Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
DaoiestFire icon

streamable-http-mcp

by DaoiestFire

Sec9

Implements a basic StreamableHTTP MCP (Multi-Agent Communication Protocol) server with a weather information tool.

Verified SafeView Analysis
CORS is configured to allow all origins ('*'), which is suitable for demonstration or development but generally not recommended for production environments. No other critical vulnerabilities or malicious patterns were found.
Updated: 2025-11-24GitHub
0
0
Medium Cost
rossella icon

fleet-mcp

by rossella

Sec7

Enables AI assistants to programmatically manage and monitor GitOps capabilities and resources within a Fleet-managed Kubernetes environment.

Setup Requirements

  • ⚠️Requires Go 1.21 or later
  • ⚠️Requires a Kubernetes cluster with Fleet installed
  • ⚠️Requires Rancher bearer token (R_token header) and Rancher server URL (R_url header) for each request, or kubeconfig for local runs
Verified SafeView Analysis
The server acts as a powerful gateway to Kubernetes, requiring a Rancher bearer token ('R_token' header) with potentially broad RBAC permissions for its operations. This means the server operates with the permissions of the provided token; therefore, securing the token and limiting its scope is critical. While TLS is supported, the local development setup allows 'INSECURE_SKIP_TLS=true', which should not be used in production. The Kubernetes deployment manifest includes extensive ClusterRole permissions (full CRUD for many Fleet resources), which should be reviewed and potentially restricted based on specific use cases. There are no obvious code execution vulnerabilities like 'eval' or hardcoded secrets.
Updated: 2025-12-05GitHub
0
0
Medium Cost
pankajshakya627 icon

File-MCP-server

by pankajshakya627

Sec9

A comprehensive Model Context Protocol (MCP) server providing local utilities for file operations, directory management, text processing, and mathematical calculations, ideal for integration with AI agents like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.10+ (pyproject.toml specifies >=3.11).
  • ⚠️The default file system operations are sandboxed to a specific directory (`/tmp/Dev_Pankaj` by default) for security, which might require understanding for expected file locations.
  • ⚠️If HTTP transport is explicitly enabled, careful consideration of host binding (`0.0.0.0` vs `127.0.0.1`) and network security is needed.
Verified SafeView Analysis
The server implements robust file system sandboxing via the `_get_safe_path` function, which redirects all file operations to a designated directory (defaulting to /tmp/Dev_Pankaj or a custom SANDBOX_DIR) and actively blocks path traversal attempts ('..'). The `calculate` function uses `eval`, but it is heavily sandboxed with a restricted `safe_dict` and an empty `__builtins__` to prevent arbitrary code execution. When running in HTTP mode (not default), it could bind to `0.0.0.0` potentially exposing it to the network, but the README provides explicit warnings and best practices for this scenario.
Updated: 2025-12-10GitHub
0
0
Medium Cost
ashotchumore icon

my_new_mcp_server

by ashotchumore

Sec8

Provides a boilerplate for quickly developing Model Context Protocol (MCP) servers with TypeScript, featuring calculation and text-to-image generation tools.

Setup Requirements

  • ⚠️Requires `HF_TOKEN` environment variable to be set for the `text_to_image` tool to function.
  • ⚠️Requires Node.js and npm installed for dependency management, building, and execution.
  • ⚠️Designed to communicate via standard I/O, necessitating an MCP client to pipe input/output (e.g., configured via `.cursor/mcp.json` for Cursor IDE).
Verified SafeView Analysis
Uses reputable SDKs and libraries like @modelcontextprotocol/sdk and @huggingface/inference. Sensitive API keys (HF_TOKEN) are correctly handled via environment variables, preventing hardcoding. The server primarily communicates via standard I/O (StdioServerTransport), which limits direct network exposure from this specific server instance, relying on a secure external MCP client for interaction. No 'eval' or other highly dangerous patterns were observed.
Updated: 2025-11-27GitHub
0
0
Medium Cost
FlowTheTensor icon

github-mcp

by FlowTheTensor

Sec9

The GitHub MCP Server enables AI assistants (like Claude via LM Studio) to directly interact with GitHub for repository management, issue tracking, pull request workflows, and code analysis.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) with appropriate scopes (repo, read:org, gist).
  • ⚠️Requires Docker Desktop or Node.js/NPX to be installed and running.
  • ⚠️Requires LM Studio (version 0.3.0+) for AI integration.
Verified SafeView Analysis
The server's security is highly dependent on the secure handling of the GitHub Personal Access Token (PAT). The README explicitly advises using tokens with minimal necessary permissions, rotating them regularly, and never sharing them. No 'eval' or malicious patterns are visible in the provided README, which serves as a setup guide. Assuming the underlying official GitHub package is secure, the main risk is user mishandling of the PAT.
Updated: 2025-11-24GitHub
0
0
Medium Cost
arbolescontract icon

codex-mcp-go

by arbolescontract

Sec9

Acts as an MCP (Model Context Protocol) server to wrap the OpenAI Codex CLI, allowing AI coding assistants to interact with Codex for coding tasks.

