Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

36
7
Medium Cost
datalayer icon

mcp-compose

by datalayer

Sec8

This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.

Setup Requirements

  • ⚠️Requires manual creation and configuration of a GitHub OAuth application to obtain Client ID and Client Secret.
  • ⚠️The `config.json` file needs to be manually created/edited with GitHub OAuth credentials.
  • ⚠️Python 3.10 or higher is required.
  • ⚠️For the AI agent (which is a key part of the example), an Anthropic API Key is required, or equivalent credentials for other LLMs.
Verified SafeView Analysis
The project demonstrates good security practices such as PKCE, state parameter for CSRF protection, resource indicators for token binding, and token validation for every request. Bearer tokens are correctly used in headers. However, for development, a JWT signing key is hardcoded ('dev_sign_key_change_in_production') and CORS allows all origins ('*'), which should be updated for production environments. SSL verification is also optionally bypassed for localhost development. These are explicitly noted in the code and documentation as development-specific or TODOs for production.
Updated: 2026-01-16GitHub
36
7
Medium Cost
Sec6

A proxy service that bridges Ollama with FastMCP, enabling local LLM tool-augmented reasoning by exposing MCP servers' functionality to Ollama models.

Setup Requirements

  • ⚠️Requires Ollama client up and running (local or remote).
  • ⚠️Requires Python 3.13+.
  • ⚠️FastMCP servers must be running or configured for STDIO transport. The IPInfo example server requires an API key in `mcp_servers/mcp_tokens.toml`.
Review RequiredView Analysis
The primary security concern stems from the LLM's ability to invoke FastMCP tools based on user input. If a malicious user can craft prompts that trick the LLM into calling dangerous tools (if any are configured beyond the benign examples) or passing exploitable arguments to legitimate tools, it could lead to vulnerabilities like arbitrary code execution or information disclosure. The default binding of the API server to `0.0.0.0` (accessible from any network interface) without built-in authentication further increases risk, allowing unauthorized network access. Additionally, the `StdioTransport` mechanism for spawning local MCP servers could be a vector for arbitrary command execution if the `mcp_servers_config.toml` file is improperly configured with malicious commands by an administrator. While the `__coerce_parameters` function attempts basic type coercion, it is not a comprehensive input sanitizer against all forms of malicious tool arguments. The server relies on careful configuration and secure LLM prompting practices.
Updated: 2026-01-17GitHub
36
14
High Cost
Sec7

Provides an MCP (Model Context Protocol) interface for PCILeech, enabling AI clients to perform DMA-based memory operations, system introspection, and debugging workflows.

Setup Requirements

  • ⚠️Requires Windows 10/11 (x64).
  • ⚠️Requires Python 3.10+.
  • ⚠️Mandates compatible PCILeech hardware to perform actual memory operations.
  • ⚠️Needs manual configuration within the MCP client (e.g., Claude Code).
Review RequiredView Analysis
The server wraps the powerful PCILeech command-line tool via subprocess execution, which inherently carries high-risk capabilities (DMA memory access). While significant effort has been made in `pcileech_wrapper.py` to sanitize and validate input parameters (e.g., `_sanitize_path_component` for script/signature names) before passing them to the subprocess, thus mitigating common command injection vectors, the underlying tool provides deep system access. Certain parameters like `input_file` and `output_file` in `kmd_execute` are noted as 'user-controlled, verify with caution', implying a potential for misuse if the MCP client or user is malicious. The tool is explicitly stated for 'authorized debugging/security research/education purposes', not for unauthorized access.
Updated: 2025-12-31GitHub
36
9
Low Cost
Sec6

Accurate-Cyber-Box is an advanced cybersecurity tool designed for penetration testing, cyber drills, real-time network monitoring, and incident response, integrated with MCP servers and Telegram for enhanced communication and control.

