Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
lianekai icon
Sec9

Provides a secure, read-only Model Context Protocol (MCP) server for openGauss database operations, intended for integration with AI clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires an operational openGauss database instance.
  • ⚠️Requires manual copying of `src/utils/db.fixed.ts` and `src/utils/validation.fixed.ts` to `src/utils/db.ts` and `src/utils/validation.ts` respectively, as part of the upgrade process to the secure version.
  • ⚠️Database connection credentials (host, port, user, password, database, schema) must be configured via environment variables or a `.env` file.
  • ⚠️Additional security measures, such as creating a dedicated read-only database user and configuring firewall rules, are strongly recommended as per the deployment guide.
Verified SafeView Analysis
The server, after applying the recommended security fixes (indicated by the `db.fixed.ts` and `validation.fixed.ts` files and outlined in the `README_SECURITY_FIXES.md`), demonstrates strong security practices. It effectively addresses critical SQL injection vulnerabilities through robust identifier normalization, parameterization (using a connection pool), and comprehensive read-only query validation. The enhanced validation logic includes checks for multiple statements, dangerous functions (e.g., file system access), subquery write operations, NULL byte injections, and input length limits. Connection pooling, query timeouts, and a rate limiter are implemented to prevent resource exhaustion and Denial-of-Service attacks. Logging is structured with `pino` and redacts sensitive information, mitigating information leakage. The project's security rating is reported to have improved from 68/100 to 90/100 post-fix, and it is deemed 'production-ready'.
Updated: 2025-12-25GitHub
0
0
Medium Cost
betahub-io icon

betahub-mcp-server

by betahub-io

Sec9

Integrates BetaHub's feedback management and project data with AI assistants via Model Context Protocol (MCP) for AI-powered development workflows.

Setup Requirements

  • ⚠️Requires a BetaHub account with API access.
  • ⚠️Requires a BetaHub Personal Access Token (PAT) to be generated from BetaHub profile settings.
  • ⚠️The BetaHub token must be provided as an environment variable (BETAHUB_TOKEN) or a command-line argument (--token).
Verified SafeView Analysis
The server explicitly handles authentication tokens via environment variables or CLI arguments, avoiding hardcoding. Input validation for tools is enforced using Zod schemas. Error handling is structured with custom error classes. Communication with AI clients uses stdio (stdin/stdout), which is a secure local channel. External API calls are made to BetaHub with standard authorization headers. No 'eval' or malicious patterns were identified in the provided source code.
Updated: 2025-12-01GitHub
0
0
Medium Cost
ry-ops icon
Sec9

Integrates Netdata monitoring with Claude for real-time metrics, alerts, and system health analysis.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires 'uv' package manager to be installed.
  • ⚠️A running Netdata instance is required, accessible by the MCP server (default: http://localhost:19999).
  • ⚠️Requires manual configuration of Claude Desktop's `claude_desktop_config.json` with the absolute path to the server directory.
Verified SafeView Analysis
API keys are handled via environment variables, not hardcoded. The server uses `httpx` for asynchronous HTTP requests. No usage of `eval` or other obvious code injection vulnerabilities were found. It's designed for local deployment with Claude Desktop, limiting its external exposure.
Updated: 2025-12-03GitHub
0
0
Medium Cost
samdaw13 icon

plex-mcp-server

by samdaw13

Sec6

A Model Context Protocol (MCP) server for Plex Media Server, providing a standardized interface for AI assistants and automation tools to interact with your Plex server.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires an active Plex Media Server with a valid authentication token and network access.
  • ⚠️Requires manual configuration of Plex server details (PLEX_URL, PLEX_TOKEN, etc.) in a `.env` file.
Review RequiredView Analysis
1. **Remote Code Execution / API Injection (High Risk):** The `server_run_butler_task` tool directly interpolates the `task_name` argument into the Plex API URL (`/butler/{task_name}`) without any explicit validation or whitelisting. A malicious MCP client could exploit this to attempt accessing or triggering arbitrary, unintended endpoints on the Plex Media Server that fall under the `/butler/` path, potentially leading to unauthorized actions or unexpected server behavior. 2. **Information Disclosure (Moderate Risk):** The `media_set_artwork` tool allows specifying a `filepath` for custom artwork. If a malicious MCP client controls this `filepath` parameter, it could instruct the Plex server (via `plexapi`) to read and potentially upload arbitrary local files from the server's filesystem to Plex, leading to information disclosure of sensitive files accessible by the server process. 3. **Network Exposure (Moderate Risk):** The Server-Sent Events (SSE) server binds to `0.0.0.0` by default (`FASTMCP_HOST`). This means it listens on all available network interfaces. If deployed on a publicly accessible server without proper network segmentation or firewall rules, it would be exposed to the internet. This increases the risk of unauthorized access or attacks if the `PLEX_TOKEN` is compromised or the exposed tools are misused.
Updated: 2025-11-27GitHub
0
0
Medium Cost
RishithaAppikonda icon

Interactive-MCP-Chat-Agent

by RishithaAppikonda

Sec7

An interactive chat application demonstrating an AI agent with conversation memory that can interact with multiple Model Context Protocol (MCP) servers for web browsing, search, and other capabilities.

