Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
abhi-824 icon

ppt-automation

by abhi-824

Sec9

An AI-powered PowerPoint add-in that allows users to create, edit, and enhance presentations using natural language, with features like smart slide generation, component-wise change management, and cross-file data referencing.

Setup Requirements

  • ⚠️Requires local Ollama (or compatible MCP provider) running for local AI models.
  • ⚠️Requires Node.js (v18+), Python (v3.8+), and Go (v1.21+) installed.
  • ⚠️Requires local TLS certificates (`localhost+2.pem`, `localhost+2-key.pem`) for the Go orchestrator for HTTPS communication, which are typically generated during Office Add-in development setup.
Verified SafeView Analysis
The `my-mcp-server` component, analyzed as the MCP Server, communicates via standard I/O (stdio) and is intended to be run as a subprocess of the `mcphost` orchestrator. This significantly reduces its direct external network attack surface. The overall system involves a Go orchestrator (exposed via HTTPS with CORS for local access), which interacts with a Python FastAPI backend (exposed locally via HTTP) and the MCP host/tools. Input processing, including `slideBase64` data from the PowerPoint add-in, is handled internally. While there's no explicit sanitization for all content sent to the Python API, the context implies trusted input from the user's local PowerPoint. Text inputs are processed for styling/layout, not direct code execution (e.g., no `eval`). The primary LLM interaction (handled by the orchestrator via `mcphost` SDK) inherently carries prompt injection risks, but this is a function of LLM design, not a server vulnerability. No hardcoded secrets or malicious patterns were found in the truncated source code.
Updated: 2026-01-17GitHub
0
0
Medium Cost
Swiggy icon
Sec9

This server integrates Swiggy's food delivery, grocery (Instamart), and restaurant booking (Dineout) services through a unified MCP interface for various client applications.

Setup Requirements

  • ⚠️Requires a compatible MCP client (e.g., Cursor, VS Code, Claude Desktop) for integration.
  • ⚠️Orders placed via the MCP currently only support Cash on Delivery (COD).
  • ⚠️Orders placed cannot be cancelled, requiring careful review before checkout.
  • ⚠️Concurrent use with the native Swiggy app may cause session conflicts.
Verified SafeView Analysis
The provided source code is a README containing configuration instructions and URLs for a remote MCP server hosted by Swiggy. It does not include executable server-side code for audit. The client-side configuration itself is benign. No 'eval', obfuscation, or hardcoded secrets are present in the provided text. The main 'risk' is interaction with an external, trusted Swiggy endpoint, and the potential for placing uncancelable COD orders, which is a functional rather than a code-level security concern of the MCP server's implementation.
Updated: 2026-01-19GitHub
0
0
Medium Cost
lucas-1000 icon
Sec2

Personal location tracking with intelligent place recognition and Model Context Protocol (MCP) tool integration.

Setup Requirements

  • ⚠️Requires PostgreSQL database with PostGIS extension enabled (manual setup).
  • ⚠️Requires Google Places API Key for place recognition and enrichment (optional, but core feature relies on it; paid API usage applies).
  • ⚠️The provided `deploy-oauth.sh` script *incorrectly* deploys the insecure `index.js` without OAuth authentication; requires manual modification to `--command` Cloud Run parameter to run `build/http-server-oauth.js` for secure, multi-user operation.
  • ⚠️For local development, requires Cloud SQL Proxy if connecting to a Cloud SQL instance.
Review RequiredView Analysis
The primary `index.js` entry point (as defined in `package.json` and implicitly used by default Cloud Run deployments) has several critical security vulnerabilities: 1. **No Authentication for MCP Tools:** The `/sse` and `/message` endpoints, which expose all 15 MCP tools (e.g., `get_location_history`, `list_all_places`, `get_travel_stats`), have no authentication or authorization checks. Any client can connect and call any tool, accessing or manipulating data associated with the `DEFAULT_USER_ID`. 2. **Exposed Debug Endpoints:** Endpoints like `/debug/sample`, `/debug/stats`, `/debug/fix-timestamps`, and `/debug/clear-bad-timestamps` are exposed without any authentication. This allows unauthorized users to read sensitive data samples, view database statistics, or trigger data manipulation for the `DEFAULT_USER_ID`. 3. **Default User ID:** The server largely operates on a hardcoded or defaulted `DEFAULT_USER_ID`. While this might be acceptable for single-user local development, it's highly insecure for any shared or multi-user deployment. 4. **Weak Upload Authentication:** The `/upload` endpoint attempts authentication via a 'Bearer' token or `lifeos_` API key. However, if authentication fails or the token is not a recognized API key, it falls back to the `DEFAULT_USER_ID` for storing data. This means a client could potentially upload data to the default user's account even with an invalid token. While the code includes a separate `http-server-oauth.ts` file which implements OAuth 2.1 and per-request user isolation (which would address these issues), the `deploy-oauth.sh` script, as written, deploys the `index.js` entry point by default, rendering the OAuth configuration ineffective for the running application. Unless the deployment specifically overrides the entry point to `build/http-server-oauth.js`, the insecure `index.js` version will run.
Updated: 2025-12-21GitHub
0
0
High Cost
wsmxd icon
Sec6