Setup Requirements

  • ⚠️Requires the GeoLite2-City.mmdb database for geolocation features, which must be manually downloaded and placed appropriately.
  • ⚠️Executing the 'kill <ip>' command (for IP blocking) requires root or sudo privileges, specifically on Linux systems using `iptables`.
  • ⚠️Telegram bot token and chat ID must be configured in the 'ctm_config.ini' file for Telegram integration to function.
Verified SafeView Analysis
The tool leverages powerful network capabilities (Scapy for packet sniffing and generation) and system commands (iptables for IP blocking) that require elevated privileges (e.g., root on Linux) and can potentially disrupt network traffic or expose sensitive information if misused or misconfigured. Telegram bot token and chat ID are stored in a local configuration file ('ctm_config.ini'), making them vulnerable if the host system's file permissions are not properly secured or the system is compromised. The code does not use 'eval' and avoids direct command injection for the 'kill' command by passing arguments as a list to `subprocess.run`. No obvious malicious outbound connections or obfuscation were detected.
Updated: 2025-11-21GitHub
36
72
Low Cost
rust-mcp-stack icon

rust-mcp-schema

by rust-mcp-stack

Sec9

Provides a type-safe Rust implementation of the Model Context Protocol (MCP) schema, enabling developers to build robust MCP servers and clients.

Setup Requirements

  • ⚠️Requires Rust toolchain (rustc, cargo) to build or use as a dependency.
  • ⚠️This is a library that defines the protocol schema; it is not a standalone executable or an MCP server itself. For building servers/clients, the associated `rust-mcp-sdk` is recommended.
Verified SafeView Analysis
The project is a schema definition library, not a standalone server or application. It defines data structures and serialization logic using `serde_json`. No direct network communication, explicit use of `eval`, obfuscation, or hardcoded sensitive data (like API keys) was found in the provided code snippets. Potential risks would arise from how consuming applications (e.g., an MCP server or client built using this schema) handle and process external input and protocol messages, rather than from this library itself. Standard JSON parsing libraries are used, which are generally robust, but malformed inputs can always present edge cases.
Updated: 2026-01-01GitHub
36
17
Medium Cost
thierryc icon

Glyphs-mcp

by thierryc

Sec2

Exposes Glyphs font design and editing tools to AI/LLM agents via a Model Context Protocol (MCP) server for automation and intelligent assistance within the Glyphs application.

Setup Requirements

  • ⚠️Requires Glyphs (macOS application) to be installed and running.
  • ⚠️The server is started via the Glyphs application's 'Edit' menu after plugin installation, not a direct command-line execution.
  • ⚠️The `execute_code` and `execute_code_with_context` tools allow arbitrary Python code execution; use with extreme caution and only with trusted AI/LLM agents and strict network isolation.
Review RequiredView Analysis
The `execute_code` and `execute_code_with_context` tools explicitly allow arbitrary Python code execution within the Glyphs application context. While the server defaults to running on `127.0.0.1` and includes optional `OriginValidationMiddleware` and `StaticTokenAuthMiddleware`, this core functionality represents a significant Remote Code Execution (RCE) vector. Users must ensure strict network isolation and only connect trusted clients, as improper exposure or an untrusted agent gaining access could lead to severe system compromise.
Updated: 2026-01-06GitHub
36
7
Medium Cost
openSUSE icon

systemd-mcp

by openSUSE

Sec3

Manages systemd services, units, and logs via the Model Context Protocol (MCP) by directly connecting to systemd's C API.

Setup Requirements

  • ⚠️Requires elevated privileges (root is recommended for HTTP mode) to interact with systemd and journal logs.
  • ⚠️For Stdio (D-Bus/Polkit) mode, specific D-Bus and Polkit configuration files must be manually installed to system paths.
  • ⚠️For HTTP (OAuth2) mode, an external OAuth2 Authorization Server (controller) is required and its address must be configured.
Review RequiredView Analysis
The server implements robust authorization mechanisms (Polkit/D-Bus and OAuth2) for managing systemd units and reading logs. However, two critical tools, 'get_file' and 'get_man_page', do not perform any authorization checks within their respective MCP handlers (or underlying functions). This means that if these tools are enabled, any authenticated (via Polkit or OAuth2) or unauthenticated (if '--noauth' is used) client can read arbitrary files and retrieve any man page on the system, subject only to the permissions of the user running the 'systemd-mcp' server. If the server is run with elevated privileges (e.g., as root for HTTP mode, as recommended by the README), this constitutes a severe arbitrary file read vulnerability. Command execution through 'man', 'rpm', and 'getfacl' is present, but arguments are passed via exec.Command, reducing direct shell injection risk, though potential vulnerabilities in these external tools could still be a concern. No obvious hardcoded secrets or obfuscation were found.
Updated: 2026-01-16GitHub
36
4
Low Cost
hasmcp icon

hasmcp-docs

by hasmcp

Sec8

Provides official documentation and API definitions for the HasMCP platform, focusing on managing AI tools, providers, servers, resources, and prompts.

