Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

37
9
Medium Cost
ezhuk icon

mqtt-mcp

by ezhuk

Sec9

Connects LLM agents to MQTT devices for real-time monitoring and control in smart home, building automation, and industrial control systems.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires a running MQTT broker (default: 127.0.0.1:1883)
  • ⚠️Examples require OPENAI_API_KEY (a paid service)
Verified SafeView Analysis
The server uses pydantic-settings for configuration, allowing sensitive data like MQTT credentials and AuthKit details to be externalized via environment variables or .env files, which is a good security practice. There are no obvious hardcoded secrets or malicious patterns in the provided source code. The MQTT client handles connections, subscriptions, and publishing with basic error handling. The overall security depends heavily on the configuration of the underlying MQTT broker and proper ACLs.
Updated: 2026-01-17GitHub
37
7
Medium Cost
agent-network-protocol icon

mcp2anp

by agent-network-protocol

Sec8

Provides a bridge service enabling Model Context Protocol (MCP) clients to interact with Agent Network Protocol (ANP) agents.

Setup Requirements

  • ⚠️Requires DID document (JSON) and private key (PEM) files for authentication. Users must generate these via didhost.cc or provide their own, ensuring secure storage and file permissions.
  • ⚠️The project exclusively uses `uv` for dependency management and running commands; users must have `uv` installed (e.g., `curl -LsSf https://astral.sh/uv/install.sh | sh`).
  • ⚠️For remote HTTP mode, an external authentication service (`https://didhost.cc/api/v1/mcp-sk-api-keys/verify`) is mandatory for API key validation. The server will not function without connectivity to this service or a custom authentication logic.
Verified SafeView Analysis
The server uses Pydantic for input validation, structured logging with redaction for sensitive keys in logs, and handles various HTTP errors. Authentication in remote HTTP mode relies on an external DID Host service (`didhost.cc`) to verify API keys and retrieve DID credentials, which introduces a dependency on an external service's security. For local stdio mode, DID credentials (document and private key files) are loaded from specified paths (environment variables or default files), requiring proper file permissions and secure management of these files by the user. There is a customizable authentication callback that could introduce vulnerabilities if implemented insecurely by users. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-13GitHub
37
2
Low Cost
jiahuidegit icon

ssh-mcp-server

by jiahuidegit

Sec9

Provides secure remote server management capabilities, including SSH connection, command execution, and SFTP file transfers, via the MCP protocol for integration with AI agents.

Setup Requirements

  • ⚠️Requires Node.js v20.0.0 or higher.
  • ⚠️Credential storage (via `keytar`) may require system build tools (e.g., Python, C++ compiler) on some OS/environments; otherwise, it falls back to encrypted file storage.
  • ⚠️For encrypted file-based credential storage, the `SSH_MCP_MASTER_PASSWORD` environment variable must be set.
Verified SafeView Analysis
The server demonstrates strong security awareness by implementing a robust dangerous command detection mechanism that requires explicit user confirmation for potentially destructive operations (e.g., `rm -rf /`). Sensitive credentials are securely stored using the system's Keychain (macOS, Windows) or via AES-256-GCM encrypted files protected by an optional master password. Additionally, audit logs automatically mask sensitive information like passwords and private keys. There are no indications of 'eval' or malicious obfuscation in the provided source code.
Updated: 2026-01-17GitHub
37
9
Medium Cost
eastlondoner icon

