Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
PyJudge icon

pdfblocks-mcp

by PyJudge

Sec4

This project implements a server for the Minecraft Client Protocol (MCP), likely intended for custom Minecraft clients, tools, or game development.

Setup Requirements

  • ⚠️Requires Python installed
  • ⚠️Potential firewall configuration for server port
  • ⚠️Unknown Python package dependencies (no `requirements.txt` or `setup.py` provided)
Review RequiredView Analysis
Cannot perform a detailed security audit as source code content was not provided. As a network protocol server, it inherently exposes a network attack surface. Without inspecting the code, it's impossible to verify input validation, authentication mechanisms, or the absence of common vulnerabilities like hardcoded secrets or 'eval' statements. Running a network server without a security review carries inherent risks.
Updated: 2025-11-20GitHub
0
0
Low Cost
BachEndDeveloper icon

dotnet-agent-demo

by BachEndDeveloper

Sec9

This project demonstrates a .NET Aspire application with an API service and a web front-end, showcasing distributed application development and orchestration.

Setup Requirements

  • ⚠️Requires .NET SDK (8.0 or later recommended)
  • ⚠️Requires .NET Aspire workload installed
Verified SafeView Analysis
The provided code consists of configuration files (launchSettings.json, appsettings.json) and does not contain any executable logic like 'eval' or obfuscation. All network endpoints configured in launchSettings.json are localhost, limiting direct external exposure. 'AllowedHosts: "*"' in appsettings.json is a common default for development but should be restricted in a production environment. No hardcoded secrets or malicious patterns are observed.
Updated: 2025-11-26GitHub
0
0
Medium Cost
LAB271 icon

mcp-studies

by LAB271

Sec6

Demonstrates the fundamental architecture of an MCP server using stdio transport, showcasing core primitives like tools, prompts, and resources.

Setup Requirements

  • ⚠️Requires Python 3.10+ (Python 3.11/3.13 used in Dockerfiles for other spikes)
  • ⚠️Requires 'uv' package manager for environment setup
  • ⚠️Docker and Docker Compose are required for more advanced spikes (e.g., Docker deployment, database integrations)
  • ⚠️Specific database instances (Neo4j, PostgreSQL) are needed for relevant spikes and require their own setup/credentials.
Verified SafeView Analysis
The `calculate` tool uses `eval()` which is inherently dangerous, even with the `allowed_chars` filtering. While the filtering reduces common injection vectors, `eval()` can still be a source of vulnerabilities if not meticulously secured against all possible edge cases. Additionally, some Docker Compose files contain default hardcoded database credentials which could pose a risk if deployed without proper environment variable overrides.
Updated: 2026-01-06GitHub
0
0
High Cost
Kealu-Inc icon
Sec8

Reads and manages Substack subscriptions and posts within Claude Code.

Setup Requirements

  • ⚠️Requires manual export of browser cookies (containing Substack session) into a specific JSON file path.
  • ⚠️Cookies periodically expire, requiring re-export for continued authentication.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Designed to run specifically as an MCP server within Claude Code.
Verified SafeView Analysis
The server primarily relies on a 'cookies.json' file for authentication, which contains sensitive session data. Users are explicitly warned not to commit this file and to re-export cookies when they expire. The server itself does not appear to use dangerous functions like 'eval' and correctly handles environment variables for sensitive paths. The main security risk is the user's management of the 'cookies.json' file.
Updated: 2025-12-13GitHub
0
0
Low Cost
Shellishack icon
Sec7

This repository provides a React full-stack template for building extensions for the Pulse Editor, specifically for configuring connections to an MCP server.

