Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

34
4
Low Cost
civicteam icon

mcp-hooks

by civicteam

Sec4

A lightweight tRPC server that logs all tool call requests from an AI assistant through a flexible audit logging system, acting as middleware for the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >=20.0.0.
  • ⚠️pnpm is the recommended package manager.
  • ⚠️For PostgreSQL logging, the database must be set up by running `pnpm setup-db` first. Default PostgreSQL credentials (`postgres/postgres`) are used by the setup script and must be changed for production.
Review RequiredView Analysis
The primary security concern lies in the `passthrough-mcp-server` (which this hook would integrate with). It constructs `StreamableHTTPClientTransport` client connections using `TARGET_SERVER_URL` and `HOOKS` environment variables directly, without validation or allow-listing. This creates a significant Server-Side Request Forgery (SSRF) vulnerability, potentially allowing an attacker to force the server to make requests to internal network resources. Additionally, the `api-key-hook` uses a default test API key ('test-api-key-12345') which is hardcoded and must be overridden in production to prevent unauthorized access. The `setup-db.ts` script for PostgreSQL logging uses default `postgres/postgres` credentials, which is highly insecure for production environments. Sensitive audit logs (if file-based) must be properly secured to prevent data leakage.
Updated: 2026-01-19GitHub
34
4
Low Cost
ericvoltolin icon

xc-mcp

by ericvoltolin

Sec6

LLM-optimized wrapper for Xcode CLI tools, summarizing verbose outputs to reduce token usage in AI-assisted development workflows.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️Requires Xcode Command Line Tools to be installed (typically via `xcode-select --install`).
  • ⚠️Requires Node.js version 18+.
Verified SafeView Analysis
The server executes external `xcodebuild` and `simctl` commands via `child_process.exec`. While arguments like `projectPath`, `scheme`, and `destination` are enclosed in double quotes during command construction, `child_process.exec` does not automatically sanitize all shell metacharacters (e.g., command substitution like `$(command)`). The internal `escapeShellArg` utility is defined but not used by `buildXcodebuildCommand` and `buildSimctlCommand`. This leaves a potential command injection vulnerability if user-provided input for parameters (e.g., `destination`, `deviceId`, `scheme`) is not robustly sanitized by the calling client or if malicious strings bypass existing validation checks. Communication via `StdioServerTransport` reduces network exposure but does not eliminate input-based injection risks. No obvious hardcoded secrets or obfuscation found.
Updated: 2026-01-19GitHub
34
4
Low Cost
gunbun33 icon

mcp-servers

by gunbun33

Sec9

Provides a production-ready Model Context Protocol (MCP) server for seamless integration with VS Code and other MCP clients to enable AI-driven development features.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires VS Code 1.60.0 or higher for full client integration.
Verified SafeView Analysis
The Python server uses FastAPI and Pydantic for robust request handling and validation, structured logging with Loguru, and Prometheus metrics. No direct use of `eval`, external command execution with unsanitized input, or hardcoded sensitive credentials within the server's source code (`mcp_server.py`). The default CORS `ALLOWED_ORIGINS` is set to `*` which allows requests from any origin, making it broadly accessible; this should be restricted in a production environment, although it is configurable via environment variables. The current database interaction methods (list_tables, discover_data, prepare_query, query) are mocked within the provided Python source, thus not exposing real database risks. If actual database interaction were implemented, further security review for potential SQL injection and proper data access control would be necessary. The server itself does not directly consume LLM tokens, acting as an agent.
Updated: 2026-01-19GitHub
34
3
Low Cost
liatrio-labs icon

slash-command-manager

by liatrio-labs

Sec7

A CLI tool and MCP server for generating and managing slash commands for various AI coding assistants, integrating with a Spec-Driven Development (SDD) workflow.

