Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
GlacierEQ icon
Sec2

Enables remote shell execution and system access for deployment orchestration.

Review RequiredView Analysis
The server's core functionality involves critical shell execution and system access, presenting significant inherent security risks. Without examining the source code for robust authentication, authorization, input sanitization, and secure communication protocols, it is impossible to assess its safety against malicious use or compromise. A breach would grant system-level control.
Updated: 2025-11-23GitHub
0
0
Low Cost
Nihallllll icon
Sec4

A Micro-Copilot server designed for managing a notes application, providing API endpoints to retrieve and add notes.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Critical security concern: The CORS middleware is configured to allow all origins and credentials. This must be restricted to specific, trusted origins before public deployment.
  • ⚠️Requires environment variables for Stytch authentication and database connection, as implied by dependencies.
Review RequiredView Analysis
The server utilizes `CORSMiddleware` with `allow_origins=['*']`, `allow_methods=['*']`, `allow_headers=['*']`, and `allow_credentials=True`. This configuration is highly insecure for any public or production deployment as it exposes the API to cross-site request forgery (CSRF) and other potential attacks. While `load_dotenv()` is used for loading secrets, which is good practice, the core logic for `get_notes` and `add_note` is truncated, preventing a full audit for injection vulnerabilities or other malicious patterns. There are no explicit `eval` calls or obfuscation found in the provided code.
Updated: 2025-12-01GitHub
0
0
Low Cost
songhong icon

devfest-workshop

by songhong

Sec1

A server application likely developed as a demonstration for a DevFest workshop, showcasing server-side development patterns or specific technology integrations.

Review RequiredView Analysis
CRITICAL: A comprehensive security audit cannot be performed as no source code was provided. Without code review, the server's safety, presence of hardcoded secrets, 'eval' usage, or malicious patterns cannot be verified. Running unexamined code from an unknown source poses significant security risks.
Updated: 2025-11-22GitHub
0
0
Low Cost
WisdomShun icon
Sec9

Provides a Dockerized Longport MCP (Model Context Protocol) server for easy deployment and management of Longport API services.

Setup Requirements

  • ⚠️Requires Docker Engine (20.10.0+) and Docker Compose (1.29.0+)
  • ⚠️Longport API credentials (APP_KEY, APP_SECRET, ACCESS_TOKEN) are mandatory
  • ⚠️A `.env` file must be manually created for Docker Compose setup
Verified SafeView Analysis
The project uses Docker Compose and environment variables for configuration, which is good practice for managing sensitive data. The `entrypoint.sh` script is well-structured, avoids 'eval' or other dangerous shell patterns, and correctly handles arguments and logging. The README explicitly highlights security best practices such as not committing `.env` files and protecting API credentials. The default `LONGPORT_READONLY` mode adds an extra layer of safety. The service binds to `0.0.0.0` internally, which is standard for Dockerized applications, and the README advises firewall configuration for public exposure, indicating awareness of network security.
Updated: 2025-11-20GitHub
0
0
Low Cost
bioanywhere icon
Sec9

To deploy and manage a 'gitlab-mcp-server' application using Docker containers for local development and CI/CD.

Setup Requirements

  • ⚠️Docker is required for local development and deployment.
  • ⚠️GCP credentials (GCP_CREDENTIALS, GCP_PROJECT_ID) are required for CI/CD integration with Google Artifact Registry.
Verified SafeView Analysis
The configuration files themselves (Dockerfile, docker-compose.yml, run.sh) are standard and do not contain malicious patterns, 'eval', obfuscation, or hardcoded secrets. The primary security consideration is the secure management of 'GCP_CREDENTIALS' and 'GCP_PROJECT_ID' by the user, as these grant significant access to Google Cloud resources. The repository correctly advises storing these as secrets.
Updated: 2025-12-02GitHub
0
0
Medium Cost
visccyberacct icon

