Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

38
11
Medium Cost
xxczaki icon
Sec3

Access Cursor/VS Code Local History through the Model Context Protocol for AI-powered data recovery and enhanced context awareness.

Setup Requirements

  • ⚠️Requires VS Code or Cursor editor to have local history enabled and populated for functionality.
  • ⚠️Requires Node.js (version >=22.22.0) to be installed.
  • ⚠️The 'restore_from_history' tool has significant security implications due to arbitrary file write capabilities; exercise extreme caution or disable this tool if not fully trusting the AI agent and the environment it runs in.
Review RequiredView Analysis
The 'restore_from_history' tool allows writing arbitrary content (from a history entry) to any absolute file path provided by the AI. This means a malicious or compromised AI could instruct the server to overwrite critical system files or inject malicious code into user files at arbitrary locations. While it includes an optional backup, this does not mitigate the risk of arbitrary file writes to unintended locations. This is a critical vulnerability if the server is run with elevated permissions or if the AI is not fully trusted.
Updated: 2026-01-15GitHub
38
1
Medium Cost
Infinityay icon

nowcoder-mcp

by Infinityay

Sec8

Enable AI assistants to search and retrieve content from the NowCoder platform, including job interview experiences, discussion posts, and career-related information.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires `uv` (recommended) or `pip` for dependency management
Verified SafeView Analysis
The server interacts with external NowCoder APIs using the `requests` library with defined timeouts, a standard practice. HTML content is converted to plain text using regex, which is generally acceptable for cleaning known structured output. No usage of `eval` or similar dangerous functions, and no hardcoded secrets were found in the provided source code. Appears generally safe for its intended purpose.
Updated: 2025-12-11GitHub
38
1
Medium Cost
vijayyarabolu icon
Sec7

A secure serverless gateway for accessing Large Language Models (LLMs) via Amazon Bedrock, incorporating input sanitization and routing.

Setup Requirements

  • ⚠️Requires an AWS account and configured AWS credentials with appropriate permissions.
  • ⚠️Requires AWS SAM CLI to be installed for deployment.
  • ⚠️Requires Amazon Bedrock access to be enabled in the AWS account and region.
  • ⚠️The Bedrock invocation in `src/lambda_function.py` is currently mocked and needs to be uncommented for actual LLM interaction.
Verified SafeView Analysis
The `sanitize_input` function provides only basic blocking of hardcoded words (`password`, `secret_key`, `ssn`) and explicitly notes it's not as sophisticated as dedicated libraries (e.g., Microsoft Presidio). The README mentions a 'Prompt Firewall' to prevent jailbreaks, but the provided `lambda_function.py` does not contain explicit logic for system prompt enforcement or advanced prompt injection prevention beyond the basic word list. This is a gap between the described features and the implemented code. There are no hardcoded secrets or `eval` statements. The serverless architecture and IAM policies for Bedrock invocation (`bedrock:InvokeModel`) are good security practices.
Updated: 2025-11-27GitHub
38
84
Medium Cost
DeepLcom icon

deepl-mcp-server

by DeepLcom

Sec9

Provides DeepL translation and linguistic capabilities as a Model Context Protocol (MCP) server for integration with AI clients.

Setup Requirements

  • ⚠️Requires a DeepL API key (paid, though a free tier is available with usage limits).
  • ⚠️Needs a Node.js runtime environment to execute the JavaScript server.
  • ⚠️Requires npm for dependency installation if cloning the repository, or npx for zero-install usage.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, which is a good security practice. It relies on standard and reputable SDKs (`deepl-node`, `@modelcontextprotocol/sdk`). The communication model via stdio limits external network attack surface. The `translate-document` tool involves file system interaction (`inputFile`, `outputFile`), which, while necessary for its function, could be a potential vector if not rigorously handled by the underlying DeepL SDK. Assuming the DeepL SDK manages file paths and content securely, the overall risk is low.
Updated: 2025-12-30GitHub
38
1
High Cost
leocaogit icon

ABAP_CHECK_MCP

by leocaogit

Sec6

Provides ABAP REPORT program syntax checking capabilities for IDEs by connecting to SAP ERP systems via RFC.

