Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
PROGRAMER122223 icon

MCP-server

by PROGRAMER122223

Sec9

Provides a Model Context Protocol (MCP) server for basic arithmetic operations (add, subtract, multiply, divide).

Setup Requirements

  • ⚠️Requires Windows Package Manager (winget) for initial setup steps.
  • ⚠️Requires NVM for Windows and Node.js for the MCP Model Inspector and possibly the `mcp` CLI tools.
  • ⚠️Requires Python 3.13+ for running the server.
Verified SafeView Analysis
The server uses basic arithmetic operations and local file reads (for the `swiggy-mcp1` part). No direct use of `eval()` or `exec()` is observed. The file reading in `swiggy-mcp1/customercare.py` uses fixed filenames or a parameter that is not used to construct the file path, mitigating direct path traversal risks. The `calc_mcp/calc.py` server does not involve file I/O or external network calls beyond the MCP protocol itself. Overall, the direct source code provided appears to be reasonably secure for its stated purpose.
Updated: 2025-12-15GitHub
0
0
Medium Cost
omniagentpay icon

mcp-server

by omniagentpay

Sec5

Serves as a production-ready FastMCP server for AI agents to securely manage wallets and execute payments via OmniAgentPay payment tools.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires configuration with OmniAgentPay payment credentials (CIRCLE_API_KEY, ENTITY_SECRET), which are validated and required in 'prod' environment.
  • ⚠️Authentication (MCP_AUTH_TOKEN or MCP_JWT_SECRET) is enabled and required by default; local setup requires generating a token and setting it in `.env` or as an environment variable.
Verified SafeView Analysis
The core application uses FastAPI with Pydantic for input validation, supports Bearer token/JWT authentication, and integrates payment guardrails (budget, rate limit, recipient whitelist) via OmniAgentPay SDK. Structured logging and a health check are present. However, hardcoded example secrets (API keys, auth tokens) are directly embedded in the `deploy-first-time.sh` and `cloudbuild.yaml` scripts as environment variables. While documentation advises using secure methods like Google Cloud Secret Manager, the provided deployment scripts themselves demonstrate a critical security anti-pattern by exposing secrets in plaintext, which could lead to accidental exposure if real keys are used similarly. Webhook signature verification is bypassed in 'dev' environment and requires `OMNIAGENTPAY_WEBHOOK_SECRET` for production.
Updated: 2026-01-18GitHub
0
0
High Cost
hao-hoang icon
Sec8

An autonomous trading floor application with multiple AI agents making trades and real-time portfolio monitoring.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Polygon API Key (Free for EOD, Paid for Real-time)
  • ⚠️Requires Node.js and npm for some MCP servers (Fetch, Brave Search, Memory)
  • ⚠️Docker and Docker Compose are highly recommended for deployment
  • ⚠️Specific Python versions required (3.10, 3.11, or 3.12)
Verified SafeView Analysis
The application relies heavily on external API keys (OpenAI, Polygon, Brave Search, DeepSeek, Google, Grok, OpenRouter, Pushover) which are loaded from environment variables (.env file), following good security practices for secrets management. Inter-process communication for MCP servers largely uses standard I/O (stdio_client) which is secure for local communication. However, some MCP servers are sourced and executed via 'npx' or 'uvx --from git+', which involves downloading and running external packages at runtime. While these are common package management patterns, they introduce a supply chain risk if the remote repositories were compromised. The Streamlit UI is exposed on port 8501, which is standard for web UIs.
Updated: 2026-01-17GitHub
0
0
Low Cost
varunshah3129 icon

yahoo-finance-mcp-server

by varunshah3129

Sec6

Integrate Yahoo Finance data and analytics into AI applications and provide an interactive dashboard for financial queries.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires a local Ollama server running with the `phi3:mini` model downloaded and accessible at `http://localhost:11434`.
  • ⚠️The internal `yahoo-finance-mcp` server module must be built (`cd yahoo-finance-mcp && npm install && npm run build`) before running the main HTTP bridge.
  • ⚠️For LibreChat integration, the `cwd` path in `librechat-config.json` needs to be manually updated to the server's directory.
Verified SafeView Analysis
The client-side React application uses `dangerouslySetInnerHTML` for rendering markdown content from the MCP server, which can be an XSS risk if the MCP server is compromised or produces malicious output. The HTTP bridge uses `cors()` without specific origin restrictions, posing a network risk if exposed externally. Reliance on a local Ollama server means its security and integrity are paramount. These risks are somewhat mitigated by the expected local/self-hosted deployment within a trusted environment.
Updated: 2025-11-26GitHub
0
0
Medium Cost
GSNadarajan icon

figma-mcp-server

by GSNadarajan

Sec6

Provides a Model Context Protocol (MCP) server to expose Figma design tools to Claude Desktop for design-to-code workflows.