emceepee

by eastlondoner

Sec9

A proxy server enabling AI agents to dynamically connect to and interact with multiple Model Context Protocol (MCP) backend servers, exposing the full MCP protocol via a simplified tool interface or a sandboxed JavaScript execution environment.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0 or Bun runtime.
  • ⚠️Requires an existing MCP client (e.g., Claude Code/Desktop) to connect to `emceepee`.
  • ⚠️Requires backend MCP servers to connect to *through* `emceepee` (via HTTP or stdio).
  • ⚠️Initial backend server configurations can be loaded via a JSON file (`--config`) or `EMCEEPEE_CONFIG` environment variable.
Verified SafeView Analysis
The project demonstrates a strong commitment to security, especially in its `codemode_execute` feature. It explicitly uses Node.js `vm` module to create a sandboxed execution environment. This sandbox blocks access to critical Node.js globals (`process`, `require`, `module`, `global`, `globalThis`, `Buffer`), network/IO APIs (`fetch`, `XMLHttpRequest`, `WebSocket`), dynamic code execution (`eval`, `Function`), and direct filesystem access. It also enforces execution timeouts (default 30s, max 5min) and limits the number of `mcp.*` API calls (default 100) and code length (100KB) to prevent abuse and denial-of-service. While `vm` provides strong isolation, it's not as absolutely foolproof as a separate process or `isolated-vm` (which is noted as a future enhancement in `CODEMODE_PLAN.md`), but for its intended use case as an intermediary for trusted AI agents, it provides a highly secure execution model. No obvious hardcoded secrets or malicious patterns were found.
Updated: 2026-01-18GitHub
37
8
Low Cost
Sec8

This project serves as a quickstart and SDK example for hosting serverless functions built with .NET within the Microsoft Connected Platform ecosystem, specifically demonstrating a weather service.

Setup Requirements

  • ⚠️Requires .NET SDK installed.
  • ⚠️Requires Azure Functions Core Tools for local execution.
Verified SafeView Analysis
No obvious vulnerabilities, 'eval' usage, or obfuscation detected from the file list. As a quickstart, it likely focuses on functionality over hardened production-grade security, but should be safe for local testing.
Updated: 2025-11-18GitHub
37
5
Medium Cost
bkalafat icon

DiffPilot

by bkalafat

Sec10

Automate local AI-powered code review, commit message generation, secret scanning, and test suggestions before pushing code.

Setup Requirements

  • ⚠️Requires VS Code 1.101+ for full extension integration.
  • ⚠️Requires Node.js 18+ installed on the system.
  • ⚠️Requires Git installed and configured.
Verified SafeView Analysis
The server implements robust security measures including extensive input validation (branch names, remotes, paths), command and path injection prevention (rejects '-' prefixes, shell metacharacters, '..'), null byte stripping, rate limiting (120 req/min per tool), output sanitization (auto-redacts sensitive patterns like API keys, passwords, JWTs, private keys, various vendor-specific tokens, and absolute paths), secure error handling (no internal details or stack traces), and comprehensive security logging to stderr. All git operations use arguments and are subject to timeouts and explicit validations. The focus on local operations and explicit mitigation of common injection vulnerabilities makes it highly secure for its intended use.
Updated: 2026-01-18GitHub
37
8
Low Cost

planet-mcp

by planetlabs

Sec5

A Python-based project or service, likely related to development or build automation, given the tooling present.

Setup Requirements

  • ⚠️Python must be installed (version not specified, but modern Python 3.8+ is typically expected).
  • ⚠️`uv` package manager is explicitly used via `uv.lock` and will likely be required for dependency installation.
  • ⚠️Specific build or run instructions are likely defined within the 'Makefile' or `pyproject.toml` scripts, which are not provided for analysis.
Review RequiredView Analysis
Cannot perform a detailed security audit without access to the source code. The presence of standard project files (.github, Makefile, pyproject.toml) suggests adherence to some development practices, but specific risks (like 'eval' or network vulnerabilities) cannot be assessed. Defaulting to a neutral score due to unknown risks. Users should review the code before deployment.
Updated: 2025-11-18GitHub
37
9
Medium Cost
gmacev icon
Sec7

A persistent key-value memory store for AI agents, designed to extend context windows and enable semantic search over stored memories.

