Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Eddym06 icon
Sec6

Enables AI agents to control a local Chrome or Edge browser for web navigation, data extraction, interaction, network interception, and anti-detection, using the user's real browser profile.

Setup Requirements

  • ⚠️Requires a local Chrome or Edge browser installation.
  • ⚠️Chrome/Edge must be launched with `--remote-debugging-port=<port>` (e.g., 9222/9223). The tool attempts to auto-launch but manual intervention/closure of existing browser instances may be needed.
  • ⚠️Initial use in VS Code (or similar clients) may trigger a security popup requiring 'Always Allow' for tools to function.
Verified SafeView Analysis
The server provides extensive control over the local browser, including arbitrary JavaScript execution (`execute_script`), CSS/JS injection (`inject_css_global`, `inject_js_global`), and direct manipulation of network requests/responses. It also uses `child_process.spawn` and `execAsync` for system commands to manage browser processes and profiles (e.g., `robocopy`, `rsync`, `powershell`). The Chrome debugging port is exposed (default 9222/9223) and `--remote-allow-origins=*` is used by default, which is permissive. While designed for advanced AI interaction, these capabilities present significant security risks if the AI agent is compromised or instructed maliciously, potentially leading to arbitrary code execution within the browser's context or on the user's system (via OS commands). The 'Shadow Profile' mitigates direct corruption of the default profile but does not prevent browser-based attacks.
Updated: 2026-01-18GitHub
0
0
Medium Cost
KeeVor icon
Sec3

Enables AI assistants within the Cursor editor to directly query and interact with MySQL databases via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running MySQL database instance.
  • ⚠️Designed specifically for the Cursor editor and its `mcp.json` configuration.
  • ⚠️Requires `DB_HOST`, `DB_USER`, and `DB_DATABASE` environment variables to be explicitly set.
  • ⚠️High risk of SQL injection if user input or AI-generated SQL is not thoroughly sanitized externally, necessitating restricted database user permissions.
Review RequiredView Analysis
The server directly executes user-provided SQL queries (`args.sql`) via `conn.execute()` without server-side sanitization or explicit parameter binding for prepared statements, making it highly vulnerable to SQL injection. While the README suggests using read-only or restricted database accounts, the core functionality itself doesn't prevent malicious SQL from being executed if the AI or user input is compromised. It also uses `KILL QUERY` for timeout, which requires specific database permissions and could potentially be abused if the connection ID is guessable, though the risk is lower here as it's killing its own query.
Updated: 2025-12-15GitHub
0
0
Low Cost
fany321 icon
Sec7

Provides a Model Context Protocol (MCP) server that enables clients to post messages to Slack channels, optionally secured with Duo authentication and supporting WebSocket, HTTP POST, and Server-Sent Events (SSE) communication.

Setup Requirements

  • ⚠️Requires a Slack Bot User OAuth Token (`SLACK_BOT_TOKEN`) for any functionality.
  • ⚠️Full Duo Security OAuth setup is required (client, authorization, token, and introspection endpoints, client ID, client secret) if using the authenticated server variants (`server-http-duo-render.js` or `server-http.js` with Duo enabled). This can be complex to configure.
  • ⚠️The `server-http-duo-render.js` script defaults the `DUO_REDIRECT_URI` based on `RENDER_EXTERNAL_HOSTNAME`, implying an intended Render deployment. Custom configuration will be needed for other hosting environments.
Verified SafeView Analysis
The repository contains multiple server implementations. 'server.js' (WebSocket-based) and 'server-sse.js' (SSE-based) lack any authentication, critically exposing the Slack bot functionality and token to anyone who connects. 'server-http.js' offers optional Duo authentication, but if disabled, it also allows anonymous access. The primary script specified in 'package.json' is 'server-http-duo-render.js', which implements a robust Duo OAuth 2.0 PKCE flow with token introspection for all MCP interactions (HTTP POST and SSE). This version is significantly more secure as it enforces user authentication and ties messages to the authenticated user. However, it still uses a permissive 'Access-Control-Allow-Origin: *' header, which should be restricted for production use. Running the unauthenticated versions (server.js, server-sse.js, or server-http.js without DUO_ENABLED) is highly unsafe for public exposure.
Updated: 2026-01-15GitHub
0
0
Low Cost
yksanjo icon

