Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
hamzasaleem22 icon

mcp-server-repository

by hamzasaleem22

Sec1

Analysis of the server's use case cannot be determined as the source code was not provided.

Setup Requirements

  • โš ๏ธSource code was not provided, therefore a comprehensive analysis of setup requirements and friction points is impossible.
Review RequiredView Analysis
Security audit cannot be performed as the source code for the 'mcp-server-repository' was not provided in the prompt. A score of 1 is assigned because safety cannot be verified without code.
Updated: 2025-12-02GitHubโ†’
0
0
Medium Cost
BACH-AI-Tools icon

bachstudio-pubmedmcp

by BACH-AI-Tools

Sec9

Provides a Micro-service Container Protocol (MCP) server for searching and fetching biomedical literature abstracts from the PubMed database.

Setup Requirements

  • โš ๏ธRequires 'uv' package installed globally and 'uvx' in PATH.
  • โš ๏ธPython 3.12+ only.
Verified SafeView Analysis
The server code (src/pubmedmcp/__main__.py) is well-structured, utilizing Pydantic for robust input validation and relying on a dedicated client library (pubmedclient) for external API interactions, minimizing direct network risk. No 'eval' or arbitrary code execution is present in the server's operational logic. The 'bump_version.py' script, while using 'subprocess.run', is an external development utility and not part of the deployed server.
Updated: 2025-12-04GitHubโ†’
0
0
Medium Cost
RiDDiX icon
Sec8

Enables AI assistants (like Claude) to manage and interact with a MountainOS (MOS) system by providing an interface via the Model Context Protocol (MCP).

Setup Requirements

  • โš ๏ธRequires a running MountainOS (MOS) system with its API accessible.
  • โš ๏ธRequires a MOS API authentication token or username/password to be provided via environment variables (many tools are 'admin only').
  • โš ๏ธRequires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server acts as a proxy for the MOS API. Many operations require admin privileges on MOS, implying that the provided authentication token grants administrative access to the underlying system. Security relies heavily on the robustness of the MOS API itself and the secure management of the 'MOS_API_TOKEN' environment variable. The API client does not explicitly enforce HTTPS for 'MOS_API_URL', which could be a risk if connecting to a non-local MOS server over an insecure channel. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-16GitHubโ†’
0
0
High Cost
yyf icon

MCP2OSC

by yyf

Sec5

Facilitates parametric control of multimedia devices and creative applications (like MaxMSP) using natural language prompts via a Large Language Model (LLM) such as Claude.

Setup Requirements

  • โš ๏ธRequires Claude Desktop Application for LLM integration.
  • โš ๏ธRequires Node.js version 18.0.0 or higher.
  • โš ๏ธDefault OSC host/ports (9500 send, 9501 receive) may conflict with existing applications; manual configuration via environment variables may be necessary. The service manager attempts to detect MaxMSP to mitigate conflicts.
  • โš ๏ธWebSocket functionality requires 'ws' npm package to be installed, which might need to be explicitly added if not present by default.
Verified SafeView Analysis
The system presents several security considerations: 1. **ReDoS Vulnerability:** The `handleGetReceivedMessages` function in `mcp-server.js` constructs a regular expression from user-provided `addressPattern` (`new RegExp(addressPattern.replace(/\*/g, '.*'))`). If an LLM or a malicious user (if the endpoint were exposed) provides a crafted regex pattern, it could lead to a Regular Expression Denial of Service (ReDoS) attack, causing the server to hang or crash. 2. **API Exposure Risks:** The `enhanced-dashboard-server.js` exposes several API endpoints (e.g., `/api/patterns/upload`, `/api/test-osc`). * `/api/patterns/upload` allows posting new OSC patterns. While validation is performed, a large or complex JSON payload could potentially lead to resource exhaustion or malformed data being stored if not handled robustly, impacting subsequent parsing. * `/api/test-osc` allows sending arbitrary OSC messages to a specified address and arguments. If the dashboard is accessible from an untrusted network, this could be exploited to send arbitrary UDP packets, potentially causing a denial of service or other malicious activity on internal networks. 3. **JSON Parsing from Network Input:** Both `websocket-osc-controller.js` and `enhanced-dashboard-server.js` parse JSON from incoming network messages (`JSON.parse(data.toString())` in WebSockets, `req.body` in Express). Malformed JSON could potentially crash the server or consume excessive resources if not adequately protected by robust error handling and input validation (which is present to some extent for patterns but could be extended). 4. **UDP Communication:** OSC relies on UDP, which is connectionless and stateless. This makes it susceptible to spoofing and message injection if the network is not trusted, though this is inherent to UDP and not specific to the application's implementation. 5. **File System Operations:** The system extensively uses `fs` operations for logging and pattern storage. While atomic writes are implemented in `mcp-server.js`, concurrent writes or extremely large log/pattern files could introduce performance bottlenecks or, in extreme cases, file corruption if error handling or resource limits are not fully robust. The `shared-storage.js` uses synchronous file operations which can block the event loop.
Updated: 2025-11-24GitHubโ†’
0
0
Low Cost
gwyer icon
Sec8

A local, privacy-preserving Retrieval-Augmented Generation (RAG) system that combines semantic and keyword search to answer questions from user-provided documents, with an MCP server API for seamless integration with Claude Desktop.