Setup Requirements

  • ⚠️Python 3.12+ only
  • ⚠️Requires 'uv' package manager for recommended installation/development
  • ⚠️Docker required for running integration tests locally
  • ⚠️Requires local AI agent configuration for detection (e.g., ~/.claude/commands)
Verified SafeView Analysis
The MCP server is designed to register and serve prompts and tools. While the current toolset is basic, the architecture allows for execution of arbitrary logic via 'tools'. The 'slash-man generate' command can download and process markdown files from arbitrary public GitHub repositories via `--github-repo` flags. If an untrusted or compromised GitHub source is used, this content could be fed to AI assistants, posing a supply chain risk through content injection. Integration tests explicitly warn against local execution due to potential filesystem modifications. Overall, no direct code execution vulnerabilities are apparent in the `slash-command-manager` itself, but the nature of processing external prompts and running tools implies a trust boundary for the content it processes and serves.
Updated: 2026-01-09GitHub
34
3
Low Cost
Sec9

This server provides an OAuth 2.1 Authorization Server implementation, compliant with the MCP Authorization Spec, to handle authentication and authorization for MCP clients and resource servers.

Setup Requirements

  • ⚠️Requires a custom, persistent OAuthServerModel implementation (e.g., using a database) for production use, as the default is in-memory storage.
  • ⚠️Node.js (>=18) is required for execution.
  • ⚠️The `mcpAuthRouter` currently must be mounted at the root (`/`) path, not a sub-path, as noted in the project's limitations.
Verified SafeView Analysis
The server demonstrates good security practices including adherence to OAuth 2.1 specifications like PKCE (Proof Key for Code Exchange) for authorization code flow. It implements rate limiting on critical endpoints (authorization, token, revocation, client registration) to prevent abuse and brute-force attacks. Client secrets are dynamically generated using cryptographically secure methods. It enforces HTTPS for issuer URLs in production (with a development override warning). CORS is enabled for public endpoints which is standard for an OAuth Authorization Server. No direct use of `eval` or obvious hardcoded sensitive secrets were found. However, for production, it explicitly requires a custom, persistent storage backend, as the default is in-memory.
Updated: 2026-01-19GitHub
34
4
Medium Cost
guacsec icon

trustify-mcp

by guacsec

Sec8

Acts as an MCP (Model Context Protocol) server, exposing Trustify instance's security vulnerability and SBOM data as structured tools for AI agents.

Setup Requirements

  • ⚠️Requires a running Trustify instance with an accessible API URL.
  • ⚠️Requires an OpenID provider to be configured with a client ID, client secret, and issuer URL for authentication.
  • ⚠️The `AUTH_DISABLED=true` environment variable must be disabled in production environments to maintain security.
Verified SafeView Analysis
The server securely handles sensitive information (API URLs, OpenID credentials) by requiring them to be provided via environment variables, preventing hardcoding. Authentication is robustly implemented using the `trustify-auth` library and OpenID Connect for token validation. A `AUTH_DISABLED=true` environment variable exists for development purposes; enabling this in a production environment would bypass critical authentication and pose a severe security risk. URL construction for interacting with the Trustify API directly utilizes user-provided strings for path components (e.g., SBOM URIs). While `reqwest` handles some aspects of URL safety, the server relies on the Trustify backend to fully validate these URIs against potential path traversal or injection, rather than performing its own explicit exhaustive sanitization on these segments.
Updated: 2026-01-16GitHub
34
5
Medium Cost
BjoernRave icon

i18n-magic

by BjoernRave

Sec4

Automates internationalization (i18n) workflows with AI-powered translations for JavaScript/TypeScript projects, functioning as a Model Context Protocol (MCP) server for LLMs.

