Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

37
10
High Cost
alishangtian icon

proteus-ai

by alishangtian

Sec4

A workflow execution engine that orchestrates multi-agent systems, integrates various tools, and provides a sandboxed environment for code execution to solve complex tasks.

Setup Requirements

  • ⚠️Requires Docker for full environment setup (including the code sandbox and Redis).
  • ⚠️Requires Redis for session management, conversation history, scratchpad, tool memory, and SOP memory.
  • ⚠️Requires MySQL for database interaction nodes (DbQueryNode, DbExecuteNode, MysqlNode).
  • ⚠️Requires Ollama for embedding models used by the SOP Memory Manager.
  • ⚠️Requires various API keys (e.g., for LLMs, Serper, Caiyun, and Sandbox API key), some of which are decrypted using a `CRYPTO_SECRET_KEY` environment variable.
  • ⚠️BrowserAgentNode requires Chrome/Chromium browser and its executable path configured.
  • ⚠️The sandbox service runs Python 3.12+ (as indicated by Dockerfiles).
Review RequiredView Analysis
The primary security risk lies in the PythonExecuteNode, which sends arbitrary Python/Shell code to an external sandbox service (running in-process `exec`). Although the sandbox attempts to apply safety checks and resource limits, `exec` is notoriously difficult to fully secure against malicious code. There is a potential for sandbox escapes, resource exhaustion, or unintended side effects if a sophisticated attacker provides malicious input. Additionally, web crawling nodes and interactions with external MCP servers introduce dependencies on the security of third-party services and require robust input validation to prevent issues like SSRF or data leakage. File writing operations also require careful handling to avoid path traversal vulnerabilities.
Updated: 2026-01-18GitHub
37
7
Medium Cost
robotmcp icon

robot-mcp-client

by robotmcp

Sec6

Integrate a Google Gemini LLM with ROS/ROS2 robots via a Model Context Protocol (MCP) server for natural language control.

Setup Requirements

  • ⚠️Requires `GOOGLE_API_KEY` from Google AI Studio (commercial LLM, potential cost).
  • ⚠️Requires an active instance of `ros-mcp-server` (external project) to be installed and running.
  • ⚠️Requires `rosbridge` to be running on the target robot.
  • ⚠️The `mcp.json` configuration for `ros-mcp-server` command path must be correctly set, especially for WSL users requiring `/mnt/c/` paths.
  • ⚠️Requires Python 3.10+ and either `uv` or `pip` for dependency management.
Verified SafeView Analysis
The client executes an external command specified in `mcp.json` to start the `ros-mcp-server` (`uv run server.py`). If the `mcp.json` file is tampered with or the specified `ros-mcp-server` itself is malicious, arbitrary code could be executed. Users must ensure the integrity of their `mcp.json` configuration and the `ros-mcp-server` instance. The client correctly loads the `GOOGLE_API_KEY` from an environment file, avoiding hardcoded secrets.
Updated: 2026-01-19GitHub
37
7
High Cost
youdotcom-oss icon

youdotcom-mcp-server

by youdotcom-oss

Sec9

Provides AI agents with real-time access to web information, including search, AI-powered answers, and content extraction, through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires You.com API Key (Paid, available via you.com/platform/api-keys)
  • ⚠️Requires Bun or Node.js (version >=18)
Verified SafeView Analysis
The server code demonstrates good security practices: - No direct usage of 'eval' or similar dangerous functions found in the provided source code. - API keys (YDC_API_KEY) are consistently handled via environment variables or explicitly passed configuration, preventing hardcoding of sensitive credentials. - External network calls are directed to You.com's official API endpoints (ydc-index.io, api.you.com), which are expected for its core functionality. - Input schemas for tools are rigorously validated using Zod, mitigating risks from malformed or malicious inputs. - Robust error handling is implemented for API calls, providing informative messages and generating pre-filled error report links rather than exposing raw system details. - The codebase structure, use of TypeScript, and reliance on established libraries (Hono, Bun, Zod) contribute to overall code quality and maintainability, indirectly enhancing security.
Updated: 2026-01-19GitHub
37
2
Low Cost
duolingo icon

slack-mcp

by duolingo

Sec9

A read-only Model Context Protocol (MCP) server for Slack, providing secure, multi-user access to Slack data through a set of API tools.

