Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

34
4
Medium Cost
afterxleep icon

doc-bot

by afterxleep

Sec9

An intelligent MCP (Model Context Protocol) server that enhances AI coding assistants by providing smart documentation management and API references for deep project understanding.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️The server defaults to looking for a 'doc-bot' directory in the current project root; this folder must exist and contain markdown documentation files, or a custom path must be provided.
  • ⚠️Requires an MCP-compatible AI assistant (e.g., Claude, Cursor) to interact with its tools and resources; it is not a standalone HTTP/REST API server.
Verified SafeView Analysis
The server demonstrates good security practices by using parameterized queries for SQLite databases, running docset database connections in read-only mode, and employing `fs-extra.ensureDir` to control extraction paths for downloaded docsets, mitigating some path traversal risks. Outbound network requests via `axios` are user-initiated for docset downloads. No `eval` statements or hardcoded sensitive secrets were found in the core server logic. The primary security considerations revolve around potential vulnerabilities in third-party archive extraction libraries (`tar`, `adm-zip`) or a user/agent introducing malicious docset content.
Updated: 2026-01-16GitHub
34
3
Medium Cost
actuallyrizzn icon

ucw

by actuallyrizzn

Sec6

Analyze system commands to generate callable Python wrappers or MCP plugin files for AI clients.

Setup Requirements

  • ⚠️Requires Python 3.8+ to run.
  • ⚠️Relies on external system commands (e.g., `ls`, `dir`, `man`) being available on the host system and outputting standard help formats for successful parsing.
  • ⚠️Primarily designed as a plugin for SMCP (Simple MCP), requiring an SMCP server for full integration and to leverage its intended ecosystem benefits.
Review RequiredView Analysis
The project's core functionality involves executing arbitrary system commands via `subprocess.run`, which carries inherent security risks if command names or arguments are not properly controlled or sanitized. The documentation explicitly acknowledges this, stating that UCW assumes the runtime environment provides its own security boundaries and recommends deploying it within a container or restricted user namespace with limited privileges. There are no obvious signs of 'eval', obfuscation, or hardcoded secrets within the provided source code, but the direct command execution capability necessitates strict environmental sandboxing. If deployed without proper containment, it could lead to privilege escalation or arbitrary code execution.
Updated: 2025-12-15GitHub
34
3
Low Cost
mrsimpson icon

quiet-shell-mcp

by mrsimpson

Sec3

An MCP server designed to filter verbose shell command output for AI agents, reducing context window consumption and highlighting important information like errors and summaries.

Setup Requirements

  • ⚠️Requires Node.js >= 18
Verified SafeView Analysis
The server's core functionality is to execute arbitrary shell commands via an API using `shell: true`. This design allows for direct execution of any command passed by the AI agent, including potentially malicious ones (e.g., `rm -rf /`). While intended for trusted AI agents in controlled environments, there is no explicit input sanitization of the `command` parameter shown in the provided source code. This poses a significant security risk if the AI agent or its inputs are compromised, potentially leading to arbitrary code execution on the host system. It should only be run in highly trusted and/or isolated environments.
Updated: 2026-01-15GitHub
34
2
Medium Cost
BhavyaJethwa icon

Kotak_Neo_MCP_Server

by BhavyaJethwa

Sec2

Enables natural language trading on the Kotak Neo platform via an LLM client such as Claude Desktop.

Setup Requirements

  • ⚠️Docker is required to run the Neo Worker service due to dependency conflicts.
  • ⚠️A Redis server is required for the Neo Worker service to store and retrieve user session data (although not explicitly started in the provided run steps, it's configured as 'redis' host).
  • ⚠️Kotak Neo API credentials (mobile number, UCC, consumer key, TOTP, MPIN) are required for initial authentication via the validate endpoint to establish a trading session.
  • ⚠️The MCP server (trade.py) uses a hardcoded session ID, overriding the dynamic session IDs generated by the worker's /validate endpoint. This needs to be addressed for secure, multi-user operation.
Review RequiredView Analysis
CRITICAL: The `mcp_server.py` hardcodes a single `session_id` ('2c5f8ebf-1ade-4746-bded-c4502a9f5d2e') for all trading operations (get holdings, limits, positions, buy, sell). This means all users interacting with the MCP server would be performing actions on the same, shared Kotak Neo account. There is no individual user session management or authentication at the MCP server level for trading actions. This is a severe vulnerability, making the system unsafe for real-world trading without significant modifications to dynamically manage user sessions.
Updated: 2025-11-25GitHub
34
4
Low Cost

Implements role-based access control for AI Assistant tools using Model Context Protocol (MCP) and Cerbos policies.

