Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(3136)

90
42
Medium Cost
iceener icon
Sec4

Manages Google Calendar events, checks availability, and schedules meetings via the Model Context Protocol (MCP) using OAuth 2.1.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with the Calendar API enabled and OAuth 2.0 credentials configured (Client ID, Client Secret, redirect URIs).
  • ⚠️Requires explicit configuration of `OAUTH_REDIRECT_URI` and `OAUTH_REDIRECT_ALLOWLIST` in both the server's environment and the Google Cloud OAuth client settings to avoid redirect_uri_mismatch errors.
  • ⚠️For secure token storage, a 32-byte base64url encryption key must be provided via `RS_TOKENS_ENC_KEY` (Node.js) or `TOKENS_ENC_KEY` (Cloudflare Worker). Without it, OAuth tokens are stored unencrypted.
Review RequiredView Analysis
The server explicitly states that its HTTP/OAuth layer is for development convenience and not production-grade security. Critical security gaps include: 1) The `isAllowedOrigin` function (for origin validation) is a placeholder returning `true` in production, making it vulnerable to CSRF/SSRF unless manually implemented. 2) The `wrangler.toml` defaults `OAUTH_REDIRECT_ALLOW_ALL` to `true`, a severe OAuth vulnerability if not set to `false` in production. 3) While token encryption is available via `RS_TOKENS_ENC_KEY` or `TOKENS_ENC_KEY`, it's optional, and skipping it results in plaintext storage of OAuth tokens, a major security risk. The server uses Zod for input validation and PKCE for OAuth, which are good practices, but the mentioned issues require immediate attention for any remote deployment.
Updated: 2025-12-09GitHub
89
24
Medium Cost
h7lu icon
Sec9

A local RAG (Retrieval-Augmented Generation) server providing semantic and lexical search, and graph-based navigation for RimWorld game source code and XML definitions to AI assistants.

Setup Requirements

  • ⚠️Requires manual export and placement of RimWorld game data (C# source, XML Defs) into a specified directory.
  • ⚠️Requires both .NET 8.0 SDK and Python 3.9+ runtime environments to be installed.
  • ⚠️Requires downloading a large embedding model (e.g., e5-base-v2, multiple GBs) from HuggingFace, which may require git lfs.
  • ⚠️Requires running two separate server processes concurrently (a Python embedding server and a .NET MCP server) for full functionality.
Verified SafeView Analysis
The Python embedding server runs on localhost by default (127.0.0.1:5000), limiting network exposure. API keys for remote embedding services are handled via environment variables or command-line arguments, preventing hardcoding. Input payloads for embedding are structured, reducing injection risks. No 'eval' or obvious malicious patterns were found in the provided Python source code. Assumes the C# component itself is securely written.
Updated: 2025-12-01GitHub
89
1370
Low Cost
rulego icon

rulego

by rulego

Sec4

An independent, high-performance rule engine service designed for orchestrating applications, IoT devices, large AI models, and automating data processing and workflows, often in edge computing environments.

Setup Requirements

  • ⚠️Authentication is disabled by default (`require_auth = false` in `config.conf`), making it insecure for production environments. It must be manually enabled and configured with custom credentials.
  • ⚠️To utilize various extension components (AI, IoT, CI/CD, ETL, FastHTTP), specific `go build -tags` flags are required during compilation. A standard `go build .` won't include all features.
  • ⚠️The `exec_node` component allows running shell commands. Its `cmd_white_list` configuration in `config.conf` must be carefully reviewed and restricted to prevent command injection vulnerabilities, especially if untrusted users can modify rule chains.
Review RequiredView Analysis
CRITICAL RISKS: 1. Arbitrary Code/Command Execution: The service allows defining and executing JavaScript code (via `jsTransform`, `jsFilter`, `jsSwitch` nodes) and shell commands (via `exec_node`). While `exec_node` is mitigated by a `cmd_white_list` configuration parameter, both features, if misconfigured or exploited, pose a significant risk of arbitrary code execution or denial of service. 2. Default Authentication Disabled: By default, `require_auth = false` in `config.conf`, meaning no authentication is enforced. All operations are performed as a default `admin` user. This is a critical security vulnerability for any deployment outside of local development and must be explicitly enabled and configured. 3. Hardcoded/Example Secrets: The `README` provides an example `jwt_secret_key` and `admin=admin` credentials. These must be changed to strong, unique values for any production deployment to prevent unauthorized access. RECOMMENDATIONS: - Enable `require_auth = true` and configure strong, unique user credentials and JWT secret key. - Strictly limit `cmd_white_list` to only essential commands in `config.conf`. - Thoroughly audit and sandbox all user-provided JavaScript code.
Updated: 2025-12-14GitHub
88
20
Low Cost
LunFengChen icon

proxypin-mcp-server

by LunFengChen

Sec9

Integrates ProxyPin with a Large Model IDE via FastMCP, allowing AI to programmatically control and analyze HTTP network traffic.