Automate interactions with the Xiaoheihe social platform, enabling content publishing, searching, and commenting via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Playwright's Chromium browser to be downloaded and installed (approximately 150MB).
  • ⚠️Initial use requires an interactive login via a browser window (manual action).
  • ⚠️Image and video paths for publishing must be local absolute paths.
Review RequiredView Analysis
A comprehensive security audit cannot be performed without access to the full C# source code files (e.g., XiaoheiheService.cs, LoginService.cs, etc.). Based on the documentation, the server uses Playwright for browser automation, which can introduce vulnerabilities if not carefully managed (e.g., untrusted content loading, browser exploits). It stores user cookies in `data/cookies.json`, which is sensitive data requiring proper file permissions and secure handling. The server also processes local absolute paths for image/video uploads, which could pose a risk if not properly validated against directory traversal or unauthorized file access. No obvious hardcoded secrets or malicious patterns are visible in the provided truncated configuration and documentation files.
Updated: 2026-01-17GitHub
0
0
Medium Cost
alejoair icon

mcp-terminal

by alejoair

Sec7

Provides interactive terminal sessions over REST API and MCP protocol, enabling AI agents and remote tools to execute shell commands and capture visual output.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Default CORS `allow_origins=["*"]` is insecure for production; explicit origins should be configured.
  • ⚠️Input to the terminal requires careful handling of newlines (`\n` for Unix/editors, `\r\n` for Windows shells) and control characters (`\x03` for Ctrl+C) as no automatic conversion is performed.
  • ⚠️The core functionality grants shell access, requiring external access control for secure deployment.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary shell commands via a pseudo-terminal (PTY) using `terminado`. While this is its intended purpose, it means exposing the server without robust authentication and authorization is highly dangerous, as any connected client can execute commands on the host system. The default FastAPI CORS configuration `allow_origins=["*"]` is also a security risk for production environments and should be restricted to specific origins. No obvious direct command injection vulnerabilities were found outside of the inherent PTY functionality itself. The custom `_decode_escape_sequences` function adds a layer of input parsing, which could theoretically be a surface for subtle flaws if not rigorously tested, but it appears designed for safe character interpretation.
Updated: 2025-11-20GitHub
0
0
Low Cost
kensuen icon

KensMCP

by kensuen

Sec2

A custom Model Context Protocol (MCP) server that provides a suite of developer utilities for AI assistants to perform real actions.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires installation of Python dependencies (`pip install -r requirements.txt`).
  • ⚠️The use of `eval()` in the calculate tool poses a significant security risk for untrusted input.
Review RequiredView Analysis
The `_handle_calculate` function uses `eval()` with user-provided `expression`. Although attempts are made to restrict the execution environment using `__builtins__={}` and a `safe_dict`, `eval()` is inherently dangerous when processing untrusted input and can lead to arbitrary code execution, resource exhaustion, or other vulnerabilities. The HTTP server binds to `0.0.0.0` by default, making it accessible on all network interfaces, which could expose the server and its `eval()` vulnerability if not run securely within a controlled environment.
Updated: 2025-11-28GitHub
0
0
High Cost
Christoph-D icon

nethack-mcp

by Christoph-D

Sec9

Facilitates an AI agent's interaction with the NetHack game through a tmux session.

Setup Requirements

  • ⚠️Requires 'tmux' to be installed and available in the system's PATH.
  • ⚠️Requires 'nethack' to be installed and available in the system's PATH.
  • ⚠️Requires 'Go' (version specified in `go.mod` implicitly, or generally latest stable) to build the 'nethack-ctl' binary.
  • ⚠️Designed as a plugin for an external 'opencode' agent environment, which is required for full functionality.
Verified SafeView Analysis
The project uses standard operating system commands (`tmux`, `nethack`) and executes them via Go's `os/exec` package. Inputs for `tmux` commands are either hardcoded, derived from environment variables, or passed as distinct arguments, reducing the risk of shell injection. The `NETHACK_TMUX_SESSION` environment variable is a potential point of concern if its value could be maliciously crafted, but `tmux` command arguments like session names are generally not exploitable in this context. There are no network services exposed or arbitrary `eval` like constructs observed. The system is designed for a trusted local agent environment.
Updated: 2026-01-18GitHub
0
0
Medium Cost
Ninjatogo icon
Sec1

Provides a web API for interacting with Microsoft SQL Server, offering database operations, performance analysis, and schema discovery tools.

