Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Low Cost
mosco23 icon
Sec9

Provides a seamless integration for exposing Model Context Protocol (MCP) tools as an asynchronous API within a Django application using FastMCP.

Setup Requirements

  • ⚠️Requires Django (version 3.2 or higher).
  • ⚠️Requires an ASGI server like Uvicorn for production deployment.
  • ⚠️All exposed tools (functions or class methods) must be asynchronous (`async def`).
  • ⚠️If API key authentication is desired, API keys must be generated and managed via the Django admin interface.
Verified SafeView Analysis
The project leverages Django's built-in security features for API key hashing (SHA512 with constant-time comparison). API key authentication is implemented for securing tool access. Tool discovery uses `importlib` but is restricted to defined patterns within Django app directories, mitigating risks associated with arbitrary code loading. No direct `eval` or `exec` patterns were found in the provided code. Users should ensure standard Django application security practices are followed for the overall project.
Updated: 2025-12-23GitHub
0
0
High Cost
chief-builder icon

mcp-reference-server

by chief-builder

Sec7

An AI agent server that orchestrates LLM interactions with tool execution for the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️The `MCP_CURSOR_SECRET` environment variable is mandatory for server startup and must be at least 32 characters long.
  • ⚠️For the client-side AI agent functionality, at least one LLM API key (`ANTHROPIC_API_KEY` or `OPENROUTER_API_KEY`) is required for full operation.
  • ⚠️The default HTTP server configuration allows all CORS origins (`*`), which is insecure for production environments and should be explicitly restricted.
Verified SafeView Analysis
The server implements strong input validation using Zod and JSON Schema. It includes DoS protection for HTTP (body size limit) and stdio (line length limit). OAuth and PKCE implementations use Node.js crypto's timing-safe comparisons. JWT signature verification uses the `jose` library. However, the default HTTP transport configuration allows all CORS origins (`allowedOrigins: ['*']`), which is explicitly marked as 'not recommended for production' and poses a significant security risk if deployed without proper configuration. Additionally, the client-side CLI uses `shell-quote` to parse server commands, which, while safer than simple splitting, can still be a vector for command injection if '--server' arguments are not fully trusted.
Updated: 2026-01-19GitHub
0
0
Medium Cost
gemo12123 icon
Sec6

Dynamically registers and exposes internal Java tools as HTTP APIs for AI models using the Model Context Protocol (MCP), enabling a single-process multi-MCP server setup.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) 17+ (typical for modern Spring Boot applications).
  • ⚠️Relies on the Model Context Protocol (MCP) and Spring AI components, which might require specific configurations or dependencies to integrate with actual AI models.
  • ⚠️Dynamic tool registration and service discovery depend on the source of `ModuleDefinition` and `ServiceInstance` data, which is not detailed in the truncated code.
Review RequiredView Analysis
The `HttpExecutor` makes HTTP calls to dynamically configured service instances and paths. If `ModuleDefinition` (containing `ServiceInstance` and `ToolDefinitionWrapper`) is sourced from an untrusted or insufficiently validated external input, this could lead to Server-Side Request Forgery (SSRF) or arbitrary code execution via external tool calls. The `inputSchema` for tools, deserialized into `McpSchema.JsonSchema`, also presents a potential vector if not properly validated for malicious JSON content. No obvious hardcoded secrets or 'eval' equivalents were found in the truncated code, but the dynamic nature requires careful input sanitization and source validation.
Updated: 2025-11-28GitHub
0
0
Low Cost
BootcampToProd icon
Sec5

A demo Model Context Protocol (MCP) server built with Embabel Framework to connect AI agents (like Claude Desktop) with the Atlassian Confluence REST API for documentation management.

Setup Requirements

  • ⚠️Requires Java 21 or higher.
  • ⚠️Requires an OpenRouter API Key (free tier available).
  • ⚠️Requires Confluence Base URL and a base64-encoded Confluence API Token for authentication.
Verified SafeView Analysis
The `createDocument` method in `ConfluenceService.java` constructs JSON payloads using naive string formatting (`String.formatted`). This approach is vulnerable to JSON injection attacks if the `spaceKey`, `title`, or `content` parameters contain special characters (e.g., double quotes, backslashes) that are not properly escaped. A malicious or malformed input could lead to invalid JSON being sent to the Confluence API, potentially causing errors or unintended data manipulation. Best practice would be to use a robust JSON serialization library (e.g., Jackson ObjectMapper) to safely construct payloads.
Updated: 2025-12-31GitHub
0
0
Medium Cost
healthkowshik icon

open-wearables-mcp

by healthkowshik

Sec9

Enables AI assistants to query wearable health data through natural language by integrating with an Open Wearables backend.

