Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7632)

81
2
Low Cost
At0mXploit icon

Trackor

by At0mXploit

Sec9

Provides an MCP server for tracking personal expenses, including adding, listing, summarizing, updating, and exporting data.

Setup Requirements

  • ⚠️Direct remote deployment with Claude requires a Claude Pro subscription.
  • ⚠️Non-Pro Claude Desktop users must run a local proxy and install a custom desktop extension via `mcpb`.
  • ⚠️Requires `uv` to manage dependencies and run the server (`uv sync` for installation).
Verified SafeView Analysis
The server code (mcp.py) uses parameterized queries for all database interactions with SQLite, effectively preventing SQL injection vulnerabilities. No 'eval' or similar dynamic code execution functions are present. File paths are handled relative to the current working directory, which is standard for a local application. No hardcoded secrets or API keys are found in the provided source.
Updated: 2025-12-13GitHub
81
2
Medium Cost
contextstream icon

mcp-server

by contextstream

Sec9

Provides persistent memory, semantic search, and code intelligence to AI coding tools (e.g., Cursor, Claude Code, VS Code) by acting as an MCP server proxy to the ContextStream API, enabling AI to 'remember' context across sessions and tools.

Setup Requirements

  • ⚠️Requires a ContextStream API Key (or JWT) for authentication, obtained from contextstream.io.
  • ⚠️Relies on an external ContextStream API service to function.
  • ⚠️Requires Node.js version 18 or higher.
Verified SafeView Analysis
The server correctly handles API keys/JWTs via environment variables, avoiding hardcoded secrets. Network requests are made using standard `fetch` with retries and timeouts, and a specific user agent is set. File system operations are localized to `.contextstream/config.json` in the project root and `~/.contextstream-mappings.json` globally, as well as reading project files for indexing. File reading for ingestion includes explicit ignore lists for common sensitive directories/files (`node_modules`, `.git`, lock files) and a maximum file size limit (1MB), mitigating risks of accidental data exposure or excessive resource consumption. No `eval` or similar dynamic code execution vulnerabilities were found. Overall, the server appears well-designed for security within its intended scope as a local client-side agent.
Updated: 2025-12-12GitHub
81
2
Medium Cost

continue-snyk-mcp

by chipper-teapot

Sec9

Integrates Snyk security scanning and automated vulnerability patching into the Continue AI coding assistant workflow.

Setup Requirements

  • ⚠️Requires Snyk CLI to be installed globally.
  • ⚠️Requires Snyk CLI to be authenticated (`snyk auth`) with a Snyk account.
  • ⚠️Requires a Continue-compatible LLM to be configured and running (e.g., OpenAI API Key, local Ollama).
Verified SafeView Analysis
The MCP server acts as a local bridge to the Snyk CLI. Security relies on the trustworthiness of the Snyk CLI and the user's understanding of its data transmission policies (e.g., source code analysis sent to Snyk's cloud). The setup is transparent and does not introduce additional inherent vulnerabilities beyond the intended use of Snyk.
Updated: 2025-11-17GitHub
81
2
Low Cost
dhanababum icon

supermcp

by dhanababum

Sec2

A multi-tenant platform enabling AI assistants to connect with and manage various SQL databases through standardized connectors and a web-based interface.

Setup Requirements

  • ⚠️Python 3.12+ required
  • ⚠️Docker and Docker Compose are recommended for full platform deployment, involving multiple services (PostgreSQL, FastAPI app, Frontend, Connectors)
  • ⚠️The `uv` package manager is explicitly used and recommended for local Python setups, which may require prior installation
  • ⚠️Database-specific drivers (e.g., `psycopg2-binary`, `pymysql`, `pyodbc`) must be manually installed for each database type the `tenants_sqldb` connector is intended to support.
  • ⚠️A hardcoded JWT secret is used for user authentication, which is a critical security flaw that needs to be addressed in deployment by overriding the `SECRET` variable in `app/src/users.py` (e.g., via environment variables or a secure configuration mechanism) to prevent token forgery.
Review RequiredView Analysis
Critical vulnerability: The `fastapi-users` library, used for user authentication (login, registration, password reset), is configured with a hardcoded JWT secret (`SECRET = "SECRET"` in `app/src/users.py`). This allows any attacker to easily forge valid user authentication tokens (both JWT bearer and cookie-based), thereby bypassing authentication for regular users and potentially superusers. While the internal communication between the backend and connectors uses a separate, environment-variable-controlled `JWT_SECRET`, the user-facing authentication system is severely compromised. Additionally, logo storage path handling needs careful sanitization to prevent path traversal vulnerabilities, though `os.path.join` provides some protection.
Updated: 2025-12-11GitHub
81
344
Medium Cost
mondaycom icon

mcp

by mondaycom

Sec2

A server implementation for the Model Context Protocol (MCP) that provides an interface for AI agents to interact with the monday.com API, enabling agents to operate reliably within monday.com workflows.

