Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

37
9
High Cost
Pipelex icon

pipelex-mcp

by Pipelex

Sec8

Enables AI agents to build and execute Pipelex pipelines from natural language descriptions via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python >=3.11,<3.12 (specific versioning).
  • ⚠️The `uv` package manager is a hard dependency, required for installation and execution.
  • ⚠️A Pipelex Inference API key is required, obtainable via Discord or by setting up a custom backend.
Verified SafeView Analysis
The server's direct code doesn't contain obvious `eval` or `exec` vulnerabilities. File operations for saving generated PLX content and pipeline outputs are confined to a specific `results/mcp` directory, limiting arbitrary file write risks. The primary security consideration lies with the inherent nature of allowing AI agents to generate and execute pipeline code (PLX), as a compromised agent could potentially construct and run unintended or malicious workflows if the underlying `pipelex` core library lacks sufficient sandboxing or validation for generated code. API keys are handled via environment variables, which is standard practice.
Updated: 2025-12-01GitHub
37
10
Medium Cost
GarethCott icon
Sec3

This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.

Setup Requirements

  • ⚠️Requires an accessible PostgreSQL database instance.
  • ⚠️A PostgreSQL connection URL (e.g., 'postgresql://user:password@host:port/db-name') is mandatory, either as a command-line argument or 'DATABASE_URL' environment variable.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Review RequiredView Analysis
The server has critical SQL injection vulnerabilities in several tools. While 'query' uses prepared statements for values, 'insert', 'update', and 'delete' directly concatenate table names and WHERE clauses, making them vulnerable. More critically, all schema management tools ('createTable', 'createFunction', 'createTrigger', 'createIndex', 'alterTable') construct SQL queries by directly concatenating LLM-provided string inputs (like table names, column definitions, function bodies, trigger conditions, and alter operations). This allows an LLM to generate arbitrary malicious SQL, leading to severe data corruption, unauthorized data access, or complete database destruction. The server relies on an external database URL which may contain credentials.
Updated: 2026-01-19GitHub
37
6
High Cost
sreeshanth-soma icon

Alephra

by sreeshanth-soma

Sec2

AI-powered healthcare companion that transforms medical reports into actionable health insights, offers multilingual voice assistance, medication tracking, and 24/7 medical guidance.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm/yarn.
  • ⚠️Requires API keys for Google Gemini, Pinecone, Sarvam AI, and Google OAuth credentials; most of these services are paid after free tiers.
  • ⚠️The code explicitly hardcodes Sarvam AI API keys, posing a severe security risk. These must be replaced with environment variables.
Review RequiredView Analysis
Critical vulnerability: The `app/api/voice/text-to-speech/route.ts` file contains hardcoded Sarvam AI API keys as fallbacks. Hardcoding API keys is a severe security risk, as they can be easily compromised, leading to unauthorized access, abuse, and potential financial implications. Additionally, the password hashing for share links uses SHA-256 directly, which is less secure than dedicated password hashing algorithms like bcrypt or Argon2 for sensitive data, though it's used for sharing and not primary user authentication. Extensive use of `JSON.parse` for client-side data (`localStorage`) could pose risks if not properly validated and sanitized, though `try-catch` blocks are present.
Updated: 2025-12-03GitHub
37
20
Medium Cost
surajrimal07 icon

NepseAPI-Unofficial

by surajrimal07

Sec3

Provides an unofficial API service for Nepal Stock Exchange (NEPSE) real-time market data through REST, WebSocket, and Model Context Protocol (MCP) endpoints for educational and research purposes.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Relies on an unofficial and potentially unstable/inaccurate NEPSE API client library, as per project disclaimers.
  • ⚠️For Claude Desktop integration, requires `uv` to be installed globally.
Verified SafeView Analysis
The application explicitly disables TLS/SSL certificate verification (`nepseAsync.setTLSVerification(False)`). This is a critical security vulnerability that makes all communications with external NEPSE data sources susceptible to Man-in-the-Middle (MitM) attacks, allowing attackers to intercept, read, or alter financial data without detection. This severely compromises data integrity and confidentiality. While rate limiting and input validation are implemented, the fundamental flaw of disabled TLS verification outweighs these positives for any serious use case. The project also relies on unofficial data sources, which inherently carry risks of inaccuracy, unreliability, and potential legal issues, as clearly stated in its extensive disclaimers. It is strictly for educational and non-commercial use.
Updated: 2026-01-09GitHub
37
11
High Cost
Minhao-Zhang icon

obsidian-mcp-server

by Minhao-Zhang

Sec5

Provides an OpenAI-compatible local Model Context Protocol (MCP) server within Obsidian, enabling external AI assistants and tools to semantically search the vault and perform file system operations.