Setup Requirements

  • ⚠️Requires a Slack App to be created with specific user token scopes and redirect URLs configured.
  • ⚠️Requires `SLACK_CLIENT_ID` and `SLACK_CLIENT_SECRET` environment variables to be set.
  • ⚠️Local development for OAuth requires an HTTPS proxy (e.g., ngrok) to handle Slack's HTTPS-only callback requirement.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in its OAuth and session management. It explicitly implements immutable session-to-user bindings and uses cryptographically secure state parameters for CSRF protection during the OAuth flow. Environment variables are used for sensitive credentials (Client ID/Secret), preventing hardcoding. It leverages well-established libraries like `fastmcp`, `fastapi`, and `slack-sdk`. No direct 'eval' or other obvious arbitrary code execution vectors were found. The primary risk would be misconfiguration of environment variables or allowing access to untrusted clients, which is external to the code's direct vulnerabilities.
Updated: 2025-11-25GitHub
37
10
Medium Cost
friendsofhyperf icon

mcp-server

by friendsofhyperf

Sec9

A Hyperf-based server implementation of the Model Context Protocol (MCP) to manage and serve AI tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires an existing Hyperf ~3.1.0 project setup, as this is a Hyperf component.
  • ⚠️PHP >= 8.1 is strictly required.
  • ⚠️Redis PHP extension is required if using Redis for session management, though InMemorySessionStore is the default.
Verified SafeView Analysis
The server framework itself appears robust, following Hyperf's dependency injection principles. It relies on the security of the underlying `mcp/sdk` and user-implemented handlers. Configuration-driven class discovery means that if configuration files were compromised, malicious classes could be loaded, but this is a standard risk for any framework. No hardcoded credentials or obvious arbitrary code execution vectors were found in the provided source code. The HTTP transport handles CORS headers and uses standard PSR-7 message processing.
Updated: 2025-11-30GitHub
37
6
Low Cost
kweinmeister icon

toon-mcp

by kweinmeister

Sec8

This server provides tools to encode JSON into TOON format and decode TOON back to JSON, primarily for optimizing LLM prompts and context by reducing token count.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Requires manual configuration in Gemini CLI settings (`~/.gemini/settings.json`) to register as an MCP server.
  • ⚠️The quick start uses `npx` to run directly from a Git repository, which implies trusting the repository's code at the time of execution.
Verified SafeView Analysis
The server uses the `@toon-format/toon` library for core encoding/decoding, and `JSON.parse` for handling input JSON strings. While `JSON.parse` is generally safe against code injection, an attacker controlling the input `json` string could potentially craft malformed JSON that triggers unexpected behavior in the `toon` library. The server is built using `FastMCP` which likely includes standard web server security practices like rate limiting. No direct 'eval' or malicious patterns are observed in the provided source code, and network exposure is handled by the `FastMCP` SDK.
Updated: 2026-01-16GitHub
37
14
Low Cost
pasie15 icon
Sec9

This server acts as a Model Context Protocol (MCP) wrapper for the Meshy AI API, enabling MCP clients to interact with Meshy's generative 3D tools for tasks like text-to-3D, image-to-3D, texturing, rigging, and animation.

Setup Requirements

  • ⚠️Requires a Meshy AI API Key (obtained from Meshy Dashboard).
  • ⚠️Requires a Node.js runtime (version 18 or higher).
Verified SafeView Analysis
The server primarily acts as a proxy for the Meshy AI API, handling requests and responses. It correctly loads the API key from environment variables (MESHY_API_KEY) and uses Zod for input validation on tool arguments, mitigating common injection risks. Network requests are made using standard fetch, and streaming responses are handled as Server-Sent Events with JSON parsing. The use of `.passthrough()` for some Zod schemas allows additional fields to be sent directly to the Meshy API without strict validation by the wrapper, relying on the upstream API's validation, which is common for API wrappers but slightly less strict than full schema enforcement.
Updated: 2025-11-21GitHub
37
17
High Cost
FlowLLM-AI icon

finance-mcp

by FlowLLM-AI

Sec1

Finance MCP is an intelligent agent toolkit and MCP server designed for financial research scenarios, leveraging LLMs for deep research, web scraping, and data analysis.

Setup Requirements

  • ⚠️Requires multiple paid API keys (Tushare, DashScope, Tavily, Bailian) depending on the enabled financial research and search features.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Automatically downloads Playwright browser binaries on first run, which can be large and may require system dependencies.
Review RequiredView Analysis
The server includes operations (`ExecuteCodeOp`, `HistoryCalculateOp`) that execute arbitrary Python code (`exec()`) and shell commands (`ExecuteShellOp`), potentially generated by an LLM. This poses a severe remote code execution (RCE) risk. There is no clear indication of sandboxing or robust input validation for these operations, making it extremely unsafe for untrusted or internet-facing environments.
Updated: 2025-12-31GitHub
37
7
Low Cost
wei icon
Sec9

