Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
Supratik24 icon

MCP-server

by Supratik24

Sec9

A simple FastMCP server providing name-related operations such as greeting, printing, and formatting names.

Setup Requirements

  • ⚠️Python 3.8 or higher is required
  • ⚠️Requires 'fastmcp' Python library (installed via requirements.txt)
Verified SafeView Analysis
The server code is simple and primarily performs string manipulations. It does not use dangerous functions like 'eval' or 'exec'. No hardcoded secrets or direct network risks were identified within the tool implementations themselves. The 'print_name' tool outputs to the console, which is expected behavior for this utility and does not pose a significant risk in a typical local deployment.
Updated: 2025-12-08GitHub
0
0
Low Cost
Divakar-2005-02-02 icon

nl-mcp-stdio-ollama-time-demo

by Divakar-2005-02-02

Sec10

Performs a basic arithmetic calculation (addition) and prints the result to standard output.

Verified SafeView Analysis
The script is a simple, self-contained Python program performing a basic arithmetic operation. It has no external dependencies, network interactions, or user input mechanisms, eliminating common security vulnerabilities. No 'eval', obfuscation, hardcoded secrets, or malicious patterns are present. It's important to note that the provided source code (add.py) does not align with the implied functionality of an 'MCP Server' or 'ollama-time-demo' as suggested by the repository name.
Updated: 2026-01-19GitHub
0
0
Medium Cost
nateshmbhat icon
Sec3

Enables AI assistants to interact with a multi-game competition platform for organizational events, providing features like AI game coaching, automated score submission, and real-time leaderboard queries.

Setup Requirements

  • ⚠️House names 'Shakti Compliers ' and 'Karma Debuggers ' require a trailing space.
  • ⚠️Requires Node.js runtime environment.
  • ⚠️Requires `npm run build` to compile TypeScript to JavaScript before running.
  • ⚠️Requires manual configuration in the MCP client (e.g., `~/.cursor/mcp.json`).
Review RequiredView Analysis
1. Critical API Authentication Bypass: The MCP server directly calls the external All Hearts API endpoints without implementing any user authentication or authorization. The frontend application suggests an OTP-based authentication (`x-user-email`, `x-otp-code` headers), which the MCP server bypasses. This allows any entity capable of making requests to the MCP server to submit scores, query private data, or manipulate game sessions for *any* player by simply providing the `playerEmail` and `playerName` arguments to the tools. This is a severe vulnerability. 2. Hardcoded Encryption Key: The `ENCRYPTION_KEY` for Sudoku submissions (and historically Memory game submissions) is hardcoded in `src/api-client.ts`. This key is publicly available within the codebase, compromising the confidentiality of encrypted data if the server's source is known. 3. Potential for Data Manipulation: Due to the authentication bypass, an attacker could artificially inflate scores, create fake participants, or alter historical game data for any player. 4. No Server-Side Input Validation: While basic type checking is done via MCP input schemas, the server-side code lacks robust validation for game-specific parameters (e.g., `wpm` ranges, `accuracy` limits), relying entirely on the external API for data integrity.
Updated: 2025-11-29GitHub
0
0
Medium Cost
thejoefriel icon

gmail-assistant-mcp

by thejoefriel

Sec9

Integrates with Gmail to fetch unread emails and generate AI-powered draft replies, optionally guided by a Google Doc for writing style and context.

Setup Requirements

  • ⚠️Requires manual setup of a Gmail App Password.
  • ⚠️Requires an Anthropic API Key (paid service).
  • ⚠️Requires manual setup of a Google Cloud Project, enabling the Docs API, and downloading 'credentials.json' if email guidelines from Google Docs are to be used.
  • ⚠️Assumes the project is located at `~/mcp-servers/gmail-assistant-mcp` for Google Docs credentials/token storage.
Verified SafeView Analysis
No use of 'eval' or obvious obfuscation. Sensitive credentials (Gmail app password, Anthropic API key) are explicitly retrieved from environment variables, which is a secure practice. Network calls are confined to Gmail (IMAP/SMTP) and Google Docs API, as expected for the stated functionality. The Google Docs helper creates a local 'token.pickle' file for OAuth credentials, which is standard for Google APIs and stores tokens securely.
Updated: 2025-12-10GitHub
0
0
High Cost
DigitalSQR icon

smart-mcp-server

by DigitalSQR

Sec8

Provides a secure interface for AI assistants to interact with FHIR R4 servers, enabling clinical decision support workflows through PlanDefinitions, resource management, terminology lookups, and structured data capture via Questionnaires.

