Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
rishi-madhav icon

mcp-servers

by rishi-madhav

Sec9

AI-powered server for generating comprehensive educational content (flashcards, courses, quizzes, explanations, summaries, practice problems).

Setup Requirements

  • ⚠️Requires Python 3.9+
  • ⚠️Requires Claude Desktop (MCP client) to interact with the server
  • ⚠️Requires at least one AI provider API key (OpenAI/Anthropic/Gemini) – OpenAI and Anthropic generally require paid API access, while Gemini offers a free tier.
Verified SafeView Analysis
The server primarily makes outbound API calls to well-known AI providers (OpenAI, Anthropic, Gemini). API keys are loaded from environment variables, which is good practice. Input validation is implemented for tool parameters (e.g., count, level, difficulty) to prevent basic invalid inputs. There is no usage of 'eval' or 'exec' on user input. The primary risk would be prompt injection through the 'topic' or 'content' fields, which is a common concern for LLM applications but does not expose the server itself to arbitrary code execution.
Updated: 2025-12-16GitHub
0
0
Medium Cost
tyson-swetnam icon

aqs-mcp

by tyson-swetnam

Sec9

Provides a Model Context Protocol (MCP) server for accessing and querying the EPA Air Quality System (AQS) API for air quality data, monitor information, and quality assurance data.

Setup Requirements

  • ⚠️Requires an EPA AQS API Key, which can be obtained using the `aqs_signup` tool or manual registration with EPA.
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Requires a build step (`npm run build`) using TypeScript before the server can be executed.
Verified SafeView Analysis
The server securely handles API credentials by resolving them from explicit parameters or environment variables (AQS_EMAIL, AQS_API_KEY), avoiding hardcoding. Input validation is performed for date formats and ranges to prevent common errors. All external API calls are directed to the official EPA AQS API. Rate limiting is implemented to comply with API guidelines. Error handling is present to gracefully manage API failures or invalid input. No 'eval' or other dangerous dynamic code execution patterns were found, and there is no code obfuscation.
Updated: 2025-12-02GitHub
0
0
Medium Cost
Uzeyr-Odysseus icon

BookingMCP

by Uzeyr-Odysseus

Sec9

Serves as an LLM-friendly Model Context Protocol (MCP) server for searching hotels and destinations using the Booking.com RapidAPI.

Setup Requirements

  • ⚠️Python 3.11+ required
  • ⚠️RapidAPI account and Booking.com API subscription required (potentially paid API usage)
  • ⚠️Requires `RAPIDAPI_KEY` to be set in a `.env` file
Verified SafeView Analysis
The server loads `RAPIDAPI_KEY` from environment variables, which is good practice for secrets. It uses `httpx` for external API calls, which is a standard and generally secure library. There are no obvious signs of 'eval', 'exec', or other dangerous functions being used on untrusted input, nor are there hardcoded sensitive credentials. Network requests are to a defined third-party API (RapidAPI). Logging includes API request parameters which might be a minor concern if parameters contain sensitive PII, but for hotel search queries, this is generally low risk.
Updated: 2025-11-26GitHub
0
0
High Cost
berucha-lilly icon

a11y-mcp

by berucha-lilly

Sec8

Automated accessibility code review and WCAG 2.2 AA enforcement for GitHub Pull Requests using a hybrid analysis engine.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️Requires GitHub repository with admin access (for full GitHub Actions integration and branch protection)
  • ⚠️Requires npm dependencies installed
Verified SafeView Analysis
The server uses `fs.readFileSync` based on a `filePath` argument, which could be a local file system risk if the input is not carefully controlled. In its intended GitHub Actions context, `filePath` is expected to refer to files within the PR's changes, mitigating arbitrary file access. The `GITHUB_TOKEN` is used for GitHub API interactions (fetching PR content, posting comments) which is standard but requires appropriate token permissions. No explicit `eval` or code obfuscation found. Dependencies are standard for code analysis.
Updated: 2025-12-05GitHub
0
0
Low Cost
dtrog icon
Sec8

The GPG Webservice MCP Adapter allows AI agents (like ChatGPT) to perform GPG cryptographic operations (sign, verify, encrypt, decrypt) by dynamically exposing them as MCP tools and acting as a proxy to a Flask REST API.

