Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

45
39
Medium Cost
freema icon

mcp-gsheets

by freema

Sec9

A Model Context Protocol (MCP) server for Google Sheets API integration, enabling reading, writing, and managing Google Sheets documents directly from MCP clients like Claude Code, Claude Desktop, or Cursor.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires a Google Cloud Project with the Google Sheets API enabled.
  • ⚠️Requires a Google Service Account with JSON key file, or direct private key/email, and 'Editor' permissions on target spreadsheets.
Verified SafeView Analysis
The server demonstrates strong security practices, including explicit reliance on environment variables for sensitive Google Cloud credentials (avoiding hardcoding), comprehensive input validation using Zod and custom helpers, and robust error handling. No 'eval' or obfuscation was found. The interaction with Google Sheets API occurs over HTTPS, and local execution uses stdio, limiting direct network exposure. The `parseJsonInput` utility uses `JSON.parse`, which is safe for its intended use case of parsing configuration objects.
Updated: 2025-12-15GitHub
45
42
Low Cost
inai-sandy icon

inAI-wiki

by inai-sandy

Sec9

A collaborative, open-source knowledge hub and index for a wide array of AI resources, including news, applications, agents, LLMs, and Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Jekyll (Ruby-based static site generator) to run locally.
Verified SafeView Analysis
The provided source code consists primarily of Markdown files for a static website (Jekyll theme). There is no executable server-side code (e.g., Python, Node.js, Go) for an actual 'MCP Server' or any other dynamic application. Therefore, common server-side security risks such as 'eval' usage, obfuscation, network vulnerabilities from dynamic routes, or hardcoded secrets within active server logic are not applicable to this repository itself. The project explicitly details a `SECURITY.md` for vulnerability reporting, which is a good practice. The main risk, as with any content repository, would be malicious content in contributed Markdown files if not properly reviewed, but this is a content-level risk, not a code execution one. The score reflects the inherent low risk of running this as a static site.
Updated: 2026-01-19GitHub
45
52
Medium Cost
IzumiSy icon
Sec9

Manages and queries a knowledge graph using DuckDB as an embedded backend for AI agent memory, specifically designed for the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 24.x
  • ⚠️Primarily designed for integration with Model Context Protocol (MCP) clients such as Claude Desktop
Verified SafeView Analysis
The server uses parameterized SQL queries via the `@duckdb/node-api` library, effectively preventing SQL injection vulnerabilities. Input validation for all MCP tool calls is handled robustly using Zod schemas. Communication occurs over standard I/O (stdio), limiting direct network exposure. No hardcoded secrets or 'eval' usage were identified. File system operations are confined to managing the DuckDB data file.
Updated: 2026-01-13GitHub
45
25
Low Cost
saaslabsco icon

justcall-mcp-server

by saaslabsco

Sec9

Enables Large Language Models (LLMs) and AI agents to make real-world voice calls, send SMS, and manage other telephony features directly through JustCall’s APIs.

Setup Requirements

  • ⚠️Requires JustCall API Key & Secret (paid JustCall account).
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop/Web, ChatGPT Plus/Pro/Business/Enterprise) for interaction.
  • ⚠️The server acts as a proxy; actual voice/SMS/AI usage will incur costs from JustCall and the interacting LLM platform.
Verified SafeView Analysis
The server implements OAuth2 authentication with PKCE (Proof Key for Code Exchange) using S256, which is a strong security standard. All protected endpoints (`/mcp`, `/sse`, `/sse/message`) require Bearer token authentication, which is validated upon each request. API keys are expected to be provided via environment variables (`JUSTCALL_API_KEY`, `JUSTCALL_API_SECRET`) or as a bearer token in the `Authorization` header, preventing hardcoding. Input validation is performed using Zod schemas, mitigating common input-related vulnerabilities. No 'eval' or other directly dangerous functions are observed in the provided source, and network calls are restricted to the official JustCall API. The server is designed to run in environments like Cloudflare Workers, which can offer additional security benefits.
Updated: 2026-01-09GitHub
45
64
Low Cost
DataZooDE icon

flapi

by DataZooDE

Sec3

A fast and flexible API gateway powered by DuckDB, providing configurable HTTP and MCP endpoints for data access and management, with built-in caching, authentication, and rate-limiting features.