Setup Requirements

  • ⚠️Requires a pre-compiled or installed ProxyPin instance to be running and listening on an MCP port.
  • ⚠️Requires Python and its dependencies (requests, fastmcp) to be installed.
  • ⚠️Integration with a 'Large Model IDE' supporting the MCP protocol is necessary to utilize its functionality.
Verified SafeView Analysis
The script itself does not contain 'eval', obfuscation, or hardcoded secrets. It acts as a client to a locally or internally running ProxyPin instance via HTTP. The overall security largely depends on the configuration and security posture of the underlying ProxyPin instance and how the 'Large Model IDE' (AI) utilizes these tools. No direct public exposure or common web vulnerabilities originate from this script itself.
Updated: 2025-12-12GitHub
87
14
Medium Cost
greatSumini icon

nanobanana-api-mcp

by greatSumini

Sec5

An MCP server providing image generation and editing capabilities via the Google Gemini API, integrable with various AI coding assistants and IDEs.

Setup Requirements

  • ⚠️Requires a Google API key with access to Gemini models, which needs to be obtained separately.
  • ⚠️Requires Node.js version >= 18.0.0.
Review RequiredView Analysis
The server processes user-provided file paths for image input/output (`path`, `output_path`, `reference_images_path`). While the documentation states 'ABSOLUTE path' and 'Relative paths are NOT accepted', there is no explicit server-side validation in the handlers (e.g., `generate-image.ts`, `edit-image.ts`) to ensure paths are absolute and confined to safe directories. This could lead to path traversal vulnerabilities if a malicious client provides manipulated paths, potentially allowing arbitrary file read/write on the server's filesystem. The Google API key is correctly handled via environment variables or CLI arguments, not hardcoded.
Updated: 2025-11-25GitHub
85
6
Medium Cost
saadmanrafat icon

uv-mcp

by saadmanrafat

Sec7

Manages Python environments and dependencies using uv, providing diagnostics, repair, and package management capabilities for AI assistants.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher to be installed on the system.
  • ⚠️Requires 'uv' package manager to be installed separately and available in the system's PATH. The server provides instructions but does not install 'uv' itself.
  • ⚠️Requires manual configuration in AI client (Gemini CLI, Claude Desktop/Code) to specify the server command and path.
Review RequiredView Analysis
The server executes `uv` commands via `asyncio.create_subprocess_exec` with arguments passed as a list, which prevents typical shell injection. However, several tools (e.g., `diagnose_environment`, `repair_environment`, `add_dependency`, `remove_dependency`) accept an optional `project_path` argument. If an untrusted AI or user can provide an arbitrary `project_path`, this could lead to unintended file system modifications or data exposure outside the intended project directory. Although `pathlib.Path` resolves `..` components, there's no explicit path validation or sandboxing within the server's code to restrict operations to a predefined safe area (e.g., the user's project directory only, not arbitrary system paths). The reliance on the AI client's constraints for `project_path` poses a potential risk.
Updated: 2025-12-14GitHub
84
57
Medium Cost
andrlange icon
Sec6

Provides a comprehensive Model Context Protocol (MCP) server for AI agents to access Spring ecosystem documentation, migration guides, code examples, and project initialization metadata.

Setup Requirements

  • ⚠️Requires a PostgreSQL database for persistent storage.
  • ⚠️Requires active internet access to synchronize data from external Spring.io and GitHub APIs.
  • ⚠️Requires OpenJDK 25 and Spring Boot 4.0.0 for compatibility, which are relatively new versions.
Verified SafeView Analysis
The server demonstrates good practices for input validation, parameterized database queries, and securing external API calls by limiting domains. API key management includes hashing. However, the `SecurityConfig` explicitly disables CSRF (`csrf().disable()`). Given the presence of administrative web controllers (`LoginController`, `UsersController`, `SettingsController`), this creates a significant vulnerability for Cross-Site Request Forgery (CSRF) attacks against logged-in administrators, allowing attackers to potentially execute unintended actions.
Updated: 2025-12-13GitHub
84
146
Low Cost
JSONbored icon
Sec9

A community-driven directory and platform for discovering, sharing, and managing Claude AI configurations including agents, MCP servers, rules, commands, and hooks, with integrated tools for content generation, image transformation, and analytics.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0 and pnpm >= 10.0.0 for local development.
  • ⚠️Requires Deno for full Edge function type-checking and deployment.
  • ⚠️Requires a Supabase project with configured database, URL, Anon Key, and Service Role Key for full functionality and data storage.
Verified SafeView Analysis
The project demonstrates strong security practices including extensive input validation (Zod, custom sanitization), cryptographic comparison for sensitive secrets (e.g., REVALIDATE_SECRET), structured logging of security events, and adherence to server-only code patterns. It utilizes Supabase RLS and segregates service role keys appropriately. Image processing and package generation include size limits and secure file handling. While some internal Edge function API calls use direct string comparisons for secrets, which is a minor concern for robust systems, it's generally considered acceptable for internal service-to-service communication. Overall, it is robustly secured for its purpose.
Updated: 2025-12-14GitHub
84
5
Medium Cost
olibuijr icon

iceland-news-mcp

by olibuijr

Sec3

An MCP server that fetches and provides structured access to the latest Icelandic news from various RSS sources, integrated with a voice-activated AI assistant for news summaries and search.

