Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

35
3
High Cost
Sec9

A Multi-AI debate platform that enables structured discussions between different AI models (Claude, ChatGPT, Gemini, Perplexity) through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires API keys for at least one AI provider (Anthropic, OpenAI, Google, Perplexity), which are typically paid services.
  • ⚠️Uses `pnpm` as the recommended package manager, requiring it to be installed locally.
  • ⚠️Requires `npx` (from npm) for the recommended quick start command.
Verified SafeView Analysis
The server uses `process.env` for API keys, which is a standard and secure practice for handling secrets. `jsonrepair` is used for robustness against malformed JSON from AI models, which is generally safe. Network calls are made to external AI providers via their SDKs, which is core functionality. No direct `eval` of untrusted input or hardcoded sensitive data found. Primary risks relate to securing the `.env` file and managing API usage.
Updated: 2026-01-17GitHub
35
4
Medium Cost
Pantheon-Security icon

medusa

by Pantheon-Security

Sec1

This is a Model Context Protocol (MCP) server intentionally designed as a security fixture to demonstrate various critical vulnerabilities, such as command injection, SQL injection, and sensitive data exposure, for testing security scanners like Medusa.

Setup Requirements

  • ⚠️Requires Node.js and npm to run.
  • ⚠️Assumes a local 'database' module is available and configured, but it is not provided in the source.
  • ⚠️Requires broad filesystem access permissions for /home/user/.ssh/id_rsa, /home/user/.aws/credentials, and .env files to demonstrate data exposure.
Review RequiredView Analysis
The server is deliberately engineered with numerous critical vulnerabilities. These include multiple OS command injections (via `exec` and `execSync`), SQL injection, arbitrary file read, and direct exposure of sensitive system files and credentials (SSH private key, AWS credentials, database configuration, .env file). Additionally, it contains hardcoded API keys, passwords, and GitHub tokens, and a function for simulating data exfiltration. This makes it a highly insecure application.
Updated: 2026-01-15GitHub
35
5
High Cost
benhaotang icon

mcp-http-agent-md

by benhaotang

Sec4

This server acts as a central hub for AI agents, managing project knowledge (AGENTS.md), structured tasks, version history, and ephemeral scratchpads, with capabilities to spawn context-isolated subagents for focused tasks.

Setup Requirements

  • ⚠️Requires an OpenAI, Google, Groq, or OpenAI-compatible API key if subagents (external AI) are enabled.
  • ⚠️PDF OCR processing (if enabled via `USE_LOCAL_AI_FOR_DOC_UNDERSTANDING`) requires `pdftoppm` (from poppler-utils) to be installed on the host system.
  • ⚠️Requires `MAIN_API_KEY` for administrative functions and initial user creation.
Review RequiredView Analysis
The server uses SQLite with prepared statements, which generally prevents SQL injection. Input validation is in place for various fields like project names and task IDs. File uploads are constrained by size and type. However, the `StdioClientTransport` in `src/ext_ai/aisdkmcp.js` allows arbitrary `command` and `args` to be specified in `subagent_config.json`. If an AI agent, through a configured tool (e.g., a filesystem write tool), gains the ability to modify `subagent_config.json`, it could lead to arbitrary code execution on the host server. The example `subagent_config.json` includes a 'filesystem' server which, if exposed with broad permissions, could be a critical vector for this. The 'USE_EXTERNAL_AI' flag is crucial for controlling this risk. Running with `cors` set to `*` is also very broad, although common for API services.
Updated: 2026-01-15GitHub
35
1
Low Cost
alDuncanson icon

gcal-mcp

by alDuncanson

Sec8

Serves as a Model Context Protocol (MCP) server for Google Calendar to query upcoming, date-specific, and searchable events.