Setup Requirements

  • ⚠️Requires OpenAI's `codex` CLI to be installed and configured separately (e.g., via `npm i -g @openai/codex`).
  • ⚠️Requires an `OPENAI_API_KEY` to be configured for the underlying `codex` CLI (typically via environment variables).
  • ⚠️Go 1.24+ is required if building from source; otherwise, Node.js/npm is needed for the recommended `npx` installation.
Verified SafeView Analysis
The server itself is a thin wrapper over the external OpenAI Codex CLI. It explicitly defaults to 'read-only' sandbox mode, preventing direct file modifications by Codex unless overridden. It also prohibits arbitrary 'model' and 'profile' parameters unless allowlisted, enhancing security. Input prompts for the underlying Codex CLI are escaped for Windows environments to mitigate shell quoting issues. The recommended agent system prompts strongly advise agents to use 'read-only' mode and review/apply changes manually, further bolstering security. The primary security considerations shift to the trustworthiness and behavior of the underlying 'codex' CLI and the AI agent's adherence to the recommended safety protocols. The npm installation method downloads a pre-compiled binary, introducing a supply chain risk if the GitHub releases or repository were compromised.
Updated: 2026-01-19GitHub
0
0
High Cost
rcdelacruz icon

nexus-mcp

by rcdelacruz

Sec9

Provides a local Model Context Protocol (MCP) server for AI agents, enabling hybrid web search and intelligent, token-efficient content retrieval from articles and documentation.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️If using uvx for installation, 'uv' must be pre-installed separately.
  • ⚠️Local development setup for Claude Desktop/Cursor requires providing absolute paths to the Python interpreter and server script in the JSON configuration.
Verified SafeView Analysis
The server's core functionality involves making external network requests to arbitrary URLs provided by the user/LLM via DuckDuckGo and httpx. This is inherent to its purpose. Input validation is performed for queries, modes, and URL formats (checking for 'http://' or 'https://' prefixes). Timeouts are implemented for both search and HTTP requests, preventing hanging operations. HTML content is pre-cleaned by removing common junk tags (scripts, styles, navs, footers, iframes) before processing. There are no obvious hardcoded secrets, 'eval' usage, or other directly malicious patterns identified in the provided source code.
Updated: 2025-12-15GitHub
0
0
Medium Cost
AuraFriday icon

remote_mcp

by AuraFriday

Sec2

Provides infrastructure for external applications to register as AI-controllable tools with an MCP server via reverse connections.

Setup Requirements

  • ⚠️Requires the 'Aura Friday MCP-Link Server' to be running as this project provides client-side implementations and a server-side component, not a standalone server.
  • ⚠️Different language implementations (Go, Java, Kotlin, C++) require specific compilers/SDKs and build steps, increasing setup friction.
  • ⚠️The Perl version specifically requires additional CPAN modules (`JSON`, `LWP::UserAgent`, `HTTP::Request`, `File::HomeDir`, `IO::Socket::SSL`).
Review RequiredView Analysis
CRITICAL: Hardcoded `TEST_TOKEN = "e5076d"` (and similar `29e63eb5` for SQLite unlock) in `remote.py` and across multiple language demos. This token is used to bypass "security checks" for tool usage, making the entire system fundamentally insecure for production use as anyone knowing this token can call registered tools. CRITICAL: Use of `eval(code)` in the JavaScript (`reverse_mcp.js`) `evaluate_js` action. This allows arbitrary code execution via untrusted input, a severe Remote Code Execution (RCE) vulnerability. CRITICAL: SSL/TLS certificate verification is explicitly disabled (`rejectUnauthorized: false`, `InsecureSkipVerify: true`, `context.verify_mode = ssl.CERT_NONE`) in all language implementations for local communication. While intended for self-signed certificates in a local environment, this is a dangerous practice as it makes the system vulnerable to Man-in-the-Middle (MitM) attacks if exposed beyond a trusted local network. MEDIUM: The system allows external tools to `call OTHER MCP tools` (e.g., `sqlite`, `browser`, `user`). A compromised or malicious remote tool could exploit this to perform unauthorized actions via other integrated MCP tools. LOW: The custom JSON parsing in Kotlin (`reverse_mcp.kt`) is flagged as a "simplified parser for the demo" and recommends using a robust library for production, implying potential vulnerabilities if not properly handled.
Updated: 2025-12-02GitHub
0
0
Medium Cost
mahdi-islam-pranto icon