Setup Requirements

  • โš ๏ธRequires Ollama to be installed and running locally (`ollama serve`).
  • โš ๏ธRequires specific Ollama models (`llama3.1:latest` for LLM, `nomic-embed-text` for embeddings) to be pulled manually via `ollama pull <model-name>`.
  • โš ๏ธMinimum 8GB RAM (16GB recommended) for efficient operation, especially with large datasets and local LLMs.
  • โš ๏ธThe MCP server mode specifically requires Claude Desktop to be installed and configured with absolute paths in `claude_desktop_config.json`.
Verified SafeView Analysis
The system operates entirely locally, mitigating network-based data exfiltration risks. Configuration is handled via `config.yaml`, avoiding hardcoded secrets in the codebase. User-provided queries are processed through LangChain's RAG chain and structured query engine. While the `StructuredQueryEngine` internally uses `df.query()` for structured data, which can be a vector for injection if arbitrary user input were passed directly, the exposed MCP tools (`count_by_field`, `filter_dataset`) validate inputs by field and value, rather than raw query strings, significantly reducing this risk in the MCP context. The LLM prompt explicitly instructs the model to use 'ONLY the provided context' and 'NEVER make up or infer information', which aims to reduce hallucination and potential prompt injection leading to unintended actions, though LLM-based injection remains a theoretical challenge for any RAG system.
Updated: 2025-12-14GitHubโ†’
0
0
Low Cost
bashithj icon
Sec8

This project demonstrates an AI agent using LangGraph and LangChain's MCP adapters to orchestrate calls to multiple local MCP services (Math and Weather tools) for processing user queries.

Setup Requirements

  • โš ๏ธThe GROQ_API_KEY environment variable is required for the client application to run.
  • โš ๏ธThe weather server (`weather.py`) must be running independently (e.g., by executing `python weather.py` in a separate terminal) before the client (`client.py`) can successfully connect to it.
  • โš ๏ธThe project requires Python 3.13 or higher as specified in `pyproject.toml`.
Verified SafeView Analysis
API keys are loaded from environment variables, which is good practice. No 'eval', 'exec', or other immediately dangerous patterns were found in the provided source code. The client launches a local subprocess for the math server, which is generally acceptable for local development but pathing should be robustly controlled in production environments.
Updated: 2025-11-27GitHubโ†’
0
0
Medium Cost
i9wa4 icon
Sec9

Provides an MCP (Multi-Cloud Platform) server to execute SQL queries and explore Unity Catalog metadata on Databricks.

Setup Requirements

  • โš ๏ธRequires 'uv' package manager for execution.
  • โš ๏ธDatabricks authentication (host and token or client_id/client_secret) must be configured in ~/.databrickscfg or via environment variables.
  • โš ๏ธA Databricks SQL Warehouse ID is required for SQL execution and lineage features, configurable in ~/.databrickscfg or DATABRICKS_SQL_WAREHOUSE_ID environment variable.
  • โš ๏ธPython 3.11 or higher is required.
Verified SafeView Analysis
The server explicitly blocks a comprehensive list of potentially dangerous SQL DDL/DML commands (DROP, DELETE, TRUNCATE, ALTER, CREATE, INSERT, UPDATE, MERGE, GRANT, REVOKE) to prevent accidental or malicious destructive operations. Authentication relies on standard Databricks SDK mechanisms (environment variables or ~/.databrickscfg), which are secure if credentials are managed properly. No 'eval' or other dynamic code execution found. No hardcoded secrets.
Updated: 2026-01-19GitHubโ†’
0
0
Medium Cost
JoseJimenez-M icon

mcp-statcan-odcaf

by JoseJimenez-M

Sec9

Exposes Canada's Official Canadian Cultural Facilities Dataset (ODCAF) via an MCP server for AI clients to query.

Setup Requirements

  • โš ๏ธRequires `ODCAF_v1.0.csv` to be manually acquired and placed in the project root.
  • โš ๏ธRequires running `python ingest.py` once to create the `odcaf.db` SQLite database.
  • โš ๏ธRequires Python 3 and `pip install -r requirements.txt` to install dependencies.
Verified SafeView Analysis
The server correctly uses parameterized queries with `aiosqlite` to prevent SQL injection. No `eval` or direct code execution functions are observed. There are no hardcoded secrets. The CORS middleware is set to allow all origins (`allow_origins=["*"]`), which is permissive but common for public APIs and not a direct code execution vulnerability.
Updated: 2025-12-11GitHubโ†’
0
0
Low Cost
drewelewis icon

ai_m365_mcp

by drewelewis

Sec9

A Python-based MCP client for interacting with Microsoft Teams, primarily for learning, testing, and prototyping AI-powered automation and integration.