Setup Requirements

  • ⚠️Requires Mintlify platform/tooling for local documentation development and potential deployment.
Verified SafeView Analysis
The provided source code consists of documentation and OpenAPI specification files. These files themselves do not contain executable code to evaluate for runtime security risks like 'eval' or obfuscation. The OpenAPI specification details a 'bearerAuth' security scheme, which is a standard and generally secure method for API authentication, implying token-based access. It also highlights secret management for variables (masking secret values on retrieval). A comprehensive security audit of the actual MCP server implementation would require its executable source code, which is not provided in this documentation repository.
Updated: 2026-01-18GitHub
36
3
Medium Cost
dnaerys icon

onekgp-mcp

by dnaerys

Sec1

Provides natural language access to the 1000 Genomes Project dataset for genomic variant analysis.

Setup Requirements

  • ⚠️Requires JRE 21 for runtime.
  • ⚠️Requires a connection to the public Dnaerys variant store service at db.dnaerys.org:7443.
  • ⚠️Local build requires Maven and packaging as a single über-jar.
Review RequiredView Analysis
The GrpcChannel component explicitly configures TLS with a 'TrustManager that trusts all certificates'. This completely disables certificate validation, making all TLS connections susceptible to Man-in-the-Middle (MITM) attacks, allowing potential eavesdropping or tampering with genomic data transmitted to and from the Dnaerys variant store. This is a severe security vulnerability.
Updated: 2025-12-14GitHub
36
8
Low Cost

This server provides AI assistants access to microCMS documentation by searching and retrieving content from local Markdown files.

Setup Requirements

  • ⚠️Requires Node.js runtime environment.
  • ⚠️Documentation content must be present in the local `docs` directory alongside the server.
  • ⚠️The server exposes the content of its `docs` directory; ensure no sensitive data is stored there.
Verified SafeView Analysis
The server primarily reads `.md` files from a predefined local `docs` directory. It uses `path.join` and `fs.access` to construct and validate file paths, which helps mitigate basic path traversal attacks. The allowed categories for document search are explicitly defined, further restricting scope. No `eval` or direct `child_process` execution based on user input is observed. No hardcoded sensitive credentials. The main security consideration is ensuring the `docs` directory itself does not contain any unintentionally sensitive information.
Updated: 2026-01-19GitHub
36
1
Medium Cost
Sec7

Provides project documentation and resources to Large Language Models (LLMs) via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires .NET 9.0 SDK installed.
Verified SafeView Analysis
The server exposes file system access via `project://file/{path}` and `project://logs/{date}`. While the README states 'security restrictions' for file access, the exact implementation is not visible in the truncated code. Inadequate restrictions could lead to path traversal vulnerabilities and unauthorized data exposure. No other obvious critical risks like 'eval' or hardcoded secrets are present in the provided context. The server runs locally via STDIO, limiting network attack surface.
Updated: 2025-11-26GitHub
36
1
Medium Cost
Sec6

Integrates Moodle's web services with AI assistants and external systems using the Model Context Protocol (MCP), exposing Moodle functions as discoverable tools.

Setup Requirements

  • ⚠️Requires Moodle 4.2 or higher
  • ⚠️Requires PHP 8.0 or higher
  • ⚠️Moodle Web Services must be enabled and an external service/token manually configured via the Moodle admin UI.
Verified SafeView Analysis
The server defaults to `Access-Control-Allow-Origin: *`, which allows cross-origin requests from any domain. This is a significant security risk for production environments and should be explicitly configured to restrict origins. Token authentication via URL query parameters (`wstoken`) is supported as a fallback, which can lead to tokens being exposed in server logs or browser history, though it prioritizes the more secure `Authorization: Bearer` header. The plugin leverages Moodle's robust web service authentication and authorization system, and employs structured input/output validation, which are strong security practices.
Updated: 2025-12-13GitHub
PreviousPage 125 of 760Next