool's HTML parsing for extracting URLs is brittle and sensitive to changes in Google's search page structure. There are no obvious hardcoded secrets or use of 'eval'.
Updated: 2025-12-03GitHub
0
0
Medium Cost
haegemonia76 icon

mcp-servers

by haegemonia76

Sec2

A collection of Model Context Protocol (MCP) servers designed to provide controlled access and management capabilities for various infrastructure components like PostgreSQL databases, Redis caches, Docker containers, and Git repositories.

Setup Requirements

  • ⚠️Requires Node.js and pnpm package manager.
  • ⚠️Requires external PostgreSQL, Redis, and Docker daemon instances to be running and accessible for respective managers.
  • ⚠️High privileges: running these services grants significant control over associated infrastructure, posing security risks if not properly secured and monitored.
Review RequiredView Analysis
The 'postgres-manager-mcp' server's 'query' tool directly executes user-provided SQL strings without proper parameterization. The `PG_ALLOW_WRITE` environment variable and the `startsWith("select")` check are insufficient to prevent severe SQL injection vulnerabilities (e.g., `SELECT 1; DROP TABLE users;`). Additionally, the 'docker-manager-mcp' and 'git-manager-mcp' services expose highly privileged operations (container start/stop/restart, Git add/commit/push/pull) which, if used by an untrusted or malfunctioning agent, could lead to significant data loss or system compromise. All sensitive configurations (`DATABASE_URL`, `REDIS_URL`) are correctly sourced from environment variables, preventing hardcoded secrets.
Updated: 2025-12-03GitHub
0
0
Medium Cost
taddiemason icon
Sec9

Enables AI agents (e.g., OpenWebUI) to access ConnectWise Manage data through natural language commands via a Docker-based Model Context Protocol (MCP) bridge.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed.
  • ⚠️Requires ConnectWise Manage API credentials (Company ID, Public Key, Private Key), obtained from your ConnectWise instance.
  • ⚠️Requires OpenWebUI (or another MCP-compatible AI agent) to utilize its functionality, including manual tool configuration in OpenWebUI's admin panel.
Verified SafeView Analysis
The server is designed for read-only access, which inherently reduces the impact of potential security vulnerabilities. Secrets (ConnectWise API credentials) are correctly handled via environment variables loaded from a .env file, a standard best practice. There are no 'eval' or similar dangerous dynamic code execution patterns identified in the provided Node.js or Python code that would execute arbitrary user input. The Node.js bridge uses `child_process.spawn` to execute a Python script, passing JSON via stdin, which is a controlled and generally safe inter-process communication method. The `cors` middleware is enabled, allowing requests from all origins by default, which is acceptable for a local integration but might require stricter configuration in specific enterprise deployments. Overall, it appears well-engineered for its stated purpose with good security practices.
Updated: 2025-11-20GitHub
0
0
Medium Cost
caffeineflo icon

portainer-mcp

by caffeineflo

Sec9

Enables AI assistants to manage Docker containers and resources through the Portainer API.

Setup Requirements

  • ⚠️Requires a running Portainer instance and a valid API key.
  • ⚠️Write operations (e.g., starting/stopping containers, deploying stacks) are disabled by default and must be explicitly enabled via the `PORTAINER_WRITE_ENABLED=true` environment variable.
  • ⚠️Network connectivity from the MCP server to the Portainer instance is required.
Verified SafeView Analysis
Write operations are explicitly disabled by default (`PORTAINER_WRITE_ENABLED=false`) and must be enabled via an environment variable, significantly reducing potential harm from accidental or malicious AI actions. Input validation via Zod is used for all tool arguments. Sensitive API keys are passed via environment variables, not hardcoded. The `PortainerClient` handles common HTTP errors (401, 403, 404) and connection issues gracefully. Docker log stripping handles multiplexed streams correctly to prevent data interpretation issues.
Updated: 2025-12-17GitHub
0
0
Medium Cost
andrewkroh icon

fleetpkg-mcp

by andrewkroh

Sec6

Enables LLMs to query low-level metadata about Elastic Fleet integration packages from a SQLite database.

