Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

55
128
Medium Cost
StarRocks icon
Sec5

Acts as a bridge between AI assistants and StarRocks databases for direct SQL execution, database exploration, and data visualization.

Setup Requirements

  • ⚠️Requires a StarRocks cluster running on localhost (default port 9030, user 'root', empty password, at least one BE node).
  • ⚠️Arrow Flight SQL functionality is optional and requires specific StarRocks FE configuration (e.g., `arrow_flight_sql_port = 9408` in `fe.conf`) and a FE restart.
  • ⚠️Requires Python 3.10 or higher and several Python packages (e.g., mysql-connector-python, pandas, plotly, kaleido, adbc-driver-manager, adbc-driver-flightsql, pyarrow). These are managed by 'uv' during installation/run but must be resolvable.
Review RequiredView Analysis
The server uses `eval()` for Plotly expressions, although it includes AST-based validation to restrict the expression's complexity. A significant SQL injection risk exists because many SQL queries, particularly in tools like `read_query`, `write_query`, and internal data fetching, are constructed via f-strings and sent without explicit parameterization to the database driver. This is especially problematic if user-controlled input (like query strings or database/table names from an AI agent) is not thoroughly sanitized upstream by the MCP framework or the AI agent itself. The `parse_connection_url` function has a known limitation where an `@` symbol in the password can lead to incorrect parsing, potentially causing connection failures or unintended host connections. Additionally, CORS is configured to `allow_origins=["*"]` by default for HTTP modes, which is insecure for production environments.
Updated: 2025-11-24GitHub
55
1
Low Cost
pedrospdc icon

datadog-mcp

by pedrospdc

Sec9

Exposes Datadog monitoring and observability data to AI models, enabling AI assistants like Claude to query metrics, traces, services, and dashboards.

Setup Requirements

  • ⚠️Requires Datadog API Key and Application Key (`DD_API_KEY`, `DD_APP_KEY`).
  • ⚠️Requires Go runtime environment for installation or building from source.
  • ⚠️Designed for integration with Claude Code/Desktop, though it can run standalone.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API keys (DD_API_KEY, DD_APP_KEY), avoiding hardcoded secrets. It operates as an MCP server, which typically communicates via standard I/O, limiting direct network attack surfaces. Input parameters for Datadog API calls are defined through Go structs and processed by the Datadog API client, reducing the risk of injection vulnerabilities. No 'eval' or similar dynamic code execution patterns are observed. The primary security consideration is the secure handling of Datadog API keys and the trust placed in the Datadog API client library itself.
Updated: 2025-12-10GitHub
55
1
Medium Cost
mazamaka icon

octo-mcp

by mazamaka

Sec7

Enables AI assistants like Claude to control Octo Browser profiles and automate browser actions through natural language.

Setup Requirements

  • ⚠️Requires Octo Browser application installed and running locally or on a remote host.
  • ⚠️Requires `playwright install chromium` to be run after installation for browser automation capabilities.
  • ⚠️Cloud API features (like searching profiles by name or tags) require an Octo Browser API token (`OCTO_API_TOKEN`) to be configured.
Verified SafeView Analysis
The `browser_evaluate` tool allows executing arbitrary JavaScript within the browser context. While this is an intended feature for browser automation, a poorly constrained AI agent could potentially misuse it to perform unwanted actions on visited websites. No direct `eval` of untrusted Python code or hardcoded secrets were found. The server's ability to connect to remote Octo Browser instances via `OCTO_HOST` implies that users must ensure proper network security for their Octo Browser API and CDP ports.
Updated: 2025-12-11GitHub
55
1
Medium Cost
arvindand icon

mcp-scaffold

by arvindand

Sec9

Generates AI-ready tools from Spring Data JPA applications for AI assistants using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Java 21+
  • ⚠️Requires Maven 3.9+
  • ⚠️Requires Spring AI 1.1.0+ with MCP server starter
  • ⚠️MCP client (e.g., Claude Desktop) needed to interact with tools.
Verified SafeView Analysis
The server's core function is build-time code generation using JavaParser and JavaPoet, which is generally safe as it doesn't involve runtime dynamic code execution. The generated tools are standard Spring components acting as wrappers for existing business logic. No direct 'eval' or malicious patterns were found. The example uses default H2 in-memory database credentials (sa, empty password) which is acceptable for development/examples but should not be used in production. Network exposure is typically localhost by default, managed by Spring AI's MCP server. The main security consideration would be prompt injection at the AI model layer, which is an inherent risk of AI tool usage, not a specific vulnerability in this server's code.
Updated: 2025-11-29GitHub
55
1
Low Cost
Teycir icon