Setup Requirements

  • ⚠️Requires OpenAI API Key or Google Gemini API Key (Paid Service)
  • ⚠️The 'i18n-magic.js' configuration file must exist in the project root where the server is launched.
  • ⚠️Careful configuration of the 'cwd' or '--project-root' argument is critical for the MCP server to correctly locate the 'i18n-magic.js' config and locale files.
Review RequiredView Analysis
The server dynamically imports the 'i18n-magic.js' configuration file. If an attacker can control the server's effective current working directory (cwd) or the '--project-root' argument, they could potentially inject and execute arbitrary code via a malicious config file. Additionally, file I/O operations (loadLocalesFile, writeLocalesFile) construct paths using locale and namespace parameters directly. While these are typically derived from trusted configuration, the lack of explicit path sanitization could lead to path traversal vulnerabilities if malicious input were to bypass validation or if the configuration itself is compromised, allowing arbitrary file reads/writes outside the intended locales directory. The server relies heavily on trusting the content of the 'i18n-magic.js' file.
Updated: 2025-11-23GitHub
34
4
Medium Cost
signnow icon

sn-mcp-server

by signnow

Sec9

Provides AI agents with secure, structured access to SignNow eSignature workflows for tasks like browsing templates, creating documents from templates, sending invites, managing embedded signing experiences, tracking invite status, and downloading signed documents.

Setup Requirements

  • ⚠️Requires Python 3.11+ (as stated in README, though pyproject.toml says >=3.10).
  • ⚠️Requires a SignNow account and credentials, either: 1) SIGNNOW_USER_EMAIL, SIGNNOW_PASSWORD, and SIGNNOW_API_BASIC_TOKEN (Base64 encoded client_id:client_secret), OR 2) SIGNNOW_CLIENT_ID and SIGNNOW_CLIENT_SECRET.
  • ⚠️For production, a persistent OAUTH_RSA_PRIVATE_PEM must be provided; otherwise, a new RSA key is generated on each restart, invalidating all existing tokens.
Verified SafeView Analysis
The server uses Pydantic for robust configuration validation and relies on standard libraries like `httpx` and `pyjwt[crypto]` for secure communication and JWT handling. It supports OAuth2, RSA key generation, and token management, with explicit warnings in the README for production key persistence. Sensitive environment variables are masked in logs. The codebase appears to follow good security practices for a modern Python web application.
Updated: 2026-01-19GitHub
34
3
High Cost
viney-123 icon

tradingview-mcp

by viney-123

Sec8

The server fetches TradingView chart snapshots as images, enabling users to programmatically capture and visualize market data.

Setup Requirements

  • ⚠️Requires 'TRADINGVIEW_SESSION_ID' and 'TRADINGVIEW_SESSION_ID_SIGN' environment variables for authentication, which must be manually obtained from a logged-in TradingView session.
  • ⚠️Relies on Playwright, which will download a Chromium browser (~150MB memory usage, adds initial setup time) on first run if not already present.
  • ⚠️The README contains an incorrect command to run the server, instructing users to run a .zip file with python.
Verified SafeView Analysis
The server loads sensitive TradingView session credentials (TRADINGVIEW_SESSION_ID, TRADINGVIEW_SESSION_ID_SIGN) from environment variables using `dotenv`, which is good practice and avoids hardcoding. It uses Playwright for browser automation, launching a headless Chromium instance. While Playwright is a robust library, any browser automation inherently involves a degree of risk as it interacts with external web content. There is no `eval` or obvious obfuscation detected. Network risks are managed by only navigating to tradingview.com for its core function. No direct malicious patterns are identified in the provided source code.
Updated: 2026-01-19GitHub
34
3
Medium Cost
EricRollei icon

Download_Tools

by EricRollei

Sec6

Provides web scraping and media downloading capabilities from over 1000 websites, including social media platforms, exposed via a Model Context Protocol (MCP) server for integration with AI clients like Claude Desktop and LM Studio.