Setup Requirements

  • ⚠️Requires an initial interactive OAuth 2.0 flow via a local server, which opens a browser window for user authentication.
  • ⚠️Requires Python 3.11 or higher to run.
  • ⚠️Requires a Google account with calendar access for functionality.
Verified SafeView Analysis
The application includes hardcoded default OAuth client credentials (client_id and client_secret) in its source code. While the `InstalledAppFlow` with PKCE is designed to be relatively secure even with a 'public' client secret for desktop applications, this practice generally introduces a dependency on specific credentials which could be revoked or abused, breaking the default setup. Users are advised to use their own credentials via the `--credentials` flag. No use of `eval`, `exec`, or other direct execution vulnerabilities were found, and the application relies on secure OAuth 2.0 with PKCE for authentication.
Updated: 2026-01-18GitHub
35
90
Low Cost

This SDK integrates analytics and telemetry capabilities into existing Model Context Protocol (MCP) servers, capturing user intentions, tool usage, and error patterns.

Setup Requirements

  • ⚠️Requires an existing Model Context Protocol (MCP) server for integration (peer dependency: `@modelcontextprotocol/sdk >=1.11`).
  • ⚠️Requires a MCPcat Project ID for full analytics features, or configured exporters for telemetry-only mode.
  • ⚠️Data is logged to `~/mcpcat.log` by default, which might interfere with STDIO-based MCP server logging if not configured otherwise.
Verified SafeView Analysis
The SDK handles dynamic module loading (e.g., 'fs' module) within try-catch blocks for compatibility across different JavaScript environments, which is a justified pattern. Network requests are made to configurable telemetry endpoints (Datadog, Sentry) or the MCPcat API, and do not show signs of hardcoded secrets or malicious activity. User-provided `redactSensitiveInformation` functions are available for data privacy.
Updated: 2025-12-24GitHub
35
5
High Cost
Sec9

This MCP server provides AI assistants with structured access to Livewire Flux component, layout, and icon documentation through web scraping.

Setup Requirements

  • ⚠️Requires Node.js and npm (or npx) to be installed locally.
Verified SafeView Analysis
The server performs web scraping from external websites (fluxui.dev, github.com). While it uses robust parsing libraries (cheerio) and does not directly execute user-provided code, there's an inherent, low risk of issues if scraped content is malformed or unexpectedly large. No hardcoded secrets or 'eval' usage were found in the provided source code. The server runs locally via 'stdio', not opening network ports itself, which limits its external attack surface.
Updated: 2026-01-14GitHub
35
1
High Cost
Sec6

The server powers LLMs and AI agents by providing Speech-to-text and Text-to-speech capabilities via Azure Speech services.

Setup Requirements

  • ⚠️Requires an Azure account and an Azure Speech service subscription (paid service).
Review RequiredView Analysis
The provided source code is limited to markdown files (README.md, SECURITY.md). No functional code (e.g., JavaScript, Python, C#) was provided for a comprehensive security audit. Therefore, checks for 'eval', obfuscation, hardcoded secrets, network risks, or malicious patterns could not be performed. The presence of a `SECURITY.md` file indicates a project aware of security best practices for vulnerability reporting.
Updated: 2025-11-24GitHub
35
5
Medium Cost

Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Requires access and credentials for a Microsoft SQL Server instance.
  • ⚠️The `pyodbc` database driver and an appropriate SQL Server client driver (e.g., ODBC Driver for SQL Server) must be installed on the operating system.
  • ⚠️Database connection details (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME, DB_PORT) must be set as environment variables.
Review RequiredView Analysis
CRITICAL SQL Injection Vulnerability: The `get_table_info` and `list_show_tables` functions construct SQL queries by directly inserting `table_name` and `schema` using f-strings. This allows for SQL injection if malicious input is provided for these parameters. While `execute_query` attempts to filter dangerous keywords, this is a blacklist approach and is insufficient, and critically, it does not protect the `get_table_info` and `list_show_tables` tools. Additionally, the default database password is an empty string in `app_config.py`, and the connection string specifies `encrypt=no` and `trusted_connection=no`, which are weaker security configurations.
Updated: 2026-01-19GitHub
35
6
Medium Cost
kubestellar icon

a2a

by kubestellar

Sec7

AI agent for multi-cluster Kubernetes management, enabling workload distribution and operational tasks across KubeStellar environments.