n8n-mcp-server

by visccyberacct

Sec8

This server provides a Microservice Control Protocol (MCP) interface to manage and automate n8n workflows, credentials, and tags on a homelab instance.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️An n8n instance with API access is required (e.g., n8n.homelab.com).
  • ⚠️The N8N_API_KEY environment variable must be configured for authentication.
  • ⚠️SSL certificate verification is disabled by default for homelab environments, which is generally less secure than full verification.
Verified SafeView Analysis
The server retrieves the N8N_API_KEY from environment variables, preventing hardcoding of secrets. It uses httpx for network requests, and includes robust error handling that returns structured error dictionaries, avoiding raw exception exposure. Credential data is explicitly redacted when listed via the `list_credentials` tool. The default `verify_ssl=False` in the `N8nClient` for homelab environments is a noted security consideration, though justified for its intended use case. Broad exception catching in the `@handle_errors` decorator is present, but it consistently returns an error dictionary.
Updated: 2026-01-15GitHub
0
0
Medium Cost
SuperPyonchiX icon

jira_mcp_server

by SuperPyonchiX

Sec9

The Jira MCP Server enables AI assistants to interact with Jira Software DataCenter and Cloud REST APIs to retrieve, search, create, update, and transition task information.

Setup Requirements

  • ⚠️Requires Node.js v16+ and npm/yarn for installation and execution.
  • ⚠️Requires a Jira account with appropriate access permissions and either DataCenter username/password or Cloud API token.
  • ⚠️Requires a build step (`npm run build`) to compile TypeScript to JavaScript before the server can be run.
Verified SafeView Analysis
The server employs Zod schemas for robust input validation, mitigating common injection risks. Authentication is handled using standard Basic authentication (email+API token for Cloud, username+password for DataCenter) over HTTPS. Credentials are processed internally and are explicitly hidden in the output of the 'get_jira_config' tool. No 'eval' or other inherently dangerous functions are observed. However, the external setup instructions in the README show storing credentials directly in plaintext within `settings.json` or `claude_desktop_config.json`, which is a user-side security risk, not a vulnerability in the server's code itself. Environment variables are recommended for security.
Updated: 2026-01-17GitHub
0
0
Medium Cost
exsitec icon

sticky-note-mcp

by exsitec

Sec8

An MCP server that enables AI agents to persist and retrieve 'sticky notes' based on matching patterns within their current session history, acting as a memory or reminder system.

Setup Requirements

  • ⚠️Requires installation of `fastmcp` Python package (`pip install fastmcp`).
  • ⚠️Requires configuration of `MCP_AGENT_FRAMEWORK` (either 'codex' or 'copilot') and data directories (`STICKY_NOTES_DIR`, `SESSION_HISTORY_DIR`) via environment variables.
  • ⚠️Integration with either VS Code's MCP extension (for Copilot) or Codex's `config.toml` is necessary for the agent to use the server's tools.
Verified SafeView Analysis
The server uses regular expressions (`re.compile`) for context matching. While the `context_regex` is expected from an agent's tool call (or developer configuration), a malicious or poorly prompted agent could potentially generate a computationally expensive regex, leading to a ReDoS (Regular Expression Denial of Service) attack. File paths for sticky notes and session history are configured via environment variables; ensure these point to appropriate, permissioned directories to avoid unauthorized file access or modification. No direct `eval` or hardcoded secrets were found.
Updated: 2025-11-19GitHub
0
0
Low Cost
douglas-gibbons icon

redwood

by douglas-gibbons

Sec1

The Redwood MCP server provides AI models with tools for command execution, web scraping, time retrieval, and persistent data storage.

Setup Requirements

  • ⚠️Requires Python 3.12+ (as specified in pyproject.toml).
  • ⚠️Requires `uv` and `make` for setup and execution (as per README).
  • ⚠️Relies on a local SQLite database file (`mcp_data.db`) for storage, which might have concurrency or persistence implications depending on deployment.
Review RequiredView Analysis
The `run_command` tool in `src/server/command.py` uses `subprocess.run(command, shell=True)`, which is a critical security vulnerability. This allows the AI model (or any untrusted caller) to execute arbitrary shell commands on the host system, leading to Remote Code Execution (RCE), data exfiltration, or system compromise. The `get_webpage_content` tool in `src/server/web_scraper.py` can fetch content from arbitrary URLs, posing a Server-Side Request Forgery (SSRF) risk if the server has access to internal networks. Due to the severe RCE vulnerability, the server is not safe to run in a production or untrusted environment without significant modifications.
Updated: 2025-12-28GitHub
0
0
Medium Cost
bobthearsonist icon

ai-infrastructure

by bobthearsonist

Sec3

The AI Infrastructure project serves as a central hub for multiplexing various Model Context Protocol (MCP) servers and AI tools, providing a unified gateway for AI clients with integrated observability and platform services.