Setup Requirements

  • ⚠️Requires Node.js (v16+)
  • ⚠️Requires Docker (for Cerbos PDP)
  • ⚠️Cerbos Policy Decision Point (PDP) must be running separately in Docker
Verified SafeView Analysis
The server includes a simulated user authentication (`req.user = { ... }`) for demonstration purposes, explicitly stating it should be replaced with OAuth in production. This is not a vulnerability in the context of a demo but a critical point for deployment. The Cerbos client connects to `localhost:3593` without TLS, which is acceptable for local development but would be a network risk if the Cerbos PDP were exposed publicly without TLS. No 'eval' or direct malicious patterns are present in the provided source code.
Updated: 2026-01-12GitHub
34
3
High Cost
Solvro icon

ml-mcp

by Solvro

Sec8

A production-ready Model Context Protocol (MCP) server for a Retrieval-Augmented Generation (RAG) system, leveraging a Neo4j knowledge graph to answer natural language queries about Wroclaw University of Science and Technology.

Setup Requirements

  • ⚠️Requires a paid LLM API key (OpenAI, DeepSeek, Google, or CLARIN).
  • ⚠️Requires a running Neo4j database instance.
  • ⚠️Requires Python 3.12 or higher.
Verified SafeView Analysis
The system avoids hardcoded secrets by using environment variables. It utilizes standard frameworks (FastAPI, FastMCP) and Pydantic for config validation. The primary security consideration is Cypher injection, as LLMs generate database queries. The prompts are strictly engineered to produce 'ONLY valid Cypher query' and 'ONLY executable Cypher statements' with format rules, which is a strong mitigation strategy. Error handling for query execution is in place. However, the inherent risk of LLMs generating unexpected output (even with guardrails) means complete immunity from Cypher injection cannot be guaranteed if the LLM is significantly compromised.
Updated: 2026-01-17GitHub
34
2
Low Cost
markng icon

sequence-mcp

by markng

Sec9

An MCP server enabling AI assistants to programmatically interact with Sequence banking APIs for fetching account data and triggering automation rules.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️A Sequence account with the External API enabled is mandatory.
  • ⚠️Requires generating an access token and/or rule API secrets from the Sequence dashboard.
  • ⚠️The SEQUENCE_ACCESS_TOKEN environment variable must be set for the 'get_accounts' tool to function.
Verified SafeView Analysis
The server uses environment variables (SEQUENCE_ACCESS_TOKEN) and direct parameters (API secrets) for credentials, which is a good practice. It handles API errors robustly and explicitly advises users on securing their tokens. No 'eval' or direct shell command injection points are apparent. All network communication is over HTTPS. The project clearly states its unofficial status.
Updated: 2026-01-19GitHub
34
2
Low Cost
bossdong955 icon

mcp-server-example

by bossdong955

Sec9

An example MCP (Micro-Capability Protocol) server demonstrating three transport modes to fetch Weibo hot searches.

Setup Requirements

  • ⚠️Requires Python 3.11 (Conda environment recommended)
  • ⚠️Requires uninstalling any previous 'mcp' package before installing 'fastmcp'
  • ⚠️Client configuration may require `PYTHONUTF8=1` to prevent encoding issues
Verified SafeView Analysis
The code makes a standard HTTP GET request to an external Weibo API endpoint. No 'eval', obfuscation, or hardcoded secrets are present. User-Agent is hardcoded. The server exposes functionality to retrieve public data, which is low risk. The main security consideration is relying on the external Weibo API's availability and data structure.
Updated: 2025-12-13GitHub
34
3
High Cost
Sec8

Manages and deploys a collection of MCP (Multi-Modal Compute Protocol) server configurations for WRLD Inc's development environments using Docker MCP Gateway.