Setup Requirements

  • ⚠️This repository is deprecated; the project has moved to a monorepo.
  • ⚠️Requires global installation of `@pulse-editor/cli`.
  • ⚠️Requires the Pulse Editor application for full functionality (IMC unavailable in preview mode).
Verified SafeView Analysis
The template provides basic server functions without explicit input validation or authentication/authorization. While `dotenv` is a dependency (used by `@pulse-editor/cli`), no hardcoded secrets are present in the provided code snippets. Client-side actions (`useRegisterAction`) receive parameters (`params`) directly from the Pulse Editor; developers must ensure these inputs are sanitized/validated in production to prevent potential injection vulnerabilities if they are used to execute commands or render unescaped content. The use of `JSON.stringify` for displaying results on the client provides some mitigation for output rendering.
Updated: 2025-12-12GitHub
0
0
Medium Cost
Supreme-Campus icon

ERP-MCP-SERVER

by Supreme-Campus

Sec5

Manages enterprise resource planning (ERP) processes and data, likely exposing them through a multi-channel platform (MCP) via APIs.

Setup Requirements

  • ⚠️Requires a database (e.g., PostgreSQL, MySQL, MongoDB) to be configured and accessible.
  • ⚠️Requires specific runtime environment (e.g., Node.js, Python, Java) which is not specified without source code.
Review RequiredView Analysis
Cannot perform a security audit as the source code was not provided. The score of 5 reflects an unknown state; no specific risks or safe practices could be identified.
Updated: 2025-11-22GitHub
0
0
Medium Cost
giantswarm icon

mcp-capi

by giantswarm

Sec7

Enables Large Language Models (LLMs) and AI assistants to manage Kubernetes clusters through natural language interactions with Cluster API (CAPI).

Setup Requirements

  • ⚠️Requires Go 1.24.4 or later.
  • ⚠️Requires access to a Kubernetes Cluster API management cluster.
  • ⚠️Kubeconfig must be configured and have appropriate permissions to manage CAPI resources in the management cluster.
Verified SafeView Analysis
The server exposes powerful Cluster API operations and sensitive information (like workload cluster kubeconfigs) via the Model Context Protocol. While the core implementation uses well-vetted Kubernetes client libraries and includes input validation for CLI parameters, secure deployment is critical. HTTP-based transports (SSE, Streamable HTTP) open network listeners. If exposed publicly without strong authentication and authorization, this could lead to unauthorized cluster management, configuration changes, or sensitive data disclosure. The self-update mechanism fetches from a trusted GitHub repository, but without explicit signature verification, it introduces a potential, albeit low, risk if the repository were compromised. Some tools are currently placeholders and would require further security review upon full implementation.
Updated: 2026-01-05GitHub
0
0
Low Cost
hajarada icon
Sec8

Exposes PyCharm's refactoring capabilities as an MCP server, enabling Claude Code to perform intelligent code transformations within a PyCharm project.

Setup Requirements

  • ⚠️Requires PyCharm with the custom 'Refactoring Bridge' plugin installed (can be built from source or installed from Marketplace when available).
  • ⚠️PyCharm must be running and have the target project open for the refactoring operations to work.
  • ⚠️Requires `PYCHARM_BRIDGE_URL` and optionally `PYCHARM_BRIDGE_TOKEN` to be configured, either via environment variables or in Claude Code's MCP config.
Verified SafeView Analysis
The PyCharm Refactoring Bridge plugin binds its HTTP server exclusively to localhost (127.0.0.1), preventing external network access. It supports an optional bearer token for authentication, and allows configuring an allowlist of project paths to restrict which projects can be refactored. Refactoring operations automatically save all documents first. The primary security risk involves an attacker gaining local access to the machine, which is an inherent risk for any local development tool integration.
Updated: 2026-01-18GitHub
0
0
Medium Cost
shubhamdhiman-crossml icon

MCP_Assignment

by shubhamdhiman-crossml

Sec1

Implements a hospital database system using an MCP Server, integrated with Langchain, agents, and various tools for enhanced interaction.