Provides secure, OAuth-authenticated access to MyMLH API data for AI assistants and Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and a MyMLH developer account to create an OAuth application.
  • ⚠️Requires `wrangler` CLI to be installed and authenticated, and for Cloudflare KV namespaces (`OAUTH_KV`) to be set up.
  • ⚠️Critical environment secrets (`MYMLH_CLIENT_ID`, `MYMLH_CLIENT_SECRET`, `COOKIE_ENCRYPTION_KEY`) must be configured via Wrangler. The `COOKIE_ENCRYPTION_KEY` should be a randomly generated 32-byte hex string.
Verified SafeView Analysis
The server leverages Cloudflare Workers for isolated execution and managed infrastructure. OAuth implementation uses the `@cloudflare/workers-oauth-provider` library, a dedicated solution for OAuth on Workers. Sensitive data (access/refresh tokens) is securely managed within the `McpAgent`'s state. Cookie handling for OAuth approval is correctly implemented with HMAC-SHA256 signing and HTML sanitization to prevent XSS. Required secrets (`MYMLH_CLIENT_ID`, `MYMLH_CLIENT_SECRET`, `COOKIE_ENCRYPTION_KEY`) are clearly identified and designed for secure environment variable injection, not hardcoded. No 'eval' or other obvious malicious patterns were found in the provided source code.
Updated: 2025-12-08GitHub
37
9
Medium Cost
tinystruct icon

tinystruct-mcp

by tinystruct

Sec2

A modular Java server providing a JSON-RPC interface for file system and Git/GitHub operations, aimed at automation and DevOps workflows.

Setup Requirements

  • ⚠️Requires Java 8 or higher and Maven for building and running.
  • ⚠️A GitHub Personal Access Token with appropriate scopes is required for GitHub API operations, and this token must be passed with each API request (potential security implication).
  • ⚠️Network access is required for Git operations (cloning/pulling from remote repositories) and GitHub API calls.
  • ⚠️Local Git credentials may need to be configured separately for 'push' operations to private repositories.
  • ⚠️Running this server exposes powerful file system and Git/GitHub capabilities via JSON-RPC, necessitating robust external authentication, authorization, and network isolation for secure deployment.
Review RequiredView Analysis
The server exposes direct file system operations (read, write, copy, move, delete, create directories) via JSON-RPC, accepting user-provided paths directly. This creates a significant risk of path traversal vulnerabilities and unauthorized access to arbitrary files or directories on the host system if the server is exposed without robust external authentication and input validation. Furthermore, Git operations such as `cloneRepository` use user-supplied URLs directly, which could lead to Server-Side Request Forgery (SSRF) vulnerabilities, allowing an attacker to probe or interact with internal network resources. For GitHub API calls (issues, pull requests, workflows), a GitHub personal access token is passed as a direct parameter within the JSON-RPC request body. This method of handling sensitive credentials means the token could be intercepted if the communication channel is not secured with HTTPS, and it also increases the risk of token exposure through server logs or other diagnostic data.
Updated: 2026-01-12GitHub
37
5
Low Cost
ttcc666 icon
Sec8

Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.

Setup Requirements

  • ⚠️Requires the .NET runtime and installation as a .NET Global Tool.
  • ⚠️The environment variable `DB_CONFIG_PATH` must be set to the absolute path of the `databases.json` configuration file.
  • ⚠️Some specific databases (e.g., OceanBase Oracle mode, GBase 8s, TDengine) may require additional ODBC drivers or specific NuGet packages beyond the core dependencies.
Verified SafeView Analysis
The server includes explicit security features like dangerous operation detection (e.g., DROP/TRUNCATE TABLE, unconditioned DELETE/UPDATE), SQL injection prevention via parameterized queries, and sensitive information protection (passwords hidden in logs/config). Configuration is externalized via `DB_CONFIG_PATH`. DDL operations can be whitelisted. While external logging services (Seq) are supported, their security depends on external setup. Overall, it demonstrates a strong focus on secure database interactions.
Updated: 2025-12-10GitHub
37
9
Low Cost
chrishayuk icon

chuk-mcp-server

by chrishayuk

Sec4

A framework for building high-performance, modular, zero-configuration Model Context Protocol (MCP) servers, capable of hosting AI agent tools, resources, and prompts across local, containerized, and diverse cloud environments.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Using `uv` (e.g., `uv run`, `uvx`) is recommended for running examples and CLI commands.
  • ⚠️Optional dependencies (`chuk-artifacts`, `functions-framework`, `httpx`) are needed for specific features like artifact/workspace context, Google Cloud Functions support, or advanced async tools.
  • ⚠️OAuth integration requires external API credentials (e.g., `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`) and careful setup of redirect URIs.
  • ⚠️Proxying to other MCP servers requires those backend servers to be running and accessible.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The default example server provided in `cli.py` (and scaffolded projects) includes a `calculate` tool that uses `eval(expression)`. While there's an attempt to filter allowed characters, `eval` is notoriously difficult to secure against arbitrary code execution, making this a significant remote code execution vulnerability if exposed. NETWORK RISKS: The server defaults to binding on `0.0.0.0` in containerized/cloud environments, which is necessary for platform routing but exposes the server to all network interfaces. This is mitigated by typical cloud infrastructure (load balancers), but direct exposure should be avoided. GOOD PRACTICES: OAuth implementation uses PKCE. Configuration loads environment variables, preventing hardcoded secrets. Relies on `chuk-tool-processor` for robust and resilient MCP handling. Uses `orjson` for fast and potentially safer JSON serialization/deserialization.
Updated: 2026-01-16GitHub
PreviousPage 120 of 760Next