Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
hmqgg icon
Sec9

Enables AI agents to query Ethereum balances, fetch token prices, and simulate Uniswap V3 swaps using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires an Ethereum mainnet RPC endpoint that supports `statesOverride` for `eth_call`.
  • ⚠️Requires an Ethereum private key for signing, even though transactions are only simulated; use a test key.
  • ⚠️Symbol-based token resolution relies on Uniswap's official token list (`tokens.uniswap.org`); queries will fail if the list is unavailable or the token is not listed.
Verified SafeView Analysis
The server explicitly states it only simulates transactions and does not broadcast them to the blockchain. Private keys are handled via environment variables with strong security warnings against using real funds in production. It leverages `eth_call` with `statesOverride` for simulation, a safe practice, and uses `rust_decimal` to prevent financial precision errors. Dependency on an external token list (`tokens.uniswap.org`) for symbol resolution is noted as a potential point of failure for token lookups if the service is unavailable or compromised, but doesn't pose a direct code execution risk.
Updated: 2025-11-20GitHub
0
0
Medium Cost
swgvasu-cyber icon

MCP-Server

by swgvasu-cyber

Sec7

Serves as an API gateway for clients to submit SHA-256 file hashes to a backend scanner API and retrieve aggregated malware reputation results.

Setup Requirements

  • ⚠️Requires a running backend Scanner API accessible at `http://localhost:8000` by default.
  • ⚠️The `API_BASE` environment variable must be explicitly set if the backend Scanner API is located elsewhere.
Verified SafeView Analysis
The code itself is straightforward, with no 'eval' or obvious malicious patterns. The primary security consideration lies in the configuration of the `API_BASE` environment variable. If `API_BASE` is exposed to untrusted input or points to an internal network, it could potentially lead to Server-Side Request Forgery (SSRF). In typical dedicated bridge deployments, this risk is mitigated by careful environment configuration.
Updated: 2025-12-08GitHub
0
0
Low Cost
duuujin icon

mcp_server_test

by duuujin

Sec9

This server provides a weather forecasting tool that fetches current and hourly weather data for specified geographical coordinates.

Setup Requirements

  • ⚠️Python 3.11+ required
Verified SafeView Analysis
The server makes external HTTP GET requests to a public, open-source weather API (api.open-meteo.com) which does not require an API key. No 'eval', obfuscation, hardcoded secrets, or malicious patterns were found in the provided source code. The use of 'httpx' for asynchronous network requests is standard and generally secure.
Updated: 2025-12-11GitHub
0
0
Medium Cost
VBMSaaS icon

VBMCP

by VBMSaaS

Sec4

Integrate VBMSaaS platform with AI Agents and IDEs via Model Context Protocol for automated resource, menu, page, and data management.

Setup Requirements

  • ⚠️Requires VBMSaaS Platform Access Credentials (VBMSAAS_API_URL, VBMSAAS_ACCESS_KEY, VBMSAAS_PLATFORM_ID) from an administrator.
  • ⚠️Stored credentials (`.env.auth`, `.env.credentials`) are only Base64 encoded, not strongly encrypted, posing a risk if the host system is compromised.
  • ⚠️Requires Node.js >= 18.0.0.
Verified SafeView Analysis
The `AuthStorageService` and `CredentialsStorageService` use Base64 encoding, not strong encryption, for storing sensitive data (API tokens, secrets, user credentials) on the file system in `.env.auth` and `.env.credentials`. While file permissions (`0o600`) restrict access, a compromised host can easily decode this data. The `JWT_SECRET` has a default placeholder value which must be changed in production. The server logs potentially sensitive API request/response data to `stderr` and a local log file, which could expose confidential information if not securely managed. The use of HMAC-SHA1 for API request signing is a positive security practice for request integrity and authenticity.
Updated: 2025-11-27GitHub
0
0
Medium Cost
YHY123669 icon

mcp-arxiv-server

by YHY123669

Sec9

This server acts as an AI agent tool, enabling it to search and retrieve academic papers from ArXiv based on user-defined keywords.

