Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
srneha24 icon
Sec4

Provides secure read-only access to PostgreSQL databases for AI assistants and MCP clients to query schemas and execute SELECT queries.

Setup Requirements

  • ⚠️Python 3.13+ required.
  • ⚠️PostgreSQL database required.
  • ⚠️Database connection details must be configured via environment variables (DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASSWORD).
Review RequiredView Analysis
The server has a critical SQL injection vulnerability in `get_database_schema`, `get_database_schema_with_indexes`, and `list_tables` functions. The `schema` parameter is directly interpolated into SQL queries using f-strings without sanitization, allowing an attacker to inject arbitrary SQL. Although the `query_database` tool blocks certain DML/DDL keywords, this protection does not apply to the `schema` parameter in the affected schema inspection functions. No 'eval' or hardcoded secrets were found.
Updated: 2026-01-16GitHub
0
0
Medium Cost
gauripathak21 icon

playwright-e2e-project

by gauripathak21

Sec10

This project provides an End-to-End (E2E) testing framework utilizing Playwright with TypeScript for web, API, device, and MCP server automation.

Setup Requirements

  • ⚠️Requires Node.js (version 18 or higher as per playwright dependencies)
  • ⚠️Requires Playwright browser binaries to be installed (typically via `npx playwright install`)
Verified SafeView Analysis
The source code is a Playwright E2E testing project. It does not contain 'eval', obfuscation, hardcoded secrets, or any other apparent malicious patterns. It interacts with known public websites for its demo tests, which is standard for this type of project. It is considered safe to run as a local testing tool.
Updated: 2025-11-25GitHub
0
0
Medium Cost
Gregoire-W icon

mcp-spotify

by Gregoire-W

Sec8

Enables AI assistants to create and manage Spotify playlists using natural language prompts, leveraging the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose
  • ⚠️Requires Spotify Developer Account (Client ID, Client Secret) and active Spotify account
  • ⚠️Requires Google Gemini API Key
  • ⚠️Spotify application's Redirect URI must be configured as `http://localhost:8080`
Verified SafeView Analysis
Secrets (Spotify client credentials, Gemini API key) are correctly managed via environment variables. Input validation is implemented using Zod for registered tools. The CORS policy is permissive for localhost/127.0.0.1 which is suitable for development and the MCP Inspector, but a stricter origin whitelist would be recommended for public production deployment. The Spotify redirect URI is hardcoded to localhost, which is typical for local OAuth flows and requires explicit configuration in the Spotify Developer Dashboard.
Updated: 2025-11-23GitHub
0
0
Medium Cost
PeterJBurke icon
Sec9

Deploy a Google Maps Platform Code Assist MCP server to Google Cloud Run, enabling ChatGPT to access up-to-date Maps documentation and code samples via an internal RAG engine.

Setup Requirements

  • ⚠️Requires a Google Cloud account with active billing enabled (Cloud Run is not free tier for all usage).
  • ⚠️Manual enabling of several specific Google Cloud APIs (Cloud Run API, Cloud Build API, Artifact Registry API) is critical and must be done before deployment.
  • ⚠️Creating and securely managing a Google Cloud Service Account key with 7 extensive IAM roles (e.g., Cloud Run Admin, Artifact Registry Administrator, Storage Admin) and adding its JSON content as a GitHub Secret is a complex prerequisite.
Verified SafeView Analysis
The server's source code (server.js) is minimal, primarily importing and running the @googlemaps/code-assist-mcp package, which limits direct code-level vulnerabilities in the wrapper. Critical security aspects like handling of secrets (GCP_PROJECT_ID, GCP_SA_KEY) are delegated to GitHub Secrets, which are encrypted and not stored in the repository. The project's documentation (docs/SECURITY.md) provides excellent guidance on best practices, including principle of least privilege for IAM roles, key rotation, and monitoring. The default deployment configuration allows unauthenticated access, which is explicitly noted as a production recommendation to change by configuring IAM. No hardcoded secrets or suspicious patterns like 'eval' were found in the provided server.js file.
Updated: 2025-12-14GitHub
0
0
High Cost
lucas-1000 icon

mcp-glucose

by lucas-1000

Sec8

Provides a specialized interface for AI assistants to query and analyze continuous glucose monitoring (CGM) data.

