Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
seanshin0214 icon

qualmaster-mcp

by seanshin0214

Sec9

This server acts as an AI-powered qualitative research and conceptual paper writing assistant, providing specialized tools and a RAG-based knowledge base to a client like Claude Desktop.

Setup Requirements

  • ⚠️Requires Claude Desktop client for full functionality, as it's an MCP server designed for integration.
  • ⚠️Requires Node.js 18+ to be installed.
  • ⚠️Requires a ChromaDB instance (local or remote) to be running and populated via `npm run seed` for RAG functionality.
Verified SafeView Analysis
The server uses `StdioServerTransport` for communication, primarily interacting via standard I/O with a local client (Claude Desktop), which limits direct network exposure. It relies on environment variables (`CHROMA_URL`, `CHROMA_PATH`) for ChromaDB configuration, preventing hardcoded secrets. Defensive coding is implemented in tool handlers to validate arguments and prevent crashes from malformed inputs. Error handling for tool calls is robust, returning structured error messages. The primary external dependency is ChromaDB, which is configurable to a local or remote instance; misconfiguration by the user to an untrusted ChromaDB endpoint could introduce a risk, but this is not a flaw in the application's code itself. No `eval` or obfuscation patterns were found.
Updated: 2025-12-07GitHub
0
0
High Cost
SnakeO icon
Sec4

Enables AI agents to automate Chrome browser interactions by exposing a set of browser control tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a companion Chrome extension (agent-jake-browser-mcp-extension) to be installed and running in Chrome.
  • ⚠️Requires a visible (non-headless) Chrome browser instance for the extension to function.
  • ⚠️Operates locally via stdio and localhost WebSockets; not designed for remote access.
Verified SafeView Analysis
The server's primary function is to act as a conduit for AI agents to control a Chrome browser through a companion extension. A critical security aspect is the `browser_evaluate` tool, which allows an AI agent to execute arbitrary JavaScript code within the browser context. While this execution happens in the browser (not on the Node.js server), it enables full control over any visited web page, including data exfiltration, DOM manipulation, or malicious network requests originating from the browser. The server uses WebSockets on `127.0.0.1` and stdio JSON-RPC, limiting direct external network exposure to the server itself. However, if the AI agent or the host system running it is compromised, this server provides a powerful vector for malicious browser actions. The `killProcessOnPort` utility uses system-level commands (`lsof`, `process.kill`) which, while intended for clean shutdown, represent elevated capabilities. Overall, the system's security is heavily dependent on the trustworthiness of the AI agent and the local environment it operates in; it is a powerful tool with inherent risks if misused.
Updated: 2026-01-19GitHub
0
0
Medium Cost
H0llyW00dzZ icon
Sec9

This server provides a Model Context Protocol (MCP) interface for comprehensive TLS X.509 certificate chain resolution, validation, expiry monitoring, visualization, and AI-powered security analysis.

Setup Requirements

  • ⚠️Requires Go 1.25.5 or later for installation.
  • ⚠️AI features require an API key (X509_AI_APIKEY environment variable or 'ai.apiKey' in config.json/yaml) which may incur costs from the AI provider.
Verified SafeView Analysis
The source code demonstrates strong security practices: - Hardcoded secrets are avoided; AI API keys are loaded from environment variables (X509_AI_APIKEY) or configuration files. - Network operations for fetching remote certificates and calling AI APIs are time-limited using context.WithTimeout to prevent hangs and resource exhaustion. - Template rendering (for prompts and documentation) uses `text/template` with basic validation (`validateTemplateStructure`) to prevent simple injection attacks. - Memory management is efficient with extensive use of reusable buffer pools (`gc.Buffer`), reducing GC pressure and potential memory leaks. - Error handling is robust, with explicit checks for parameter validity and context cancellation. - The application prioritizes security in its workflows, including validation, revocation checks, and cryptographic strength analysis.
Updated: 2026-01-19GitHub
0
0
High Cost
Jind0la icon
Sec4