Setup Requirements

  • ⚠️Requires 'docker network create mcpx_ai-infrastructure' before starting services.
  • ⚠️Requires API keys (e.g., OpenAI, Anthropic, Langfuse, Lunar) for specific MCP servers and services, which must be configured in '.env' files.
  • ⚠️The 'agentgateway' requires 'statefulMode: stateless' for SSE-based MCP servers due to session handling differences.
  • ⚠️Some client configurations use 'nvm' to ensure a specific Node.js version (20.11.1) for 'mcp-remote'.
Review RequiredView Analysis
The system has several critical security risks: 1. Privilege Escalation: The 'mcps/hass-mcp' and 'mcps/browser-use' docker-compose configurations mount '/var/run/docker.sock' into their containers, which grants the containers root access to the host's Docker daemon. This allows for arbitrary code execution on the host. 2. Container Privileges: The 'mcps/mcpx' container is configured with 'privileged: true', which grants it nearly all capabilities of the host system, bypassing security isolation mechanisms. 3. Hardcoded Development Secrets: Langfuse components (MinIO, PostgreSQL, Redis) use hardcoded default credentials ('minio/miniosecret', 'langfuse/langfuse', 'langfuse-redis-secret') and a base64 encoded development auth token in environment variable examples, which are highly insecure for production. 4. Permissive CORS: The 'agentgateway/config.yaml' uses 'allowOrigins: ['*']' and 'allowHeaders: ['*']', which is overly permissive and a security risk if the gateway is exposed publicly without robust authentication/authorization. 5. Supply Chain Risk: The use of 'npx ...@latest' in 'stdio-proxy/servers.json' and client configurations introduces a supply chain risk, as a malicious update to a package could be automatically pulled and executed.
Updated: 2026-01-10GitHub
0
0
Medium Cost
abraham2512 icon

jira-mcp

by abraham2512

Sec9

Provides an MCP (Model Context Protocol) server with Jira search and issue retrieval tools for AI agents.

Setup Requirements

  • ⚠️Requires access to a Jira instance and an API token with appropriate permissions.
  • ⚠️Requires specific Jira projects to be configured via the JIRA_ALLOWED_PROJECTS environment variable for operational security.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive data (Jira base URL and token), implements a project allowlist to prevent unauthorized project access, and handles external API errors gracefully without leaking internal details. No 'eval' or other obviously dangerous dynamic code execution patterns are present. While JQL is constructed using f-strings, a well-designed Jira API is expected to sanitize user-provided 'search_text' to prevent injection, making this a low-risk vector.
Updated: 2025-12-02GitHub
0
0
Low Cost
marc-shade icon

ember-mcp

by marc-shade

Sec9

The Ember MCP server acts as an AI conscience keeper and quality gate, enforcing production-only policies and providing intelligent feedback and learning capabilities to another AI agent (Phoenix/Claude Code).

Setup Requirements

  • ⚠️Requires `GROQ_API_KEY` environment variable for AI intelligence features (Groq API, which has a free tier and low paid costs).
  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires configuration in `~/.claude.json` to register as an MCP server for integration with Claude Code.
Verified SafeView Analysis
The server uses `groq-sdk` for external API calls, which is a standard and generally safe practice. File system operations (`readFileSync`, `writeFileSync`, `mkdirSync`) are confined to configuration and log files within the user's home directory (`~/.claude/pets/`), limiting unauthorized access. There are no apparent hardcoded sensitive secrets, as API keys are retrieved from environment variables. The server communicates via standard I/O (stdio) as an MCP server, not exposing network ports directly, which minimizes external attack surfaces. An older design (`v2.3` in `SELF_HOSTED_INTELLIGENCE.md`) mentioned `execSync` for AI calls, which could be a risk if used with unsanitized input; however, the primary `src/index.ts` (v2.5) has transitioned to using the `groq-sdk` directly, mitigating this concern in the current implementation. The system actively flags 'system_interference' patterns (e.g., writing to hooks directory) as a high-risk violation, demonstrating awareness of potential misuse scenarios.
Updated: 2025-12-31GitHub
PreviousPage 706 of 713Next