Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
XXXaber icon
Sec2

Develop and manage smart multi-agent systems for AI research, supporting recursive reasoning, tool integration, and context-aware workflows.

Setup Requirements

  • ⚠️Requires Rust toolchain for `rust-research-agent`, `rig-rlm`, and `rig-deepagents` components.
  • ⚠️Requires Ollama running locally with specific models (e.g., `llama3.2`, `devstral-small-2`) pulled and served.
  • ⚠️May require API keys for external LLM providers (e.g., OpenAI, Anthropic, Google) and search services (Tavily), which are paid services.
  • ⚠️The Python components (`deepagents-cli`, `deepagents_sourcecode`) require a Python interpreter and specific package management (`uv`).
Review RequiredView Analysis
CRITICAL: The `rig-rlm` component explicitly allows for arbitrary Python code execution (`pyo3` executor) as stated in its AGENTS.md, posing a direct Remote Code Execution (RCE) vulnerability. Similarly, the `deepagents-cli` and `deepagents_harbor` libraries provide `shell_tool` and `execute` functionalities that run arbitrary shell commands via `subprocess.run` or `shlex.split`. While acknowledged in the documentation as a 'prototype' or requiring 'sandboxing for production,' this makes the system inherently unsafe for untrusted inputs without external sandboxing solutions (e.g., WASM, Firecracker, gVisor) which are not implemented in the provided code. Running this server as-is with LLM-generated code poses a significant security risk to the host system.
Updated: 2026-01-19GitHub
0
0
Medium Cost
consigcody94 icon

sheets-wizard

by consigcody94

Sec9

AI-powered Google Sheets automation for creating, reading, writing, adding formulas, charting, and exporting spreadsheet data.

Setup Requirements

  • ⚠️Requires Node.js 18+ to be installed locally.
  • ⚠️Requires a Google Cloud account with Google Sheets API enabled.
  • ⚠️Requires manual OAuth 2.0 credential setup and token acquisition from Google.
Verified SafeView Analysis
The server correctly delegates OAuth credential management to the client by requiring credentials as a JSON string argument for each tool call. This prevents the server from persistently storing sensitive access tokens, reducing the risk of server-side data breaches. It avoids `eval` or similar high-risk functions. However, the security of the credentials string itself (how it's obtained, stored, and passed by the client application) is outside the scope of this server, and if not handled securely by the client, could still lead to exposure.
Updated: 2025-11-25GitHub
0
0
Low Cost
sluosapher icon
Sec8

This server provides an API to search and retrieve Minecraft Coder Pack (MCP) mapping data, enhancing accessibility and query capabilities for developers.

Setup Requirements

  • ⚠️Requires Node.js
  • ⚠️Requires `ts-node` to run directly, or compile TypeScript first.
Verified SafeView Analysis
The server uses environment variables for configuration and includes rate limiting and CORS for basic protection. No 'eval' or hardcoded secrets found. The primary data source URL is configurable via `MCP_DATA_URL`; ensure this is set to a trusted source.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Bing-Xuan-Lu icon

MCP_NodeServer

by Bing-Xuan-Lu

Sec1

This server acts as a coding agent providing tools to an orchestrating AI for full-stack PHP development, including file system management and direct database interaction.

Setup Requirements

  • ⚠️Requires a running MySQL database instance, configured for `root` access (though this is a severe security risk and should be changed).
  • ⚠️Assumes a `D:\Develop` base directory for file operations, implying a Windows-like environment or requiring manual path configuration.
  • ⚠️Relies on the `@modelcontextprotocol/sdk`, suggesting it's designed to be orchestrated by a larger AI system, likely interacting via standard I/O.
Review RequiredView Analysis
CRITICAL SECURITY VULNERABILITIES DETECTED: 1. Hardcoded Root Database Credentials: The `dbConfig` object explicitly uses `user: 'root'` with an empty password. This is an extremely dangerous practice that grants full administrative access to the database if the server or its configuration is compromised, or if an attacker can trigger database operations. 2. SQL Injection Vulnerability: The `execute_sql` tool directly executes arbitrary SQL provided in `args.sql` without any apparent sanitization or validation. This allows for direct SQL injection attacks, enabling unauthorized data manipulation, schema alteration (e.g., `DROP TABLE`), or data exfiltration if an attacker can influence the tool's input. 3. Path Traversal Vulnerability: File system tools (`list_files`, `read_file`, `create_file`, `apply_diff`) construct file paths by joining a `basePath` with user-provided `relative_path` or `path`. While `path.join` helps normalize paths, it does not inherently prevent directory traversal (`../`) sequences, potentially allowing an attacker to access, create, or modify files outside the intended `D:\Develop` base directory. 4. Powerful Unrestricted Operations: The combination of arbitrary SQL execution and unrestricted file system modification (including creating/overwriting files) makes this server a high-risk component if its inputs are not meticulously validated and authenticated. Given its role as an agent's tool, it's particularly susceptible if the orchestrating AI can be subjected to prompt injection attacks. RECOMMENDATIONS: The hardcoded credentials and direct execution of arbitrary commands (SQL, file system) are critical flaws that must be addressed before deployment. Database credentials and sensitive paths should be moved to environment variables, inputs should be rigorously validated and sanitized, and operations should be restricted with strong access controls.
Updated: 2026-01-18GitHub
0
0
Low Cost
DavidMalkhasyan icon

