Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
deepsweep-ai icon

auditor

by deepsweep-ai

Sec9

A free CLI tool for auditing MCP (Model Context Protocol) servers to detect memory and tool poisoning vulnerabilities.

Setup Requirements

  • ⚠️Requires Node.js >= 18.
  • ⚠️Network access is required for `--url`, `--docker`, and `--share` options (offline mode disables these).
  • ⚠️Remote MCP servers require accessibility and may need API keys or bearer tokens for authentication.
Verified SafeView Analysis
The auditor is a security tool designed to find vulnerabilities. Its internal implementation avoids common security pitfalls. It uses `eval` and similar patterns for detection purposes only, not for its own execution. Network calls for telemetry and report sharing are optional/opt-out and explicitly anonymize sensitive data. API keys are handled as environment variables. Overall, the tool itself appears robust and follows good security practices for an auditing utility.
Updated: 2025-11-24GitHub
0
0
Low Cost
visk12345 icon
Sec9

An expense tracking server that allows adding, listing, and summarizing financial transactions.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Expense data is stored in a temporary directory (`tempfile.gettempdir()`) and will not persist across server restarts or system reboots.
Verified SafeView Analysis
The server uses parameterized SQL queries, effectively preventing SQL injection vulnerabilities. No 'eval', 'exec', or direct system command execution is present. There are no hardcoded secrets identified. The database is stored in a temporary directory, which while impacting persistence, does not inherently pose a security risk beyond data loss. Error messages containing `str(e)` are common and generally benign.
Updated: 2025-11-22GitHub
0
0
Medium Cost
kiran-pillai icon

team-activity-monitor

by kiran-pillai

Sec6

A full-stack application that aggregates and summarizes team activity from GitHub and Jira/Atlassian using MCP servers and OpenAI.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose.
  • ⚠️Requires OpenAI API Key (Paid service).
  • ⚠️Requires GitHub Personal Access Token with appropriate scopes.
  • ⚠️Requires Atlassian/Jira API credentials (URL, Email, API Token).
Verified SafeView Analysis
The FastAPI backend uses `CORSMiddleware` with `allow_origins=["*"]`, `allow_methods=["*"]`, and `allow_headers=["*"]`. This is a critical security vulnerability for production deployments as it effectively disables CORS protection, allowing any domain to interact with the API. In a production environment, `allow_origins` should be restricted to known frontend origins. The application relies on OpenAI for tool argument generation, and these arguments are parsed using `json.loads`. While this is standard for OpenAI's function calling, it introduces a dependency on the trustworthiness of OpenAI's generated output. Sensitive credentials are correctly read from environment variables; no hardcoded secrets were found.
Updated: 2025-11-24GitHub
0
0
Low Cost
AsloWaves icon

unified-mcp-api

by AsloWaves

Sec3

A unified REST API replacing multiple Model Context Protocol (MCP) servers to reduce token overhead for AI agents like Claude, providing access to various developer tools and external services.

Setup Requirements

  • ⚠️Requires API keys for external services like GitHub, Notion, Render, Trello, Discord, and a custom API_KEY for server authentication.
  • ⚠️Filesystem operations are restricted to paths defined in the `ALLOWED_PATHS` environment variable; careful configuration is critical for security and functionality.
  • ⚠️Browser automation (`/api/v1/browser`) uses Playwright, which requires browser binaries and may consume significant system resources (CPU, RAM).
Review RequiredView Analysis
The server exposes highly privileged endpoints: `/api/v1/db/query/raw` allows arbitrary raw SQL execution, and `/api/v1/browser/evaluate` allows arbitrary JavaScript execution in a headless browser. A compromised API key could lead to severe consequences, including data manipulation/exfiltration and arbitrary code execution. The browser automation also runs with `--no-sandbox`, which reduces isolation. While filesystem operations are restricted by `ALLOWED_PATHS`, they remain powerful. Authentication relies on a single shared bearer token (API_KEY) from environment variables, which is less secure than robust user-based authentication. Hardcoded secrets are not present, but the reliance on environment variables makes secure deployment crucial.
Updated: 2025-11-30GitHub
0
0
Medium Cost
keelinglogic icon

