Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
andrew-stclair icon

kali-mcp-server

by andrew-stclair

Sec9

This server provides a standardized interface for 22 essential penetration testing tools, designed for integration with AI assistants and automation platforms.

Setup Requirements

  • ⚠️Requires Docker for recommended setup.
  • ⚠️The container requires elevated Linux network capabilities (`NET_RAW`, `NET_ADMIN`, `NET_BIND_SERVICE`), which may be restricted in some environments or by security policies.
  • ⚠️Primarily designed to run within a Kali Linux environment (though containerized).
Verified SafeView Analysis
The project demonstrates robust security hardening. Input is heavily sanitized to prevent command injection, and all tool execution is whitelisted against an explicit ALLOWED_TOOLS list. Tools run via `subprocess.run` with a list of arguments, avoiding shell interpretation. The Docker container runs as a non-root user with a read-only filesystem and temporary filesystems mounted, further restricting potential damage. Each tool execution includes a 300-second timeout. The container requires elevated network capabilities (`NET_RAW`, `NET_ADMIN`, `NET_BIND_SERVICE`), which are necessary for many penetration testing tools but inherently increase risk. However, these are mitigated by the strong input validation and execution controls.
Updated: 2025-12-15GitHub
0
0
Low Cost
Amitabh0954 icon

mcp-_server

by Amitabh0954

Sec10

A basic Node.js HTTP server designed to respond with a simple 'Hello, World!' message on any incoming request.

Setup Requirements

  • ⚠️Requires Node.js installed on the system.
Verified SafeView Analysis
The server is a minimal 'Hello, World!' HTTP server with no dynamic content, input processing, or external dependencies that could introduce vulnerabilities. No 'eval', hardcoded secrets, or malicious patterns were found. It is extremely safe.
Updated: 2025-11-25GitHub
0
0
Low Cost
nik1097 icon
Sec9

Estimates the token cost of tool responses from an MCP server, helping developers and clients understand LLM inference expenses.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires 'uv' for installation and execution (rather than just 'pip' and 'python').
  • ⚠️Requires an existing MCP server URL and potentially a Bearer token for authentication.
Verified SafeView Analysis
The tool is a client that makes HTTP requests to a user-provided MCP server URL. There are no 'eval' or similar dangerous functions, no obfuscation, and no hardcoded secrets. Authentication tokens are passed via command-line arguments. Any security implications would primarily arise from the server it connects to, or from the user exposing their token, not from vulnerabilities within the tool's code itself. It handles JSON parsing and network interactions robustly.
Updated: 2025-12-11GitHub
0
0
High Cost
Martin-Hausleitner icon

browser-use-mcp-plus

by Martin-Hausleitner

Sec3

Provides a unified interface for browser automation, UI analysis (screenshots to text via LLM), Chrome DevTools interaction, documentation lookup (Context7), and isolated code execution (Docker VM) for agentic workflows.

Setup Requirements

  • ⚠️Requires Python virtual environment with specific dependencies (mcp, browser_use, playwright, gui_agents, pyautogui).
  • ⚠️Requires Google Chrome/Chromium browser installation with CDP enabled.
  • ⚠️Requires API keys for LLM services (e.g., OpenAI, Context7, Chutes.ai) which are typically paid.
  • ⚠️Requires a running Docker daemon and user access for VM functionality.
Review RequiredView Analysis
The `chrome-devtools.evaluate_script` tool allows arbitrary JavaScript execution in the controlled browser instance, posing a critical XSS/code injection risk if the MCP client input is untrusted. The `docker_vm_run` and `agent_s3_vm_run_task` tools enable arbitrary command execution within a Docker container, and `agent_s3_vm_run_task` explicitly supports `unsafe_exec` for unrestricted code execution, creating potential container escape or resource misuse risks if the LLM or input is compromised. While API keys are externalized, the inherent power of these tools requires a highly trusted execution environment and strictly vetted inputs to prevent malicious use.
Updated: 2026-01-17GitHub
0
0
Medium Cost
nagalikith icon
Sec8

Automates routine tasks in Canvas LMS using an LLM agent.

Setup Requirements

  • ⚠️Requires CANVAS_API_TOKEN environment variable.
  • ⚠️Requires CANVAS_DOMAIN environment variable.
  • ⚠️Requires FIREWORKS_API_KEY environment variable (for LLM).
  • ⚠️The CanvasClient is configured to use 'http' scheme by default, which might need adjustment to 'https' for production Canvas instances if not handled implicitly by the domain.
Verified SafeView Analysis
The code uses environment variables for sensitive API keys (Canvas, Fireworks), which is good practice. Pydantic models are used for API arguments, providing some level of input validation against incorrect types. There's no explicit use of 'eval' or other highly dangerous functions. The `config.yaml` shows placeholders for API keys, which if used directly without environment variables, could lead to hardcoded secrets. The LLM-driven tool routing means that the security relies heavily on the LLM's adherence to the system prompt and the proper validation/sanitization of arguments before they are passed to the Canvas API client. While `smart_normalize_args` helps, it doesn't prevent semantically invalid inputs if the LLM misinterprets a command.
Updated: 2025-11-19GitHub
0
0
Low Cost

achilles

by kasssandr

Sec9

Analyzes Calibre e-book library metadata to provide detailed statistics and insights.

