Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
Piotr1215 icon

vcluster-yaml-mcp

by Piotr1215

Sec9

Provides AI assistants with tools to query, validate, and extract rules for vCluster YAML configurations directly from GitHub.

Setup Requirements

  • ⚠️Requires Node.js >=18 to run locally.
  • ⚠️Network access to GitHub API is essential for all operations.
  • ⚠️Remote/HTTP server might require API keys (VALID_API_KEYS environment variable) if REQUIRE_AUTH is enabled.
Verified SafeView Analysis
The server implements API key authentication with timing-safe comparison, uses rate limiting for HTTP endpoints, and sets security headers. Crucially, it validates GitHub file paths to prevent path traversal attacks. Data is fetched live from GitHub, requiring trust in the vCluster repository maintainers. Relying on external APIs (GitHub) always carries inherent risks, but mitigation strategies are in place.
Updated: 2026-01-18GitHub
0
0
Medium Cost
daveHylde icon

brreg-mcp-server

by daveHylde

Sec9

Serve as a Model Context Protocol (MCP) interface for the Norwegian Business Registry (Brreg) API, enabling search and retrieval of company, subunit, organization form, municipality, role, update, and NACE industry code data.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️The 'data/nace-codes-full.json' file must be present relative to the server's execution directory for NACE code functionality.
Verified SafeView Analysis
The server uses `axios` for external API calls to a hardcoded, public Brreg API endpoint. There are no identifiable hardcoded secrets, 'eval' usage, or obfuscation. Input validation for organization and municipality numbers is implemented before API requests. NACE code data is loaded from a local JSON file, which is safe. Error handling includes specific types for API, validation, not found, and rate limit errors.
Updated: 2025-12-03GitHub
0
0
Medium Cost
gdinesh012 icon

onemcp

by gdinesh012

Sec2

Aggregates various Multiple Control Protocol (MCP) tools, providing a unified interface for semantic search and execution, primarily intended for AI agents or automated workflows.

Setup Requirements

  • ⚠️Requires `go` (GoLang) environment for building from source.
  • ⚠️Requires `claude` CLI, `codex` CLI, or `copilot` CLI to be installed and available in your system's `PATH`, depending on the configured `searchProvider`. These CLIs often have their own setup, authentication (e.g., API keys), and potentially network access requirements.
  • ⚠️Requires a `.onemcp.json` configuration file (or `ONEMCP_CONFIG` environment variable pointing to one) for defining external MCP servers and search provider settings. This file may contain sensitive commands.
Review RequiredView Analysis
1. Arbitrary Command Execution from Configuration: The `mcpServers` configuration allows defining external MCP servers via a `command` field, which is executed via `os/exec.Command`. If the `.onemcp.json` configuration file can be modified by an unauthorized entity, it presents a critical arbitrary command execution vulnerability. 2. Dangerous LLM CLI Flags: The `internal/llmsearch` package invokes external LLM CLIs (`claude`, `codex`) with explicitly 'dangerous' flags: `--dangerously-skip-permissions` (for `claude`) and `--dangerously-bypass-approvals-and-sandbox` (for `codex`). These flags disable important security safeguards of the underlying CLIs, increasing the risk of command injection, privilege escalation, or unintended side effects if the LLM output or prompts are not perfectly contained/sanitized. 3. External Dependency Risk: Reliance on external `claude`, `codex`, `copilot` CLIs introduces a dependency chain risk. Vulnerabilities in these external tools, or unexpected behavior from their LLM responses, could be amplified by the 'dangerous' flags. 4. No obvious hardcoded secrets or direct `eval` usage was found.
Updated: 2026-01-19GitHub
0
0
Low Cost
andriyshevchenko icon

secrets-mcp-server-ui

by andriyshevchenko

Sec6

Provides a user interface for securely managing and categorizing sensitive credentials and API keys, demonstrating Model Context Protocol (MCP) patterns.

Setup Requirements

  • ⚠️Requires a GitHub Spark environment for `@github/spark` dependencies and the `useKV` hook.
  • ⚠️Relies on the Spark platform's Key-Value (KV) service for data persistence, the security of which is external to this codebase.
  • ⚠️Frontend development setup (Node.js/npm/pnpm) is required for local development and build processes.
Verified SafeView Analysis
The frontend code is well-structured and utilizes modern UI libraries (Radix UI, ShadCN), with no obvious `eval` usage, obfuscation, or hardcoded secrets. It employs `crypto.randomUUID()` for IDs, which is good practice. However, as a 'secrets manager,' the core security relies heavily on the underlying KV store provided by `@github/spark/hooks/useKV`. The Product Requirements Document (PRD) explicitly states that the application 'focuses on demonstrating MCP interface patterns rather than implementing actual OS-level cryptographic APIs,' which implies client-side encryption is not performed. If the `useKV` service does not automatically encrypt secrets at rest and in transit, storing sensitive data with this application would pose a significant security risk. The overall security posture for managing actual secrets is critically dependent on the unanalyzed `@github/spark` platform's KV implementation.
Updated: 2026-01-19GitHub
0
0
Medium Cost
duddn2012 icon
Sec5

Multi-tenant gateway for Model Context Protocol (MCP) servers, dynamically managing and serving MCP instances per tenant with isolated databases.