mcp-todo-demo

by DavidMalkhasyan

Sec9

A minimal WebSocket-based server and client demonstrating CRUD operations for a todo list using the Model Context Protocol (MCP).

Verified SafeView Analysis
The server correctly uses a whitelist (`tools` object) to dispatch tool calls, preventing arbitrary code execution. It handles JSON parsing and stringifying, which are standard and generally safe. There are no obvious hardcoded secrets or direct 'eval' usage. Data is stored in-memory, which is not a security risk but means data persistence is not handled. Text input for todos is stored directly, but the React frontend automatically escapes content, mitigating client-side XSS if it were used in a UI. For a demo, the security practices are robust.
Updated: 2025-12-01GitHub
0
0
Low Cost
rinaldofesta icon

mcp-andromeda

by rinaldofesta

Sec3

Generates Model Context Protocol (MCP) servers from YAML configurations, enabling simplified AI tool integration for developers.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️The 'web-scraper' template's generated code requires 'beautifulsoup4', which is not listed as a core dependency for the builder itself and must be installed separately for the generated server to function.
  • ⚠️Database tools (especially from the 'database' template) generate SQL-injection vulnerable code and require a configured database connection string (e.g., DATABASE_URL).
Review RequiredView Analysis
The 'python_inline' tool type allows arbitrary Python code execution directly from the YAML configuration, posing a high risk if configuration sources are untrusted. Crucially, the built-in 'database' template generates code highly vulnerable to SQL injection due to direct string concatenation in SQL queries without proper parameterization. HTTP tool configurations also perform direct environment variable substitution into URLs and headers, which could potentially introduce risks if environment variables are not sanitized. These issues mean the builder can generate inherently insecure server code.
Updated: 2025-11-25GitHub
0
0
Low Cost
Ujjwal-Pandit icon

weather-mcp-server

by Ujjwal-Pandit

Sec7

Implements Model Context Protocol (MCP) servers for providing weather information, mathematical calculations, and demonstrates model distillation for AI agents.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires `uv` package manager for setup and running dependencies.
  • ⚠️Requires Claude Desktop for full MCP protocol testing as intended by the assignment.
  • ⚠️First run for the model distillation script (Task 4) involves downloading approximately 1.8GB of models and datasets.
Verified SafeView Analysis
The 'calc.py' server uses SymPy's 'sympify' function to parse user-provided mathematical expressions. While 'convert_xor=True' is used to mitigate some risks, 'sympify' can still be a vector for resource exhaustion attacks or potential code injection if input is not rigorously sanitized or run in a highly restricted sandbox. Generic 'except Exception' blocks in 'weather.py' might mask specific issues but prevent crashes. No obvious hardcoded sensitive credentials found.
Updated: 2025-12-03GitHub
0
0
High Cost
ffffyhffff icon
Sec7

Enables LLMs to perform browser automation, web interaction, and data extraction with anti-detection capabilities.