Setup Requirements

  • ⚠️Requires LLM API Key (e.g., OpenAI, Anthropic, etc.)
  • ⚠️Requires a database setup (e.g., SQLite, PostgreSQL)
  • ⚠️Familiarity with the MCP Server framework might be needed for setup
Review RequiredView Analysis
Only README.md content was provided for analysis. Without access to the actual source code files, a comprehensive security audit for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns is impossible. Therefore, safety cannot be guaranteed without reviewing the complete codebase.
Updated: 2026-01-19GitHub
0
0
Medium Cost
AI-Junction icon
Sec2

A comprehensive agentic AI framework integrating RAG, LangGraph workflows, and external tools via an MCP server to provide an AI assistant with capabilities spanning information retrieval, task automation, and multi-agent orchestration.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for core RAG components.
  • ⚠️Requires a local `ollama` server running with the `llama3.2` model for LangGraph agent reasoning and as an LLM fallback.
  • ⚠️Requires a separate `MCP Server` instance running (default `http://localhost:8000/mcp/`) for agent tool execution.
  • ⚠️Downloads `all-MiniLM-L6-v2` embedding model (~90MB) on first run for local embeddings.
Review RequiredView Analysis
CRITICAL VULNERABILITIES DETECTED: 1. Arbitrary Code Execution (eval): Several files within `swarm-writer-agents` (e.g., `ai-travel-agents/agents/orchestrator_agent.py`, `flight_agent.py`, `email_agent.py`, `hotel_agent.py`, `ai-recruiter-agency/agents/orchestrator.py`, `recommender_agent.py`, `screener_agent.py`, `matcher_agent.py`) use `eval(messages[-1]["content"])` with `messages[-1]["content"]` originating from user-controlled input. This allows an attacker to execute arbitrary Python code on the server, posing an extreme risk. 2. Exposed Filesystem Operations: The `mcp_server/tools/filesystem.py` module exposes tools (`read_file`, `write_file`, `list_dir`, `search_in_files`) that grant direct access to the server's filesystem. If the MCP server is publicly exposed or an agent is compromised, this could lead to unauthorized data access, modification, or deletion. 3. File Upload Processing: The `rag_project/app.py` and `app_from_rag_basics_final_working.py` allow file uploads. While `secure_filename` is used, the subsequent processing of these files (e.g., PDF extraction) could expose vulnerabilities if malicious files are uploaded. 4. Uncontrolled JSON Parsing: `langgraph_app/graph.py` performs `json.loads()` on agent output, which, while standard, could be a vector for attack if the underlying LLM's output is not strictly constrained and an attacker can inject malicious JSON structures.
Updated: 2025-12-06GitHub
0
0
Low Cost
kpernyer icon

nyc-last-mile

by kpernyer

Sec9

An AI-powered analytics platform for optimizing last-mile delivery operations and logistics networks by transforming raw shipment data into actionable insights through natural language queries.

Setup Requirements

  • ⚠️Requires Rust toolchain (for `cargo build`)
  • ⚠️Requires `api_server` to be running first (usually on `http://localhost:8080`)
  • ⚠️Requires Claude Desktop for integration (as it's an MCP server)
  • ⚠️Requires prior data ingestion (running `ingest.rs` or `ingest_synthetic.rs` binaries) to populate the SurrealDB instance.
Verified SafeView Analysis
The server is built in Rust, generally considered memory-safe. It uses standard, well-vetted libraries. The `api_server` binds to `0.0.0.0` by default, making it accessible from any network interface, and its CORS configuration allows `Any` origin, which should be restricted in a production environment. Database paths are hardcoded as local files (`data/lastmile.db` or `data/synthetic.db`), making it suitable for local operation but not shared environments without proper access controls. No obvious hardcoded network secrets or malicious patterns were found.
Updated: 2025-12-11GitHub
0
0
Low Cost
tamappe icon
Sec9

Provides market index data (S&P500, NASDAQ100, Nikkei 225, etc.) for natural language search within Claude Desktop.

Setup Requirements

  • ⚠️Requires Claude Desktop for integration.
  • ⚠️Initial data download (approx. 10MB) required on first run, which may take up to 30 seconds.
  • ⚠️The full path to `uvx` must be specifically configured in Claude Desktop settings.
Verified SafeView Analysis
The server uses parameterized queries to prevent SQL injection, which is good practice. Market data is downloaded securely from GitHub Releases via HTTPS, with SSL verification utilizing 'certifi'. No 'eval' or obvious malicious patterns are present in the provided source code. The primary external security consideration is the integrity of the data source on GitHub Releases.
Updated: 2026-01-16GitHub
PreviousPage 674 of 713Next