Provides a persistent, intelligent memory layer for AI agents, enabling them to store, recall, consolidate, and analyze user-specific preferences, facts, and learnings across different sessions and projects.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for embedding generation.
  • ⚠️Requires an LLM API Key (Anthropic or OpenAI, Paid) for claims extraction, conflict resolution, and other intelligent processing.
  • ⚠️Requires a PostgreSQL database with the `pgvector` extension enabled.
  • ⚠️Requires Redis for caching and rate limiting. While optional, performance and reliability will be significantly degraded without it.
  • ⚠️Requires Python 3.11+ to run.
Review RequiredView Analysis
Critical vulnerabilities if not configured correctly: JWT tokens are decoded without verification if `SUPABASE_JWT_SECRET` is unset (even outside debug mode, in `src/api/dependencies.py`), allowing potential authentication bypass. Additionally, the internal JWT handler (used for the server's own JWTs) has a hardcoded fallback secret (`fallback-secret-key-change-in-production` in `src/auth/jwt.py`) if `JWT_SECRET_KEY` is not set, posing a significant risk if deployed without proper configuration. These issues make the server highly vulnerable to unauthorized access if environment variables are not securely managed.
Updated: 2026-01-19GitHub
0
0
Low Cost
Quentinchampenois icon

grist-go-mcp

by Quentinchampenois

Sec9

Acts as a Model Context Protocol (MCP) server, enabling AI agents to programmatically interact with and manage Grist documents, workspaces, and organizations.

Setup Requirements

  • ⚠️Requires a running Grist instance accessible via GRIST_ENDPOINT.
  • ⚠️Requires a Grist API key (GRIST_API_KEY) for authentication.
  • ⚠️The compiled 'grist-mcp-server' binary must be available in the system's PATH or invoked directly.
Verified SafeView Analysis
The server reads Grist endpoint and API key from environment variables (GRIST_ENDPOINT, GRIST_API_KEY), which is a good security practice. Communication is handled over standard I/O (StdioTransport), limiting direct network exposure of the server itself. No 'eval' or similar dangerous patterns were found in the provided source code. The 'go-grist-api' client library handles interactions with the Grist endpoint, making the server a proxy for API calls.
Updated: 2025-11-22GitHub
0
0
Low Cost
Dexter376 icon

task-manager

by Dexter376

Sec8

A simple task management backend API that allows users to create, read, update, and delete tasks and categories, with user authentication.

Setup Requirements

  • ⚠️Requires PostgreSQL version 16 or later.
  • ⚠️Requires PHP version 8.1 or later.
  • ⚠️Requires manual creation of the PostgreSQL database before running migrations.
Verified SafeView Analysis
The application uses Laravel's built-in authentication (Sanctum) and form request validation for API endpoints, which are standard and robust security practices. No direct use of dangerous functions like 'eval()' or obvious hardcoded secrets were found in the provided code snippets. A full security audit would require a more extensive review of the entire codebase and dependency tree.
Updated: 2026-01-19GitHub
0
0
High Cost
matheusslg icon

mcp-audio-rag

by matheusslg

Sec8

Transforms audio files into a searchable knowledge base using AI for natural language querying, enabling users to ask questions about their audio content.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires a Google Gemini API Key (costs associated with audio transcription and text generation).
  • ⚠️Requires a Supabase account with a database configured using the provided schema (free tier available, but usage costs apply).
  • ⚠️The server needs access to the local file system where audio files are stored for transcription.
Verified SafeView Analysis
The server explicitly checks for required environment variables, preventing hardcoded secrets. It uses Zod for input validation on tool arguments. SQL operations through Supabase are parameterized, mitigating SQL injection risks. The `ingest_audio` tool requires an absolute file path; while this implies local file system access, for an MCP server running in a trusted local environment, this is an expected pattern. There is no evidence of `eval` or other direct code execution vulnerabilities from user input.
Updated: 2025-12-02GitHub
0
0
Medium Cost
dungngo4520 icon

mcp-zig

by dungngo4520

Sec9

Provides Zig language features (completions, hover, definitions, references) to MCP-compatible clients by integrating with the Zig Language Server (zls).

Setup Requirements

  • ⚠️Requires `zls` (Zig Language Server) to be installed locally.
  • ⚠️Requires `WORKSPACE_ROOT` environment variable to be configured for the Zig project root.
  • ⚠️Requires Node.js >=18.0.0 to run.
Verified SafeView Analysis
The server acts as a proxy for the trusted `zls` (Zig Language Server) executable. It spawns `zls` as a child process, with the working directory configurable via `WORKSPACE_ROOT`. The inputs to the tools are structured and do not allow arbitrary command injection or dangerous operations within the server itself. Reliance on `zls` and responsible configuration of `WORKSPACE_ROOT` are key assumptions for safety. No `eval`, hardcoded secrets, or obvious malicious patterns found.
Updated: 2025-11-24GitHub
0
0
Low Cost
bitfist icon
Sec3

A Spring AI-powered Model Context Protocol (MCP) server that provides AI assistants with seamless access to Java library documentation by fetching, converting, and caching Javadoc from Maven artifacts.