Setup Requirements

  • ⚠️Requires an OpenAI-compatible API Key (e.g., OpenAI, local Ollama) which can incur significant costs, especially during vault indexing and semantic search operations.
  • ⚠️Vault indexing can be very resource-intensive (time, computation, API calls) for large knowledge bases and may fail if the OramaDB index file exceeds 512MB.
  • ⚠️Functions as an Obsidian plugin, requiring an active Obsidian application instance to operate the server and access the vault.
Verified SafeView Analysis
The plugin exposes powerful file system operations (read, write, edit, delete files/folders) via a local SSE-based MCP server. While path traversal is explicitly prevented for `list_files` and operations are generally confined to the Obsidian vault via `normalizePath` and `app.vault` API, a compromised external client or accidental network exposure of the local server could lead to unauthorized data modification or loss. The presence of `@ts-nocheck` in core files indicates potential for unchecked type-related vulnerabilities, exacerbated by the developer's self-admitted limited TypeScript proficiency in the `README`. Users must ensure only trusted clients interact with the server and be aware of the implications of enabling powerful tools.
Updated: 2026-01-19GitHub
37
5
Medium Cost
sjkim1127 icon

Nexuscore_MCP

by sjkim1127

Sec6

An AI-driven server designed for dynamic malware analysis, enabling AI agents to interactively debug, inspect, and analyze evasive malware in real-time.

Setup Requirements

  • ⚠️Requires a dedicated Windows 10/11 (x64) Virtual Machine for safe operation.
  • ⚠️MCP Client (e.g., Claude Desktop, Cursor) must be run with Administrator privileges for full functionality (process spawning, attaching, system scanning).
  • ⚠️Initial setup involves a PowerShell script (`setup_tools.ps1`) to install dependencies (Chocolatey, Rust, Python, Git, MSVC Build Tools) and download analysis tools, requiring administrator access.
Verified SafeView Analysis
The core functionality involves injecting arbitrary JavaScript (Frida scripts) into target processes and executing external binaries (`cdb.exe`, `tshark`, `handle.exe`, `pe-sieve64.exe`, `procdump`, `ScyllaTest.exe`). The `install_hook` tool explicitly accepts arbitrary `js_code` from the AI agent. While essential for its purpose, this grants significant power to the AI, allowing it to execute arbitrary code within the sandboxed VM. The README strongly emphasizes running this server within an isolated Virtual Machine (Windows 10/11 x64) and running the AI client as Administrator for necessary permissions, which is critical to contain potential risks from analyzing malicious code or a compromised AI agent. No hardcoded secrets were found, and external tools are called safely via `tokio::process::Command::arg()` to prevent shell injection.
Updated: 2026-01-13GitHub
37
9
Medium Cost
opentiny icon

tiny-robot

by opentiny

Sec9

A Vue 3 component library and AI interaction kit for building AI-powered frontend applications, providing UI components and a unified API interface to interact with various large AI models.

Setup Requirements

  • ⚠️Requires API keys for AI providers (e.g., OpenAI, DeepSeek, custom providers) to function, which are typically paid services.
  • ⚠️For Aliyun Speech Handler in demos, specific `appKey` and `token` are needed, and proxy forwarding might be required for real-time WebSocket recognition.
  • ⚠️The project is a client-side library and does not include its own backend 'MCP Server'; it provides components to interact with external AI/MCP servers.
Verified SafeView Analysis
The project is a client-side Vue component library and an AI interaction kit. API keys for external AI providers (e.g., OpenAI, DeepSeek, Aliyun) are passed via configuration objects (AIModelConfig) and are expected to be securely managed by the implementing application. Demo code includes placeholder API keys for Aliyun, which must be replaced. No direct backend server processing sensitive data is provided within this codebase; it's a client for external AI/MCP services. Standard browser APIs (Web Speech API, IndexedDB) are used, and client-side markdown/HTML sanitization (Dompurify) is available for UI components.
Updated: 2026-01-18GitHub
37
3
Medium Cost
kateleext icon

claude-memory

by kateleext

Sec9

Provides Claude Code with persistent memory by indexing past conversations, enabling recall of decisions, context, and work across sessions.

Setup Requirements

  • ⚠️Python 3.10+ required
  • ⚠️Requires Claude Code installed and 'claude' CLI available
  • ⚠️Requires existing Claude Code conversation logs in ~/.claude/projects/ to be useful
Verified SafeView Analysis
The server operates locally, reading `.jsonl` conversation logs from `~/.claude/projects/` and writing `memory-notes.json`. It does not expose network services, use `eval`, or contain hardcoded credentials. Data processing involves parsing JSONL and extracting specific fields, with file paths obtained from assistant tool calls, not executing arbitrary code. The `run.sh` script sources a local `.env` file for configuration, a standard and safe practice. The architecture ensures local data handling without external data transmission or high-risk operations.
Updated: 2025-12-06GitHub
37
8
Medium Cost
luiscarbonel1991 icon

nlp2sql

by luiscarbonel1991

Sec9

Converting natural language queries to optimized SQL for enterprise databases using multiple AI providers.