MCP-servers

by mahdi-islam-pranto

Sec4

Provides an AI-powered expense tracking system with a chatbot interface, allowing users to add, list, and summarize expenses, and access predefined spending categories.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer due to `pyproject.toml` specification.
  • ⚠️Requires proper configuration of API keys (Gemini, RapidAPI) as environment variables; currently hardcoded in `chatbot_backend.py`.
  • ⚠️The user interface is built with Streamlit (`chatbot_frontend.py`), which needs to be run separately from the FastMCP server component.
Review RequiredView Analysis
The `chatbot_backend.py` file contains hardcoded API keys for `ChatGoogleGenerativeAI` and a `RapidAPI` jobs API. This is a critical security vulnerability, as these keys are exposed in the source code and can be easily misused. These should be loaded from environment variables. Database operations use parameterized queries, mitigating SQL injection risks. The remote database uses a temporary directory, which can have permission issues depending on the environment.
Updated: 2025-11-27GitHub
0
0
Medium Cost
IChouChiang icon

xhs-mcp-server

by IChouChiang

Sec6

A full-stack AI Agent system for automating social media tasks, specifically Xiaohongshu (XHS). It provides a Canva-like visual editor and an AI Assistant chat box to design, modify, and publish posts across various platforms.

Setup Requirements

  • ⚠️MCP Bridge Path Configuration (CRITICAL): The path to the `mcp-server-stdio.js` Node.js bridge is hardcoded to a Windows-specific path in `backend/agent_server.py` and `backend/agent_chrome.py`. Users MUST manually update this path to their local installation, which varies by OS (Windows/Mac/Linux) and npm global package location.
  • ⚠️API Keys & Authentication: Requires `auth.json` (cookies for Xiaohongshu login) and `searcher_api.txt` (DeepSeek/OpenAI API key) to be manually created in the `backend/` directory. Exporting cookies from a browser can be a manual and sometimes fiddly process.
  • ⚠️Python Environment Dependencies: Requires specific Python packages (`langchain`, `langgraph`, `mcp`, `fastapi`, `uvicorn`, `requests`) which must be installed in a suitable Python environment (e.g., `conda` or `venv`). The `mcp` library itself might have platform-specific build requirements.
Verified SafeView Analysis
The system heavily relies on browser automation and script injection via the MCP (Model Context Protocol) bridge. This inherently involves high privileges and potential risks if not configured securely. Key concerns include: 1. Hardcoded MCP Bridge Path: The path to `mcp-server-stdio.js` is hardcoded in Python scripts, requiring manual adjustment by the user. An incorrect or malicious path could lead to arbitrary code execution in the controlled browser. 2. Session Injection: `auth.json` (containing browser cookies and localStorage) is injected into the browser. If this file is compromised or contains malicious scripts, it could lead to XSS-like vulnerabilities in the controlled browser. 3. Script Injection Tools: Functions like `inject_session` and `extract_images_from_page` explicitly inject JavaScript into the browser. While these seem controlled internally, any vulnerability in how user inputs are handled by these injection points could be exploited. Overall, the system's power to control a browser requires strict adherence to security best practices during setup and operation. The reliance on local configuration files (`auth.json`, `searcher_api.txt`) that are not committed to source control is a good practice.
Updated: 2025-11-30GitHub
0
0
Medium Cost
ipninichuck icon

mcp-attack

by ipninichuck

Sec3

Provides a graph-based interface for the MITRE ATT&CK Framework, exposing tools for Large Language Models to search, traverse, and generate Navigator layers.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires `uv` for dependency management and execution
  • ⚠️First run downloads large ATT&CK STIX data (can be slow)
Review RequiredView Analysis
The `generate_navigator_layer` tool allows the `filename` to be specified directly by the user/LLM. While `os.path.abspath` is used, it does not restrict the output file to a specific safe directory, potentially allowing an attacker to write files to arbitrary locations on the server's filesystem (e.g., via path traversal like `../../malicious.json`). This is a critical vulnerability if the client is untrusted or if an LLM is exploited to perform such an action.
Updated: 2025-12-02GitHub
0
0
Medium Cost
zachswift615 icon

speakup-mcp

by zachswift615

Sec8

Provides a centralized text-to-speech (TTS) server for multiple Claude Code instances, featuring queue management, emotional tones, streaming playback, and a web UI.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires ~70MB of voice data to be downloaded during installation.
  • ⚠️Primarily tested/optimized for macOS, with Linux support available and Windows support planned.
Verified SafeView Analysis
The background HTTP service runs on `localhost:7849` and uses `Access-Control-Allow-Origin: *` for its API endpoints. While binding to localhost generally limits external attack surface, `*` CORS headers could theoretically allow a malicious webpage to trigger text-to-speech playback in the user's browser (a loopback attack). However, the impact is limited as the API only controls speech output, not data access or arbitrary code execution. `subprocess.Popen` is used for service management, but with controlled, non-user-inputted commands. SQLite queries are parameterized, preventing SQL injection.
Updated: 2026-01-17GitHub
PreviousPage 692 of 713Next