Setup Requirements

  • ⚠️Requires Python 3.8+ installed on the system to run the semantic search embedding service.
  • ⚠️A large E5 embedding model (intfloat/multilingual-e5-large-instruct, several GBs) will be downloaded and cached on the first run, which may take some time and consume significant disk space.
Verified SafeView Analysis
The server's HTTP endpoint explicitly sets 'Access-Control-Allow-Origin: *', making it accessible from any origin. While common for local development tools as intended here, this configuration poses a significant security risk if the server is exposed publicly without additional network layers or authentication. The system relies on `JSON.parse` for agent-provided values, which could be a vector for memory exhaustion attacks if the agent's output is not properly constrained and large/complex JSON is provided. SQL queries are parameterized, mitigating SQL injection risks. The Python embedding service is spawned as a child process, communicating via stdin/stdout with JSON, which is a generally secure pattern as long as the data passed through it is controlled and validated by the Node.js application. The embedding process itself truncates inputs to 512 tokens, which helps prevent memory exhaustion from excessively large text inputs.
Updated: 2025-11-27GitHub
37
5
High Cost
Meritocra icon

coroot-mcp

by Meritocra

Sec9

Turns Coroot observability stack into LLM-callable tools for root-cause analysis, enabling AI assistants to triage incidents and generate summaries.

Setup Requirements

  • ⚠️Requires Java 21+ and Maven 3.9+ to build/run from source.
  • ⚠️Requires an external Coroot instance (for real data) and its API key.
  • ⚠️Requires an OpenAI-compatible API Key (e.g., OpenAI, for summarization tools), which typically involves usage-based costs.
  • ⚠️An MCP-aware client (e.g., Codex CLI, Claude, Toolhive) is needed to interact with the server's tools.
Verified SafeView Analysis
The application handles JSON-RPC requests for tool calls, using predefined tool classes and structured JSON arguments, which is a safe pattern. It relies on environment variables for API keys (Coroot, OpenAI) and API URLs, preventing hardcoded secrets. An optional `MCP_AUTH_TOKEN` provides bearer token authentication for the `/mcp` endpoint; if not configured, the endpoint is unprotected, which could be a risk if exposed publicly. HTTP client includes timeouts. No direct 'eval' or malicious patterns were found in the Java source code.
Updated: 2025-11-19GitHub
37
5
High Cost
nhatvu148 icon
Sec8

High-performance video transcription and audio extraction from over 1000 online platforms or local video files, generating transcripts in plain text, JSON, and Markdown formats.

Setup Requirements

  • ⚠️Requires external system dependencies: `yt-dlp` (for video downloading) and `ffmpeg` (for audio extraction/conversion) must be installed and accessible in the system's PATH.
  • ⚠️Whisper models must be downloaded to `~/.cache/video-transcriber-mcp/models/` (e.g., using `bash scripts/download-models.sh base` or `task download:base`) before transcription can occur.
  • ⚠️If installing via `cargo install` (not Homebrew), `cmake` is also required as a build dependency for `whisper.cpp` Rust bindings.
  • ⚠️When using the HTTP transport (`--transport http`), the server listens on a specified host and port. Exposing it beyond `localhost` requires users to implement appropriate firewall rules and access control measures.
Verified SafeView Analysis
The server leverages external binaries (`yt-dlp`, `ffmpeg`) for video downloading and audio processing. While arguments are constructed to minimize common shell injection vulnerabilities, the overall security critically depends on the trustworthiness and up-to-dateness of these third-party tools. When configured with `--transport http`, the server can be exposed over the network, necessitating careful consideration of network security and access controls. No 'eval' equivalents, obfuscation, or hardcoded sensitive credentials were found in the provided Rust source code.
Updated: 2026-01-10GitHub
37
10
Medium Cost
pythonanywhere icon

pythonanywhere-mcp-server

by pythonanywhere

Sec7

This server acts as a Model Context Protocol (MCP) bridge, enabling AI-powered tools to programmatically manage files, web apps, websites, and scheduled tasks on a PythonAnywhere account.