Setup Requirements

  • ⚠️Requires a separate `health-data-storage` REST API instance to be deployed and accessible.
  • ⚠️For OAuth-enabled deployments, requires registering an OAuth client (`OAUTH_CLIENT_ID`, `OAUTH_CLIENT_SECRET`) with the `health-data-storage` backend.
  • ⚠️Correct configuration of `PUBLIC_URL` is critical for OAuth redirects in deployed environments.
Verified SafeView Analysis
The server offers two main deployment configurations: a basic version and an OAuth-enabled version. The OAuth-enabled version (`http-server-oauth.ts`) correctly implements OAuth 2.1 with Bearer token authentication, RFC 9728 metadata, and uses `AsyncLocalStorage` for per-session token management, significantly enhancing security for multi-user environments. Secrets (API_SECRET, OAUTH_CLIENT_SECRET) are managed via environment variables and Google Secret Manager, which is a good practice. The basic version (`http-server.ts`) relies on `API_SECRET` for backend communication but allows unauthenticated access to the MCP endpoint itself, with tool calls requiring a `userId` or relying on a default, which is less secure for multi-user scenarios. The score reflects the stronger OAuth-enabled deployment.
Updated: 2025-11-26GitHub
0
0
Low Cost
Haehnchen icon

idea-mcp-devkit

by Haehnchen

Sec10

Facilitates IntelliJ plugin development by providing tools for PSI analysis and exploration of IntelliJ Platform extension points.

Setup Requirements

  • ⚠️Requires the 'MCP Server' plugin to be installed in IntelliJ.
  • ⚠️Requires relevant language plugins in IntelliJ for PSI analysis to work correctly.
Verified SafeView Analysis
The server utilizes IntelliJ's internal PSI parsing mechanisms and makes HTTP requests solely to official JetBrains Marketplace APIs. It employs standard and safe practices like URLEncoder.encode for constructing URLs. There are no indications of dangerous functions like 'eval', code obfuscation, or exposure of sensitive local resources. No hardcoded secrets are present.
Updated: 2025-12-05GitHub
0
0
Medium Cost
divik-coder icon

grpc_mcp

by divik-coder

Sec8

Runs a gRPC backend for text summarization, exposed via an MCP server, and includes an agent client for demonstration.

Setup Requirements

  • ⚠️Requires Python 3.12+ (according to pyproject.toml, README states 3.11+)
  • ⚠️Requires an Azure OpenAI or OpenAI API Key (paid service)
  • ⚠️Requires 'uv' for dependency management and script execution
Verified SafeView Analysis
The code uses environment variables for API keys, which is a good practice. The gRPC and MCP servers communicate locally. No direct use of 'eval' or other arbitrary code execution functions were found. Potential for prompt injection exists, which is an inherent risk when integrating with large language models, but the server code itself doesn't introduce additional vulnerabilities beyond this. The system uses insecure gRPC channels, which is acceptable for local communication but would require TLS for production deployments.
Updated: 2025-12-15GitHub
0
0
High Cost
JNK234 icon

Quibo-MCP-

by JNK234

Sec8

Integrates with Claude Desktop to provide AI-powered tools for generating blog posts from technical content like Jupyter notebooks and markdown files.

Setup Requirements

  • ⚠️Requires a separate backend API server to be running (default: http://localhost:8000).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Designed for integration with Claude Desktop, requiring specific configuration.
Verified SafeView Analysis
The server's `automation_tool.py` directly accesses local file paths provided as arguments to `generate_complete_blog`. While this is common for local agents, if the `files` argument could be manipulated by an untrusted external entity (e.g., via an unmediated API call), it could lead to arbitrary local file reads. However, as an MCP server, it's designed to run within a trusted client environment like Claude Desktop, which is expected to mediate such inputs securely. URL construction using `project_name` also assumes the project name is trustworthy or sanitized by the backend.
Updated: 2025-11-24GitHub
0
0
Medium Cost
bitjungle icon

v-r

by bitjungle

Sec9

Provides high-level, LLM-friendly weather tools and Norwegian place name resolution for MCP-compatible AI clients.