Setup Requirements

  • ⚠️Requires Groq API Key (Paid Service)
  • ⚠️Requires Node.js and npm for MCP servers
  • ⚠️Python 3.11 or higher is mandatory
Verified SafeView Analysis
The primary security risks involve running third-party Node.js MCP servers via `npx -y @latest` commands, which can introduce supply chain vulnerabilities or unexpected behavior. The core Python agent code itself does not contain obvious vulnerabilities like hardcoded secrets or direct `eval` of user input, but relies on the security of external LLM APIs and MCP server implementations. Misuse of the agent via a jailbroken LLM could lead to unwanted web actions or searches.
Updated: 2025-12-12GitHub
0
0
Medium Cost
noersy icon
Sec8

Provides a local Text-to-Speech (TTS) server for Model Context Protocol (MCP) clients using the Kokoro model, with audio playback and caching.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires a functional audio output device for playback.
  • ⚠️System-level dependencies for `sounddevice` (e.g., PortAudio on macOS/Linux) must be installed.
  • ⚠️The `torch` dependency can be significant in size and may require specific GPU drivers if CUDA/MPS is utilized.
Verified SafeView Analysis
The server does not contain explicit 'eval' or 'exec' calls with untrusted input. No hardcoded secrets are evident. Audio caching uses `numpy.load` on files written by the server itself into a user's local cache directory (`~/.cache/mcp_kokoro`). While `numpy.load` with `allow_pickle=True` (default) can be a deserialization vulnerability if loading untrusted data, in this context, the server generates and then loads its own cached data. An attacker would need to first compromise the system to write a malicious file into the cache directory for this to become an issue, rather than exploiting it directly through the MCP 'speak' arguments.
Updated: 2025-12-10GitHub
0
0
Medium Cost
Johnza06 icon
Sec8

The application provides a web-based interface for fraud detection and risk analysis across multiple data types (transactions, KYC, sanctions, credit risk) using rule-based engines and an AI consultant agent powered by Large Language Models.

Setup Requirements

  • ⚠️Requires either FIREWORKS_API_KEY or HF_TOKEN for AI features (can be paid services).
  • ⚠️Requires Python 3.x and dependencies from 'requirements.txt' (e.g., pandas, gradio, langchain, pydantic, python-dotenv, phonenumbers).
  • ⚠️Optional MCP integration requires enabling 'ENABLE_MCP' and providing specific URLs (MCP_SANCTIONS_URL, MCP_HIGH_RISK_MCC_URL) and an authentication header (MCP_AUTH_HEADER).
Verified SafeView Analysis
The application handles secrets (API keys) via environment variables, which is good practice. It includes a TTP (Tactics, Techniques, and Procedures) Guard to detect prompt injections and other adversarial inputs, enhancing security. External calls to LLM providers and optional MCP endpoints are made over HTTPS with timeouts. No 'eval' or direct code injection vulnerabilities were identified. Potential minor risk if MCP URLs are misconfigured to untrusted endpoints, but these are controlled by environment variables.
Updated: 2026-01-19GitHub
0
0
Low Cost
scopweb icon
Sec9

Provides multi-language code context and pattern training for AI assistants to analyze projects and suggest best practices.

Setup Requirements

  • ⚠️Requires Rust 1.70+ installed.
  • ⚠️Requires Claude Desktop installed and configured with an absolute path to the compiled executable.
  • ⚠️Requires `MCP_PATTERNS_PATH` environment variable set to the absolute path of the patterns data directory (e.g., `data/patterns/`).
Verified SafeView Analysis
The project demonstrates strong security practices, including explicit path traversal prevention in the `TrainingManager`'s file operations, canonical path verification, input sanitization for framework names, and correct `Content-Length` framing for the MCP protocol. It uses `stdio` for communication, limiting direct network attack surface, and integrates `cargo-audit` for dependency vulnerability scanning. Logs are correctly routed to `stderr` without ANSI codes, preventing output contamination.
Updated: 2025-12-08GitHub
0
0
Low Cost
gwhthompson icon

grist-mcp-server

by gwhthompson

Sec7

Manages and interacts with Grist relational spreadsheets, providing a developer-friendly API layer for data manipulation, schema management, and UI layout within the Model Context Protocol (MCP) framework.