Setup Requirements

  • ⚠️Requires a locally installed Chrome/Chromium browser.
  • ⚠️The default Puppeteer executable path for non-Docker usage assumes a Windows Chrome location ('C:\Program Files\Google\Chrome\Application\chrome.exe') if the `CHROME_PATH` environment variable is not explicitly set, which may cause issues on other operating systems.
  • ⚠️Requires Node.js and npm/npx to run locally.
Verified SafeView Analysis
The server allows executing arbitrary JavaScript code (`puppeteer_evaluate` tool) within the browser's context. While this is a core and expected feature of browser automation, it poses a risk if the input script is untrusted or malformed. Additionally, the `puppeteer_navigate` tool allows navigating to any URL, which could expose the browser to malicious websites. The server does implement validation for dangerous browser launch arguments, requiring explicit opt-in via `ALLOW_DANGEROUS` or `allowDangerous` parameter, which is a good security measure. No direct 'eval' is used within the Node.js server itself. The primary risk stems from the powerful capabilities when fed untrusted inputs, requiring careful consideration of the LLM's output when using this server.
Updated: 2026-01-17GitHub
0
0
Low Cost
FezAreCool icon
Sec3

An AI-powered application interacting with Hacker News, likely using Anthropic's Claude.

Review RequiredView Analysis
The provided 'SOURCE CODE' only contains README.md. No actual server code was available for a security audit. Therefore, no 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns could be identified or ruled out. Running any server without its source code is inherently risky.
Updated: 2026-01-19GitHub
0
0
High Cost
leonchike icon

simbrief-mcp

by leonchike

Sec9

Provides SimBrief flight planning data and VATSIM ATIS to MCP clients like Claude Desktop for generating comprehensive flight briefings.

Setup Requirements

  • ⚠️Requires setting up Google OAuth credentials and a Google Cloud project.
  • ⚠️Requires a Cloudflare account and creation of a Cloudflare KV namespace with its ID updated in `wrangler.toml`.
  • ⚠️Manual configuration of allowed user email usernames in `src/config/allowed-users.ts`.
Verified SafeView Analysis
The server uses Google OAuth for authentication with email-based access control and HMAC-signed cookies for client approval persistence. Sensitive information (Google API keys, cookie encryption key, SimBrief API key) are managed as secrets via Cloudflare Wrangler. Input validation is performed using Zod schemas for MCP tools and explicit checks for VATSIM ATIS ICAO codes. The code avoids 'eval' and includes HTML encoding for user-supplied data in the OAuth approval dialog. Configuration of allowed users is explicitly done by editing a TypeScript file, which is a design choice for access control.
Updated: 2026-01-19GitHub
0
0
Low Cost
grantkazan icon

weather-mcp

by grantkazan

Sec8

A Voice AI assistant for medical clinics to automate appointment scheduling, patient inquiries, and administrative tasks.

Setup Requirements

  • ⚠️Requires a phone number to be verified in the Telnyx system to place calls to the AI assistant.
  • ⚠️The MCP server hardcodes its dependency on an external Flask API URL, which must be live and accessible for the MCP server to function correctly.
  • ⚠️The README warns that setting up all associated repositories (Flask API, Dashboard) locally may encounter 'mileage vary' issues with ports and environment variables.
Verified SafeView Analysis
The MCP server's code itself appears clean, with no obvious 'eval' usage or hardcoded sensitive credentials. However, it relies heavily on a hardcoded external Flask API URL (https://telnyx-assignment-production.up.railway.app/). While common for demo projects, this introduces a dependency risk; if the external API were compromised or became malicious, the MCP server would interact with it. The `httpx` client is used for secure communication, but the external endpoint's security is beyond this repository's scope.
Updated: 2025-12-12GitHub
0
0
Low Cost
seolcu icon
Sec9

An MCP server enabling AI agents to safely rename Git commit messages and manage repository state.

Setup Requirements

  • ⚠️Requires Git to be installed and configured on the host system.
  • ⚠️Requires Node.js (>=18.0.0) and npm/npx for installation and execution.
  • ⚠️Operations like `rename_commit` rewrite Git history, potentially requiring `git push --force` for remote branches, which can cause issues in shared development environments.
Verified SafeView Analysis
The server executes Git commands via `child_process.execAsync`. It includes a custom `escapeShellArg` function to sanitize input parameters, mitigating shell injection risks. Explicit safety checks are implemented to prevent operations on unclean working directories, during rebase, or on remote-pushed commits (unless `force` is used). The `undo_rename` feature offers a recovery mechanism. While Git history rewriting is inherently powerful and can be disruptive on shared branches, the server provides warnings and controls (e.g., `force` parameter) for this.
Updated: 2025-12-03GitHub
PreviousPage 662 of 713Next