Setup Requirements

  • ⚠️Requires a separate 'metno-proxy' (Nginx Docker service) to be running and accessible.
  • ⚠️The 'weather_get_recent_observations' tool requires a 'FROST_CLIENT_ID' obtained from frost.met.no for full functionality.
  • ⚠️Regenerating the optional 'places.db' (for Norwegian place name resolution) requires Docker, Docker Compose, a PostGIS dump, and running a Python ETL pipeline.
Verified SafeView Analysis
The server uses Zod for robust input validation, mitigating common injection risks. External API calls are routed through a dedicated Nginx proxy ('metno-proxy') which handles User-Agent compliance, caching, and rate limiting, centralizing control and reducing direct exposure to the MET Norway API. Secrets like `FROST_CLIENT_ID` and `VAER_API_KEY` are managed via environment variables. The server logs are structured and sanitize sensitive input to prevent exposure. Docker deployments run as a non-root user (UID/GID 1001), enhancing container security. There's no use of 'eval' or other highly dangerous dynamic code execution methods.
Updated: 2025-11-30GitHub
0
0
Medium Cost
neeranzan icon
Sec8

Provides an MCP server to expose file content and metadata tools to Large Language Models like Claude.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer, which is a very recent (alpha/beta) version and not widely adopted yet.
  • ⚠️Relies on the 'mcp' framework, which users may need to learn and configure.
Verified SafeView Analysis
No application source code was provided for a comprehensive security audit. Based solely on `pyproject.toml` and `README.md`, no 'eval' calls, obfuscation, hardcoded secrets, or malicious patterns are visible. Dependencies (`pandas`, `pyarrow`, `mcp`) are standard libraries.
Updated: 2026-01-18GitHub
0
0
Medium Cost
SwipeBuilder-io icon

swipebuilder-mcp

by SwipeBuilder-io

Sec9

Access and manage an ad swipe library programmatically via the Model Context Protocol (MCP) by integrating with the SwipeBuilder API.

Setup Requirements

  • ⚠️Requires a SwipeBuilder API Key, which must be obtained from the SwipeBuilder platform.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The server securely handles API keys by requiring them via environment variables or explicit parameter passing, avoiding hardcoded secrets. It utilizes `httpx` for external API communication, and includes basic error handling for common API issues (e.g., 401, 403, 429). No 'eval' or other directly dangerous dynamic code execution patterns were found. The codebase appears straightforward and relies on standard Python practices for API interaction.
Updated: 2026-01-17GitHub
0
0
Low Cost
Built-Simple icon

claude-brain-dump-repo

by Built-Simple

Sec3

Manages a cross-machine portable configuration for the Claude Code CLI, including environment documentation, plugin configurations, MCP server definitions, and host inventory.

Setup Requirements

  • ⚠️Hardcoded root password ('BuiltSimple2025!') is present for SSH to 192.168.1.115, posing a significant security risk that must be addressed.
  • ⚠️Extensive use of global npm and npx installations for external dependencies (`@anthropic-ai/claude-code`, `@playwright/mcp`, `@bvisible/mcp-ssh-manager`, `@czlonkowski/n8n-mcp`, etc.) means the system's security relies heavily on the trustworthiness of numerous third-party packages.
  • ⚠️The `uv` dependency is installed directly via `curl | sh` or `irm | iex`, which carries inherent risks of arbitrary code execution from the source.
  • ⚠️Requires Node.js and Python to be pre-installed (or installed via system package manager/winget as part of the setup) for many of the tools and MCP servers.
Review RequiredView Analysis
The repository includes a hardcoded root password ('BuiltSimple2025!') for primary SSH access to '192.168.1.115', which is a critical security vulnerability. Setup scripts extensively use `npm install -g` and `npx -y` to install numerous external, potentially community-contributed plugins and MCP servers without strong sandboxing or vetting mechanisms, creating a high supply chain attack risk. The `uv` installer is also piped directly to `bash` or `powershell` from a URL. Failures in plugin installation are often silently ignored due to `|| true` in scripts. SSH key management practices (e.g., `ssh-copy-id`) assume a secure target environment.
Updated: 2026-01-19GitHub
PreviousPage 695 of 713Next