Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

35
6
Medium Cost
sotayamashita icon

openapi-mcp-server

by sotayamashita

Sec7

Converts OpenAPI specifications into Model Context Protocol (MCP) tools, enabling AI assistants to interact with APIs.

Setup Requirements

  • ⚠️Every operation in the OpenAPI specification must have a unique `operationId`.
  • ⚠️Requires the Bun runtime to be installed.
  • ⚠️The `BASE_URL` environment variable is mandatory.
Verified SafeView Analysis
The server uses `JSON.parse` on the `HEADERS` environment variable. While typically controlled by the user running the server, this could be a deserialization vulnerability if the environment variable can be maliciously manipulated remotely. The `operationId` from the OpenAPI spec is dynamically used to call `apiClientInstance[operationId]`; a maliciously crafted OpenAPI spec could potentially exploit this if `openapi-client-axios` has unknown vulnerabilities related to dynamic method invocation. No `eval` or direct command injection patterns were found. The use of well-known libraries (`@scalar/openapi-parser`, `openapi-client-axios`, `zod`) generally contributes to security.
Updated: 2026-01-16GitHub
35
13
Low Cost

Exposes Azure DevOps operations as tools for AI assistants, enabling AI agents to automate tasks like creating work items, managing pull requests, and queuing builds.

Setup Requirements

  • ⚠️Requires .NET 10 SDK.
  • ⚠️Requires an Azure DevOps Personal Access Token (PAT) with appropriate permissions.
  • ⚠️Project is in pre-release stage; API surface and overall structure may change substantially with potential breaking changes.
Verified SafeView Analysis
The project uses environment variables for sensitive credentials (AZURE_DEVOPS_PAT), which is a good practice. No 'eval' or malicious patterns were found in the provided code. 'AllowedHosts: *' in appsettings.Production.json is a standard ASP.NET Core default but should be reviewed and potentially restricted to specific hosts if the server is exposed publicly, though less critical for an internal agent tool. OpenTelemetry and Application Insights are enabled in production for monitoring.
Updated: 2025-11-19GitHub
35
5
High Cost
7ossamfarid icon

mcp-mindmesh

by 7ossamfarid

Sec9

Orchestrates multiple Claude 3.7 Sonnet instances in a quantum-inspired swarm to achieve enhanced field coherence and produce optimally coherent responses for complex queries through specialized agents.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (paid service) for the Claude 3.7 Sonnet instances.
  • ⚠️Requires a Voyage AI API Key (paid service) for generating high-quality embeddings; a fallback is provided if not set, but performance may be reduced.
  • ⚠️The README states 'Python 3.8 or higher' and 'python main.py' which is misleading. The server is implemented in TypeScript and runs with Node.js via `npm start` or `npm dev`.
Verified SafeView Analysis
The server primarily relies on environment variables for sensitive API keys (Anthropic, VoyageAI), which is a good practice. There is no usage of `eval` or apparent code obfuscation. The server exposes an HTTP/SSE endpoint, which is standard for an API server, but requires careful deployment and potentially additional rate limiting/authentication depending on its public exposure. The MCP SDK likely handles some security aspects for the API itself. Database (PGlite) is embedded and used for internal state, reducing external database security concerns. No immediate malicious patterns were identified.
Updated: 2026-01-19GitHub
35
2
Low Cost
Shashank-0018 icon

MCP-Council

by Shashank-0018

Sec3

Automates the conversion of REST APIs into AI-powered MCP (Model Context Protocol) servers, enabling seamless integration of APIs with AI assistants.

Setup Requirements

  • ⚠️Requires a Supabase project setup for authentication, ideally with Google OAuth enabled, involving configuration in Supabase and Google Cloud Console.
  • ⚠️The full MCP server functionality (the backend component generated by this platform) requires two separate Node.js processes running concurrently: an HTTP API server (e.g., via `npm start`) and an MCP Protocol Wrapper (e.g., via `npx --yes my-api-mcp-server@latest`) that communicates over stdio. The `npx` command alone only launches the MCP wrapper, which will warn if the HTTP server is not accessible.
Review RequiredView Analysis
The platform's code generation logic, as demonstrated in `ToolGeneratorForm.tsx` (frontend) and `Framework.md` (backend architecture), allows user-provided API endpoint URLs to be directly incorporated into generated backend HTTP requests (e.g., `axios.get(apiUrl)`). If the resulting backend MCP server code is deployed without rigorous server-side validation or domain allow-listing for the `apiEndpoint` input, this creates a severe Server-Side Request Forgery (SSRF) vulnerability. This flaw could enable a malicious user to craft API definitions that trigger unauthorized requests to arbitrary internal or external network resources from the deployed MCP server.
Updated: 2025-12-07GitHub
35
5
Medium Cost

The MCP server acts as an adapter, allowing AI assistants (like Claude, watsonx Orchestrate) to discover and execute automated decisions from IBM Decision Intelligence or IBM Automation Decision Services.