Setup Requirements

  • ⚠️Requires a monday.com API key for authentication.
  • ⚠️ATP mode is an Alpha Feature; APIs and behavior may change, implying potential instability and unhardened security.
  • ⚠️For hosted MCP with OAuth and workspace controls, an admin must install the Monday MCP app from the monday.com marketplace.
Review RequiredView Analysis
The ATP (Agent Tool Protocol) mode includes an `execute_code` tool that explicitly allows AI agents to 'execute JavaScript code to call monday.com APIs dynamically'. This is a severe security risk, equivalent to `eval`, as it grants the agent remote code execution capabilities on the server without explicit details on sandboxing or strict input validation. If an agent's output is compromised, this could lead to critical system vulnerabilities. Additionally, the `all_monday_api` tool allows dynamic GraphQL queries/mutations, providing broad API access that could be exploited if an agent generates malicious queries. The ATP mode is marked as an 'Alpha Feature', indicating it may not be fully hardened against attacks.
Updated: 2025-12-11GitHub
81
2
Medium Cost
muness icon
Sec8

Allows AI assistants to query Amazon order history by wrapping the amazon-orders Python library.

Setup Requirements

  • ⚠️Requires Amazon login credentials (email and password, potentially a 2FA OTP code or secret key).
  • ⚠️Relies on web scraping Amazon.com, which is unofficial, may break if Amazon changes its site structure, and could lead to Amazon account flagging or suspension.
  • ⚠️Only supports the English Amazon.com site.
Verified SafeView Analysis
The server uses environment variables (or .env file) for Amazon credentials, which is good practice. It explicitly loads environment variables using python-dotenv. No 'eval' or obvious malicious code patterns were found. The primary security risk comes from the underlying `amazon-orders` library which performs web scraping, meaning Amazon may detect and block activity, potentially leading to account issues. Debug output for login failures can include full tracebacks, which might expose internal server details if not handled carefully by the consuming AI, though it does not appear to expose credentials.
Updated: 2025-12-12GitHub
81
310
Low Cost
microsoft icon

mcsmcp

by microsoft

Sec8

Deploys a Model Context Protocol (MCP) server that provides various joke-fetching tools to be integrated with LLMs, specifically Microsoft Copilot Studio, to enhance conversational AI with external context.

Setup Requirements

  • ⚠️Requires Node.js v22
  • ⚠️Requires Docker for development (implied by prerequisites for local dev setup, though not strictly for `npm start`)
  • ⚠️Requires an Azure Subscription (with payment method) for cloud deployment
  • ⚠️Requires Microsoft Copilot Studio trial or developer account for full integration
Verified SafeView Analysis
The server correctly handles different HTTP methods, allowing POST for MCP requests and returning 405 for GET/DELETE, which prevents misuse. Input parameters for tools are validated using Zod, mitigating some injection risks. It fetches data from external, public joke APIs; while this inherently relies on external trust, the nature of the data (jokes) is low risk. The deployment explicitly allows public access, which is by design for a demo but would require careful consideration for production-grade sensitive data. No hardcoded secrets or 'eval' statements were found.
Updated: 2025-12-02GitHub
81
2
Medium Cost
polymons icon
Sec7

Transparent security proxy for LLM tool interactions, employing ensemble anomaly detection to classify requests as benign or malicious.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for orchestration of multiple services.
  • ⚠️Optimal performance for the local LLM service requires an NVIDIA GPU with appropriate drivers (configurable via `LLM_N_GPU_LAYERS`).
  • ⚠️Cloud LLM service (OpenAI/Gemini) requires a paid API key (`CLOUD_OPENAI_API_KEY` or `CLOUD_GOOGLE_API_KEY`) if selected as the LLM backend.
  • ⚠️Pre-trained models for the detectors (`.pt` files) are expected or must be generated via the `research/tools/train_models.py` script, which can be computationally intensive.
Verified SafeView Analysis
The MCP Bridge (security proxy) component implements robust security features, including an ensemble of rule-based, statistical, and semantic detectors, network isolation for tools (mcp-secure internal network), and fail-safe blocking. However, the underlying MCP tool servers (filesystem, sqlite, time, fetch, memory) are intentionally designed to be vulnerable to common attacks (e.g., SQL injection via direct `cursor.execute`, command injection via timezone parameter, path traversal when `SAFE_MODE=false`), as this is a research project testing the proxy's detection capabilities. A bypass of the proxy would expose these severe vulnerabilities. The `is_safe_to_run` assumes the system is run with the proxy actively protecting these intentionally vulnerable tools.
Updated: 2025-12-13GitHub
81
2
Low Cost
kawsarlog icon