mcp-discovery

by yksanjo

Sec9

Provides a machine-to-machine API for AI agents to semantically discover, evaluate, and select Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires OpenAI API Key for embedding generation (paid service).
  • ⚠️Requires Supabase project with PostgreSQL and 'pgvector' extension enabled.
  • ⚠️Requires Node.js version 20.0.0 or higher.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (Supabase, OpenAI) which is good practice. All incoming API requests are validated using Zod schemas, significantly mitigating common injection vulnerabilities. The server itself recommends installation commands for other MCP servers but does not execute them directly, shifting that responsibility (and associated risks) to the consuming AI agent. No direct 'eval' or un-sanitized shell command execution is present within the server's own logic.
Updated: 2026-01-18GitHub
0
0
Medium Cost
tlockney icon

obsidian-planner

by tlockney

Sec8

Manages technical plans within an Obsidian vault using an MCP server interface.

Setup Requirements

  • ⚠️Requires Obsidian with the 'Local REST API' plugin installed and configured.
  • ⚠️Deno runtime is required if running from source (pre-compiled binaries are an alternative).
  • ⚠️An Obsidian API key (optional but recommended for security) must be generated within the plugin and passed to the server.
Verified SafeView Analysis
The code does not contain 'eval' or obvious obfuscation. It relies on the Obsidian Local REST API, which is typically run locally. Configuration allows specifying the Obsidian API URL and an optional API key, which are user-controlled. Broad Deno permissions (--allow-net, --allow-env, --allow-read, --allow-write, --allow-run) are used, which is common in Deno apps but grants significant privileges; however, the application's logic is constrained to file management via the Obsidian API.
Updated: 2025-12-13GitHub
0
0
Medium Cost
Curator4 icon

mcp-server-diary

by Curator4

Sec9

Provides an MCP interface to access and retrieve personal diary entries stored in a local markdown vault.

Setup Requirements

  • ⚠️Requires a specific local directory structure: `~/obsidian-vault/themis` containing diary entries named `YYYY-MM-DD.md`.
  • ⚠️Requires the Go runtime installed to build and run.
Verified SafeView Analysis
The server reads markdown files from a hardcoded local path (`~/obsidian-vault/themis`). While this is its intended functionality, users should be aware that all content within this directory will be accessible via the MCP interface. There are no external network calls, hardcoded secrets, or dangerous patterns like `eval`.
Updated: 2025-11-30GitHub
0
0
Medium Cost
jefflesser icon

zeal-mcp-server

by jefflesser

Sec7

An MCP server that exposes Postman API requests as tools for LLMs, enabling programmatic interaction with external APIs, particularly for payroll and HR management via Zeal API.

Setup Requirements

  • ⚠️Node.js v18+ is required (v20+ recommended) as the `fetch` API is used by the tools.
  • ⚠️API keys (specifically `ZEAL_API_KEY`) must be configured in a `.env` file for authentication with the Zeal API.
  • ⚠️When connecting to MCP clients (Postman, Claude Desktop), ensuring an absolute path to a Node.js version 18+ binary and the `mcpServer.js` file is crucial for correct operation.
Verified SafeView Analysis
The Vercel serverless function (`api/mcp.js`) explicitly allows the `ZEAL_API_KEY` to be passed as a query parameter, which is less secure than using HTTP headers and could lead to exposure in logs or browser history. The primary `mcpServer.js` relies on `.env` file for API keys, which is better. Standard security practices are otherwise followed, including `Bearer` token authentication for API calls to Zeal. Basic input validation for required parameters is present in tool calls.
Updated: 2025-12-02GitHub
0
0
Medium Cost
emlcpfx icon

mcp_ofx

by emlcpfx

Sec5

An MCP server providing comprehensive access to the OpenFX (OFX) SDK for visual effects plugin development, offering API lookup, search, and C++ plugin code generation.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Relies on the `mcp` Python package for server functionality.
Verified SafeView Analysis
The server's core functionality (API lookups and data retrieval) appears safe, relying on static internal data. However, the `ofx_generate_plugin` and `ofx_generate_param` tools directly embed user-provided strings (like `plugin_name`, `plugin_id`, `param_name`, `label`) into C++ source code templates without explicit sanitization. This creates a risk of C++ injection if a malicious client or user provides specially crafted inputs (e.g., strings containing quotes or C++ control characters). While the Python server itself does not execute this generated C++ code, it produces output that could lead to arbitrary code execution if compiled and run by the end-user without proper input validation at the client side.
Updated: 2026-01-19GitHub
0
0
High Cost
GizAI icon
Sec3