Setup Requirements

  • ⚠️Requires Docker Desktop with MCP Toolkit enabled
  • ⚠️Requires Docker MCP CLI plugin (`docker mcp` command)
  • ⚠️Requires a FHIR R4 server running (default: http://localhost:8080/fhir)
  • ⚠️Requires a Matchbox server for StructureMap transforms (default: http://localhost:8081/matchboxv3/fhir)
Verified SafeView Analysis
The server's architecture relies on an external 'MCP Gateway' for authentication and authorization; it does not implement these functionalities internally by default. This design is suitable for its intended deployment but means the server would be vulnerable if exposed directly. The target FHIR and Matchbox server URLs are configurable via environment variables, which presents a Server-Side Request Forgery (SSRF) risk if these environment variables can be compromised or maliciously set. However, the code itself is free from obvious `eval` usage, obfuscation, hardcoded secrets, or direct command injection vulnerabilities. Input validation for JSON payloads and HTTP error handling for external FHIR server calls are present, including parsing of FHIR OperationOutcome details.
Updated: 2026-01-07GitHub
0
0
Medium Cost
jeffdyke icon
Sec3

Acts as a headless OAuth2 login/consent provider, bridging Ory Hydra (with DCR support) and Google OAuth (without DCR support) for authentication flows, primarily for AI agents like Claude.ai.

Setup Requirements

  • ⚠️Requires Docker, PostgreSQL, and Redis to be running for full functionality.
  • ⚠️Requires Google OAuth credentials (client ID and secret) to be configured.
  • ⚠️The Ory Hydra OAuth2 server must be running and properly configured as a dependency.
  • ⚠️All hardcoded secrets (CSRF, session, JWT, Hydra system/cookie secrets) MUST be overridden with strong, unique values in any non-development environment to prevent critical security vulnerabilities.
Review RequiredView Analysis
The server has critical security vulnerabilities including hardcoded secrets for CSRF protection (`src/setup/index.ts`), Hydra system secrets (`stage_env/hydra.yml`), and default insecure values for session (`src/app-fp.ts`) and JWT (`src/fp/config.ts`) secrets that explicitly warn to be changed in production. The extensive logging of request bodies by the proxy middleware (`src/setup/proxy.ts`) can also lead to sensitive information leakage in logs. Running with `NODE_TLS_REJECT_UNAUTHORIZED=0` in development (`docker-compose.yml`) is also insecure.
Updated: 2025-12-03GitHub
0
0
Low Cost
jpcanter icon

sql-server-mcp

by jpcanter

Sec9

Manages and interacts with Microsoft SQL Server databases through a Model Context Protocol (MCP) server, offering tools for database object discovery, schema inspection, safe write operations, and a full stored procedure lifecycle management with versioning.

Setup Requirements

  • ⚠️Requires a running Microsoft SQL Server instance (Docker-based test environment provided, or connect to existing server).
  • ⚠️Requires Node.js (version >=18) and npm for running the server.
  • ⚠️Critical database connection details (DB_SERVER, DB_DATABASE, DB_USER, DB_PASSWORD, DB_TRUST_SERVER_CERTIFICATE) must be configured via environment variables (.env file).
Verified SafeView Analysis
The server implements robust security measures including: comprehensive SQL validation to block dangerous keywords (e.g., DROP DATABASE, xp_cmdshell) and suspicious patterns (e.g., SQL injection attempts); enforcement of parameterized queries; configurable maximum rows affected limits for write operations; explicit transaction management with timeouts and auto-rollback; separate read-only and read-write connection pools; and comprehensive audit logging for all operations. While string manipulation is used for stored procedure (SP) schema/name rewriting during draft management, it's applied after validation and is highly specific, mitigating broader injection risks. The test environment uses a hardcoded SA password, but the production server correctly relies on environment variables.
Updated: 2025-11-20GitHub
0
0
High Cost
Prakharsahu10 icon

MCP-server

by Prakharsahu10

Sec3

This server acts as an AI content creation agent that researches topics, generates high-quality content, and stores it in a PostgreSQL database.

Setup Requirements

  • ⚠️Requires `SMITHERY_API_KEY` environment variable.
  • ⚠️Requires access to a PostgreSQL database for the agent to store content.
  • ⚠️Relies on the external `smithery.ai` service for the Neon MCP server.
Review RequiredView Analysis
The AI agent is explicitly instructed to "use SQL" for database operations, including creating new tables and storing content. This implies that the agent will dynamically generate and execute SQL queries. Without robust input sanitization, strict database permissions, and query validation within the `@inngest/agent-kit` framework or the `smithery.ai` service, this poses a significant risk of SQL injection or other unauthorized database manipulations if the agent can be prompted to generate malicious SQL. The `SMITHERY_API_KEY` is loaded from environment variables, which is a good practice.
Updated: 2026-01-07GitHub
0
0
High Cost
RecallFlow icon

VectorMind

by RecallFlow

Sec9

A lightweight vector database service providing semantic search and Retrieval Augmented Generation (RAG) capabilities using Redis as a backend for storing embeddings.