Setup Requirements

  • ⚠️Requires multiple services to set up: a Node.js MCP server, a Python Whisper STT service, and a SvelteKit web UI.
  • ⚠️Requires a Google API Key for Gemini Live API, which is a paid service (though a free tier may be available). The key is exposed client-side.
  • ⚠️The Python Whisper STT service is designed for GPU (CUDA) for fast inference; performance will be significantly degraded on CPU.
  • ⚠️The web UI and its API proxy hardcode a specific local IP address (`http://192.168.8.191`) for the Whisper STT service, requiring manual adjustment if the service runs elsewhere.
Review RequiredView Analysis
A critical security flaw exists where the `GOOGLE_API_KEY` is fetched by the client-side SvelteKit app via a server endpoint (`/api/google/api-key`). This directly exposes the API key to the browser, making it vulnerable to interception and misuse. Additionally, the Whisper STT service listens on `0.0.0.0` and enables CORS for all origins (`*`), exposing it widely on the local network without restriction. Hardcoded local IP addresses for the Whisper service within the web UI (`http://192.168.8.191:7000` and `:7050`) make deployment brittle and suggest network configuration assumptions. No `eval` or direct system command injection vulnerabilities were found in the provided server-side code.
Updated: 2025-12-03GitHub
83
4
Medium Cost
TranChiHuu icon
Sec4

A Model Context Protocol (MCP) server that enables AI assistants to query PostgreSQL and MySQL databases for schema introspection and data retrieval.

Setup Requirements

  • ⚠️Requires Node.js 18+ runtime environment.
  • ⚠️Requires access to an existing PostgreSQL or MySQL database.
  • ⚠️SQL injection vulnerability exists when connecting to MySQL; ensure `tableName` inputs from AI assistants are fully trusted or manually sanitize the code.
Review RequiredView Analysis
CRITICAL SQL Injection Vulnerability: The MySQL `describe_table` tool directly interpolates the `tableName` argument into the SQL query (`DESCRIBE ${tableName}`) without proper escaping (e.g., `mysql.escapeId` or using `connection.execute` with `??` placeholders). This allows a malicious `tableName` (e.g., `users; DROP TABLE sensitive_data;`) to execute arbitrary SQL commands. A similar risk exists for `list_tables` if the database name itself (from `DB_DATABASE` or `connect_database` parameters) could be injected. PostgreSQL queries appear to use parameterized queries correctly where applicable. The server correctly uses environment variables for credentials, mitigating hardcoded secret risks. SSL is supported for connections. However, the direct SQL injection for MySQL is a critical flaw.
Updated: 2025-12-04GitHub
83
3
Low Cost
Jaycee1996 icon
Sec8

A Model Context Protocol (MCP) server that provides web scraping, crawling, search, and structured data extraction capabilities using the Firecrawl API.

Setup Requirements

  • ⚠️Requires a Firecrawl API Key for cloud usage, obtainable from firecrawl.dev.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️For self-hosted instances, interactive web actions (e.g., click, write, executeJavascript) are enabled by default, which could be exploited by untrusted prompts if not carefully managed.
Verified SafeView Analysis
The server implements a 'SAFE_MODE' for cloud deployments, disabling potentially dangerous interactive web actions (e.g., JavaScript execution, clicks) during scraping, which significantly enhances security. For self-hosted instances, these interactive actions are enabled by default and should be used with caution, as malicious prompts could exploit them. API keys are handled via environment variables or request headers, preventing hardcoded secrets. No direct 'eval' or unsanitized shell execution was found in the provided source code.
Updated: 2025-12-01GitHub
83
322
Medium Cost
f2c-ai icon

f2c-mcp

by f2c-ai

Sec8

A Model Context Protocol server for Figma Design to Code, enabling AI tools to convert Figma designs into production-ready frontend code.

Setup Requirements

  • ⚠️Requires a Figma personal access token for API authentication.
  • ⚠️Requires Node.js (>=16.0.0) environment to run.
  • ⚠️Network access to Figma and F2C APIs is necessary.
Verified SafeView Analysis
The server allows the Figma personal access token (`personalToken`) to be passed and updated via HTTP request headers. While this offers flexibility for IDE integration, in a multi-client or shared server deployment scenario, one client could potentially overwrite another's token. However, this server is primarily designed for local or personal IDE integration, where this behavior is likely intended and less of a direct threat. No 'eval' or other obvious malicious patterns were found. Relies on external Figma and F2C APIs, so security is also dependent on those third-party services.
Updated: 2025-11-27GitHub
PreviousPage 5 of 262Next