Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
kseysh icon
Sec8

An MCP server for Inha University campus electricity management, providing tools for energy usage monitoring, time-series forecasting of power consumption, and real-time power control.

Setup Requirements

  • ⚠️Requires a PostgreSQL database with an 'electricity' table (containing 'building', 'powerusage', 'datetime', 'datavalue' columns) for energy data storage.
  • ⚠️Requires internet access at startup to download the TimesFM pre-trained model weights from Hugging Face Hub (approx. 200MB) or a pre-cached local copy.
  • ⚠️Requires an external API endpoint configured via the 'POWER_CONTROL_URL' environment variable for real-time power control functionality to operate.
Verified SafeView Analysis
The server uses parameterized SQL queries for database interactions, which mitigates common SQL injection risks for the exposed tools. Input validation for critical 'control_power' actions ('on'/'off') is in place. Sensitive configurations like PostgreSQL credentials and the external power control URL are expected to be set via environment variables. Potential risks include misconfiguration of these environment variables (e.g., weak passwords, untrusted URLs) or vulnerabilities in the external power control system, which are outside the scope of this codebase. No direct 'eval' or similar critical remote code execution vulnerabilities were found in the provided code.
Updated: 2025-12-17GitHub
0
0
Medium Cost
brendon92 icon

mcp-server

by brendon92

Sec9

Provides AI agents with specialized tools for comprehensive web search, content fetching, and data format conversion.

Setup Requirements

  • ⚠️Requires Node.js 20.x or higher.
  • ⚠️Requires paid API keys for most web search engines (e.g., Brave, Google, Bing, SerpAPI) to function beyond basic DuckDuckGo search.
  • ⚠️Web scraping tools (`WebFetch`, `WebSearch` with DuckDuckGo) can be resource-intensive depending on the target website's complexity and size, potentially increasing CPU/network costs.
Verified SafeView Analysis
The server uses Zod for robust input validation, which is excellent for preventing common vulnerabilities. API keys are correctly managed via environment variables (process.env), preventing hardcoding. The `WebFetchTool` sanitizes HTML content by removing script/style tags. While XML parsing with `xml2js` generally has safeguards, there's no explicit DTD parsing configured, which would be a higher risk. Overall, practices are good.
Updated: 2025-11-27GitHub
0
0
Low Cost
proofofprotocol icon

proofscan

by proofofprotocol

Sec6

proofscan is an MCP (Model Context Protocol) server scanner that provides full visibility into JSON-RPC communication by capturing, saving, visualizing, and testing interactions, and offering a proxy for multiple MCP servers.

Setup Requirements

  • ⚠️Requires Node.js v18+ (v20+ recommended).
  • ⚠️Sensitive data (e.g., API keys) stored via the 'plain' provider (base64 encoded, not encrypted) on non-Windows platforms (Linux/macOS) due to lack of native secure storage integration (e.g., Keychain is not yet implemented). This means secrets are readable on disk.
Verified SafeView Analysis
The tool handles sensitive data (API keys, etc.) through a dedicated `secrets` module. On Windows, it leverages DPAPI for encryption. However, on non-Windows platforms (Linux, macOS), secrets are explicitly stated to be stored using a 'plain' provider, which is merely base64 encoded and *not encrypted*. This is a critical security vulnerability for users on those operating systems who expect secure storage. While the tool warns the user about this, it significantly impacts the security posture for a tool that purports to manage 'secure storage'. The `execSync` calls for DPAPI appear to be handled with input sanitization and `-EncodedCommand` to mitigate command injection risks. Export/import functionality uses robust cryptographic methods like scrypt and AES-256-GCM with timing-safe HMAC verification.
Updated: 2026-01-19GitHub
0
0
High Cost
j0hanz icon
Sec9

A Model Context Protocol (MCP) server that refines, enhances, and structures user prompts for optimal AI interaction using various LLM providers.

Setup Requirements

  • ⚠️Requires LLM Provider API Key (Paid, e.g., OPENAI_API_KEY)
  • ⚠️Requires Node.js >= 22.0.0
  • ⚠️Designed to run as an MCP server backend for an MCP host (e.g., Claude Desktop via stdio)
Verified SafeView Analysis
The server demonstrates strong security practices for its use case. It strictly validates and trims all input prompts using Zod schemas, rejecting unknown fields to prevent unexpected behavior. API keys for LLM providers are exclusively sourced from environment variables, preventing hardcoding. Sensitive information in debug logs is redacted and truncated. The internal error handling classifies and manages LLM-specific errors, including authentication and rate limiting. Protocol-level safeguards ensure strict version negotiation and server initialization before processing requests, preventing premature interactions. There are no indications of 'eval' or malicious patterns directly processing user input. Dependencies related to templating engines (like Pug for HTML reports in dev tools) are not used for processing runtime user input in a way that would introduce injection vulnerabilities.
Updated: 2026-01-19GitHub
0
0
Medium Cost
Jing-yilin icon