Setup Requirements

  • ⚠️Requires proprietary SAP NetWeaver RFC SDK (requires SAP S-user to download and specific OS-level installation).
  • ⚠️Requires an active SAP ERP system with a custom ABAP function module (`Z_CHECK_ABAP_SYNTAX`, `ZSYNTAX_ERROR` structure, `ZSYNTAX_CHECK` function group) manually deployed.
  • ⚠️The SAP RFC user requires highly privileged authorizations, specifically `S_PROGRAM` with create (01) and delete (06) activities, and `S_DEVELOP`.
Review RequiredView Analysis
The Python server itself has good security practices (e.g., sensitive data filtering in logs) and no direct 'eval' or malicious patterns. The primary security risk lies with the required SAP backend setup. The deployed ABAP function module `Z_CHECK_ABAP_SYNTAX` dynamically creates and deletes temporary ABAP programs (`INSERT REPORT`, `SYNTAX-CHECK FOR`, `DELETE REPORT`) on the SAP system based on user-provided ABAP code. This requires granting the RFC user highly privileged SAP authorizations (`S_PROGRAM` for create/delete programs). While these temporary programs are intended for syntax checking and are deleted, allowing arbitrary code to be inserted and processed, even temporarily, presents a significant attack surface if the input ABAP code is not from a trusted source or if the SAP system's handling of `INSERT REPORT` or `SYNTAX-CHECK` could be exploited. The Python server does not perform content-based sanitization of the ABAP code before sending it to SAP.
Updated: 2025-11-27GitHub
38
12
Medium Cost
aviaryhq icon
Sec9

Connects Cloudglue to AI assistants for video collection understanding, enabling LLMs to analyze videos, extract structured data, and gain insights from visual and audio content.

Setup Requirements

  • ⚠️Requires a Cloudglue API Key for authentication (paid service).
  • ⚠️Requires an MCP client (e.g., Cursor, Claude Desktop) to interact with the server.
  • ⚠️Node.js runtime environment is necessary to run the server locally.
Verified SafeView Analysis
The server acts as a wrapper around the Cloudglue API, routing requests and responses. It properly handles API keys via environment variables or CLI arguments, not hardcoding them. Input schemas are validated using Zod. The server uses stdio for transport, reducing direct network exposure beyond its interaction with the Cloudglue backend. The core security depends on the robustness of the Cloudglue API itself and its handling of external URLs.
Updated: 2026-01-13GitHub
38
12
Low Cost
FradSer icon
Sec9

Integrate Apple Reminders and Calendar with MCP clients for comprehensive management and automation on macOS.

Setup Requirements

  • ⚠️Requires macOS for Apple Reminders and Calendar integration.
  • ⚠️Requires Node.js 18 or later.
  • ⚠️Requires Xcode Command Line Tools for compiling the Swift bridge.
Verified SafeView Analysis
The server demonstrates strong security practices. It utilizes `execFile` with explicit argument arrays, mitigating shell injection risks. Input is rigorously validated using Zod schemas (e.g., `SAFE_TEXT_PATTERN`, `URL_PATTERN`), preventing common injection attacks and SSRF by blocking private/internal network addresses. The native Swift binary (`EventKitCLI`) is subject to comprehensive path and integrity validation (file existence, type, size, executability, and optional SHA256 hash check) via `binaryValidator.ts`, significantly reducing the risk of executing untrusted code. macOS EventKit permissions are handled natively by the Swift layer with proactive AppleScript fallbacks, ensuring user consent and system-level security. No hardcoded secrets were identified.
Updated: 2026-01-18GitHub
38
13
Medium Cost
dbankscard icon

jamf-mcp-server

by dbankscard

Sec8

This server enables AI assistants like Claude and ChatGPT to interact with Jamf Pro for comprehensive Apple device management through natural language conversations and intelligent workflows.

Setup Requirements

  • ⚠️Requires a Jamf Pro instance with API access (OAuth2 Client ID/Secret or Basic Auth credentials).
  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️For AI analysis features (e.g., in documentation), an Anthropic API Key (ANTHROPIC_API_KEY) is necessary. Other AI providers (OpenAI, Bedrock) can be configured for the CLI agent.
  • ⚠️For external AI integration (e.g., ChatGPT via HTTP server), OAuth2 provider configuration (Auth0/Okta details) and a public endpoint (via Cloudflare/ngrok) are needed.
Verified SafeView Analysis
The project demonstrates strong security awareness, employing Zod for robust input validation, standard OAuth2/JWKS practices for authentication, and explicit handling for development-only settings (e.g., dev tokens). It includes safety rules for AI agent actions and an audit logging mechanism. However, a potential risk exists in the documentation generation feature (`src/documentation/generator.ts`) where the `outputPath` parameter could be vulnerable to path traversal if not adequately sanitized when user-controlled input is provided, potentially allowing file writes outside the intended directory. While environment variables for sensitive data are used, the hardcoded `DEV_TOKEN` in `src/server/chatgpt-endpoints.ts`, though guarded by `NODE_ENV`, is a point to note.
Updated: 2026-01-18GitHub
38
9
Medium Cost
huangfeng19820712 icon

mcp-mysql-server

by huangfeng19820712

Sec9

Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires an active MySQL database server accessible from where this MCP server runs.
  • ⚠️Database connection details (host, user, password, database) must be supplied either as a MySQL connection URL via command-line arguments or through specific environment variables.
Verified SafeView Analysis
The server demonstrates robust security practices by utilizing parameterized queries to prevent SQL injection. Sensitive database credentials are managed via environment variables or a MySQL connection URL passed as a command-line argument, and passwords are explicitly masked in logging output. Input validation ensures that different tools ('query', 'execute', 'show_statement') are used for their intended SQL command types, preventing misuse. Connection pooling and graceful shutdown on process exit contribute to reliable resource management.
Updated: 2025-12-01GitHub
38
12
Medium Cost
seanivore icon
Sec3