Setup Requirements

  • ⚠️Requires Docker, Docker Compose, and Docker Model Runner.
  • ⚠️Requires a running Redis server (handled by 'docker compose up -d' within the provided setup).
  • ⚠️Assumes a compatible embedding model ('ai/mxbai-embed-large' by default) is pulled and available via the Docker Model Runner at 'http://localhost:12434'.
Verified SafeView Analysis
The application handles data segmentation (labels, metadata) and provides multiple text splitting strategies (chunking, markdown sections, delimited). Input validation is present for API requests (e.g., ensuring 'content', 'document', 'chunk_size' are not empty or invalid). Environment variables are used for sensitive configurations like Redis password, which is a good practice. The reliance on 'MODEL_RUNNER_BASE_URL' for the embedding model (potentially local or self-hosted) can mitigate risks associated with external API key exposure, although an API key is passed as an empty string to the OpenAI client. No obvious use of 'eval' or user-controlled shell command execution in the Go application logic. Dockerization further enhances isolation.
Updated: 2025-11-30GitHub
0
0
Low Cost
ahmed0ezzat icon

MCP-SERVER

by ahmed0ezzat

Sec9

Exposes basic arithmetic and string manipulation functions as a web service using the FastMCP framework.

Setup Requirements

  • ⚠️Requires Python 3.8+ to run.
  • ⚠️Requires 'mcp' and 'fastmcp' Python libraries to be installed.
Verified SafeView Analysis
The server exposes basic arithmetic and echo functions. Input types are defined, limiting immediate injection vectors for the arithmetic functions. The `echo` tool returns user input directly, which might require client-side sanitization if rendered in a web context to prevent XSS. No malicious patterns, hardcoded secrets, or dangerous functions like 'eval' are present.
Updated: 2025-11-19GitHub
0
0
Low Cost
aidenlab icon
Sec8

A real-time 3D model visualization application built with Three.js that functions as a frontend for an external Model Context Protocol (MCP) server, allowing AI (like Claude) to control 3D models and lighting.

Setup Requirements

  • ⚠️Requires the `hello3dmcp-server` to be running locally or accessible via a tunnel for full functionality.
  • ⚠️Requires `sessionId` to be passed as a URL query parameter (e.g., `http://localhost:5173?sessionId=<your-session-id>`) for WebSocket connection and MCP control.
  • ⚠️For Netlify deployment, requires a WebSocket tunnel (e.g., `ngrok`, `localtunnel`) to connect to a local MCP server, and the `VITE_WS_URL` environment variable set to the `wss://` tunnel URL.
Verified SafeView Analysis
The frontend itself does not contain obvious critical vulnerabilities like `eval` or direct unsanitized HTML injection. It uses WebSockets to communicate with an external MCP server, handling incoming commands as JSON. The primary security considerations are: 1. **Trust in MCP Server**: The frontend relies entirely on the MCP server (`hello3dmcp-server`) for valid and non-malicious commands. If the server is compromised or provides malformed commands, it could lead to unexpected client-side behavior or crashes, though likely not remote code execution on the client. 2. **`sessionId` Management**: The `sessionId` is extracted from URL parameters and used for WebSocket registration. The security of session management is critical and primarily handled by the MCP server. If session IDs are easily predictable or guessable, it could lead to unauthorized control. 3. **`VITE_WS_URL` Configuration**: In production, the WebSocket URL is configured via `VITE_WS_URL`. If this environment variable is misconfigured to point to a malicious WebSocket server, the client could be compromised by malicious commands. 4. **Input Validation**: While basic type checks are present for some parameters (e.g., `parseInt` for color hex), robust validation of all incoming command parameters against expected ranges or formats is not explicitly detailed, which could lead to runtime errors if the MCP server sends invalid data.
Updated: 2025-12-22GitHub
0
0
Low Cost
farhanrhine icon

remote-mcp-server

by farhanrhine

Sec8

A remote Model Context Protocol (MCP) server for tracking personal expenses, providing tools to add, list, and summarize financial data.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires `uv` package manager for installation and execution
  • ⚠️SQLite database defaults to system temp directory, which may not persist across reboots and might require specific handling for production persistence.
Verified SafeView Analysis
The application uses parameterized queries with aiosqlite, preventing SQL injection. It does not contain 'eval', hardcoded secrets, or obvious malicious patterns. The database is stored in the system's temporary directory, which is noted in the README. As a remote HTTP server, it exposes itself to the network, which is an inherent part of its design and requires standard network security practices (e.g., firewalls) for deployment.
Updated: 2025-11-29GitHub
PreviousPage 707 of 713Next