Setup Requirements

  • ⚠️Requires a Figma Personal Access Token for API authentication.
  • ⚠️Claude Code's MCP server configuration is project-specific, requiring careful setup or CLI usage per project.
  • ⚠️For production use, requires deployment to a hosting service like Render, Railway, or Fly.io.
Verified SafeView Analysis
The server uses `CORSMiddleware` with `allow_origins=["*"]`, which permits requests from any origin. While common for specific integrations, it can be overly permissive for general web services. Additionally, the `/save-code` endpoint allows writing arbitrary HTML, CSS, and JavaScript strings to the server's filesystem. If this endpoint is publicly exposed without robust authentication and authorization, it could be exploited to store malicious files (e.g., web shells, spam), consume disk space, or potentially lead to other vulnerabilities if the saved files are later served or processed by other systems.
Updated: 2025-11-25GitHub
0
0
Medium Cost
BERDataLakehouse icon

datalake-mcp-server

by BERDataLakehouse

Sec7

A FastAPI service enabling AI assistants to interact with Delta Lake tables stored in MinIO through Spark, using the Model Context Protocol (MCP) for natural language data operations.

Setup Requirements

  • ⚠️Requires KBase authentication token and 'BERDL_USER' role for access.
  • ⚠️Initial login to BERDL JupyterHub is mandatory for user provisioning (MinIO buckets, permissions, namespace isolation).
  • ⚠️MinIO credentials must be stored in `/home/{username}/.berdl_minio_credentials` for each user.
  • ⚠️Python 3.13+ is required (from `pyproject.toml`).
  • ⚠️Building from source requires cloning `spark_notebook_base`, `kube_spark_manager_image`, and `hive_metastore` repositories at the same directory level.
Review RequiredView Analysis
The service explicitly warns that it allows arbitrary 'read-oriented' queries to be executed against Delta Lake tables and that query results will be sent to the model host server (unless locally hosted). It also strictly warns against deploying to production without KBase leadership approval and advises against querying sensitive data. Positive security aspects include: - KBase authentication with role-based access control (`KBASE_REQUIRED_ROLES`). - Strong input validation for structured SELECT queries to prevent SQL injection (`_validate_identifier`, `_escape_value`). - A basic (but not comprehensive) `_check_query_is_valid` function to disallow common destructive SQL keywords (`drop`, `delete`, `insert`, `update`, `create`, `alter`, `merge`, `truncate`, `vacuum`), metacharacters (`;`, `/*`, `--`), and PostgreSQL system schemas (`pg_`, `information_schema`). - Dynamic loading of MinIO credentials from user home directories (`/home/{username}/.berdl_minio_credentials`), avoiding hardcoded secrets for data access. - Explicit validation in `src/main.py` requiring `POSTGRES_USER` to be `readonly_user`, indicating a read-only database connection for the Hive Metastore backend. - Use of LRUCache for KBase Auth tokens and Redis for query results, with user-scoped cache keys (`_generate_cache_key`) to prevent cross-user data leakage from the cache. Areas for caution/improvement: - The `_check_query_is_valid` function is not comprehensive and explicitly noted as such. Reliance on it for complete SQL injection prevention is not advised. The primary defense for arbitrary `read-oriented` queries is the read-only database user and S3 policies. - The core risk remains the 'arbitrary read-oriented queries' which, if misused by an AI or malicious actor, could expose data that the user *shouldn't* have access to, even if read-only, if S3 policies aren't perfectly aligned with the KBase Auth roles/groups logic. - The warning about sending query results to the model host server highlights a significant data privacy concern for users.
Updated: 2026-01-17GitHub
0
0
High Cost
yigitkonur icon

latitude-mcp-server

by yigitkonur

Sec8

Manages PromptL prompts for Latitude.so, enabling AI-powered prompt lifecycle management including validation, versioning, and execution directly from MCP clients.

Setup Requirements

  • ⚠️Requires Latitude.so API Key (paid service to execute prompts)
  • ⚠️Requires Latitude.so Project ID
  • ⚠️Requires Node.js 18.0.0 or higher
Verified SafeView Analysis
Uses environment variables for API keys (good practice). Client-side input validation is performed using the 'promptl-ai' library to prevent invalid PromptL syntax. File system operations are scoped to intended functionality (reading/writing .promptl files, creating temporary directories for sync operations). The primary security concerns relate to securing the LATITUDE_API_KEY from unauthorized access and the upstream Latitude.so API's handling of prompt execution.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Sri-Manikandan icon

mcp-docs-server

by Sri-Manikandan

Sec6

A Streamlit and FastAPI-based client for an AI agent that uses an LLM to search various technical documentation platforms via web search.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid service)
  • ⚠️Requires Serper API Key (Paid service for web search)
  • ⚠️Requires Python 3.12+
Verified SafeView Analysis
The FastAPI application uses `CORSMiddleware` with `allow_origins=["*"]`, which is a significant security risk for any public-facing API as it permits requests from any domain. The `server_script_path` used to launch the MCP server is configurable via environment variables; if an attacker can control this path, it could lead to arbitrary code execution. No direct `eval` or clear obfuscation found. External HTTP requests are made to Serper API and arbitrary URLs for documentation fetching, which are controlled by the tool's logic but involve external services.
Updated: 2025-12-15GitHub
0
0
Medium Cost
openpharma-org icon