youtube-mcp-server

by Jing-yilin

Sec4

Enables AI language models to interact with YouTube content through a standardized Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires YouTube Data API Key (Paid Google Cloud API)
Review RequiredView Analysis
The server exposes a `save_dir` parameter in several tools (e.g., `videos_getVideo`, `transcripts_getTranscript`, `comments_getComments`) which, if controllable by an attacker through the AI model's input, could allow arbitrary file system writes (path traversal vulnerabilities). The `saveData` function creates directories recursively and writes arbitrary JSON content to the specified path without explicit sanitization or directory restrictions. This is a critical local file system write vulnerability if the server is deployed in an environment where AI input is not strictly validated or sandboxed.
Updated: 2026-01-10GitHub
0
0
Medium Cost
vitorcalvi icon

dreams-ai

by vitorcalvi

Sec2

An MCP server providing AI-powered code intelligence for semantic search, code structure analysis, and embedding generation, leveraging Apple Silicon GPU acceleration.

Setup Requirements

  • ⚠️Requires macOS with Apple Silicon (M1/M2/M3) hardware.
  • ⚠️Requires manual cloning and configuration of the 'dreams-ai-core' Python backend, and manually updating the 'PYTHON_CORE_DIR' constant in 'dreams-mcp.ts'.
  • ⚠️Requires 'uv' (a Python package manager) to be installed and available in the system's PATH to execute Python commands.
  • ⚠️Requires running the 'indexer.py' script from the 'dreams-ai-core' backend to initialize the LanceDB database for semantic search functionality.
Review RequiredView Analysis
The 'dreams-mcp.ts' file uses 'child_process.exec' to run Python scripts. A critical command injection vulnerability exists within the 'get_file_structure' tool where the 'file_path' argument is directly interpolated into a shell command without any sanitization or escaping. This allows for arbitrary command execution. While 'query' and 'text' arguments have basic single-quote escaping, it is not robust enough to prevent all potential shell injections for general user-controlled input. The 'PYTHON_CORE_DIR' is hardcoded as an absolute path, requiring manual modification.
Updated: 2026-01-17GitHub
0
0
Medium Cost
HarshavardhanaNaganagoudar icon

Minimalistic-Postcard

by HarshavardhanaNaganagoudar

Sec7

Generates aesthetic digital postcards by combining real-time weather, local time, cultural pulse, and AI-powered poetic quotes for a given location.

Setup Requirements

  • ⚠️Requires a compatible MCP client (e.g., Claude) to be configured as shown.
  • ⚠️Requires active internet access to communicate with the remote server, Open-Meteo API, and OpenAI API.
  • ⚠️The remote server internally relies on an OpenAI API Key for AI generation, implying potential API costs for the service provider.
Verified SafeView Analysis
The provided source code consists only of a `README.md` file, which describes the service and provides client-side configuration instructions to connect to a *remote* MCP server hosted on Hugging Face Spaces. The actual server-side code is not available for inspection. Therefore, a comprehensive security audit of the server's implementation (e.g., for 'eval' usage, obfuscation, network risks, or hardcoded secrets) cannot be performed. The client-side configuration (`npx mcp-remote`) is a standard way to interact with MCP servers and does not inherently expose client-side vulnerabilities or hardcoded secrets.
Updated: 2025-11-26GitHub
0
0
Medium Cost
dev-brewery icon

claude-agents-mcp

by dev-brewery

Sec3

A centralized Model Context Protocol (MCP) server for managing Claude AI agent definitions, configurations, and custom commands across multiple devices to resolve file synchronization issues.

Setup Requirements

  • ⚠️The HTTP API, if used, has no authentication and should not be exposed to untrusted networks.
  • ⚠️Requires absolute paths for the server binary in Claude Code's global config (`.claude.json`) when configured for stdio communication.
  • ⚠️Initial setup may require running a migration script (`npm run migrate`) to import existing configurations from a specified source path.
Review RequiredView Analysis
The optional HTTP API wrapper (`src/api.ts`), if deployed, lacks any authentication or authorization mechanisms, allowing any client on the network to perform read, create, update, and delete operations on agents, global configurations, and commands. This is a critical security vulnerability for network deployments. It also uses a broad CORS policy ('Access-Control-Allow-Origin': '*'). The core MCP server, running via stdio, is inherently more secure as it's not directly exposed to the network. SQL injection is mitigated through parameterized queries with `better-sqlite3`.
Updated: 2025-12-10GitHub
0
0
High Cost
hisinha-rakesh icon

terraform-mcp-server

by hisinha-rakesh

Sec9

An MCP server enabling AI-powered infrastructure-as-code workflows by exposing Terraform operations to clients like Claude, with built-in safety features.