ms-graph-mcp

by keelinglogic

Sec9

A Model Context Protocol (MCP) server providing Claude Code with full access to Microsoft 365 services via the Microsoft Graph API, covering email, calendar, contacts, To Do, Planner, and Groups.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for deployment.
  • ⚠️Requires an Azure AD application with specific Microsoft Graph permissions to be configured.
  • ⚠️Initial authentication involves a device code flow, requiring manual interaction in a browser.
  • ⚠️Remote deployments recommend a WireGuard tunnel for secure network access.
  • ⚠️Large attachments downloaded via `download_attachment_base64` may exceed Claude's context window (~500KB effective limit) due to base64 encoding overhead.
Verified SafeView Analysis
The server demonstrates strong security practices: `CLIENT_ID` and `TENANT_ID` are loaded from environment variables, avoiding hardcoded secrets. OAuth tokens are persistently stored in a Docker volume (`m365-mcp-data`) with restrictive `0o700` (`TOKEN_CACHE_DIR`) and `0o600` (`TOKEN_CACHE_FILE`) file permissions. Attachment downloads implement path sanitization (`Path(att_name).name`) to prevent directory traversal vulnerabilities. Network exposure is designed to be behind a VPN (WireGuard recommended), enhancing security. No `eval` or `exec` with unvalidated user input were found. The server relies on `mcp-proxy` for HTTP exposure, which wraps the standard I/O communication.
Updated: 2026-01-16GitHub
0
0
Low Cost
cbisaccia78 icon

SimpleMCP

by cbisaccia78

Sec7

Facilitates inter-process communication (IPC) between a client and a server using a custom JSON-RPC-like protocol over standard I/O streams.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️A separate, functional server implementation is required, as the `Server` class is currently a placeholder.
  • ⚠️External dependency `fastjson_rpc2` must be installed.
Verified SafeView Analysis
The client component uses `subprocess.Popen` to launch the server process. While this is necessary for its function, it presents a potential security risk if the `server_command` and `server_args` are sourced from untrusted input without validation, allowing for arbitrary command execution. No other direct vulnerabilities like `eval` or hardcoded secrets were found within the provided code.
Updated: 2025-12-03GitHub
0
0
Medium Cost
VinaSundar-Nat icon

Krypton.Carevo.JMR.MCP

by VinaSundar-Nat

Sec6

Implements a Model Context Protocol (MCP) server for managing job listings, views, and database operations using MongoDB.

Setup Requirements

  • ⚠️Requires a running MongoDB instance.
  • ⚠️Requires Python 3.12 or higher.
  • ⚠️The 'uv' package manager (replacing pip/venv) is used for dependency management and installation.
  • ⚠️For 'development' and 'production' environments, AWS Secrets Manager must be configured with valid ARNs for database credentials.
Review RequiredView Analysis
The server's 'local' configuration in `config.py` has critical security vulnerabilities: 1) It hardcodes a MongoDB password ('$ccat0.Nest'), which is highly insecure. 2) It sets CORS `allow_origins` to `['*']`, which permits requests from any domain, making the API vulnerable to cross-site scripting (XSS) and other attacks if deployed without changes. For 'development' and 'production' environments, `DEV_SECRET_ARN` and `PROD_SECRET_ARN` are empty strings, meaning secrets will not be fetched from AWS Secrets Manager unless these ARNs are configured, potentially leading to connection failures or insecure defaults if the application attempts to connect without a password.
Updated: 2026-01-17GitHub
0
0
Low Cost
igs-zhenglunchen icon

remote-mcp-server-authless

by igs-zhenglunchen

Sec8

Deploys an unauthenticated Model Context Protocol (MCP) server on Cloudflare Workers, providing basic arithmetic tools (addition, calculation) for AI agents.

Setup Requirements

  • ⚠️Requires a Cloudflare account and environment configured for Cloudflare Workers deployment.
  • ⚠️Node.js and npm are required for local development and setup.
  • ⚠️Explicitly designed to be 'authless'; no authentication or authorization is required to use its calculator tools, making it unsuitable for production without external access control measures.
Verified SafeView Analysis
The server is explicitly designed as 'authless' for demonstration purposes, meaning it lacks built-in authentication or access control for its calculator tools. While this is an intentional design for a demo, it would be a critical security vulnerability in a production environment without external authentication. The core logic of the arithmetic tools themselves is simple and includes a division-by-zero check, preventing execution vulnerabilities like 'eval', arbitrary code execution, or significant resource exhaustion through complex calculations. No hardcoded secrets or malicious patterns are evident in the provided source code. Running this code is safe from an execution standpoint, but its open-access nature should be well understood and mitigated if deployed beyond a controlled demo environment.
Updated: 2025-11-26GitHub
0
0
Low Cost
ClaimsimpleX icon