Setup Requirements

  • ⚠️Requires C++ toolchain (e.g., g++ or clang, make) for server compilation.
  • ⚠️Requires Node.js 20+ for building and running the companion CLI.
  • ⚠️Implicitly requires DuckDB library, which is integrated and managed as part of the C++ build process.
Review RequiredView Analysis
Critical SQL Injection Vulnerability: The `QueryExecutor` directly executes SQL query strings (`duckdb_query(conn, query.c_str(), &result)`) which are constructed from Mustache templates and user-provided parameters. While a `RequestValidator` attempts to prevent SQL injection using regex, this method is fundamentally insufficient and prone to bypasses, posing a severe risk. This allows malicious users to execute arbitrary SQL commands including data exfiltration, modification, or deletion. Additionally, `executeWrite` splits queries by semicolon, enabling multi-statement injection. It is recommended to use parameterized queries with prepared statements for all user-controlled inputs. Other security aspects like JWT/OIDC authentication are implemented using standard libraries (jwt-cpp, OpenSSL) which is a positive, and AWS Secrets Manager integration leverages DuckDB's secret management, but the core SQL execution flaw is critical.
Updated: 2026-01-19GitHub
45
53
Low Cost
manusa icon
Sec6

A Model Context Protocol (MCP) server that enables AI assistants to interact with container runtimes like Podman and Docker for container management tasks.

Setup Requirements

  • ⚠️Requires Podman or Docker CLI to be installed and available in the system's PATH.
  • ⚠️Easily installed via npm (requiring Node.js) or pip (requiring Python) which then downloads and runs the Go binary.
  • ⚠️Exposes powerful container management capabilities; careful consideration of client trust and network exposure (if using HTTP mode) is critical.
Verified SafeView Analysis
The server's primary function is to wrap and execute Podman/Docker CLI commands based on incoming requests. While Go's `os/exec.Command` prevents direct shell injection by not invoking a shell, arguments (such as `imageName`, `name`, `containerFile`, `environment` variables) are passed directly to the `podman` executable without explicit content sanitization by the server. This exposes a risk of 'argument injection' or exploitation of potential vulnerabilities within the `podman` or `docker` CLI itself if malicious or malformed inputs are provided. As the server allows powerful operations like running, stopping, and removing containers/images, exposing it to untrusted input sources (e.g., over HTTP without strong authentication/authorization) could lead to destructive actions on the host system. The server does not contain obvious malicious patterns or hardcoded secrets.
Updated: 2026-01-19GitHub
45
13
Medium Cost
awslabs icon
Sec9

The server acts as an AI agent providing expert assistance on OSCAL (Open Security Controls Assessment Language) by leveraging specialized tools and Amazon Bedrock's knowledge base capabilities.

Setup Requirements

  • ⚠️Requires an AWS Account with Bedrock access to use the `query_oscal_documentation` tool effectively.
  • ⚠️The `OSCAL_KB_ID` environment variable must be configured with a valid Amazon Bedrock Knowledge Base ID for the documentation query tool to function. Without it, the feature defaults to an unimplemented local fallback.
  • ⚠️Developed with Python 3.11 and 3.12 compatibility; other Python versions may not be fully supported.
Verified SafeView Analysis
The codebase demonstrates strong security practices. It explicitly implements file integrity checks using SHA-256 hashes against a `hashes.json` manifest for both OSCAL schemas and documentation directories at server startup. This prevents the server from operating with tampered or corrupted bundled content. Configuration for sensitive details like AWS credentials and Bedrock IDs are handled through environment variables, with no hardcoded secrets found. The server defaults to binding to `127.0.0.1`, limiting network exposure. Interaction with AWS Bedrock is via the official Boto3 SDK, relying on AWS's inherent service security. The primary point of external interaction (Bedrock KB) relies on the security posture of the AWS account and the content within the knowledge base, which is outside the direct control of this server's codebase.
Updated: 2026-01-13GitHub
44
40
Medium Cost
freema icon
Sec5

Extracts UI component information, HTML, CSS, and design tokens from Storybook instances for analysis and integration into development workflows.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️A running Storybook instance is required for functionality, configured via `STORYBOOK_URL`.
  • ⚠️Requires Chrome/Chromium to be installed on the host system for Puppeteer functionality.
  • ⚠️Using `NODE_TLS_REJECT_UNAUTHORIZED=0` to bypass SSL certificate validation for self-signed certificates carries significant security risks.
Review RequiredView Analysis
The server connects to external Storybook instances and uses Puppeteer to render dynamic content. Puppeteer is launched with several security-disabling flags (`--no-sandbox`, `--disable-setuid-sandbox`, `--disable-web-security`, `--ignore-certificate-errors`), which significantly reduce the isolation and security of the browsing context. Additionally, the `NODE_TLS_REJECT_UNAUTHORIZED=0` environment variable, used for self-signed certificates, bypasses critical SSL/TLS security checks, making connections vulnerable to man-in-the-middle attacks. While `get_external_css` includes domain validation, these broader configurations expose the system to risks, especially if connecting to untrusted or compromised Storybook instances. The dependency `pac-resolver` (indirectly via `proxy-agent`) uses `degenerator`, which can involve `eval` for PAC file processing, adding a minor attack surface, though typically constrained.
Updated: 2026-01-10GitHub
44
41
Low Cost
MDalamin5 icon
Sec3

This MCP Server provides an API gateway for an AutoGen multi-agent system to interact with Notion via the Model Context Protocol (MCP), enabling AI-driven automation of Notion tasks and public exposure through ngrok.