Setup Requirements

  • ⚠️Requires Rust toolchain (cargo) and `git submodule update --init --recursive` to build the custom encryption library.
  • ⚠️Requires PostgreSQL database for both base tenant metadata and individual tenant databases.
  • ⚠️For RHEL 7.9 legacy production environments, Docker is required for building (`./build.sh build-lg-prd`).
Verified SafeView Analysis
Sensitive configuration values (DB passwords, API keys) are encrypted at rest using a custom Rust FFI-based library. However, the decryption key (likely an RSA key) appears to be embedded within the compiled Rust library, which is then linked statically into the Go binary. This means an attacker with access to the compiled binary can extract the decryption key and decrypt all 'encrypted' configuration values. While it protects against casual viewing of `.env` or YAML files, it does not provide robust protection against a determined attacker who obtains the binary. Hardcoded DB credentials in test config (test/testutils/test_config.go) are for testing purposes only and not production.
Updated: 2026-01-11GitHub
0
0
Medium Cost
henryoy icon
Sec3

An MCP server integrating SQL Server with AI agents (Claude Desktop, Telegram Bot) to manage a complete quotation, sales, and invoicing system.

Setup Requirements

  • ⚠️Requires SQL Server 2019+ instance running and accessible.
  • ⚠️Requires API keys for cloud LLM providers (Gemini, DeepSeek) or a local Ollama server running.
  • ⚠️Manual configuration of `claude_desktop_config.json` with specific local paths and environment variables is needed for Claude Desktop integration.
  • ⚠️Hardcoded default SQL Server credentials in `scripts/setup-database.js` (and as fallbacks in `src/config/database.ts`) might conflict with user's specific SQL Server setup and require manual modification for database setup.
Review RequiredView Analysis
CRITICAL SQL Injection Vulnerability: The `ClienteService.buscarClientes` and `ArticuloService.buscarArticulos` methods directly interpolate user-provided `criterio` into SQL `LIKE` clauses without proper parameterization. This allows malicious input to alter or drop database queries. Hardcoded default SQL Server credentials ('LAPTOP-88194PO5\\SQL2019', '12345') exist in `src/config/database.ts` as fallbacks and are directly used in `scripts/setup-database.js`, which could expose database access if the .env file is not configured or secured. Standard practices for securing LLM API keys and Telegram bot tokens are also required.
Updated: 2025-11-25GitHub
0
0
Low Cost
ateska icon

asab-mcp

by ateska

Sec7

Serves as a Model Context Protocol (MCP) server providing tools and resources for managing Markdown notes and images.

Setup Requirements

  • ⚠️Requires `asab` framework and `aiohttp-rpc` dependencies.
  • ⚠️Requires Python 3.x to run.
  • ⚠️Stores notes and uploaded pictures directly on the filesystem in a 'notes' directory (default, configurable).
Verified SafeView Analysis
The `_normalize_path` function attempts to prevent path traversal by checking `os.path.commonpath`. However, the current implementation of `uri_template_match_` in `utils.py` is a simple string comparison and does not implement RFC 6570 URI Template Matching, which could be a vulnerability if it was intended to parse URI templates with variables allowing path traversal. The `_normalize_path` itself has a potential edge case: `os.path.abspath(os.path.join(base_path, user_path))` could resolve symlinks. If `base_path` contains a symlink pointing outside its expected root, or if `user_path` itself is a symlink, it might bypass the `commonpath` check. No `eval` or `exec` found. No hardcoded secrets are evident.
Updated: 2025-11-19GitHub
0
0
High Cost
AnhQuanengineer icon

MCP-SERVER-POSTGRES

by AnhQuanengineer

Sec8

Provides an MCP server for PostgreSQL database interaction (schema listing, read-only querying) and AI-powered sentiment analysis using either external LLMs or local Hugging Face models.