Setup Requirements

  • ⚠️Requires a local checkout of the `elastic/integrations` Git repository (`-dir` argument).
  • ⚠️The database is rebuilt each time the server starts, which can take ~10 seconds on a fast machine.
  • ⚠️Requires a Go environment to build and run from source (`go run` or `go install`).
Review RequiredView Analysis
The server allows LLMs to execute arbitrary SQLite queries against a read-only database via the `fleetpkg_execute_sql_query` tool. While the database is read-only, preventing data modification, this design poses risks: 1. **Resource Exhaustion (DoS)**: Malicious or poorly optimized queries crafted by an LLM could consume significant CPU and memory, leading to a denial of service. 2. **Information Leakage**: Complex queries could potentially extract unintended correlations or meta-information from the database schema that might not be intended for direct exposure. 3. **Path Disclosure**: Although the database is opened in `mode=ro`, certain SQLite features (if enabled in the `modernc.org/sqlite` driver's build, e.g., `readfile()`) could theoretically be exploited to read files on the system, though this is less likely with standard builds. Without explicit query sandboxing, validation, or rate-limiting for the `fleetpkg_execute_sql_query` tool, allowing untrusted LLMs to issue arbitrary SQL queries is a significant security risk. The `mode=ro` on the database connection is a strong mitigation against data corruption but not against resource abuse or some forms of information exposure.
Updated: 2025-12-23GitHub
0
0
Low Cost
Shylesh1640 icon

MCP-Server

by Shylesh1640

Sec9

Provides an MCP-compliant API server exposing basic tools, resources, and prompts for various functionalities.

Setup Requirements

  • ⚠️Python 3.12+ only
Verified SafeView Analysis
The provided code snippet does not contain 'eval', obfuscation, hardcoded secrets, or obvious malicious patterns. It relies on standard Python functions and the `fastmcp` library. Security largely depends on the `fastmcp` implementation and proper deployment practices.
Updated: 2025-11-28GitHub
0
0
Low Cost
maciejkra icon

multirepo-claude

by maciejkra

Sec3

Provides a server implementation for the Minecraft Protocol, enabling custom game experiences or client interactions, though specific details are unknown due to missing source code.

Review RequiredView Analysis
The source code for this server was not provided in the prompt, making a comprehensive security audit impossible. The score reflects the inability to assess potential vulnerabilities like 'eval', hardcoded secrets, or network risks without code visibility.
Updated: 2026-01-16GitHub
0
0
High Cost
estebanstifli icon

stifli-flex-mcp

by estebanstifli

Sec5

Transforms a WordPress site into an AI-powered Model Context Protocol (MCP) server, exposing 117 tools for AI agents like ChatGPT and Claude to manage WordPress and WooCommerce content.

Setup Requirements

  • ⚠️Requires WordPress Application Passwords for authentication setup, replacing custom tokens from prior versions.
  • ⚠️WooCommerce plugin must be installed and active for all 61 WooCommerce-specific tools to function, otherwise only WordPress tools are available.
  • ⚠️The primary exposure of 117 tool definitions via 'tools/list' results in a large payload (potentially thousands of tokens), which will consume a significant portion of an AI agent's context window on each initialization or list request.
Review RequiredView Analysis
The plugin contains several instances of direct database queries (e.g., using `$wpdb->query`, `$wpdb->get_var`, `$wpdb->delete`, `$wpdb->update`) without consistently utilizing `$wpdb->prepare()` for dynamic parts of the SQL, as indicated by multiple 'WordPress.DB.PreparedSQL.NotPrepared' errors in the `checktest.md` file. While some dynamic table names are derived from internal WordPress variables, this pattern can lead to SQL injection vulnerabilities if user input were to influence any part of these unprepared queries. The 'fetch' tool allows making HTTP requests to arbitrary URLs. Although it requires an authenticated user with 'edit_posts' capability and client-side confirmation, the lack of a more granular server-side capability check specifically for network access introduces a potential Server-Side Request Forgery (SSRF) risk. The use of `maybe_unserialize()` for messages stored in the plugin's queue table, while seemingly processing internal plugin-generated content, is a generally discouraged practice that could introduce PHP object injection vulnerabilities if the serialized data ever becomes controllable by an attacker. No hardcoded secrets or obvious obfuscation were found, and authentication is delegated to WordPress Application Passwords, which is a good practice.
Updated: 2026-01-07GitHub
PreviousPage 658 of 713Next