Setup Requirements

  • ⚠️Terraform CLI must be installed and available in PATH (or within the container).
  • ⚠️Python 3.10 or higher is required.
  • ⚠️Docker Desktop is recommended for seamless integration with Claude Desktop via the provided container image.
Verified SafeView Analysis
The server primarily executes Terraform CLI commands via `subprocess.run`. It uses argument lists to prevent shell injection vulnerabilities. Crucially, it implements strong safety checks for destructive operations: `terraform_apply` requires explicit approval (`auto_approve=True` or `plan_file`), and `terraform_state` explicitly blocks `rm` and `mv` commands. All commands include timeout protection. While user/AI input is directly passed as Terraform arguments (e.g., resource addresses, variable values), the server's strong safety mechanisms for destructive actions, combined with Terraform CLI's own argument parsing, significantly reduce the risk of unintended or malicious behavior. No hardcoded secrets or 'eval' are present.
Updated: 2025-12-15GitHub
0
0
Low Cost
tomasswaier icon

BpMcpServer

by tomasswaier

Sec4

This server acts as a Model Context Protocol (MCP) tool provider, allowing an LLM (via an MCP client bridge) to retrieve car owner details (name, phone number) by querying a hypothetical local car database using a number plate.

Setup Requirements

  • ⚠️Requires a local HTTP service running on http://localhost:8000/api/carPage to provide car information.
  • ⚠️Requires Ollama to be running locally on http://localhost:11434 with the 'gemma2:2b' model pulled for the client to function.
  • ⚠️The client expects the server to be a compiled binary named 'server' in the 'server/' directory (i.e., 'server/server') if run via the client's 'exec.Command'.
Review RequiredView Analysis
The server directly relays user-provided 'NumberPlate' input to an external HTTP endpoint (http://localhost:8000/api/carPage) without any explicit input validation or sanitization. If the 'localhost:8000' service is not robustly secured against injection attacks (e.g., SQL injection), this server could act as a conduit for such vulnerabilities. There are no hardcoded secrets or obvious malicious patterns in this code itself, but the dependency on an unvalidated external service introduces a significant risk.
Updated: 2025-12-25GitHub
0
0
Medium Cost
nicolasestrem icon

komodo-mcp

by nicolasestrem

Sec8

An MCP server enabling AI assistants to manage Docker containers, stacks, and servers through the Komodo Core API.

Setup Requirements

  • ⚠️Requires Komodo Core API access (address, API key, and API secret).
  • ⚠️Requires Node.js 18.0.0 or higher, or Docker.
  • ⚠️Network connectivity to the Komodo Core server is essential.
Verified SafeView Analysis
The server correctly handles API keys and secrets via environment variables, avoiding hardcoding. It employs Zod for input validation, which is a good practice to prevent malformed requests. The default SSE transport binds to `0.0.0.0`, making it publicly accessible, but the documentation explicitly notes this and recommends a reverse proxy for production. Several tools expose destructive operations (e.g., deleting stacks, pruning Docker system), which are clearly marked with `destructiveHint: true` in their definitions for client-side awareness; however, the server itself does not implement additional confirmation prompts, expecting the AI client or user to handle this responsibility.
Updated: 2025-12-02GitHub
0
0
Low Cost
jackalterman icon
Sec9

Enables AI agents to securely share end-to-end encrypted, self-destructing notes with human recipients using a zero-knowledge architecture.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires `fastmcp`, `httpx`, and `cryptography` Python libraries.
  • ⚠️Relies on the external `securenote.link` web service to store the encrypted notes.
  • ⚠️Designed to be integrated with an MCP client (e.g., Claude Desktop) via standard I/O, not as a standalone web server.
Verified SafeView Analysis
The server implements strong AES-256-GCM encryption with a zero-knowledge architecture, meaning decryption keys are generated client-side and never stored on the server. The server acts as an MCP client to the 'securenote.link' web service, which stores only the encrypted blobs. No 'eval', 'exec', or other dangerous patterns were found in the provided Python source code. The primary security model relies on the client-side key generation and either fragment-based key passing for convenience mode or two-channel sharing for maximum security. The server does not handle the decryption keys, enhancing its security posture.
Updated: 2025-12-27GitHub
PreviousPage 696 of 713Next