Setup Requirements

  • ⚠️Requires Java 21 or higher.
  • ⚠️Building the project requires GitHub Package Registry (GPR) credentials (GPR_USER, GPR_TOKEN) set in ~/.gradle/gradle.properties for dependencies.
  • ⚠️Maven repository configuration (including potential sensitive credentials) can be specified in ~/.javadoc-mcp/repositories.json (or /opt/javadoc-mcp/init.d/repositories.json for Docker container).
Review RequiredView Analysis
The server has a critical path traversal vulnerability during Javadoc JAR extraction. The `extractJavaDocJar` function in `DefaultJavadocProvider.kt` does not sufficiently sanitize `entry.name` from the `ZipInputStream` before resolving the target path using `Path.resolve`. This allows a maliciously crafted Javadoc JAR to write files to arbitrary locations on the server's file system, potentially leading to remote code execution or data corruption/exfiltration. Additionally, while less severe, user-controlled input `fullyQualifiedClassName` is used to construct file paths, which could lead to reading unintended files within the extracted Javadoc directory structure if not carefully validated by the AI calling the tool.
Updated: 2026-01-17GitHub
0
0
Medium Cost
JAMMIEBURGERS icon

MCP-Server

by JAMMIEBURGERS

Sec4

A multi-purpose control plane (MCP) server for managing and executing various tools (e.g., Quality Engineering, calculator, banking functionalities) via a FastAPI web interface, acting as a centralized gateway for diverse operations.

Setup Requirements

  • ⚠️Requires Python 3.8+ (implicitly from FastAPI usage).
  • ⚠️Requires installation of multiple Python packages: fastapi, uvicorn, psutil, tqdm, pytest, pytest-cov, flake8, and pip-audit. These are not automatically installed.
  • ⚠️The server binds to `0.0.0.0:8080` by default, which means it will be accessible from any network interface on the host, and port 8080 may conflict with other services.
Review RequiredView Analysis
The server has a wildcard CORS origin (`allow_origins=["*"]`) which is a significant security risk in production environments, potentially allowing any domain to make cross-origin requests. More critically, several Quality Engineering tools (`endpoint_availability_check`, `api_load_test`, `security_scan`) accept a `base_url` parameter from user input, which creates a Server-Side Request Forgery (SSRF) vulnerability. An attacker with access to the server could use these tools to scan or attack internal network resources or other external services. Dynamic tool execution is mitigated by whitelisting tool names in `tool_schema.py`. No clear hardcoded secrets or direct `eval` calls with arbitrary user input were found.
Updated: 2025-11-20GitHub
0
0
High Cost
egorka23 icon
Sec8

Transcribe audio from video URLs (YouTube, Instagram, etc.) or local files into text using Whisper AI.

Setup Requirements

  • ⚠️Requires macOS (Apple Silicon or Intel).
  • ⚠️Requires Homebrew for system dependencies (ffmpeg, yt-dlp).
  • ⚠️Requires ~3 GB disk space for the Whisper AI model download on first run.
Verified SafeView Analysis
The server uses `yt-dlp` to download audio from user-provided URLs. While audio-only downloads and temporary file cleanup mitigate some risks, downloading content from arbitrary external sources can always introduce vulnerabilities, such as very large files or malformed media that could exploit `ffmpeg` or `yt-dlp`. No 'eval' or direct hardcoded secrets were found. The server does not expose inbound network services directly.
Updated: 2026-01-19GitHub
0
0
Medium Cost
TimEvans icon

ccsession

by TimEvans

Sec8

Provides Claude Code agents with programmatic session awareness, enabling them to query context usage, track todos, manage planning documents, and receive intelligent recommendations for context resets.

Setup Requirements

  • ⚠️Requires Python 3.11+ (tested on 3.13).
  • ⚠️Requires the `uv` package manager for installation and running.
  • ⚠️Requires the Claude Code CLI to be installed and running to generate transcripts and todo files.
Verified SafeView Analysis
The server primarily uses local file system operations (reading transcript and todo files, writing planning docs) and `subprocess.run` calls for Git CLI commands. While `subprocess.run` inherently carries a risk if inputs are fully user-controlled and unsanitized, the current implementation appears to construct git commands with controlled parameters, mitigating direct injection vulnerabilities. There are no explicit uses of `eval` or network calls beyond standard MCP communication. The biggest potential concern is unintended modifications to planning documents or reporting of sensitive git information if the server runs in an untrusted environment or is given overly broad permissions.
Updated: 2025-12-03GitHub
PreviousPage 709 of 713Next