Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

48
70
Medium Cost
huimeicloud icon

hm_editor

by huimeicloud

Sec3

This MCP server integrates an advanced medical record editor with AI capabilities, enabling structured document content management, data element manipulation, revision tracking, watermarking, and dynamic generation of charts and tabular data. It also provides search functionalities for medical staff, ICD codes, and geographical data, and supports PDF generation.

Setup Requirements

  • ⚠️Requires `DEEPSEEK_API_KEY` environment variable for AI model integration.
  • ⚠️Requires `canvas`, `echarts`, `wkhtmltopdf`, and `puppeteer` to be installed on the server machine. `wkhtmltopdf` and `puppeteer` are external binaries which can be complex to install and require Chromium (~200MB) for `puppeteer`.
  • ⚠️Assumes the local server is running on `http://127.0.0.1:7070` for internal MCP communication, as configured in `mcp-config.json`.
Review RequiredView Analysis
1. **Critical: Remote Code Execution (RCE) / Cross-Client Command Injection via MCP WebSocket**: The `mcp-server.js` `tools/call` endpoint allows an authenticated user to specify a `sessionId` in the arguments, which is then used to send arbitrary tool calls (method and arguments) to *any* connected WebSocket client associated with that `sessionId`. There is no validation to ensure the provided `sessionId` belongs to the calling client, posing a severe risk of remote arbitrary code execution on other users' active editor instances. For example, `insertDataAtCursor` or `setDocContent` could be exploited to inject malicious HTML/JavaScript. 2. **Potential RCE via PDF Generation**: The `/getPdfPath` endpoint in `src/print.js` takes `req.body.html` directly as input for `wkhtmltopdf`. If the HTML content is untrusted and contains known vulnerabilities for web rendering engines, this could lead to Remote Code Execution on the server where `wkhtmltopdf` is executed. 3. **Hardcoded Credentials**: `DEEPSEEK_API_KEY` is expected as an environment variable, but its management outside of `.env` files (e.g., if committed to a repository) could expose sensitive credentials. 4. **File System Operations**: Direct file system operations (read/write/delete) are performed for mock data and PDF generation. While `path.join` is used to mitigate some directory traversal risks, the overall attack surface through these operations requires careful input sanitization to prevent unintended file manipulation.
Updated: 2026-01-09GitHub
48
115
High Cost
domdomegg icon

computer-use-mcp

by domdomegg

Sec7

This server allows an AI model, such as Claude, to control a user's computer by interacting with the desktop GUI through mouse, keyboard, and screen capture actions.

Setup Requirements

  • ⚠️Requires Node.js to be installed on the host machine.
  • ⚠️Requires granting significant operating system-level permissions (e.g., Accessibility, Screen Recording on macOS) to the application or terminal running the server for desktop interaction.
  • ⚠️Optimal performance for AI models may require specific display resolutions (e.g., 720p) and installation of browser extensions like Rango for improved keyboard navigation, though these are not strictly mandatory for server function.
Verified SafeView Analysis
The server's core functionality grants complete control over the user's computer via desktop automation (mouse, keyboard, screen capture) using 'nut.js'. This is an inherent high-risk capability. The README explicitly warns users to treat it like 'giving a hyperactive toddler access to your computer' and suggests sandboxing. The HTTP transport option also lacks authentication and is explicitly warned against for use without a secure reverse proxy. No 'eval' or obvious obfuscation/malicious patterns were found in the provided source code. The risks are transparently communicated, allowing users to make informed decisions about mitigating risk through supervision or sandboxing.
Updated: 2026-01-07GitHub
48
95
Medium Cost
ccbikai icon