Mcpwn

by Teycir

Sec8

Automated security testing and vulnerability scanning for Model Context Protocol (MCP) servers to detect common vulnerabilities like RCE, path traversal, and injection.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️May require `npx` to be installed if testing Node.js-based MCP servers (as in provided examples).
  • ⚠️Can cause local port conflicts (e.g., 8888 for SSRF, 5353 for OOB DNS) if ports are already in use, requiring manual intervention or waiting for cleanup.
  • ⚠️Running destructive tests (protocol fuzzing, subscription flood) can crash the target MCP server; `--safe-mode` can be used to skip these.
Verified SafeView Analysis
Mcpwn is a security scanner designed to generate and inject malicious payloads into target Model Context Protocol (MCP) servers. Its core function involves executing external processes via `subprocess.Popen` and `subprocess.run` to interact with target servers. While this is inherent to its purpose, users should be aware that running it against untrusted or production systems without permission can have severe consequences, as it actively attempts to exploit vulnerabilities. The code itself does not show direct `eval` or intentional self-harm. API keys for LLM integration are mentioned to be handled via environment variables or CLI flags, indicating good practice. Local network listeners (HTTP, DNS) are started for OOB/SSRF detection, which is part of its legitimate testing functionality and not a vulnerability within Mcpwn itself.
Updated: 2025-12-13GitHub
55
1
Low Cost
ironystock icon

agentic-obs

by ironystock

Sec7

Enables AI assistants to control OBS Studio through natural language commands for tasks like scene management, recording, and streaming.

Setup Requirements

  • ⚠️Requires Go 1.25.5+ for installation.
  • ⚠️Requires OBS Studio 28+ with its built-in WebSocket server enabled and configured (default port 4455).
  • ⚠️Designed for use with an MCP-compatible AI client like Claude Desktop, requiring client-side configuration to execute the `agentic-obs` command.
Verified SafeView Analysis
The application stores OBS WebSocket credentials, including the password, unencrypted in a local SQLite database (`db.sqlite`). While noted as an 'accepted risk' for single-user, local deployments, this still represents a local credential exposure. However, no 'eval' or dynamic code execution of user input was found. Environment variables are supported for overriding configuration, and SQL queries utilize parameterized statements, mitigating SQL injection risks. Network communication is limited to the OBS WebSocket API (typically localhost).
Updated: 2025-12-15GitHub
55
1
High Cost
zannagh icon

Synaptic.NET

by zannagh

Sec8

Provides a .NET-based server for Model-Client Protocol (MCP), RESTful RAG, and Blazor web UI, secured with OAuth2, leveraging Qdrant and OpenAI.

Setup Requirements

  • ⚠️Requires .NET SDK 10 (Preview)
  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Docker and Docker Compose required for recommended deployment
  • ⚠️Requires OAuth2 application setup (GitHub, Google, or Microsoft) and an externally available domain with TLS certificate for authentication callbacks.
Verified SafeView Analysis
The project uses placeholder secrets (e.g., API keys, JWT keys, database credentials) directly within `docker-compose.yml` and `appsettings.json`. The README explicitly instructs users to replace these with their own values, which is critical for security. Exposing services to `0.0.0.0` without a robust reverse proxy or firewall can be a network risk. OAuth2 authentication is implemented, which is a good security practice, but requires careful configuration of redirect URIs and client secrets.
Updated: 2025-12-10GitHub
55
1
Low Cost
kaoosurf-a11y icon

mcp-server-n8n

by kaoosurf-a11y

Sec5

Provides a Model Context Protocol (MCP) server for n8n to expose custom tools, starting with a mathematical expression evaluator.