Setup Requirements

  • ⚠️Requires Docker & Docker Compose (v2.0+) for the full suite.
  • ⚠️The Flask GPG Webservice REST API must be running for the MCP server to function.
  • ⚠️Requires Node.js >= 18.0.0 and npm to build and run the MCP server directly.
  • ⚠️For production, update CORS settings from `*` and ensure proper TLS certificate validation (`NODE_TLS_REJECT_UNAUTHORIZED` should not be `0`) as detailed in deployment guides.
Verified SafeView Analysis
The project demonstrates a strong focus on security, particularly in the core Flask backend with features like Argon2id password hashing, AES-256-GCM encryption for private keys, PBKDF2-HMAC-SHA256 for key derivation, and process isolation for GPG operations. For the MCP server specifically, it enables CORS with `origin: '*'` and `NODE_TLS_REJECT_UNAUTHORIZED=0` for internal Docker communication during development. While these are documented as development defaults and production hardening (e.g., via Caddy reverse proxy) is detailed, they are significant security risks if directly deployed to a public-facing production environment without modification. The server itself is a proxy and does not directly handle private keys, mitigating some risks. Extensive security documentation and testing procedures are provided, indicating a strong security-conscious development approach.
Updated: 2025-12-03GitHub
0
0
Medium Cost
Akungapaul icon

wp-themes-mcp

by Akungapaul

Sec3

WordPress theme management and automation through a Model Context Protocol (MCP) server, allowing agents to list, activate, install, delete, and create WordPress themes.

Setup Requirements

  • ⚠️Requires a running WordPress instance with REST API enabled and appropriate user credentials for theme management.
  • ⚠️WP-CLI must be installed and configured on the server, or SSH access provided for remote execution, if WP-CLI dependent tools are enabled.
  • ⚠️Requires Node.js v18 or higher.
Review RequiredView Analysis
The server uses `cliClient.exec` to run WP-CLI commands. In `get_theme_mods` and `create_child_theme` tools, user-provided arguments (`args.theme`, `args.child_slug`, `args.parent_theme`) are directly interpolated into the shell command string without explicit sanitization beyond Zod type validation. This creates a high risk of command injection if a malicious actor or agent provides specially crafted input, allowing arbitrary command execution on the host where WP-CLI is run. Although other WP-CLI calls like `activateTheme` or `installTheme` might be safer if `WPCLIClient` performs internal sanitization, the direct `exec` interpolation is a critical vulnerability.
Updated: 2025-11-28GitHub
0
0
Medium Cost
AttilaPataky icon

AzurePricingMCP

by AttilaPataky

Sec8

Estimates Microsoft Azure-related pricing and costs programmatically for various services and SKUs.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires a specific AI assistant (VS Code + GitHub Copilot or Claude Desktop) for client integration.
  • ⚠️Requires an absolute path to the Python executable in client configurations when not using Docker.
Verified SafeView Analysis
The server uses standard `aiohttp` for external API calls, managing sessions and retries robustly. There are no direct usages of `eval` or `exec`, nor hardcoded API keys or sensitive secrets. A default 10% customer discount is hardcoded for demonstration. When run via HTTP transport (e.g., Docker `0.0.0.0`), it exposes an endpoint, which is a standard practice but requires network security considerations.
Updated: 2026-01-19GitHub
0
0
Medium Cost
arjuns-ti icon

slides-mcp-server

by arjuns-ti

Sec8

Provides FastMCP tools for programmatic access to Google Slides, including presentation overviews, detailed slide content retrieval, and text editing.

Setup Requirements

  • ⚠️Requires manual Google Cloud Project setup (enable APIs, create OAuth credentials)
  • ⚠️Requires Python 3.12+
  • ⚠️Requires the 'uv' package manager for installation and execution
  • ⚠️Initial run will trigger an interactive OAuth authentication flow requiring browser interaction to grant permissions and save a token file.
Verified SafeView Analysis
The server uses standard Google OAuth 2.0 for authentication, requiring the user to set up a Google Cloud Project, enable APIs, and configure OAuth credentials. It explicitly requests high-privilege scopes (`drive.readonly`, `drive.file`, `presentations`) which grant full read/write access to Google Slides presentations and management of app-created files. The `setup.sh` script attempts to fetch OAuth configuration from an external API using `API_KEY`, which introduces a dependency on the security of that external service. All sensitive credentials (`.env`, `credentials.json`, `token.json`) are handled via environment variables and local files, with warnings in the README not to commit them. File-based logging (`logs.txt`) is optional but can contain sensitive information if enabled; users are warned to secure this file. There are no obvious 'eval' or malicious patterns, and Google API client output is suppressed from console.
Updated: 2025-11-19GitHub
0
0
Medium Cost
taskcrew icon
Sec9

Integrates ElevenLabs Conversational AI agents with AI assistants like Claude Code for voice interactions, outbound calls, and transcript retrieval.