Setup Requirements

  • ⚠️Requires Ollama server running locally with `llama3.1` or `qwen3:14b` model pulled.
  • ⚠️Requires `NOTION_API_KEY` environment variable for Notion access.
  • ⚠️Requires `NGROK_AUTH_TOKEN` environment variable to expose the API publicly via ngrok.
  • ⚠️Requires Node.js and `npx` installed for the MCP remote server.
  • ⚠️The publicly exposed `/run` endpoint has no authentication, making it a severe security vulnerability for production use.
Review RequiredView Analysis
The primary security risk stems from exposing the FastAPI `/run` endpoint publicly via ngrok with `allow_origins=["*"]` (global CORS) and no apparent authentication. This allows anyone to send arbitrary tasks to the AI agent, which can then use its Notion tools (e.g., create, update, delete pages/databases). While API keys are env-loaded (good), the unauthenticated access to the agent's capabilities makes the system highly vulnerable to unauthorized Notion manipulation or data exfiltration. Additionally, `npx mcp-remote` executes external Node.js code, which carries an inherent risk if the source (https://mcp.notion.com/mcp) or the `npx` environment itself were compromised.
Updated: 2026-01-18GitHub
44
40
Medium Cost
yepcode icon

mcp-server-js

by yepcode

Sec9

The YepCode MCP Server enables AI platforms to interact with YepCode's infrastructure, allowing them to run LLM-generated scripts and manage YepCode processes, schedules, variables, and storage as powerful AI tools.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher to run locally.
  • ⚠️A YepCode Cloud account is required to obtain an API token for authentication.
  • ⚠️The YEPCODE_API_TOKEN environment variable must be set for the server to authenticate with the YepCode platform.
Verified SafeView Analysis
The server uses `zod` for robust input schema validation, which is a strong security practice. Sensitive credentials (`YEPCODE_API_TOKEN`) are correctly handled via environment variables. Arbitrary code execution (`run_code` tool) is delegated to YepCode's secure and isolated cloud sandboxes, mitigating direct execution risks on the host running the MCP server. The overall architecture delegates the critical security aspect of code execution to a trusted third-party platform.
Updated: 2025-12-11GitHub
44
15
Medium Cost
Wolfe-Jam icon

grok-faf-mcp

by Wolfe-Jam

Sec7

Provides a URL-based, zero-configuration Model Context Protocol (MCP) server for Grok/xAI, enabling AI systems to access persistent project context via IANA-registered .faf format and a suite of tools for project analysis and enhancement.

Setup Requirements

  • ⚠️Requires `faf-cli` to be installed globally for full functionality of all tools (e.g., `npm install -g faf-cli`).
  • ⚠️Requires an `XAI_API_KEY` environment variable for RAG-enhanced query tools, which typically involves a paid API subscription.
  • ⚠️Operates on the user's real local filesystem, requiring appropriate permissions and careful path specification (e.g., `~/Projects/my-app`).
Verified SafeView Analysis
The server includes robust `PathValidator` checks to prevent path traversal and limit file sizes for read/write operations, enhancing filesystem security. However, it relies on `child_process.exec` for some FAF CLI commands not natively bundled, which, despite argument sanitization, introduces a dependency on external CLI security and could be a vector for command injection if not perfectly hardened. No obvious hardcoded secrets or malicious patterns were found in the truncated code. Network calls are made to the legitimate xAI API.
Updated: 2026-01-15GitHub
44
42
Medium Cost
ThingsPanel icon

thingspanel-mcp

by ThingsPanel

Sec8

Serves as a Model Context Protocol (MCP) server for the ThingsPanel IoT platform, enabling natural language interaction with IoT devices for querying information, monitoring status, controlling functions, and analyzing platform data.

Setup Requirements

  • ⚠️Requires Python 3.8 or higher.
  • ⚠️Requires a ThingsPanel account and API key.
  • ⚠️Requires a valid ThingsPanel Base URL for API communication.
Verified SafeView Analysis
The server correctly handles sensitive API keys by prioritizing environment variables, command-line arguments, and configuration files, avoiding hardcoding. It uses `httpx` for network requests with proper error handling (`raise_for_status`). User-provided control data is JSON-serialized before being sent to the ThingsPanel API, mitigating direct code injection risks within the client. The main security considerations are the trustworthiness of the configured ThingsPanel API base URL and the security practices around the API key on the user's end.
Updated: 2025-11-27GitHub
PreviousPage 70 of 760Next