Setup Requirements

  • ⚠️Requires a running PostgreSQL database instance.
  • ⚠️Requires either an OpenRouter API Key (paid, though some models are free) or a Google Gemini API Key (free tier available) if using the sentiment analysis server with external LLMs.
  • ⚠️Python 3.12+ is required (as per pyproject.toml).
Verified SafeView Analysis
The `postgres.py` component implements robust SQL query validation (`validate_sql_query`) to restrict operations to `SELECT` statements only, prevent multiple statements, and filter dangerous patterns (e.g., SQL comments, file operations, stored procedures). This significantly mitigates SQL injection risks for its defined read-only functions. API keys and database credentials are managed via environment variables. The `sentiment.py` component includes a rate limiter for LLM API calls, preventing abuse, and attempts to parse LLM responses as JSON with a fallback for malformed output. No direct use of `eval` or `exec` is present. A potential future risk exists if the `update_sentiment` prompt (currently unimplemented in `postgres.py`'s `handle_call_tool`) were to be implemented without similar stringent input validation and parameterization.
Updated: 2025-12-19GitHub
0
0
Medium Cost
Akungapaul icon

wp-taxonomy-mcp

by Akungapaul

Sec8

Manages WordPress categories and tags through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires a running Node.js environment.
  • ⚠️Requires a WordPress instance accessible via REST API.
  • ⚠️Requires a WordPress user with sufficient permissions for taxonomy management.
  • ⚠️Requires a WordPress Application Password for authentication.
Verified SafeView Analysis
The server uses Zod for robust input validation and retrieves sensitive WordPress credentials (URL, username, app password) from environment variables, which are good security practices. No 'eval' or obvious command injection vulnerabilities were found. However, it exposes direct and bulk taxonomy management operations (create, delete, assign) to any client accessing the MCP server. Its overall security posture is highly dependent on the privileges of the configured WordPress user and the network access control and authentication mechanisms guarding the MCP server itself. The underlying SDK includes rate limiting, which helps mitigate some abuse vectors.
Updated: 2025-11-28GitHub
0
0
Medium Cost
keywaysh icon

keyway-mcp

by keywaysh

Sec9

Enables AI assistants to securely manage GitHub-native secrets in a Keyway vault without exposing sensitive values in conversation logs or directly to the AI model.

Setup Requirements

  • ⚠️Requires prior authentication via `npx @keywaysh/cli login` to obtain an encrypted token.
  • ⚠️Must be run within a Git repository that has a GitHub remote configured.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server demonstrates excellent security practices. It uses strong encryption (AES-256-GCM) for stored authentication tokens, enforces strict file permissions (0600) for the encryption key, and validates HTTPS for API communication. Crucially, sensitive values are never exposed to the AI or logs; tools like `keyway_generate`, `keyway_scan`, and `keyway_diff` return masked previews, and `keyway_inject_run` meticulously redacts secrets from command output while preventing shell injection via `shell: false`. Input validation (using Zod) is robust across all tools. The explicit documentation regarding `keyway_set_secret` being the only tool where the AI supplies the raw value is a strong point of transparency. The only reason it's not a 10 is the inherent complexity of perfect output masking and false positive detection, though the implementation appears highly robust.
Updated: 2026-01-04GitHub
0
0
Medium Cost
beamstar icon
Sec3

Connects AI tools to Cheat Engine for automated reverse engineering, memory analysis, and dynamic tracing in games.

Setup Requirements

  • ⚠️Requires Cheat Engine to be installed and running.
  • ⚠️The `ce_mcp_bridge.lua` script must be loaded into Cheat Engine.
  • ⚠️Must disable 'Query memory region routines' in Cheat Engine settings to prevent system crashes (BSODs).
  • ⚠️DBVM must be activated in Cheat Engine settings for hypervisor (Ring -1) tools to function.
Review RequiredView Analysis
The server exposes `evaluate_lua` and `auto_assemble` tools, allowing AI to execute arbitrary Lua code and AutoAssembler scripts directly within Cheat Engine's powerful context. This grants extensive control over target process memory, debugging, and potentially system-level operations (especially with DBVM/DBK drivers). While named pipe IPC limits the external network attack surface to local connections, the capabilities exposed by Cheat Engine itself pose significant security and stability risks if the AI is unconstrained or compromised. The project documentation highlights critical setup steps to prevent BSODs, further indicating the inherent low-level risks.
Updated: 2026-01-19GitHub
0
0
Medium Cost
ojacques icon

zensical-mcp

by ojacques

Sec1

A server implementing or interacting with the Minecraft Protocol for custom game logic, extensions, or dedicated server functionality.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE) compatible with Minecraft server versions.
  • ⚠️Requires specific network port configuration (e.g., TCP 25565) to be accessible.
Review RequiredView Analysis
Source code for the MCP server was not provided for analysis. It is impossible to assess security risks, check for 'eval', hardcoded secrets, malicious patterns, or network vulnerabilities. Running any server software with unverified code poses extreme security risks.
Updated: 2025-11-18GitHub
PreviousPage 705 of 713Next