Setup Requirements

  • ⚠️Requires a separate Open Wearables backend to be running or access to a deployed instance.
  • ⚠️Requires a valid Open Wearables API key to access any user data.
  • ⚠️Requires the 'uv' package manager (Python 3.11+) for dependency management and execution, not just pip.
Verified SafeView Analysis
The server primarily acts as an API client, forwarding requests to a configurable Open Wearables backend. It loads sensitive API keys from environment variables (using Pydantic's SecretStr) and includes checks to ensure the API key is configured. Input parameters are validated (e.g., 'days' capped at 90). Error handling for API responses (401, 404, general HTTP errors) is present. No 'eval' or malicious patterns were identified. The overall security largely depends on the security of the connected Open Wearables backend.
Updated: 2026-01-18GitHub
0
0
Low Cost
liliangshan icon
Sec8

Automates Gitee Pull Request creation, review, testing, and merging for development workflows.

Setup Requirements

  • ⚠️Requires a Gitee account and a registered OAuth application to generate API credentials (client_id, client_secret).
  • ⚠️Eight specific environment variables are mandatory: Gitee account credentials (scope_username, scope_password), OAuth app credentials (scope_client_id, scope_client_secret), and repository details (owner, repo, head, base).
  • ⚠️Gitee source (`head`) and target (`base`) branch names will be automatically formatted to 'branch (name)' if not already in that specific format, which might be an unexpected behavior for some users.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (username, password, OAuth client ID/secret), which is good practice. Access tokens are cached and sensitive parts are redacted in logs. Input validation is present for PR fields like title and label format (length and allowed characters). All external communications with Gitee use HTTPS. The server communicates via standard I/O (stdin/stdout), reducing direct external network attack surface compared to a typical web server. The multi-instance configuration relies on user-provided environment variables for isolation, which requires careful management by the user to prevent cross-instance credential leakage if not configured properly. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-16GitHub
0
0
Low Cost
jaydenchuljinlee icon

spring-kt-mcp-server

by jaydenchuljinlee

Sec9

This project implements a Multi-Content Prompt (MCP) server that exposes news aggregation functionality as discoverable tools for an MCP client.

Setup Requirements

  • ⚠️Requires Java 21 to run.
  • ⚠️Requires `OPENAI_API_KEY` environment variable, even if the provided tools don't directly use OpenAI (it's configured for Spring AI).
  • ⚠️A client expects the server to be running first for full functionality (e.g., `ping` tool check).
Verified SafeView Analysis
The RSS parser explicitly disables external DTD/entity loading, mitigating XXE vulnerabilities. It also performs content type checks before parsing XML, and strips HTML from descriptions, reducing potential XSS risks. Input parameters for tools are type-safe (enums, defined types). No obvious hardcoded secrets were found in the provided code, though an OPENAI_API_KEY is expected as an environment variable.
Updated: 2025-11-27GitHub
0
0
High Cost
namurokuro icon
Sec2

Integrate Blender 3D software with Cursor IDE via Model Context Protocol (MCP) to enable natural language control, create 3D scenes, query operation history, access code patterns, monitor agent activities, and leverage specialized AI agents.

Setup Requirements

  • ⚠️Requires local Ollama LLM server running on http://localhost:11434.
  • ⚠️Requires a custom Python addon running within Blender on http://localhost:9876 for communication.
  • ⚠️Requires a local Stable Diffusion server (e.g., via Docker) for image/video generation tools.
  • ⚠️Python dependencies must be installed via `pip install -r requirements.txt`.
Review RequiredView Analysis
The server exposes an `execute_blender_code` tool which allows arbitrary Python code execution directly within the Blender environment. This is a critical security risk as it can lead to full system compromise if exploited. While a `DANGEROUSLY_ALLOW_WRITE_OPS` environment variable hints at potential control, the capability remains high-risk. Additionally, the `agent_viewport_server.py` has a hardcoded Flask `SECRET_KEY`, which is a security vulnerability for the web dashboard.
Updated: 2025-11-26GitHub
0
0
Medium Cost
Blizarre icon