github-stars

by ccbikai

Sec7

This MCP Server allows users to semantically search and query their GitHub starred repositories using natural language, leveraging Cloudflare's AutoRAG for efficient AI-powered search over repository READMEs and metadata.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token with `repo` scope (highly privileged).
  • ⚠️Requires a Cloudflare account for R2 storage and AutoRAG instance.
  • ⚠️Requires `MCP_API_KEY` to be generated and configured for server access.
Verified SafeView Analysis
The MCP server implements API key authentication via `MCP_API_KEY`, which is good for access control. The `scripts/index.js` fetches GitHub data using `GH_TOKEN` with `repo` scope, a highly privileged token requiring careful management as a GitHub Secret. The system relies on external Cloudflare AutoRAG for search, meaning query processing is offloaded to a third-party AI service. No direct `eval` or obvious code injection vulnerabilities are present in the provided server code.
Updated: 2026-01-17GitHub
48
65
Medium Cost
Skobyn icon
Sec8

A Model Context Protocol (MCP) server that enables LLMs to interact with DataForSEO and Local Falcon SEO APIs for tasks like keyword research, backlink analysis, and SERP data retrieval.

Setup Requirements

  • ⚠️Requires DataForSEO API credentials (DATAFORSEO_LOGIN, DATAFORSEO_PASSWORD) as environment variables. LOCALFALCON_API_KEY is needed for optional Local Falcon tools.
  • ⚠️Requires Node.js and npm for installation (`npm install`) and building (`npm run build`).
  • ⚠️The HTTP server endpoint, when deployed (e.g., to Cloud Run), is publicly accessible by default. Production usage requires configuring authentication (e.g., API keys, IAM) as recommended in the provided documentation.
Verified SafeView Analysis
The code leverages Zod for robust input validation on tool parameters and relies on environment variables for API credentials, which are good practices. However, the HTTP server defaults to broad CORS (`Access-Control-Allow-Origin: *`), making it widely accessible. The `INTEGRATION_GUIDE.md` explicitly states it's 'currently unauthenticated (public access)' and recommends adding authentication (API Key or IAM) for production deployments. No 'eval' or direct command injection vectors are apparent within the server's core logic.
Updated: 2025-12-09GitHub
48
21
Low Cost
PatrickSys icon
Sec9

Provides AI coding agents with real-time, context-aware insights into a codebase's patterns, libraries, architecture, and conventions to improve code generation and review.

Setup Requirements

  • ⚠️Requires OpenAI API Key if 'openai' embedding provider is chosen (transformers is default, local).
  • ⚠️Requires 'git' to be installed for pattern momentum analysis (gracefully skipped if not available/git repo).
  • ⚠️Initial indexing can take several minutes for large codebases (e.g., 2-5 mins for 30k files).
Verified SafeView Analysis
The server performs `git log` commands, which, while using a hardcoded command, could pose a risk if `rootPath` is untrusted. OpenAI API key (if used) is handled via environment variable. Dependencies are actively maintained with recent security fixes (e.g., hono update). Local-first execution for embeddings and storage reduces external network attack surface. Overall, it follows good security practices for a local developer tool.
Updated: 2026-01-18GitHub
48
9
High Cost
zzgael icon

pedigree-mcp

by zzgael

Sec8

Generates family pedigree tree diagrams as PNG or SVG images, compliant with Bennett 2008/2022 NSGC standardized genetic notation, for use with Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher as specified in `package.json`.
  • ⚠️The 'sharp' dependency, essential for PNG generation, is a native module that might require specific build tools (e.g., `libvips`) on the host system, although pre-compiled binaries often simplify installation.
  • ⚠️Generating complex pedigree diagrams (especially large SVG or high-resolution PNGs) can produce very large output strings (hundreds of KB to megabytes), resulting in high token usage if transmitted to an LLM context.
Verified SafeView Analysis
The server communicates over standard I/O (stdio), significantly limiting direct network exposure. Input validation for tool arguments is performed robustly using Zod. While the `Individual` schema uses `passthrough()` allowing arbitrary extra fields, these are not directly utilized in a way that could lead to code injection. The primary security considerations involve potential vulnerabilities in underlying native image processing (`sharp`) or SVG rendering (`jsdom`, `d3`) libraries. These are widely used and generally well-maintained projects. No hardcoded secrets or direct `eval` calls were found in the provided source code.
Updated: 2025-12-08GitHub
48
3
High Cost
mattzcarey icon

txt2mcp

by mattzcarey

Sec6

Converts text files or remote URLs into Model Context Protocol (MCP) servers, providing a searchable interface for AI agents.