Setup Requirements

  • ⚠️Requires 'mcp' library installation (e.g., `pip install fastmcp` or similar, as `FastMCP` is imported)
  • ⚠️Requires 'httpx' library installation (e.g., `pip install httpx`)
Verified SafeView Analysis
The code demonstrates good security practices for a server interacting with a public API. It handles external network calls asynchronously with timeouts, uses standard XML parsing, and includes basic error handling for API and XML parsing failures. No hardcoded secrets, 'eval' statements, or obvious malicious patterns were found. The primary external interaction is with the ArXiv API.
Updated: 2025-11-25GitHub
0
0
High Cost
win10ogod icon
Sec8

Provides an asynchronous, multi-instance wrapper for the Claude Code CLI, enabling parallel execution of coding tasks without blocking the main session.

Setup Requirements

  • ⚠️Requires Claude Code CLI to be installed and configured separately.
  • ⚠️Requires Python 3.6+ to run the server.
Verified SafeView Analysis
The server acts as a wrapper for the Claude Code CLI, invoking it via subprocess calls. Its primary security implications stem from the underlying 'claude' CLI itself, especially when the '--dangerously-skip-permissions' flag is used. The wrapper does not introduce 'eval' or other direct code execution vulnerabilities. Process cleanup mechanisms are implemented to prevent zombie processes, enhancing system stability.
Updated: 2025-11-19GitHub
0
0
High Cost
Camiloruas icon
Sec2

Orchestrates AI agents, internal tools, automations, and external services via a central API layer, focusing on governance and security.

Setup Requirements

  • ⚠️Requires OpenAI API Key (paid) for AI functionalities.
  • ⚠️Requires n8n instance and API keys (`N8N_BASE_URL`, `N8N_API_KEY`, `N8N_WEBHOOK_URL`) for workflow integrations.
  • ⚠️Requires a GitHub Personal Access Token (`GITHUB_TOKEN`) for GitHub issue creation.
  • ⚠️API keys with defined scopes must be configured via `MCP_API_KEYS` environment variable as a JSON string.
  • ⚠️The Evolution webhook secret (`EVOLUTION_WEBHOOK_SECRET`) requires proper configuration, and the related endpoint must be patched to reject invalid requests rather than just logging warnings.
Review RequiredView Analysis
The `evolutionWebhookTool` endpoint (POST /webhook/evolution) is critically vulnerable: it explicitly logs a warning but proceeds to forward payloads to `N8N_WEBHOOK_URL` even when the `EVOLUTION_WEBHOOK_SECRET` is invalid or not configured. This allows unauthenticated external parties to trigger downstream n8n workflows or cause denial-of-service by sending arbitrary data. Other routes are protected by robust API key and scope-based authentication, and global rate limiting is applied, which are good practices. However, the severe flaw in the public webhook significantly compromises overall security.
Updated: 2026-01-06GitHub
0
0
Medium Cost
beanspapa icon

test-mcp-server

by beanspapa

Sec9

An MCP server designed to provide rich, interactive sports data through React widgets and text-based tools to conversational AI platforms like ChatGPT. It fetches game schedules, detailed statistics (team/player stats, standings, head-to-head), and is built for modularity and extensibility to integrate various external APIs.

Setup Requirements

  • ⚠️Requires Node.js (v20+ recommended) and npm to build React frontend assets (`npm run build` must be run).
  • ⚠️Requires Python 3.8+ to run the server.
  • ⚠️Requires a Sports API Key (`SPORTS_API_KEY`) for fetching real sports data; otherwise, it defaults to mock data.
  • ⚠️For interactive widgets to work with conversational AI platforms (e.g., ChatGPT, Claude), the server must be publicly accessible via HTTPS (e.g., using ngrok, Cloudflare Tunnel, or a VPS with SSL).
Verified SafeView Analysis
The server demonstrates robust security practices: - **SafeFastMCPWrapper**: Protects against internal FastMCP API changes, providing clear error messages and preventing crashes. - **AST-based `safe_eval()`**: Replaced direct `eval()` usage (often a security vulnerability) with a secure AST parsing mechanism for expression evaluation (though the calculator tool has been removed in latest production configuration). - **Pydantic BaseSettings**: Ensures type-safe and validated configuration loaded from environment variables or .env files, guarding against invalid or malicious settings. - **RateLimitMiddleware**: Implements in-memory rate limiting per client IP, mitigating potential DoS attacks. - **Input Validation**: Pydantic models are used for validating tool input schemas, ensuring only valid data is processed. - **API Key Protection**: API keys are managed via environment variables and are not logged or exposed in error messages. - **DNS Rebinding Protection**: Explicitly disabled (`enable_dns_rebinding_protection=False`) due to the specific requirements of OpenAI App Store integration, which typically involves requests from multiple dynamic origins. This is a deliberate trade-off for platform compatibility, though generally a security consideration.
Updated: 2026-01-18GitHub
0
0
Medium Cost
dalist1 icon

just-bash-mcp

by dalist1

Sec8

Provides a secure, sandboxed bash environment with a virtual filesystem for AI agents to execute commands.