Setup Requirements

  • ⚠️Requires manual installation of dependencies like `mcp`, `scrapling`, `playwright`, `imagehash`, `pillow`, `requests`, and `ffmpeg` (for audio/video conversion). `playwright install` is also needed for browser setup.
  • ⚠️Authentication (e.g., for Instagram stories or private content) requires manual configuration in `auth_config.json` with user-specific credentials, with explicit warnings not to commit this file to version control. Separate `auth_config.json` files exist for web scraper vs. gallery-dl/yt-dlp.
  • ⚠️Using browser cookie extraction for Chrome/Edge requires closing the browser completely and may need administrative privileges to function correctly, posing a potential user friction point and security consideration.
Verified SafeView Analysis
The project performs inherently risky operations like fetching arbitrary external content, browser automation, and running external binaries (yt-dlp, gallery-dl). It uses `subprocess.Popen` to execute `yt-dlp` and `gallery-dl` commands, which are built using user-provided `extra_options`. While `shlex.split` is used to mitigate shell injection, complex exploits could still exist. The `eval` function is used in `base_handler.py` for regex matching and in `gallery_dl_downloader.py` for filter expressions (inherent to gallery-dl's design), which could be a vulnerability if input strings are not sufficiently sanitized from untrusted sources. Browser cookie extraction (`browser_cookie3`) accesses local sensitive data, and for Chrome/Edge, may require elevated privileges (admin rights), increasing exposure risk if the system is compromised. The project explicitly warns users not to commit `auth_config.json` containing credentials, which is good practice. Output directories are sanitized to prevent path traversal outside the ComfyUI output folder.
Updated: 2026-01-18GitHub
34
2
High Cost
SemClone icon

mcp-semclone

by SemClone

Sec7

Provides LLMs with comprehensive Open Source Software (OSS) compliance, license management, and software supply chain security capabilities, including vulnerability analysis, SBOM generation, and policy validation.

Setup Requirements

  • ⚠️Requires Ollama to be installed and running locally, with the recommended 'granite3-dense:8b' or 'llama3' model pulled.
  • ⚠️Requires Python 3.10+.
  • ⚠️Requires all SEMCL.ONE tools (purl2notices, osslili, binarysniffer, ospac, vulnq, upmex, purl2src, ossnotices) to be installed and available in PATH (e.g., via `pip install mcp-semclone` or `pipx inject mcp-semclone ... --include-apps`).
Verified SafeView Analysis
The server orchestrates external SEMCL.ONE CLI tools via `subprocess.run`. While arguments are passed as lists to mitigate shell injection within the Python wrapper, the security relies heavily on the robustness of these external tools and their handling of user-provided arguments. The `download_and_scan_package` tool downloads package artifacts from public registries, which introduces risk, although it notes checksum verification 'when available'. There are no direct `eval` or hardcoded credentials within the server's Python code. File operations on user-provided paths also warrant careful monitoring and sandboxing.
Updated: 2025-11-25GitHub
34
4
High Cost
GregBaugues icon

tokenbowl-mcp

by GregBaugues

Sec8

A Model Context Protocol (MCP) server for a fantasy football league, providing tools to interact with the Sleeper API, Fantasy Nerds API, and Token Bowl Chat for LLM-powered fantasy management.

Setup Requirements

  • ⚠️Python 3.11+ is required
  • ⚠️Requires `uv` for dependency management and running
  • ⚠️Requires API keys for Sleeper, Fantasy Nerds, and Anthropic set in `.env` file
  • ⚠️Token Bowl Chat API key must be provided as a query parameter in the SSE connection URL to use chat features
  • ⚠️Requires Redis server for caching (optional but recommended)
Verified SafeView Analysis
API keys for external services (Sleeper, Fantasy Nerds, Anthropic) and Redis are loaded from a .env file, preventing hardcoding. The Token Bowl Chat API key is passed as a query parameter in the SSE connection URL, which is less secure than a header but common for SSE. The server uses `httpx` for external API calls with timeouts and error handling. No `eval` or similar dangerous patterns were found. The server relies on the client environment (e.g., Claude Desktop) for access control to its core MCP tools.
Updated: 2025-12-15GitHub
PreviousPage 148 of 760Next