saol-mcp-server

by ClaimsimpleX

Sec9

Serves as a persistent bridge for AI agents to interact with shared memory systems like Firebase Firestore and Neo4j, enabling tool execution and policy enforcement.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Firebase/Google Drive tools rely on Google Application Default Credentials (ADC), which may require 'gcloud auth application-default login' or a service account configuration.
  • ⚠️Neo4j tools require NEO4J_URI, NEO4J_USER, and NEO4J_PASSWORD environment variables to be set.
Verified SafeView Analysis
The server includes a 'Guardian Policy Engine' that actively checks tool calls and arguments against predefined rules to prevent SQL injection and unauthorized actions (e.g., drive_delete). It uses environment variables for Neo4j credentials and Application Default Credentials (ADC) for Google services, avoiding hardcoded secrets. The user profile for policy checks is currently mocked as 'USER', which is overly restrictive for admins but not a security vulnerability. The policy engine now correctly integrates tool names into its pattern matching, addressing an initial limitation noted in comments.
Updated: 2025-11-25GitHub
0
0
Low Cost
GLinBoy icon
Sec7

This project likely implements a RESTful API server, potentially for a managed control plane, with its endpoints documented and generated via Swagger/OpenAPI specifications.

Setup Requirements

  • ⚠️Requires Node.js runtime environment
  • ⚠️Requires npm or yarn for dependency management
Review RequiredView Analysis
No source code was provided for analysis. Therefore, a comprehensive security audit for patterns like 'eval', obfuscation, hardcoded secrets, network risks, or malicious code cannot be performed. The score represents a neutral baseline, assuming no inherent malicious intent based solely on the repository name, but cannot verify actual code safety.
Updated: 2026-01-19GitHub
0
0
High Cost
zakariaf icon

SecScanMCP

by zakariaf

Sec8

This is an enhanced security scanner test suite designed to detect a wide range of vulnerabilities in MCP (Model Context Protocol) servers, including prompt injection, tool poisoning, hardcoded secrets, and various code injection types.

Setup Requirements

  • ⚠️Requires Docker to run the scanner and potentially for dynamic analysis of target applications.
  • ⚠️Requires several external security tools (OpenGrep/Semgrep, Syft, Grype, TruffleHog, ClamAV, YARA, CodeQL) to be installed and accessible in the environment or Docker container.
  • ⚠️CodeQL analysis is resource-intensive, requiring significant RAM and CPU during database creation and analysis steps, potentially leading to long scan times for large repositories.
Verified SafeView Analysis
This project is a security scanner, which by its nature interacts with and tests for malicious patterns. The code demonstrates good practices for isolating dangerous operations (e.g., Docker containerization, `subprocess.create_subprocess_exec` over `shell=True`, secret masking in findings). However, any security testing tool carries inherent risks if misconfigured or used on unauthorized systems. The documentation explicitly outlines ethical usage and safe testing practices. The internal design follows clean architecture principles, which generally improves code quality and reduces security vulnerabilities within the scanner itself.
Updated: 2025-12-01GitHub
0
0
High Cost
haksndot icon

haksnbot-tools

by haksndot

Sec5

An MCP server that enables AI (like Claude) to control a Minecraft bot for various in-game actions.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️For `take_screenshot` functionality, OpenGL support (e.g., Mesa on Linux) and Xvfb are required for a virtual display.
  • ⚠️QuickShop-Hikari integration (economy tools) requires setting the `MC_SERVER_ROOT` environment variable to the Minecraft server's root directory.
  • ⚠️Initial Microsoft authentication for online-mode servers requires manual user interaction (device code flow) via a browser.
Review RequiredView Analysis
The server uses `child_process.exec` in `src/tools/economy.js` to query a QuickShop H2 database. This command executes `java -cp ... org.h2.tools.Shell -sql "${sql}"`, directly passing SQL as a string. While there's a basic `replace` for double quotes, this method is highly susceptible to SQL injection if an AI agent can control parts of the SQL input. Furthermore, `exec` can potentially lead to arbitrary command execution on the host system if the input can escape the SQL context and inject shell commands. This poses a critical vulnerability. Additionally, sensitive database files are temporarily copied to `/tmp` for read operations, presenting a minor information exposure risk if the host's `/tmp` directory is not secured. Other actions like `bot.chat()` or direct packet writes (`update_sign`) are standard for Minecraft bots but could be abused by an unconstrained AI for in-game griefing.
Updated: 2026-01-19GitHub
PreviousPage 688 of 713Next