who-mcp

by openpharma-org

Sec9

Provides AI assistants and applications access to the World Health Organization's Global Health Observatory (GHO) data via its OData API for searching, retrieving, and analyzing health indicators and statistics.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️A build step (`npm run build`) is required to copy source files to the 'build' directory before execution.
  • ⚠️Data retrieval methods like `get_health_data` and `get_cross_table` can return large datasets, potentially leading to high token usage if not limited by the 'top' parameter.
Verified SafeView Analysis
The server leverages the Model Context Protocol (MCP) SDK which enforces strict input schema validation, significantly reducing common injection vulnerabilities. API calls to the WHO OData endpoint are constructed carefully, although direct string interpolation for OData filter parameters exists. However, OData's parsing mechanism typically treats these as data values, reducing the risk of code injection compared to SQL. No 'eval' or direct command execution found. The XML parsing utility is included but not used by the core logic, thereby avoiding potential XML-related vulnerabilities. No hardcoded sensitive credentials detected.
Updated: 2025-12-16GitHub
0
0
Low Cost
AdamBien icon
Sec9

Provisions a serverless remote Model Context Protocol (MCP) server using AWS Bedrock Agent Core Gateway, AWS Lambda, and Amazon Cognito for authenticated API access.

Setup Requirements

  • ⚠️Requires JDK 21 or later and Apache Maven for building Java components.
  • ⚠️AWS CDK must be bootstrapped in the target AWS account and region (`cdk bootstrap aws://ACCOUNT-ID/REGION`).
  • ⚠️Requires AWS credentials configured (e.g., via AWS CLI or environment variables) to deploy and interact with AWS services.
  • ⚠️Manual steps (web UI or AWS CLI) are required to create a user account and obtain a JWT token for authentication before interacting with the deployed server.
Verified SafeView Analysis
The architecture uses standard AWS security best practices, including Cognito for JWT-based authentication and IAM roles with least privilege for Bedrock Agent Core Gateway and Lambda interaction. No 'eval' or obvious malicious patterns are present. Configuration via ZCfg and system properties helps avoid hardcoded secrets. The Cognito User Pool has a removal policy of 'DESTROY', meaning all user data will be lost if the stack is deleted. This is common for development but requires consideration for production environments.
Updated: 2025-12-13GitHub
0
0
High Cost
amsajaj icon
Sec3

An AI-powered web application for generating, editing, and exporting test cases, integrating with tools like Zephyr and PostgreSQL.

Setup Requirements

  • ⚠️Docker is required to run the application via `docker-compose`.
  • ⚠️PostgreSQL database is a mandatory dependency.
  • ⚠️AI models (Qwen3, Gemma) are used, implying potential API costs or local resource requirements, though specific integration details are not provided in the truncated code.
Verified SafeView Analysis
The `docker-compose.yml` file hardcodes default PostgreSQL credentials (`postgres:postgres`) for both the API connection string and the database service environment variables. The database port (5433) is also exposed to the host. This setup is highly insecure for production environments, as it allows trivial unauthorized access to the database. It is critical to change these default credentials immediately for any deployment outside of isolated local development. Additionally, all download/repository links in the README point to a direct `.zip` file download, which is unusual for a GitHub project and could be a security concern regarding the integrity of the downloaded binaries if not explicitly verified.
Updated: 2026-01-19GitHub
0
0
Low Cost
cuongpo icon
Sec9

A Model Context Protocol (MCP) server enabling seamless interaction with the Hyperion blockchain for querying, transacting, and managing assets via standardized APIs.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher to run.
  • ⚠️Requires access to a Hyperion blockchain RPC endpoint (configured via HYPERION_RPC_URL).
  • ⚠️For any transaction or contract deployment, a funded private key for Hyperion (HYPERION_PRIVATE_KEYS) is required.
  • ⚠️Using the Telegram bot integration requires additional API keys (TELEGRAM_BOT_TOKEN, SMITHERY_API_KEY, SMITHERY_PROFILE).
Verified SafeView Analysis
The server demonstrates good security practices by loading sensitive information (private keys, API keys) from environment variables, rather than hardcoding them. Wallet management functions correctly mask private keys when listing wallet information. The core dependencies (ethers.js, axios) are widely used and generally considered secure. There are no obvious signs of malicious patterns or use of dangerous functions like 'eval'. The primary security consideration for users is ensuring `HYPERION_PRIVATE_KEYS` and any integrated API keys are securely managed and that the `HYPERION_RPC_URL` points to a trusted endpoint.
Updated: 2025-11-30GitHub
PreviousPage 690 of 713Next