Setup Requirements

  • ⚠️Requires .NET 7 SDK
  • ⚠️Requires a running instance of Microsoft SQL Server
  • ⚠️Manual update of 'DefaultConnection' connection string in appsettings.json is required
Review RequiredView Analysis
The server exposes `ExecuteQuery` and `ExecuteCommand` methods that accept arbitrary SQL queries/commands directly from the user. Without access to the actual C# implementation details, it's impossible to verify if proper input sanitization, parameterized queries, and robust authentication/authorization are in place. This design pattern presents a critical SQL injection vulnerability if not implemented with extreme care. The mention of 'PII-filtered results' indicates some security awareness, but does not mitigate the fundamental risk of executing user-supplied SQL. Hardcoded connection strings are not present in the provided appsettings.json, but users are required to configure one, which could become a secret management risk if not handled securely.
Updated: 2025-11-25GitHub
0
0
Low Cost
pedrouzcategui icon

mcp_server_example

by pedrouzcategui

Sec10

Provides a basic, minimal HTTP server template for demonstrating web service capabilities.

Setup Requirements

  • ⚠️Requires Node.js installed
Verified SafeView Analysis
Analysis based on the assumption of a minimal Node.js HTTP server example, as source code was not provided. No 'eval', obfuscation, hardcoded secrets, or malicious patterns found in the assumed minimal setup.
Updated: 2026-01-19GitHub
0
0
Medium Cost
AutumnsGrove icon

Mycelium

by AutumnsGrove

Sec4

Serves as an MCP (Model Context Protocol) server, acting as the communication network for AI agents (like Claude) to interact with various Grove ecosystem services such as blogging (Lattice), remote development (Bloom), storage (Amber), and analytics (Rings).

Setup Requirements

  • ⚠️Requires Node.js 20+ and pnpm for local development.
  • ⚠️Requires a Cloudflare account and Wrangler CLI for deployment and resource management (KV, D1, Durable Objects).
  • ⚠️Requires Heartwood OAuth credentials (client ID, client secret, redirect URI) and a cookie encryption key to be set as Cloudflare Worker secrets.
Review RequiredView Analysis
The server has critical SQL injection vulnerabilities due to the direct concatenation of user-controlled input into SQL queries. Specifically, in `src/tools/context.ts`, the `mycelium_history` tool takes a `type` parameter which is directly inserted into a SQL query without sanitization, allowing for arbitrary SQL execution. While `logTask` attempts to escape single quotes, this is an insufficient mitigation for untrusted input. The `mycelium_preferences` tool also uses string interpolation for SQL updates, though the inputs are validated by Zod prior to insertion, reinforcing a risky pattern in the SQL layer. Hardcoded API endpoints are for internal Grove services, not sensitive credentials.
Updated: 2026-01-19GitHub
0
0
Medium Cost
jasonberkes icon

taskmaster-mcp-server

by jasonberkes

Sec2

An MCP server for the TaskMaster platform, providing AI agents with tools for conversation management, filesystem operations, GitHub integration, command execution, and SQL Server management.

Setup Requirements

  • ⚠️The `run_command` tool allows arbitrary command execution without sandboxing, posing a severe security risk to the host system.
  • ⚠️Filesystem `ALLOWED_PATHS` are hardcoded to specific local user directories (`/Users/jasonberkes/...`) and must be manually updated for any other environment or user.
  • ⚠️Requires an Azure SQL Server database with the TaskMaster schema already in place.
Review RequiredView Analysis
The `run_command` tool is a critical security risk as it allows arbitrary terminal command execution with `shell: true` and no input sanitization or sandboxing, potentially leading to full system compromise. The `sql_execute_query` tool's read-only mode is easily bypassed (it relies on `startsWith` checks, which are insufficient), enabling destructive SQL operations by a malicious or confused agent. Filesystem access `ALLOWED_PATHS` are hardcoded to specific local user directories, which poses a risk if not updated for deployment and could expose unintended data. While some destructive operations (file deletion, table drop) require explicit confirmation, an AI agent could still provide this confirmation.
Updated: 2025-12-11GitHub
0
0
Medium Cost
Shivam0176 icon
Sec9

A server for tracking personal expenses, allowing users to add, list, and summarize financial transactions by category and date.

Setup Requirements

  • ⚠️Python 3.12+ required
  • ⚠️FastMCP library (>=2.12.4) required
Verified SafeView Analysis
The server uses parameterized SQL queries, effectively mitigating SQL injection risks. It does not contain 'eval' or 'os.system' calls, nor any apparent hardcoded sensitive information. Operations are confined to local file system (SQLite database and categories.json).
Updated: 2025-11-22GitHub
PreviousPage 684 of 713Next