Setup Requirements

  • โš ๏ธRequires Azure AD App Registration with specific Microsoft Graph delegated permissions (e.g., Chat.ReadWrite, ChannelMessage.Send).
  • โš ๏ธRequires a valid `TEAMS_ACCESS_TOKEN` obtained via Azure CLI or manually, which needs to be configured as an environment variable.
  • โš ๏ธPython 3.8+ and pip dependencies (`mcp`, `httpx`, `fastapi`, `pydantic_settings`, `dotenv`) must be installed.
Verified SafeView Analysis
The client uses standard Microsoft Graph API authentication mechanisms via access tokens and warns against hardcoding secrets by recommending environment variables and `.env` which is `.gitignore`d. It relies on Azure AD for permissions and token management. No `eval` or obvious malicious patterns were found in the provided client code. The security primarily depends on secure management of the `TEAMS_ACCESS_TOKEN` and correctly configured Azure AD app permissions.
Updated: 2025-12-12GitHubโ†’
0
0
Medium Cost
arifdegirmenci icon

mcp_server

by arifdegirmenci

Sec7

A simple MCP server that retrieves bank accounts from the TreasuryPath API and enables question-answering using an Ollama LLM.

Setup Requirements

  • โš ๏ธRequires TreasuryPath API Key, API Secret, and Company ID (implies a TreasuryPath account).
  • โš ๏ธRequires Ollama to be installed and running locally, with the specified LLM model (e.g., 'llama3') pulled.
  • โš ๏ธRequires Python 3.x and dependencies installed in a virtual environment.
Verified SafeView Analysis
Sensitive API keys (TREASURY_API_KEY, TREASURY_API_SECRET) are loaded from a .env file, which is good practice. The server and Ollama instance are configured to run on localhost by default, limiting external network exposure. User input for LLM questions is combined with structured bank account data (rather than raw data), which helps mitigate basic prompt injection, but does not eliminate all potential LLM prompt injection risks. No obvious 'eval' or direct arbitrary code execution from user input is present in the provided code snippets.
Updated: 2025-12-03GitHubโ†’
0
0
Low Cost
iamthite icon
Sec9

Manages and tracks personal expenses using a Model Context Protocol (MCP) server.

Setup Requirements

  • โš ๏ธPython 3.14+ required (as per pyproject.toml)
  • โš ๏ธRequires `uv` package manager
Verified SafeView Analysis
The server uses parameterized SQL queries for SQLite operations, which is good practice to prevent SQL injection. It does not use `eval` or similar dangerous functions. Data is stored locally in an SQLite database, and the server runs on `stdio` transport, limiting direct network exposure. No hardcoded secrets were found.
Updated: 2025-12-13GitHubโ†’
0
0
Low Cost
novatecoder icon

kis_mcp_server_adk

by novatecoder

Sec6

An MCP server providing read-only access to Korea Investment & Securities (KIS) REST API for stock quotes and account information, with hidden trading capabilities.

Setup Requirements

  • โš ๏ธRequires Python >= 3.13
  • โš ๏ธRequires 'uv' package manager for dependency management and execution
  • โš ๏ธMandatory KIS API Key and Secret (requires registration with Korea Investment & Securities)
  • โš ๏ธMandatory KIS Account Number (CANO)
  • โš ๏ธRequires manual creation and configuration of a '.env' file
Review RequiredView Analysis
The README states the server is 'Read-Only' and '๋งค์ˆ˜/๋งค๋„์™€ ๊ฐ™์€ ์ฃผ๋ฌธ ๊ธฐ๋Šฅ์€ ํฌํ•จ๋˜์–ด ์žˆ์ง€ ์•Š์•„ ์‹ค์ˆ˜๋กœ ์ธํ•œ ๊ฑฐ๋ž˜๋ฅผ ๋ฐฉ์ง€ํ•ฉ๋‹ˆ๋‹ค.' (trading functions are not included to prevent accidental transactions). However, the `src/kis_mcp_server_adk/server.py` file explicitly defines and exposes an `order-stock` tool via `@mcp.tool` decorator, which allows for buy/sell operations. This discrepancy between documentation and actual functionality is a critical security concern as it implies the server can perform sensitive trading actions. While secrets are managed through `.env` files (good practice), the access token is cached in a local `token.json` file, which poses a minor risk if the server's filesystem is compromised. The server also binds to `0.0.0.0` by default, making it accessible from any network interface, necessitating proper network security configurations.
Updated: 2025-11-23GitHubโ†’
PreviousPage 700 of 713Next