Setup Requirements

  • ⚠️Requires a Cloudflare account with Workers, R2 Bucket, and Durable Objects configured (not a standalone server).
  • ⚠️The search index (`Orama`) is rebuilt on every search query, leading to high CPU and memory usage, especially for large documents, which can significantly increase operational costs and latency. The index should be persisted after creation/update.
  • ⚠️The use of `fetch(url)` for user-provided URLs in remote content ingestion can lead to SSRF vulnerabilities without robust URL validation.
Review RequiredView Analysis
The server fetches content from user-provided URLs in `/api/remote` and the `MCPServer.alarm` function. This presents a Server-Side Request Forgery (SSRF) vulnerability, as an attacker could potentially direct the server to make requests to internal network resources or sensitive Cloudflare metadata endpoints if the Worker runtime's network isolation is not sufficiently restrictive or if the URLs are not validated against private IP ranges/internal domains. While Cloudflare Workers offer some sandboxing, the code itself does not implement explicit URL validation to prevent this type of exploit.
Updated: 2025-11-25GitHub
48
3
Medium Cost
DeepakJangra239 icon

kgraph

by DeepakJangra239

Sec9

Indexes codebases into a knowledge graph to enable semantic search, precise code navigation, and impact analysis for LLM agents.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️An initial `reindex_codebase(root_path="...")` call is mandatory after setup for the server to function, as it builds the knowledge graph.
  • ⚠️Performance for vector embeddings may vary significantly; it utilizes `mlx_embeddings` for Apple Silicon for speed, falling back to `sentence-transformers` on other platforms.
Verified SafeView Analysis
The project uses `sqlite3` with parameterized queries, and `yaml.safe_load` for parsing configuration, which are good practices. File system operations are scoped to a user-provided root path. Dynamic module loading for Tree-sitter parsers (`importlib.import_module`) is based on internal, trusted YAML configuration files, mitigating risk. There are no obvious `eval()` calls or direct `subprocess` invocations with unsanitized user input. The primary security consideration would be if an attacker could somehow inject malicious content into the `root_path` or internal configuration files, which is outside the immediate scope of the server's code handling.
Updated: 2025-12-03GitHub
48
62
High Cost
GroundNG icon

VibeShift

by GroundNG

Sec8

VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.

Setup Requirements

  • ⚠️Requires LLM API Key, Base URL, Version, and Model (e.g., OpenAI, Azure OpenAI, Google Gemini) configured in a .env file (paid service).
  • ⚠️Requires Playwright browser binaries to be installed (e.g., 'playwright install --with-deps').
  • ⚠️Requires external security tools (Semgrep, Nuclei) to be installed and in system PATH, or Docker for OWASP ZAP.
  • ⚠️The 'record_selectors_and_save_auth_state' feature will prompt for and save actual user credentials to disk (auth_state.json), posing a local security risk if compromised.
Verified SafeView Analysis
The system utilizes subprocess.run to execute external security tools (Semgrep, Nuclei, ZAP), which is a controlled but inherent risk. Input validation and command quoting (shlex.quote) are used to mitigate injection risks. Playwright's page.evaluate is used to inject JavaScript for DOM manipulation and event listening (e.g., click overrides, UI panel), which is standard practice for browser automation but means injected JS code runs in the browser context. LLM API keys are loaded via environment variables, not hardcoded, which is good practice. The auth_state.json feature saves user credentials to disk, which is a potential local information disclosure risk if the file is not adequately secured, though user-initiated.
Updated: 2025-11-29GitHub
48
42
Medium Cost
winyunq icon
Sec7

Provides an AI-assisted, version-controlled workflow for designing, modifying, and animating Unreal Engine 5 UMG UI assets programmatically, treating JSON as the source of truth.