awesome-mcp-api

by kawsarlog

Sec10

A curated directory of Model Context Protocol (MCP) APIs designed to be integrated into AI agents, LLM workflows, and automation frameworks.

Verified SafeView Analysis
The provided 'source code' consists solely of the README.md for the 'awesome-mcp-api' repository, which serves as a directory of external Apify Actors/MCP servers. The repository itself contains no executable code to audit for security vulnerabilities like 'eval', obfuscation, or hardcoded secrets. Therefore, it is inherently safe to view. However, the security of the *individual MCP servers* listed in the README is not assessable here and would depend on their respective implementations, which are not provided.
Updated: 2025-12-10GitHub
81
2
Medium Cost

toon-context-mcp

by aj-geddes

Sec6

A server designed for managing game or application context, likely in a 'toon' (game/animated) environment, with integration capabilities for AI models like Claude.

Setup Requirements

  • ⚠️Requires Anthropic Claude API Key (Paid)
  • ⚠️No README available, making setup and configuration details unavailable.
Review RequiredView Analysis
As a server, it inherently involves network communication. Without access to the code, specific vulnerabilities (e.g., 'eval' usage, insecure API handling, data exposure) cannot be assessed. Integration with Claude AI implies potential external API calls and data transfer, which could pose risks depending on implementation.
Updated: 2025-11-18GitHub
81
91
Low Cost
aitrados icon
Sec8

A specialized MCP server for financial analysis and quantitative trading, designed to deploy local financial MCP services with a departmental architecture for LLM integration and algorithmic trading.

Setup Requirements

  • ⚠️Requires AITRADOS_SECRET_KEY obtained via free registration at https://www.aitrados.com/.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Broker integration (if enabled via `ENABLE_RPC_PUBSUB_SERVICE` and `auto_run_brokers`) requires the `aitrados-broker` package and specific configuration in `config.toml`.
Verified SafeView Analysis
The server dynamically loads user-defined MCP Python files using `importlib.util` and `exec_module`, which can pose a risk if untrusted code is loaded. It interacts with external financial data APIs and can integrate with brokerage services (`aitrados-broker`), requiring careful handling of API keys and broker configurations. Sensitive keys are expected to be set as environment variables and validated in request headers, which is good practice. Overall, well-designed for its intended extensibility but requires user vigilance regarding custom code and sensitive financial integrations.
Updated: 2025-11-19GitHub
80
53
Medium Cost
82ch icon

MCP-Dandan

by 82ch

Sec8

Integrated monitoring service for MCP (Model Context Protocol) communications that detects and blocks security threats in real time, featuring an Electron-based desktop UI for management.

Setup Requirements

  • ⚠️Requires Python 3.8+
  • ⚠️Requires Electron 35+
  • ⚠️MISTRAL_API_KEY is required to enable the LLM-based Tools Poisoning Engine (Mistral is a paid API, but the engine uses a semaphore to limit concurrent calls).
  • ⚠️On macOS, `mcp_python_install_certificates.py` might require `sudo` to install SSL certificates.
Verified SafeView Analysis
The project is a security framework that requires deep system interaction, including modifying application configurations and spawning child processes, which are inherently complex operations. The codebase demonstrates awareness of these risks by implementing measures such as config backup/restore, explicit YARA rule syntax validation for custom rules, and using prepared statements for database operations (in the backend). The Electron frontend leverages a preload script to expose a controlled API, limiting direct Node.js access. IPC calls from the renderer to the main process are used to interact with the Python backend, which is responsible for sensitive operations. A notable aspect is the `ELECTRON_DISABLE_SECURITY_WARNINGS = 'true'` flag used during development, which is typically undesirable for a security product but common in development environments. `execSync` is used for process management and config modification, which requires careful control but appears to be used in a measured way (e.g., calling `config_finder.py` with specific flags to disable/restore proxies).
Updated: 2025-12-14GitHub
PreviousPage 22 of 636Next