Setup Requirements

  • ⚠️Requires access to an IBM Decision Intelligence or IBM Automation Decision Services runtime instance (URL and authentication credentials are mandatory).
  • ⚠️Requires a Node.js environment to run using npm or npx.
  • ⚠️Performance could be impacted by the number and complexity of decision services and their OpenAPI schemas during initial loading and periodic polling for changes.
Verified SafeView Analysis
The server's architecture is sound, focusing on API proxying and tool registration. Input validation is performed using Zod schemas generated from OpenAPI specifications, which is a robust approach. Credentials (API keys, usernames, passwords) are handled through environment variables or CLI arguments and used for authenticated calls to the external decision runtime. It explicitly uses `encodeURIComponent` for URL paths to prevent injection issues. There are no obvious signs of `eval` usage, uncontrolled `child_process` execution, or hardcoded sensitive information. The primary security assumption is the trustworthiness and security of the IBM Decision Intelligence/ADS runtime it connects to.
Updated: 2026-01-16GitHub
35
5
Medium Cost

This Model Context Protocol (MCP) server integrates IBM Decision Intelligence or IBM Automation Decision Services decisions with AI assistants, enabling them to discover and execute automated decision services.

Setup Requirements

  • ⚠️Requires access to IBM Decision Intelligence or IBM Automation Decision Services, which are paid cloud services.
  • ⚠️Requires obtaining and securely providing API keys (DI or Zen) or basic authentication credentials for the IBM Decision Runtime.
  • ⚠️Requires a Node.js runtime environment (version 20 or higher is indicated by package dependencies).
Verified SafeView Analysis
The server correctly handles sensitive information by requiring API keys or basic authentication credentials via command-line arguments or environment variables. Communication with IBM Decision Runtime is performed over HTTPS. The code does not exhibit clear signs of 'eval' or malicious obfuscation. A notable point is that DNS rebinding protection for the HTTP transport is disabled by default in the SDK, which could be a concern in certain deployment scenarios, though it's typically used with trusted AI clients.
Updated: 2026-01-16GitHub
35
3
Low Cost

Provides AI assistants with professional real estate valuation capabilities for community rating, community evaluation, and individual property valuation.

Setup Requirements

  • ⚠️Requires obtaining a `MCP-INDUSTRY-APPID` by contacting `creiskefu@fang.com` or applying online.
  • ⚠️Requires Node.js version >= 18.0.0.
  • ⚠️Requires an MCP client (e.g., Claude Desktop, MCP IDE) to interact with the server.
Verified SafeView Analysis
The core server logic (`index.cjs`) is not provided, limiting a full security audit. Based on available files, it uses standard practices for authentication via `MCP-INDUSTRY-APPID` (environment variable/header, marked as secret). No direct `eval`, code obfuscation, or hardcoded sensitive credentials are apparent. The service acts as an adapter to an external real estate valuation API, and the security of that upstream service is not assessed here.
Updated: 2025-12-05GitHub
35
5
Medium Cost
SamMorrowDrums icon

mcp-typescript-starter

by SamMorrowDrums

Sec8

A feature-complete Model Context Protocol (MCP) server template in TypeScript demonstrating all major MCP features for AI assistant interaction.

Setup Requirements

  • ⚠️Requires Node.js 20+
  • ⚠️Requires npm or pnpm
Verified SafeView Analysis
The server uses Express for HTTP transport and handles session IDs from request headers, which requires standard web application security practices. Input validation is handled by Zod schemas for tools and prompts, which helps mitigate common injection vulnerabilities. The 'ask_llm' tool delegates LLM interaction to the client, so its security relies on the client's configuration. No direct 'eval' or unvalidated file system operations are evident. Overall, the starter template follows good practices for a server interacting with AI clients, but deployment in production would require further security hardening typical for any web application.
Updated: 2026-01-18GitHub
35
6
Medium Cost
anirbanbasu icon

frankfurtermcp

by anirbanbasu

Sec9

This server provides tools for language model agents to access the Frankfurter API for real-time and historical currency exchange rates and conversions.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️The recommended local setup involves installing 'just' and 'uv' for dependency management and task execution.
  • ⚠️Binding the server to '0.0.0.0' or setting CORS_MIDDLEWARE_ALLOW_ORIGINS to '*' for HTTP transports is a security risk and is not recommended for production environments.
Verified SafeView Analysis
The server explicitly warns against binding to all network interfaces (0.0.0.0) and using wildcard CORS origins ('*') for production deployments due to security risks, recommending the use of a reverse proxy with proper security controls. Tool registration is dynamic but from internal source code, mitigating external code injection. While SSL verification can be disabled via environment variables, this is strongly advised against, with guidance provided for self-signed certificates. Docker Compose setup includes robust security hardening (read-only filesystem, dropped capabilities, resource limits). No 'eval' or obvious hardcoded secrets were found.
Updated: 2026-01-19GitHub
35
5
Medium Cost
kulapard icon