Setup Requirements

  • ⚠️Requires `uv` to be installed and available in your PATH.
  • ⚠️Requires Python 3.13 or newer (Python 3.13 is currently in pre-release/beta stages, which may limit compatibility with PythonAnywhere's available Python versions or general stability).
  • ⚠️Requires a PythonAnywhere API token and username (`API_TOKEN`, `LOGNAME`) to be set as environment variables.
Verified SafeView Analysis
The server itself is well-structured and uses `pythonanywhere-core` for API interactions, avoiding direct `eval` or `os.system` calls. Hardcoded secrets are not present, with `API_TOKEN` and `LOGNAME` sourced from environment variables. However, the server exposes powerful operations to an AI, including `delete_path`, `upload_text_file` (allowing arbitrary file content), and `create_scheduled_task` (which can execute arbitrary commands). The README explicitly warns about these risks, particularly for LLMs potentially scheduling and executing malicious commands or modifying/deleting sensitive files without human oversight. While the server's code itself appears robust, the inherent capabilities it exposes present a significant security risk if an AI is given unrestricted access.
Updated: 2026-01-19GitHub
37
5
Medium Cost
sjkim1127 icon

NexusCore_MCP

by sjkim1127

Sec3

AI-driven dynamic malware analysis and evasion in a Windows VM.

Setup Requirements

  • ⚠️Requires Windows 10/11 (x64), preferably in an isolated Virtual Machine.
  • ⚠️Relies on numerous external executables (e.g., Detect It Easy, CAPA, FLOSS, Sysinternals Suite tools, Scylla, Tshark, cdb.exe) being present in the system's PATH. Automated setup script is provided but manual intervention may be needed.
  • ⚠️Many operations (Frida injection, process manipulation, input simulation) require the MCP server (and thus the AI client launching it) to run with Administrator privileges.
Review RequiredView Analysis
This server is designed for malware analysis and inherently implements powerful, low-level, and risky capabilities. 1. **Code Injection**: Tools like `install_hook` and several Frida-based tools (`frida_session_inject`, `inject_frida_script`) allow direct injection of arbitrary JavaScript code into target processes. While this is a core feature for dynamic instrumentation, it poses a critical risk if the AI agent is compromised or fed malicious, unsanitized input, potentially leading to arbitrary code execution within the monitored process or the Frida agent itself. 2. **Network Interception (MITM)**: Tools like `https_proxy` (using Hudsucker) and `ssl_keylog`/`ssl_dumper` perform Man-in-the-Middle (MITM) attacks on network traffic. This is a deliberate feature for decrypting HTTPS malware traffic but could be a significant security/privacy risk if misconfigured or misused. 3. **Input Simulation**: The `simulate_input` tool uses Windows API calls (`winapi`) to simulate mouse and keyboard inputs. This can bypass sandbox detection but, if misused by a compromised AI agent, could lead to direct malicious actions on the host VM or even VM escape if vulnerabilities exist. 4. **External Command Execution**: Several tools wrap external executables (`tshark`, `handle.exe`, `procdump`, `pe-sieve64.exe`, `cdb.exe`, `powershell`, `ScyllaTest.exe`). The server relies on these being in the system's PATH. If an attacker could manipulate the PATH or replace these executables, it would be a critical arbitrary command execution vulnerability. Some tools, like `eventlog.rs`, construct PowerShell commands using string formatting, which could be a vector for injection if arguments are not strictly validated. 5. **Orphaned Processes**: The `network_capture` tool spawns `tshark` but warns about child process lifecycle management. Orphaned `tshark` processes could run indefinitely, consuming resources or exfiltrating data. 6. **Low-level Access**: The `stealth_unpacker.js` script actively bypasses anti-debugging and anti-VM checks, demonstrating its deep, system-level access. Given these points, the server enables highly privileged and potentially dangerous operations. It is **CRITICAL** to run NexusCore MCP only in an isolated virtual machine (VM) with untrusted inputs, as explicitly warned in the README.
Updated: 2026-01-13GitHub
PreviousPage 118 of 760Next