Setup Requirements

  • ⚠️Requires Node.js (v18+) or Bun to run.
  • ⚠️Custom filesystem configurations (e.g., mounting real directories for read-write or overlay) and network access require setting specific environment variables.
  • ⚠️Integration with MCP clients (e.g., Claude, Cursor) involves specific JSON configuration entries.
Verified SafeView Analysis
The server relies on the `just-bash` library for sandboxing bash command execution within a virtual filesystem. Network access is disabled by default and, when enabled, can be restricted via URL and HTTP method allow-lists. Execution limits prevent resource exhaustion. While `ReadWriteFs` can provide direct disk access, it requires explicit configuration via environment variables, placing the responsibility on the deployer to set safe root directories. No `eval` or direct system calls outside of the `just-bash` sandbox are observed. `JSON.parse` on the `JUST_BASH_MOUNTS` environment variable is handled with a try-catch, reducing risk from malformed input.
Updated: 2026-01-17GitHub
0
0
Low Cost
eyjolfurgudnivatne icon

dotnet-mcp-datetime-server

by eyjolfurgudnivatne

Sec8

Provides date/time utility functions to an AI assistant like GitHub Copilot Chat via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires .NET 10 or later installed.
  • ⚠️Requires Visual Studio 2026 (November 2025 Feature Update or later).
  • ⚠️Requires an active GitHub Copilot subscription.
Verified SafeView Analysis
No visible 'eval', hardcoded secrets, or direct network listening risks in the provided (truncated) source (which is primarily the README). The server operates via standard input/output (stdio), minimizing direct network exposure from the tool itself. However, the actual C# implementation code (DateTimeMcpServer.cs) was not provided for a full code audit.
Updated: 2025-11-29GitHub
0
0
Low Cost
emmilco icon
Sec8

Persistent memory and documentation search for AI agents, specifically for code understanding, indexing, and retrieval (RAG).

Setup Requirements

  • ⚠️Requires Qdrant vector database (Docker recommended for easy setup).
  • ⚠️Python 3.9+ with `sentence-transformers` and `torch` (for optional GPU acceleration).
  • ⚠️Rust toolchain is recommended for `mcp_performance_core` for optimal performance (Python fallback available).
Verified SafeView Analysis
The server demonstrates a strong focus on security with explicit input validation (`src/core/validation.py`) to detect and prevent SQL, command, and path traversal injections. It includes a dedicated security logger (`src/core/security_logger.py`) for auditing suspicious activities. The dashboard (`src/dashboard/web_server.py`), while setting 'Access-Control-Allow-Origin: *', is designed for local-only use (defaults to localhost:8080), mitigating this risk if not exposed externally. Usage of `subprocess` is primarily for CLI tools and Git operations, which is common for developer tools and appears to be handled with care. No obvious hardcoded secrets were found; configuration uses environment variables.
Updated: 2025-12-03GitHub
0
0
Low Cost
marcellobatiista icon

mcp-server-manager

by marcellobatiista

Sec8

Manages and configures local Model Context Protocol (MCP) servers for LLM development, supporting clients like Cursor and Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Heavily relies on the `uv` Python package manager, which is installed and configured during setup.
  • ⚠️Full compatibility is currently limited to Windows and macOS; Linux support is experimental/partial.
Verified SafeView Analysis
The project is designed for local MCP server management, explicitly stating that it supports only local servers and does not expose HTTP endpoints externally. Communication primarily occurs via standard I/O (stdio). It extensively uses `subprocess` and `os.system` for environment setup (pip, uv, creating scripts, opening terminals), which is common for such tools, but requires careful handling of user inputs to prevent command injection. User input for server names is sanitized. `psutil` is used for robust process management. No hardcoded secrets or obvious malicious patterns were found. The primary security risks are generally self-imposed by the user granting system-level permissions for local environment setup.
Updated: 2025-11-19GitHub
PreviousPage 665 of 713Next