aiohttp-mcp

by kulapard

Sec9

Builds Model Context Protocol (MCP) servers on top of the aiohttp web framework, enabling structured communication for AI agents and tools.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires an Anthropic API Key (e.g., ANTHROPIC_API_KEY) if using the provided client example to interact with Anthropic's Claude model.
Verified SafeView Analysis
The server framework itself handles JSON parsing and data validation via Pydantic, reducing risks associated with malformed input. Session IDs are validated against a visible ASCII character pattern. The framework provides mechanisms (Context object) for users to implement robust authentication and authorization within their tools, as demonstrated in the examples. No direct use of 'eval', 'exec', or direct shell calls was found. Hardcoded secrets are present only in examples, with clear notes to use proper authentication in production. The module discovery mechanism, while using `importlib`, is typically safe in controlled deployment environments where the system path and package names are not user-controlled.
Updated: 2026-01-19GitHub
34
3
Medium Cost
standardbeagle icon

devtool-mcp

by standardbeagle

Sec7

Provides an AI coding agent with browser superpowers for real-time debugging, visual feedback, process management, and frontend diagnostics. It acts as a bridge between an AI assistant and a web browser.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0 or Go 1.24+ for core operation.
  • ⚠️Requires an MCP-compatible AI assistant (e.g., Claude Code, Cursor) for full AI integration.
  • ⚠️Windows users require Windows 10 (version 1809) or newer for ConPTY support.
Verified SafeView Analysis
The server has inherent security risks due to its nature as a powerful development tool for AI agents: it can execute arbitrary shell commands via the 'run' tool, inject arbitrary JavaScript into proxied web pages via 'proxy exec', and manipulate network traffic (latency, drops, truncation, error injection) via the 'chaos' module. These are core, intended features. IPC (Unix sockets on Linux/macOS, named pipes on Windows) is designed for same-user trust, limiting access to the local user. If the AI agent or the local system running it is compromised, these capabilities could be exploited for malicious purposes (e.g., arbitrary command execution, Cross-Site Scripting (XSS) via injected JS, network tampering, denial of service to local processes). The dependency on GitHub releases for binary distribution also introduces a potential supply chain risk, as a compromised GitHub could lead to malicious binaries. Input parsing for terminal overlay also represents a complex surface.
Updated: 2026-01-10GitHub
34
9
Medium Cost
uyuni-project icon

mcp-server-uyuni

by uyuni-project

Sec8

The Uyuni MCP Server enables AI agents or MCP-compliant clients to securely interact with and manage Linux infrastructure using natural language via the Uyuni configuration and infrastructure management solution.

Setup Requirements

  • ⚠️Requires `UYUNI_SERVER`, `UYUNI_USER`, and `UYUNI_PASS` environment variables for Uyuni API access.
  • ⚠️The `add_system` tool requires the `UYUNI_SSH_PRIV_KEY` environment variable, which must be provided as a single-line string with escaped newlines (e.g., `\n`).
  • ⚠️OAuth 2.0 (`UYUNI_AUTH_SERVER`) is a new feature that expects Uyuni's `/manager/api/oicdLogin` endpoint to be implemented and configured, which might require additional setup on the Uyuni server itself.
  • ⚠️Tools performing write operations (state-changing actions) are disabled by default and must be explicitly enabled by setting the `UYUNI_MCP_WRITE_TOOLS_ENABLED` environment variable to `true`.
Verified SafeView Analysis
The server implements strong security practices including opt-in write capabilities via environment variables (`UYUNI_MCP_WRITE_TOOLS_ENABLED`) and a custom `@write_tool` decorator, detailed API error handling, and a confirmation flow for potentially destructive actions. It explicitly warns about the security risks of running with `http` transport without OAuth 2.0 authentication (`UYUNI_AUTH_SERVER`) and the trust-based nature of the `confirm` parameter (recommending elicitation as a more robust alternative). Sensitive credentials (Uyuni API user/pass, SSH private key) are loaded from environment variables. The SSH private key for the `add_system` tool is passed to the main Uyuni server for connection, not used directly by the MCP server itself, which helps mitigate direct exposure risk. Potential security risks primarily stem from misconfiguration (e.g., enabling write tools or HTTP transport without proper authentication in an untrusted network environment) rather than inherent flaws in the server's security design.
Updated: 2026-01-07GitHub
PreviousPage 147 of 760Next