Setup Requirements

  • ⚠️The server's listening PORT is hardcoded to 3000 and must match EasyPanel settings.
Review RequiredView Analysis
The server uses `mathjs.evaluate(input)` to process user-provided mathematical expressions. While `mathjs.evaluate` is generally safer than raw `eval()`, it still executes arbitrary user input as code within a mathematical context. This poses a potential risk for denial-of-service (e.g., very complex or long expressions) or, in highly unlikely scenarios, sandbox escapes if a fundamental vulnerability were found in the mathjs library. Input for the 'calculate' tool should be sanitized or validated if coming from untrusted sources.
Updated: 2025-12-11GitHub
55
1
Low Cost
Sec8

This project serves as a Python client demonstration for interacting with Azure DevOps, showcasing API calls for project management, work item manipulation, or pipeline status.

Setup Requirements

  • ⚠️Requires an Azure DevOps Personal Access Token (PAT) with appropriate permissions.
  • ⚠️Requires an existing Azure DevOps Organization URL, Project, and Team to connect to.
  • ⚠️Python 3.10 or newer is required.
Verified SafeView Analysis
The code itself is likely benign for a client demo; however, it requires and transmits a Personal Access Token (PAT) to Azure DevOps. The primary security consideration is securing this PAT, ensuring it has minimal necessary scope, and preventing its exposure or unauthorized access. Storing it in a .env file is common for development but requires care.
Updated: 2025-11-18GitHub
55
1
High Cost
AutodeskFusion360 icon

FusionMCPSample

by AutodeskFusion360

Sec1

Enables AI assistants to interact with Autodesk Fusion 360 for CAD/CAM operations through a Model Context Protocol (MCP) HTTP API, allowing for design information retrieval, tool execution, and visual validation.

Setup Requirements

  • ⚠️Requires Autodesk Fusion 360 to be installed and running.
  • ⚠️Manual installation by copying files to Fusion 360's add-ins directory and activating it from the Add-Ins panel.
  • ⚠️The server binds to `localhost:9100`; this port must be available or configurable manually in the code.
Review RequiredView Analysis
The `execute_api_script` tool allows arbitrary Python script source code to be executed directly within the Fusion 360 environment. This is a critical remote code execution vulnerability if an attacker gains access to the MCP endpoint or if the AI assistant generates malicious code. While the server binds to `localhost`, limiting external network exposure, any malicious process or compromised AI on the local machine could exploit this to execute arbitrary code with the permissions of Fusion 360.
Updated: 2025-12-12GitHub
55
1
Low Cost
Calvin-Francis icon

memory-mcp

by Calvin-Francis

Sec8

Provides AI assistants with persistent semantic memory and knowledge graph capabilities, enabling cross-session memory, semantic retrieval, and complex reasoning.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0
  • ⚠️Requires PostgreSQL >= 14 with the 'pgvector' extension, which must be manually installed.
  • ⚠️Requires an Aliyun DashScope API Key (a paid service) for generating embeddings.
Verified SafeView Analysis
The server uses parameterized SQL queries throughout `memory.js` and `graph.js` to prevent SQL injection. Configuration, including API keys and database connection strings, is loaded from environment variables, avoiding hardcoded secrets. Communication occurs over standard I/O (stdio) via JSON-RPC 2.0, which significantly limits external network attack surface. An LRU cache is implemented for embedding generation, reducing frequent calls to external APIs. While the server directly parses arbitrary JSON from stdin, there is no explicit input schema validation before arguments are passed to service functions. PostgreSQL's strong typing does offer a layer of protection against unexpected data types being directly inserted. There is a theoretical potential for denial-of-service (DoS) if excessively large or deeply nested JSON inputs are provided via stdin, though this is less critical for a local stdio connection.
Updated: 2025-12-01GitHub
55
1
Medium Cost
mihaelamj icon

cupertino-docs

by mihaelamj

Sec8

Provides a TLS/SSL implementation for SwiftNIO applications, enabling secure network communication for both clients and servers.

Setup Requirements

  • ⚠️Requires Swift 5.7 or newer to run (specific versions listed in documentation).
  • ⚠️For server-side usage, requires an X.509 certificate chain and an associated private key file.
  • ⚠️Requires integration into a SwiftNIO application's ChannelPipeline, involving specific ChannelHandler setup.
Verified SafeView Analysis
The SwiftNIO SSL library itself is designed for secure communication using BoringSSL. However, its effective security critically depends on correct implementation, including secure handling of certificate chains and private keys (e.g., 'cert.pem', 'key.pem'), proper certificate validation (e.g., hostname verification for clients), and robust TLS configuration by the application developer.
Updated: 2025-12-02GitHub
PreviousPage 40 of 647Next