Setup Requirements

  • ⚠️Requires API keys for commercial AI providers (OpenAI, Anthropic, Google Gemini), which incur costs.
  • ⚠️A database connection is required for meaningful operation, necessitating a running PostgreSQL, Redshift, or similar database.
  • ⚠️For Claude Desktop environments, `NLP2SQL_EMBEDDINGS_DIR` must be set to a writable directory to store embedding indexes.
  • ⚠️Initial startup of the MCP server can be slow (~30-50s) due to schema loading and embedding model initialization, though subsequent calls are fast (~3-5s) due to caching.
Verified SafeView Analysis
The server implements robust SQL injection prevention by strictly allowing only SELECT, WITH, and EXPLAIN queries and blocking all DDL/DML operations (INSERT, UPDATE, DELETE, DROP, etc.). It also prevents multiple statements in a single query and enforces row limits to mitigate resource exhaustion. API keys and database credentials are read from environment variables, which is a secure practice. No 'eval' or obvious malicious patterns were found. The primary risk would be from a highly sophisticated bypass of the SQL validation regex, which is a general challenge for such systems.
Updated: 2026-01-17GitHub
37
11
Medium Cost
voocel icon

mcp-sdk-go

by voocel

Sec8

A Go SDK for building applications that communicate with large language models and external tools via the Model Context Protocol (MCP), supporting both client and server implementations.

Setup Requirements

  • ⚠️Go programming language runtime and toolchain required.
  • ⚠️For Streamable HTTP transport, developers must explicitly configure `SetAllowedOrigins` to prevent DNS rebinding attacks if client-side browser usage is expected.
  • ⚠️The unofficial WebSocket transport explicitly disables origin checks, requiring custom CSRF protection if used in production and exposed to browsers.
Verified SafeView Analysis
The SDK generally demonstrates good security practices, especially with its robust middleware system for logging, recovery, timeouts, rate limiting, and authentication. Input validation for tool arguments is enforced via JSON Schema inference, significantly reducing injection risks. The Streamable HTTP transport (the latest recommended HTTP transport) correctly implements maximum body size limits and provides an opt-in mechanism for origin validation to prevent DNS rebinding attacks. However, there are some notable areas for improvement: 1) The SSE transport (marked as backward compatible/older) reads entire request bodies without size limits, which could expose servers to Denial-of-Service attacks via large payloads. 2) The unofficial WebSocket transport explicitly disables origin checks (`CheckOrigin: func(r *http.Request) bool { return true }`), introducing a significant CSRF risk if used without custom origin validation. 3) Origin validation for the Streamable HTTP transport is opt-in and not enabled by default, requiring explicit configuration by the developer for full protection.
Updated: 2026-01-18GitHub
37
15
High Cost
CursorTouch icon

MCP-Agent

by CursorTouch

Sec3

An autonomous AI agent designed to discover, connect to, and utilize tools and resources from various Model Context Protocol (MCP) servers to accomplish tasks.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires an external LLM API Key (e.g., GOOGLE_API_KEY for Google Gemini, which may be a paid service).
  • ⚠️The agent is designed to execute arbitrary commands (e.g., for installing MCP server dependencies) on the host system. Running it without a sandboxed environment (e.g., Docker with restricted permissions) is highly risky.
  • ⚠️Connecting to `stdio` based MCP servers might require additional local runtime dependencies (e.g., Node.js/npm, specific Python versions) that are not part of the agent's `pyproject.toml`.
Review RequiredView Analysis
The `StdioTransport` is designed to execute arbitrary commands (e.g., `npm`, `python`, `uv`) via `asyncio.create_subprocess_exec` on the host system. This is based on `command` and `args` defined in MCP server configurations, which can be user-provided or dynamically discovered from external sources (e.g., GitHub). This fundamental capability allows the agent to run any code on the host, presenting a critical security risk if interacting with malicious or unvetted MCP servers, or if the agent itself is compromised. While `ast.literal_eval` is used for parsing LLM action inputs, it is generally safer than `eval()` and less of a concern compared to arbitrary subprocess execution.
Updated: 2026-01-08GitHub
37
6
Low Cost
portel-dev icon

photon

by portel-dev

Sec9

A multi-tenant platform for hosting and executing AI/ML "Photons" (modular tools/services) with robust authentication, session management, and OAuth capabilities, supporting various data stores.

Setup Requirements

  • ⚠️Requires 32+ character secrets (e.g., `SERV_JWT_SECRET`, `SERV_ENCRYPTION_KEY`, `SERV_STATE_SECRET`) for production deployments.
  • ⚠️For production, requires external data stores such as Redis, Cloudflare D1, or Cloudflare KV; the default is in-memory for development.
  • ⚠️OAuth providers (e.g., Google, GitHub) must be manually configured with their respective `clientId` and `clientSecret`.
Verified SafeView Analysis
The server architecture includes robust authentication (Bearer tokens, JWT, PKCE for OAuth), session management, and a dedicated Token Vault using AES-256-GCM with tenant-specific keys, indicating strong security considerations. The `src/serv/local.ts` file explicitly generates random secrets for local development, which is good practice for non-production environments. While the `eval()` function is present in a test fixture (`tests/beam/fixtures/calculator.photon.ts`), it is not found in the core `src/serv` server logic, thus its impact on the production server is minimal. Overall, the system appears well-designed for secure operations, provided production secrets are managed correctly.
Updated: 2026-01-19GitHub
PreviousPage 119 of 760Next