Setup Requirements

  • ⚠️Requires Unreal Engine 5.6 or newer.
  • ⚠️Requires Python 3.10+ and 'uv' for dependency management.
  • ⚠️Critical startup order: Launch Unreal Engine 5 project FIRST, then launch the Gemini CLI.
  • ⚠️The 'mcpServers' configuration in `settings.json` requires an absolute path to the `Resources/Python` folder on your machine.
Verified SafeView Analysis
The server design relies on a trusted local execution environment, typically on a developer's machine, communicating with a local Unreal Engine instance. The system allows AI to create, modify, and delete UMG assets and Blueprint logic, which are powerful operations but are confined within the Unreal Engine context. Dynamic loading of tools and prompts from `prompts.json` could be a risk if the file is untrusted, allowing malicious tool descriptions or enabling risky tools. XML parsing in `UMGHTMLParser.py` uses `ElementTree`, which is generally safe against common XXE attacks by default. `subprocess.Popen` is used in wrapper scripts for server management, which is controlled. No hardcoded secrets were found. The primary security consideration is to only run this in a controlled development environment with trusted `prompts.json` configurations.
Updated: 2026-01-19GitHub
48
44
Medium Cost
PSU3D0 icon
Sec7

Analyze and edit spreadsheet files programmatically, designed for token-efficient interaction by LLM agents, focusing on structured data access, modification, formula analysis, and optional VBA inspection.

Setup Requirements

  • ⚠️Full write/recalculation features (e.g., `recalculate`, `screenshot_sheet`) require LibreOffice to be installed and properly configured (specifically, the `soffice` executable) and for the correct LibreOffice macros to be present. The `:full` Docker image is recommended for this.
  • ⚠️A `workspace_root` directory must be configured and accessible, and it should contain the spreadsheet files to be analyzed. This directory is where the server will operate, including creating temporary fork files, checkpoints, and screenshots.
  • ⚠️The `save_fork` tool can overwrite the original workbook file only if the `--allow-overwrite` server flag or `SPREADSHEET_MCP_ALLOW_OVERWRITE` environment variable is explicitly set. This powerful feature requires careful usage.
Verified SafeView Analysis
The server performs extensive file system operations (reading/writing/creating temporary files) and executes external binaries (LibreOffice, pdftoppm) for core functionality (recalculation, screenshots). While the provided source code shows effort in sanitizing paths and arguments to external commands, the inherent nature of these operations means that a misconfigured `workspace_root` (allowing untrusted code execution or file writes to sensitive directories) or a vulnerability in LibreOffice/pdftoppm could pose a risk. The `save_fork` tool, if `--allow-overwrite` is enabled, can modify original source files, which requires careful consideration. VBA code is only read, not executed, which is a good security practice.
Updated: 2026-01-08GitHub
48
46
Medium Cost
proofgeist icon
Sec9

Provides an interface for AI agents (like Claude Desktop) to query and analyze local Granola.ai meeting data.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires 'uv' package manager (or manual pip/venv setup).
  • ⚠️Exclusively runs on macOS with Granola.ai installed and its local cache file present.
  • ⚠️Installation directory should be your home directory (~/) to avoid macOS permission issues with Claude Desktop.
Verified SafeView Analysis
The server explicitly states it performs '100% Local Processing' and 'No External API Calls', which is a strong security posture. It reads from a local Granola cache file (`cache-v3.json`). The primary security risk would be if the Granola cache file itself could be maliciously tampered with by another process on the user's system, which is a system-level security concern rather than a flaw in this server's code. No usage of `eval` or other direct code execution from external input was found.
Updated: 2026-01-16GitHub
PreviousPage 61 of 760Next