Setup Requirements

  • ⚠️Python 3.6 or higher is required.
Verified SafeView Analysis
The tool explicitly states it only reads data from the local metadata.db file and does not modify the Calibre library. There are no indications of network requests, `eval` usage, or obfuscation, making it very safe to run locally.
Updated: 2025-11-23GitHub
0
0
Medium Cost
Daksh-io icon
Sec4

Enables LLMs to safely interact with databases and tools via a structured Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Groq API Key (paid service)
  • ⚠️Project is currently in progress and not finished, which may impact stability and feature completeness
  • ⚠️Potential for SQL injection due to lack of explicit query validation/sandboxing in current version
Review RequiredView Analysis
The project lists 'Query validation & sandboxing' as a future improvement, which implies it's not fully implemented in the current version. This is a critical risk, as direct execution of LLM-generated SQL queries without robust validation could lead to SQL injection, data manipulation, or denial-of-service vulnerabilities. While the design emphasizes safety, the implementation details for preventing malicious SQL are not provided and acknowledged as a future need.
Updated: 2026-01-17GitHub
0
0
Low Cost
ofurkanuygur icon

tcmb_mcp

by ofurkanuygur

Sec9

Provides current and historical exchange rates, currency conversion, and rate comparisons from the Turkish Central Bank (TCMB).

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Needs network access to the Turkish Central Bank (TCMB) API (`https://www.tcmb.gov.tr`).
  • ⚠️Caching is SQLite-based and defaults to `~/.cache/tcmb-mcp-pro/tcmb_cache.db`, requiring write access to that location.
Verified SafeView Analysis
The project uses `defusedxml` for secure XML parsing to mitigate XML vulnerabilities and `aiosqlite` with parameterized queries, which prevents common SQL injection risks. Configuration is loaded from environment variables and `.env` files, which is good practice. No obvious hardcoded credentials, `eval` usage, or malicious patterns were found. Network calls use `httpx` with timeouts and retries, enhancing reliability.
Updated: 2025-11-30GitHub
0
0
High Cost
anshu57 icon
Sec7

An agent-based chatbot integrating local and remote (Multi-Tool Communication Protocol - MCP) tools, supporting conversational AI, RAG, and stock price lookup through a FastAPI backend and a Streamlit frontend.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for chat and embedding models.
  • ⚠️Requires ALPHAVANTAGE_API_KEY for the Stock Price tool.
  • ⚠️The MCPClient configuration includes a hardcoded local path for an 'arith' server ('/Users/anshugangwar/Desktop/mcp-math-server/main.py'), implying a specific local setup is necessary if MCP tools are enabled.
  • ⚠️Conditional dependency on 'langchain_mcp_adapters' if MCP tools are enabled.
Verified SafeView Analysis
The application avoids direct 'eval' and includes some input validation (e.g., for messages and uploaded files). However, the 'MCPClient' hardcodes a local subprocess command execution (`python3 /Users/anshugangwar/Desktop/mcp-math-server/main.py`) and an external HTTP endpoint, which introduces potential risks if the local script is untrusted, or if external MCP services are compromised. Users should ensure the security of any referenced local scripts and external services.
Updated: 2025-11-25GitHub
0
0
Low Cost
sunny-suzega icon
Sec1

This repository is intended to be an AI application onboarding solution, but its specific functionality and implementation details cannot be determined as the source code was not provided for analysis.

Setup Requirements

  • ⚠️Source code is missing, thus specific setup requirements, dependencies, or potential friction points (e.g., API keys, specific software versions, Docker) cannot be identified.
  • ⚠️A truncated README was mentioned, but no content was provided, limiting context.
Review RequiredView Analysis
CRITICAL: No source code was provided for analysis. Therefore, a comprehensive security audit is impossible. The low score reflects the inability to verify the project's safety against malicious patterns, 'eval' usage, obfuscation, hardcoded secrets, or network risks.
Updated: 2025-12-11GitHub
0
0
Medium Cost
ABINETHACKER icon

MUSTer_MCP

by ABINETHACKER

Sec8

Automates interaction with Macau University of Science and Technology (M.U.S.T.) campus systems (Moodle, Wemust) to facilitate tasks like schedule retrieval, course content access, and resource downloads for LLM integration.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires a local installation of Chrome browser and its corresponding Chromedriver for Selenium to function.
  • ⚠️Installation instructions recommend using `uv` (a fast Python package manager).
  • ⚠️Mandatory environment variables: `MUSTER_USERNAME`, `MUSTER_PASSWORD`.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive credentials (username/password). It does not use `eval` or exhibit overt malicious patterns. However, it relies on Selenium for browser automation, which can introduce risks: 1. The `--no-sandbox` Chrome option is used, which can be a security concern in certain multi-user or untrusted environments. 2. The `download_resource` and `open_URL_with_authorization` tools accept `resource_url` and `url` parameters respectively. While intended for Moodle/Wemust, a malicious LLM prompt could potentially direct these tools to interact with arbitrary, untrusted URLs or download files from them, leading to unexpected behavior or system exposure. Users should ensure LLM interactions are guarded against such misuse.
Updated: 2026-01-19GitHub
0
0
Low Cost
VeVarunSharma icon
Sec1

Demonstrates security vulnerabilities and mitigations in Model Context Protocol (MCP) servers for educational purposes.

Setup Requirements

  • ⚠️Contains intentionally vulnerable code: DO NOT use the vulnerable examples in production systems.
  • ⚠️Requires Node.js 18+ and TypeScript 5.3+ to run.
Review RequiredView Analysis
This repository is intentionally designed to showcase critical security vulnerabilities (Command Injection, Path Traversal, SSRF, Tool Poisoning, Full-Schema Poisoning, Advanced Tool Poisoning) in its 'vulnerable' implementations. Running the vulnerable server code, or any part of it without careful application of the provided 'secure' mitigations, would lead to severe compromises including arbitrary code execution, sensitive data exfiltration (e.g., SSH keys, AWS credentials), and internal network exposure. While the repository provides secure examples and strong warnings, its core content for demonstration is highly insecure by design. Therefore, it is extremely unsafe to run in any non-isolated or production environment.
Updated: 2025-11-27GitHub
PreviousPage 689 of 713Next