HomeMCP

by Blizarre

Sec8

A personal home automation server that plays radio and sends Telegram messages, designed to be controlled by an AI assistant like Claude.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires `ffmpeg` (specifically `ffplay` CLI) or another CLI music player installed locally
  • ⚠️Requires `telegram_bot_token`, `my_chat_id`, `madame_chat_id`, `player_args`, `port`, and `host` to be configured in a `.env` file
Verified SafeView Analysis
The server uses `subprocess.Popen` for playing audio, but the arguments (`config.player_args` and `radio.url`) are derived from local configuration files (`.env` and `radios.json`) and not directly from untrusted user input, mitigating command injection risks. Telegram API calls are made with a bot token and chat IDs loaded from `.env`, which is good practice. The `send.sh` script relies on `claude`'s tool calling safety to prevent misuse. There are no hardcoded secrets or obvious `eval` patterns. The primary security consideration is ensuring the `.env` file is secured and `player_args` is configured safely, as well as the inherent risks associated with piping arbitrary transcription output to an LLM for tool execution, although `--allowedTools=home` limits the scope.
Updated: 2025-12-25GitHub
0
0
Medium Cost
jeevvanth icon
Sec4

A multi-agent LangGraph application for generating Cognitive Behavioral Therapy (CBT) exercises, persisted using a PostgreSQL checkpointer.

Setup Requirements

  • ⚠️Requires a running PostgreSQL database instance with appropriate credentials.
  • ⚠️The PostgreSQL connection string is hardcoded in `main.py` and should be moved to an environment variable.
  • ⚠️Requires Python 3.13 or higher, as specified in `pyproject.toml`.
  • ⚠️Requires a Groq API Key (e.g., `GROQ_API_KEY`) to be set in environment variables for the `ChatGroq` LLM.
Review RequiredView Analysis
A critical security vulnerability exists due to a hardcoded PostgreSQL connection string, including username ('postgres') and password ('jeeva123'), directly within `main.py`. This credential should be stored in an environment variable. While no obvious 'eval' or malicious code patterns were found, relying on LLM output for JSON parsing without robust error handling or sanitization could introduce risks if the LLM generates malformed or unexpectedly structured data.
Updated: 2025-12-14GitHub
0
0
Low Cost
akeredolukola icon

mcp_hello_server

by akeredolukola

Sec10

Minimal MCP-style server implemented with FastAPI for demonstrating and extending Model Context Protocol interactions.

Setup Requirements

  • ⚠️Requires Python 3 environment setup (venv recommended)
  • ⚠️Requires uvicorn and other dependencies from requirements.txt
Verified SafeView Analysis
The provided source code for the MCP server is an 'echo' server and does not perform any external network calls, use 'eval', or contain hardcoded secrets. It is designed to be a safe starting point. Examples in the README for extension (e.g., integrating OpenAI) would introduce new security considerations (like API key management) if implemented.
Updated: 2025-12-11GitHub
0
0
Low Cost
aiqidao-dg icon

pix-bi-mcp

by aiqidao-dg

Sec6

Backend server for PIX BI platform, integrating with its API and designed for deployment on Render.com.

Setup Requirements

  • ⚠️Requires Git installed locally.
  • ⚠️Requires a GitHub repository to be created (or existing) for pushing code.
  • ⚠️Requires a PIX BI API Token for server functionality, which must be manually configured as an environment variable in Render.com.
  • ⚠️Requires a Render.com account for deployment.
  • ⚠️The 'publish_to_github.py' script requires a GitHub Personal Access Token or SSH keys configured for pushing to GitHub, with the PAT method being insecure.
Verified SafeView Analysis
The 'publish_to_github.py' script has a critical security flaw where it embeds the GitHub Personal Access Token (PAT) directly into the repository URL (e.g., 'https://username:token@github.com/...'). This practice exposes the token in logs, process lists, or command history, making it vulnerable. While the script offers SSH as an alternative, the PAT handling itself is insecure. The 'init-github-repo.sh' script and 'render.yaml' correctly instruct users to manually enter sensitive API tokens on Render.com, which is a good security practice for environment variables.
Updated: 2025-12-13GitHub
PreviousPage 708 of 713Next