Setup Requirements

  • ⚠️Requires the `GRIST_API_KEY` environment variable for authentication with a Grist instance.
  • ⚠️The `GRIST_BASE_URL` environment variable needs to be set if connecting to a self-hosted Grist instance (defaults to `https://docs.getgrist.com`).
  • ⚠️Setting up a local Grist instance for development or testing typically requires Docker.
Verified SafeView Analysis
The server demonstrates strong input validation using Zod schemas, output sanitization (redacting sensitive information like API keys and emails from logs/responses), and relies on environment variables for sensitive data like API keys. However, the `grist_query_sql` tool accepts arbitrary SQL strings from user input. While it passes parameters separately to the Grist API, the function `addPaginationToSql` directly injects pagination values into the SQL string. Furthermore, its documentation warns that for older Grist versions, users might need to manually embed values (and 'use proper escaping!'), which could pose a SQL injection risk if not handled meticulously by the user/agent. No direct `eval` or `child_process` calls were found in the main server logic, enhancing its safety profile under normal operation.
Updated: 2025-12-27GitHub
0
0
Low Cost
dd-Splunk icon

splunk-mcp

by dd-Splunk

Sec3

Provides a Proof-of-Concept environment for integrating Splunk MCP (Model Context Protocol) Server with Claude Desktop.

Setup Requirements

  • ⚠️Requires Docker Desktop to be installed and running.
  • ⚠️Requires 1Password CLI ('op') to be installed and authenticated to a vault containing 'Splunk-MCP-PoC' and 'Splunkbase' credentials.
  • ⚠️Requires 'make' utility and 'jq' (JSON processor) to be installed.
  • ⚠️The setup is tailored for macOS, particularly for Claude Desktop configuration paths (`~/Library/Application Support/Claude/`).
Verified SafeView Analysis
CRITICAL: The `scripts/setup-splunk-user.sh` script assigns the 'admin' role to the 'dd' user, whose authentication token is then used for MCP operations by Claude Desktop. This means the MCP token, intended for limited use, effectively grants full administrative access to the Splunk instance. If this token is compromised, the entire Splunk deployment is at risk. Additionally, for local development, SSL verification is explicitly disabled (`-k` for curl, `NODE_TLS_REJECT_UNAUTHORIZED=0` for Node.js), and self-signed certificates are used. While this is explicitly documented as 'Development Only' and necessary for the PoC setup, it represents a significant security vulnerability if used in any non-local or production context. Environment variables are used for secrets, which is better than hardcoding but still exposes them to `docker inspect`. Token expiry is set to 15 days, which is a good practice for limiting exposure.
Updated: 2025-11-28GitHub
0
0
Low Cost
perkovicluka icon

fusion-360-mcp-server

by perkovicluka

Sec6

This project links an MCP client (e.g., ChatGPT, Claude, etc.) to Autodesk Fusion 360 through a lightweight MCP server and a Fusion Python add-in for automated CAD design.

Setup Requirements

  • ⚠️Requires Autodesk Fusion 360 to be installed and running.
  • ⚠️Manual installation of the Fusion add-in by copying files to a specific directory.
  • ⚠️Requires Python 3.10+ and the `mcp[cli]` Python package in a virtual environment.
Verified SafeView Analysis
The FastMCP server binds to `0.0.0.0:8000` via HTTP, making it accessible from any network interface without authentication or encryption. This could expose the server to the local network. Communication between the MCP server and Fusion add-in uses plain JSON over TCP on `127.0.0.1:8765`, lacking encryption for local traffic. No hardcoded secrets or 'eval' statements were found. Input validation within FusionMCP.py primarily relies on type casting (float, int) which is generally safe, with broad exception handling catching runtime errors.
Updated: 2025-12-05GitHub
0
0
Medium Cost
ShivankarMehta icon

DB_MCP_SERVER

by ShivankarMehta

Sec8

Provides a read-only interface to a MySQL database, allowing external agents to execute safe SELECT, SHOW, DESCRIBE, or EXPLAIN queries via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a running MySQL database instance.
  • ⚠️Requires Node.js environment (version 18 or higher is recommended due to SDK dependencies).
  • ⚠️Requires configuration of MySQL connection details via environment variables (MYSQL_DATABASE is mandatory, MYSQL_HOST, MYSQL_PORT, MYSQL_USER, MYSQL_PASSWORD are also used).
Verified SafeView Analysis
The server includes a robust 'isReadOnlyQuery' function that whitelists allowed SQL commands (SELECT, SHOW, DESCRIBE, EXPLAIN) and blacklists dangerous keywords (INSERT, UPDATE, DELETE, DROP, CREATE, ALTER, TRUNCATE, REPLACE, INTO OUTFILE, INTO DUMPFILE, LOAD_FILE). This significantly mitigates SQL injection risks for write/schema modification operations. The keyword check uses `includes()`, which can sometimes be overzealous and block legitimate read-only queries if a blacklisted keyword appears within a string literal (e.g., `SELECT 'insert'`), but this is a strict safeguard rather than a vulnerability. Environment variables are used for database credentials, preventing hardcoded secrets. The server uses StdioServerTransport, limiting direct network exposure for this specific component.
Updated: 2025-11-27GitHub
PreviousPage 675 of 713Next