Converts Markdown content into gorgeously styled PDF documents using VS Code's markdown styling and Python's ReportLab, integrated as an MCP server.

Setup Requirements

  • ⚠️Requires Python 3.12+ for execution.
  • ⚠️Requires `uv` for installation and running (e.g., `uv sync`, `uv run`).
  • ⚠️Relies on specific font files located in the `fonts/TTF/` directory relative to the package, which must be present and accessible.
Review RequiredView Analysis
Critical risks identified: 1. **Directory Traversal**: The `output_path` argument for the `convert_markdown` tool is directly used to construct file paths for PDF output. An attacker could specify paths like `../../../../evil.pdf` to write files to arbitrary locations outside the intended directory. 2. **SSRF/Malicious Image Download**: The `download_image` function in `converter.py` fetches image URLs directly from markdown `img src` attributes. If markdown input is untrusted, this could lead to Server-Side Request Forgery (SSRF) or downloading large/malicious files, causing resource exhaustion or internal network exposure. 3. **Arbitrary File Read (Potential)**: While less direct, the `read_resource` handler for `pdf://local/` and `markdown://local/` schemes might allow reading arbitrary files if the URI path is not sufficiently sanitized beyond basic scheme replacement, given that `Path()` is used directly with the extracted path component. The `list_resources` also lists all markdown/pdf files in the current working directory, which might expose more than intended. These vulnerabilities make the server unsafe to run with untrusted user input without significant hardening.
Updated: 2025-11-29GitHub
38
11
Low Cost

modelcontextprotocol-security.io

by ModelContextProtocol-Security

Sec9

Provides comprehensive security guidance, best practices, and resources for hardening Model Context Protocol (MCP) deployments and AI agents.

Setup Requirements

  • ⚠️Requires Ruby and Jekyll to be installed on the local system (handled by setup.sh but a dependency).
  • ⚠️Relies on Unix-like shell scripts (`setup.sh`, `serve.sh`) for local development, implying a Linux/macOS or WSL environment.
  • ⚠️Local development requires navigating into the `docs/` directory before running the setup and serve scripts.
Verified SafeView Analysis
This repository hosts a static documentation website built with Jekyll. It contains no dynamic application code, 'eval' usage, or obfuscation. Running it locally involves standard Jekyll build processes. The project focuses on security *guidance* for MCP, rather than being an MCP server itself, making the repo inherently low risk to run. The 'network risks' discussed in the content refer to risks within MCP deployments, not risks introduced by this repository itself.
Updated: 2025-11-17GitHub
38
9
Medium Cost
habedi icon

omni-lpr

by habedi

Sec3

Provides automatic license plate recognition (ALPR) capabilities via a REST API and the Model Context Protocol (MCP) as a self-hostable microservice or a toolbox for AI agents and LLMs.

Setup Requirements

  • ⚠️Hardware acceleration (CUDA/OpenVINO) requires installing specific `pip` extras AND setting the `EXECUTION_DEVICE` environment variable; mismatch will cause startup failure.
  • ⚠️Using the MCP interface with Docker requires setting `GUNICORN_WORKERS=1` to ensure session consistency, otherwise concurrent requests may fail.
  • ⚠️Initial startup may involve downloading large machine learning models, leading to potential delays and increased disk usage.
Review RequiredView Analysis
Critical security risks identified: 1. Server-Side Request Forgery (SSRF) / Local File Inclusion (LFI): The `recognize_plate_from_path` and `detect_and_recognize_plate_from_path` tools accept a `path` argument (URL or local file path). The application fetches images from these paths using `httpx.get` or `anyio.Path.read_bytes` without apparent validation or sanitization of the path's content. This could allow an attacker to read arbitrary local files, scan internal networks, or trigger denial-of-service by targeting large/slow external resources. 2. Broad CORS Policy: The server's CORS middleware allows origins from `*` (all origins), which is overly permissive and can pose a security risk in browser-based applications if not adequately protected by a stricter reverse proxy. Note: `avg_tokens_per_call` is a placeholder for computational load, as this is not an LLM application.
Updated: 2025-12-02GitHub
PreviousPage 107 of 760Next