Setup Requirements

  • ⚠️Requires an ElevenLabs API Key (paid service, costs depend on usage)
  • ⚠️Requires a Vercel account for deployment
  • ⚠️ELEVENLABS_API_KEY must be set in Vercel environment variables (not .env files) for production
  • ⚠️Requires Node.js 18+ for local development
Verified SafeView Analysis
The server demonstrates strong security practices: API keys (`ELEVENLABS_API_KEY`) are explicitly handled as Vercel environment variables, preventing hardcoding. CORS is properly configured with an `ALLOWED_ORIGINS` whitelist. Input validation is present for critical parameters like IDs and phone numbers. Error responses are sanitized to avoid leaking sensitive information (e.g., stack traces). There is no use of `eval` or other dangerous code execution patterns, and dependencies are managed. Future multi-tenancy plans outlined in documentation suggest even more robust per-user authentication. The primary risk would be misconfiguration of environment variables or overly permissive CORS in production.
Updated: 2025-11-25GitHub
0
0
Medium Cost
marcomatteo icon

kapua-mcp-server

by marcomatteo

Sec8

An MCP server designed for local troubleshooting and operator tooling with Eclipse Kapua or Eurotech Everyware Cloud IoT Device Management platforms, exposing Kapua APIs for device inspection and telemetry.

Setup Requirements

  • ⚠️Requires Go 1.23+ to build locally.
  • ⚠️Mandatory Kapua instance (Eclipse Kapua or Eurotech Everyware Cloud) with API endpoint and user credentials.
  • ⚠️The 'kapua-device-logs-list' tool specifically requires an Eurotech Everyware Cloud endpoint, not open-source Kapua.
  • ⚠️Local `.venv` file management for credentials or setting environment variables is required.
Verified SafeView Analysis
The server explicitly uses environment variables or a .venv file for sensitive credentials, avoiding hardcoded secrets. It implements an origin guard for HTTP streamable transport to mitigate common web vulnerabilities. Authentication uses JWT with automatic refresh. Logging middleware is in place, which is good for auditing. No 'eval' or obvious malicious patterns are present. The primary security considerations involve proper configuration by the user and the inherent security of the underlying Kapua API.
Updated: 2025-12-06GitHub
0
0
Medium Cost
iZhenius icon
Sec8

Provides weather forecast and alert tools via a Model Context Protocol (MCP) server, integrating with the National Weather Service API.

Setup Requirements

  • ⚠️Requires Java 21 or later
  • ⚠️Requires Gradle to build the JAR file
Verified SafeView Analysis
The server's HTTP endpoint enables CORS for 'anyHost()', which is common for public APIs but should be noted. User-provided `latitude`, `longitude`, and `state` parameters are directly interpolated into API URLs; however, the Ktor HTTP client is expected to handle URL encoding for path segments, and input parsing (`doubleOrNull`, `jsonPrimitive?.content`) helps mitigate simple injection risks. No hardcoded secrets or 'eval' statements were found.
Updated: 2025-11-19GitHub
0
0
Low Cost
pikkujs icon
Sec4

Develop and deploy a Model Context Protocol (MCP) server that provides AI-compliant tools, resources, and prompts for managing a todo list application.

Setup Requirements

  • ⚠️Hardcoded JWT secret must be replaced with a secure secret management solution for production.
  • ⚠️Requires Pikku CLI (`@pikku/cli`) to generate necessary code files (`yarn prebuild` or `pikku all`).
Review RequiredView Analysis
The application contains a hardcoded JWT secret ('super-secret-jwt-key-change-in-production') which is a critical vulnerability for production deployments. A generic HTTP endpoint (`/rpc/:rpcName`) exposes RPC functions marked as 'exposed' without authentication (`auth: false`), requiring careful management of which functions are exposed. Furthermore, an internal remote RPC queue worker (`pikku-remote-internal-rpc`) explicitly notes a 'security risk' as it allows invoking any internal RPC by name (`rpc.invoke`) without further validation, which could be exploited if an attacker can inject messages into this queue.
Updated: 2025-12-14GitHub
PreviousPage 702 of 713Next