Setup Requirements

  • ⚠️Requires Docker Desktop with MCP Toolkit (latest version) as a prerequisite.
  • ⚠️Extensive setup of 1Password CLI and a dedicated 'WRLD MCP' vault is required for secure secrets management, including creating multiple secret items.
  • ⚠️OAuth authentication is required for the 9 Cloudflare-specific MCP servers.
  • ⚠️The remote deployment script ('scripts/deployment/deploy.sh') specifically supports Ubuntu 22.04, 24.04, and Debian 12.
Verified SafeView Analysis
The project heavily relies on 1Password for secure secret management, explicitly advising against committing credentials. Deployment scripts utilize SSH for remote host configuration, installing Docker and 1Password CLI via common 'curl | sudo sh' patterns, which carry inherent supply chain risks. No direct hardcoded secrets or malicious patterns are observed within the provided code snippets. Overall, good security practices are emphasized.
Updated: 2025-11-30GitHub
34
2
Medium Cost
leifermendez icon

mcp-server-bbc

by leifermendez

Sec9

An AI assistant that manages BuilderBot projects by listing, retrieving, creating, updating, deleting, and duplicating projects using a set of defined tools.

Setup Requirements

  • ⚠️Requires BUILDERBOT_API_KEY environment variable (specific to BuilderBot).
  • ⚠️Requires OPENAI_API_KEY environment variable for the GPT-4o-mini model (a paid service).
Verified SafeView Analysis
The application is built using the VoltAgent framework and interacts with an external 'BuilderBot' API. It correctly retrieves the BUILDERBOT_API_KEY from environment variables. The API client uses HTTPS and includes basic error handling for common HTTP status codes. There are no apparent hardcoded sensitive credentials within the application logic, 'eval' usage, or other obvious malicious patterns. The 'install-docker.sh' script is for Docker installation and not part of the application's runtime security, but its execution requires root privileges.
Updated: 2025-11-21GitHub
34
3
Medium Cost
grapelike-class151 icon

cursor-skills

by grapelike-class151

Sec8

A comprehensive repository and static website for CURSOR IDE best practices, rules, guidelines, templates, and examples across various programming environments, with a utility for link validation.

Setup Requirements

  • ⚠️Requires Node.js for building the static website and npm for dependency management.
  • ⚠️Requires Python 3.x for running the `checklinks.py` utility (standard libraries generally sufficient).
  • ⚠️The root `README.md` describes an unconventional installation method (downloading a .zip and running an 'installation wizard'), which conflicts with the standard Git/npm workflow implied by the source code for building and serving the static site.
Verified SafeView Analysis
The `checklinks.py` script, a web crawler utility, has its `base_url` hardcoded, limiting Server-Side Request Forgery (SSRF) risk in its current configuration. Node.js build/validation scripts use `execSync` but only with predefined commands for repository maintenance, not exposed to arbitrary user input, thus posing a low security risk. The overall project primarily generates a static website, which inherently reduces common server-side vulnerabilities. Security largely depends on the integrity of referenced third-party packages and the examples themselves if users run them.
Updated: 2026-01-19GitHub
34
4
Medium Cost

This server allows LLMs to fetch web content, automatically cleaning HTML into markdown, extracting key metadata like title and author, and supporting chunked reading.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to be installed.
  • ⚠️Without strict network egress policies on the host, running this server exposes the local network and filesystem to arbitrary URL fetches via the LLM.
  • ⚠️Requires manual configuration in `claude_desktop_config.json` for desktop app integration.
Review RequiredView Analysis
CRITICAL RISK: The server fetches arbitrary URLs provided by the LLM (`fetch(args.url)`) without sufficient validation or network egress filtering. This makes it vulnerable to Server-Side Request Forgery (SSRF) attacks. An LLM could be prompted to access internal network resources (e.g., `http://192.168.1.100`), local files (e.g., `file:///etc/passwd`), or use the server as a proxy for malicious external requests. While `z.string().url()` validates the URL *format*, it does not prevent access to sensitive schemas or private IP ranges. Additionally, the `raw` parameter allows returning raw HTML, which could potentially expose the LLM or its downstream consumers to XSS if not properly sanitized on the client side, though the primary server-side risk is SSRF.
Updated: 2026-01-13GitHub
PreviousPage 154 of 760Next