Provides a Claude Code MCP server for browser automation and full local PC control, enabling AI agents to interact with web browsers and the local operating system.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires a locally installed Chrome, Chromium, or Edge browser for browser tools.
  • ⚠️Full PC control mode (`--local`) operates with no sandbox, granting unrestricted system access.
Review RequiredView Analysis
The server's core functionality (`shell()` and `python_exec()`) allows for arbitrary code execution and full system access, including file system, process management, and screenshots. This is explicitly stated as 'NO restrictions - use responsibly' by the developers. Browser control also includes `eval()` for JavaScript. While remote access requires token authentication by default and local PC control needs explicit `--local` flag, the inherent power of this tool presents a maximal security risk if the server or its authentication token is compromised, or if used irresponsibly. It is designed for maximum control, not maximum sandbox security.
Updated: 2025-12-08GitHub
0
0
High Cost
Liquescent-Development icon

mcprobe

by Liquescent-Development

Sec6

A conversational testing framework for MCP (Model Context Protocol) servers, validating that LLM agents can correctly answer real-world questions using synthetic users and LLM judges.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires an LLM provider: either `ollama serve` running locally with a model pulled (e.g., `llama3.2`), or an `OPENAI_API_KEY` for a paid cloud service.
  • ⚠️For testing Gemini ADK agents, requires `mcprobe[adk]` installation, `GOOGLE_API_KEY`, and a separate MCP server to be running and accessible via `MCP_URL` and `MCP_TOKEN` environment variables.
Verified SafeView Analysis
The `mcprobe generate-scenarios` command executes arbitrary user-provided commands (e.g., `npx @example/weather-mcp`) via `subprocess.run` to connect to an MCP server. While intended for developers to launch their *own* trusted local servers for testing, this feature represents a significant security risk if the `server` argument were ever exposed to untrusted input. Otherwise, the project follows good security practices, such as using `SecretStr` for API keys in configurations and relying on environment variables.
Updated: 2026-01-19GitHub
0
0
Low Cost
Letitia-May icon

mcp-recipe-collector

by Letitia-May

Sec6

A Model Context Protocol (MCP) server that acts as a proxy for AI assistants to search, retrieve, and add recipes to a local recipe API.

Setup Requirements

  • ⚠️Requires a separate, locally running recipe API server at `http://127.0.0.1:8080` to function, which is a critical external dependency.
  • ⚠️The direct execution command `node index.ts` for a TypeScript file (`index.ts`) may require a global `tsx` installation or a prior TypeScript compilation step, which is not explicitly detailed in the 'Usage' instructions for running the MCP server.
Verified SafeView Analysis
The MCP server makes HTTP requests to a local recipe API (http://127.0.0.1:8080). For the 'searchRecipes' tool, the user-provided 'term' parameter is directly interpolated into the URL query string. If the underlying recipe API does not implement robust input sanitization for this 'query' parameter, it could be vulnerable to injection attacks (e.g., SQL injection, command injection) if a sophisticated attacker compromises the client interacting with this MCP server. The 'id' parameter for 'getRecipeById' is validated as a number using Zod, mitigating direct injection risk for that endpoint. No obvious hardcoded secrets or malicious patterns were found in the provided source code.
Updated: 2026-01-12GitHub
0
0
Medium Cost
dnys1 icon

mcp

by dnys1

Sec8

Provides Model Context Protocol (MCP) servers for AI assistants, enabling semantic search over documentation and multi-project TODO management.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for mcp-docs server (embeddings and description generation).
  • ⚠️Requires Firecrawl API Key (Paid, conditional) for mcp-docs server if using Firecrawl web scraping for ingestion.
  • ⚠️Requires Bun runtime.
Verified SafeView Analysis
The project uses `execSync` for Git commands and MCP CLI configuration, which can be risky if the current working directory (`cwd`) or arguments are maliciously controlled, though inputs here are largely internal or user-configured. The documentation server (`mcp-docs`) fetches content from user-provided URLs (`llms.txt` or Firecrawl), which could expose to Server-Side Request Forgery (SSRF) if URLs point to internal network resources and proper mitigations are not in place. API keys for OpenAI and Firecrawl are handled via environment variables, not hardcoded. The database is local SQLite.
Updated: 2025-12-13GitHub
PreviousPage 681 of 713Next