Setup Requirements

  • ⚠️Requires API keys for an LLM provider (e.g., OpenAI, Google Gemini) which are typically paid services.
  • ⚠️Requires `kubectl` and `helm` CLI tools installed and configured.
  • ⚠️Requires a valid `kubeconfig` to interact with Kubernetes clusters.
  • ⚠️Requires Python 3.11+.
  • ⚠️Relies on the `mcp` SDK for server functionality.
Verified SafeView Analysis
The server primarily interacts with `kubectl` and `helm` via `asyncio.create_subprocess_exec`, which is generally safer than `shell=True`. However, as an LLM agent, it's inherently susceptible to prompt injection, where a malicious user could instruct the LLM to construct and execute harmful Kubernetes manifests (via `policy_yaml` in `binding_policy_management`) or fetch manifests from untrusted sources (`fetch_manifest` with `insecure_skip_tls_verify`). API keys are handled securely via environment variables or a permissions-restricted file. No obvious `eval` or code obfuscation was found.
Updated: 2026-01-19GitHub
35
5
Medium Cost
Sec8

Implements an MCP server with a keyword search tool for AI agents to analyze codebases and provide insights.

Setup Requirements

  • ⚠️Requires Python 3.11+ to run.
  • ⚠️Requires Poetry for dependency management and server execution.
  • ⚠️Qodo Command is optional but necessary to interact with the AI agent as demonstrated.
Verified SafeView Analysis
The server communicates over stdin/stdout, limiting direct network exposure. Input validation is present for arguments like 'keyword' and 'root_paths'. The 'keyword_search' tool is designed to search local file systems based on provided 'root_paths'. While paths are resolved and checked to be directories, an AI agent could theoretically request searches in any directory the server process has read access to. This is an inherent capability of the tool and not a vulnerability in its implementation, but implies trust in the agent and the server's execution environment.
Updated: 2026-01-18GitHub
35
4
Low Cost
365knoten icon

MCPJira

by 365knoten

Sec7

Demonstrates building an MCP (Model-Controller-Proxy) server for Jira integration using .NET Core.

Setup Requirements

  • ⚠️Requires access to a Jira instance.
  • ⚠️Requires configuration of 'JiraBaseUrl' and 'JiraProjectKey'.
  • ⚠️Explicitly stated as 'not production-ready code', implying it's for demonstration only and lacks hardening for real-world deployment.
Verified SafeView Analysis
The README explicitly states, 'This is not production-ready code.' While the provided snippets use placeholders for sensitive configurations (JiraBaseUrl, JiraProjectKey) and define an API key for authentication to the MCP server (X-API-KEY), which are good practices, the 'not production-ready' disclaimer indicates potential hidden vulnerabilities or missing best practices not visible in the truncated source. AllowedHosts: '*' is permissive but common in dev.
Updated: 2025-11-24GitHub
35
4
Medium Cost
Sec9

This MCP server enables LLMs like Claude to discover and learn about recreation opportunities by integrating National Park Service, Recreation.gov, and OpenWeatherMap APIs, providing tools to search for parks, campgrounds, weather, and activities.

Setup Requirements

  • ⚠️Requires free API keys from National Park Service, Recreation.gov, and OpenWeatherMap, each requiring separate registration.
  • ⚠️Requires either Docker and Docker Compose (recommended) or Go 1.24+ installed locally.
  • ⚠️Designed for seamless integration with Claude Desktop, requiring manual configuration of `claude_desktop_config.json` with the absolute path to the repository.
Verified SafeView Analysis
The project demonstrates strong security practices for a development/demo environment, including multi-stage Docker builds, running as a non-root user (UID 1000), a read-only filesystem, and minimal container dependencies. API keys are managed via environment variables and explicitly stated not to be hardcoded or logged in responses. Network communication to external APIs is exclusively over HTTPS. No 'eval' or malicious patterns were identified. For production deployments, dedicated secrets management is recommended over .env files, and a more robust logging setup that strictly redacts all query parameters from URLs if they contain sensitive data should be confirmed.
Updated: 2026-01-16GitHub
PreviousPage 146 of 760Next