Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

41
15
Medium Cost
codescene-oss icon

codescene-mcp-server

by codescene-oss

Sec9

The CodeScene MCP Server exposes CodeScene's Code Health analysis as local AI-friendly tools to augment AI prompts with code quality insights.

Setup Requirements

  • ⚠️Requires a CodeScene instance and 'CS_ACCESS_TOKEN' for API authentication.
  • ⚠️Requires 'CS_ACE_ACCESS_TOKEN' for the 'code_health_auto_refactor' tool (CodeScene ACE add-on).
  • ⚠️Requires 'git' to be installed and the server to be run within a Git repository for file path resolution.
  • ⚠️If running in Docker, requires a volume mount and 'CS_MOUNT_PATH' environment variable to correctly map host file paths to paths inside the container.
Verified SafeView Analysis
The server primarily acts as an intermediary, executing the local CodeScene CLI and calling CodeScene APIs. It uses `subprocess.run` to execute external commands, which is inherent to its functionality but generally well-controlled by the application logic. API tokens are expected from environment variables, and no hardcoded secrets were found. Path adaptation for Docker environments is implemented with checks to prevent unintended access. No obvious malicious patterns or obfuscation were observed. The primary security risk involves proper configuration of access tokens and host path mounts in Docker environments.
Updated: 2026-01-19GitHub
41
2
High Cost
eamonnfaherty icon

oh-no-mcp-server

by eamonnfaherty

Sec9

Provides a Model Context Protocol (MCP) server for deep analysis of code performance, identifying bottlenecks, memory issues, algorithm complexity, and suggesting optimizations across code snippets, single files, or entire directories.

Setup Requirements

  • ⚠️Requires a compatible MCP client (e.g., Claude Desktop) to operate as intended, as it's an MCP server, not a standalone application.
  • ⚠️Python 3.10 or newer is required to run the server.
Verified SafeView Analysis
The server's core functionality involves read-only access to the file system to gather code content based on paths provided by an MCP client. It does not contain `eval()` or similar dangerous functions in its runtime logic (an `exec` call is present in the test suite for module execution testing only). No hardcoded secrets were found. During directory scans, it explicitly excludes common sensitive directories like `.git` and `node_modules`. The primary security consideration is the potential for an untrusted client or LLM to request the reading of arbitrary local files if the MCP client environment (e.g., Claude Desktop) does not adequately sandbox or validate paths. The server itself does not perform file writing; it only prepares prompts that may instruct the LLM to write reports to a specified `output_path`, placing the responsibility for the actual write operation and its security implications on the LLM's client environment.
Updated: 2025-11-25GitHub
41
24
High Cost
walksoda icon

crawl-mcp

by walksoda

Sec7

A comprehensive Model Context Protocol (MCP) server that wraps the crawl4ai library for advanced web crawling, content extraction, and AI-powered summarization from various sources including web pages, PDFs, Office documents, and YouTube videos.

Setup Requirements

  • ⚠️Requires Python 3.11 or later.
  • ⚠️Requires installation of system-level Playwright dependencies (e.g., libnss3, libgbm1, libgtk-3-0t64 on Ubuntu), often requiring root privileges (`sudo`).
  • ⚠️AI-powered features (summarization, intelligent extraction) require API keys for LLM providers (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY), which are typically paid services.
Verified SafeView Analysis
The project demonstrates awareness of security, including safeguards against ReDoS attacks using `_safe_regex_findall` with process-level timeouts, and secure file permissions (`0600`) for session/cache data. Environment variables are used for sensitive data like API keys. The `execute_js` parameter for crawling tools is powerful and, if misused by the client, could potentially execute arbitrary JavaScript within the browser context (though contained by Playwright/Chromium sandbox). The use of `--no-sandbox` in Docker Compose is a common practice for Playwright in containers but means reliance on Docker's isolation for browser sandboxing. Session data is stored in plaintext locally, albeit with restricted file permissions, posing a minor risk if the host system is compromised.
Updated: 2026-01-18GitHub
41
8
Medium Cost
nihalxkumar icon

arch-mcp

by nihalxkumar

Sec9

An MCP server that bridges AI assistants with the Arch Linux ecosystem, providing intelligent, safe, and efficient access to the Arch Wiki, AUR, and official repositories for AI-assisted Arch Linux usage.

Setup Requirements

  • ⚠️Most core functionality requires the server to run on an Arch Linux system.
  • ⚠️Write operations and some diagnostic tools require `sudo` access.
  • ⚠️AUR installation tools require an AUR helper (paru or yay) to be installed on the host system.
  • ⚠️Checking for updates (`check_updates_dry_run`) requires the `pacman-contrib` package.
Verified SafeView Analysis
The server features robust, built-in security analysis for AUR packages, actively scanning PKGBUILDs for over 50 critical and suspicious patterns (e.g., `rm -rf /`, fork bombs, reverse shells, crypto miners, obfuscated code, dangerous network activity). It will block installations if critical security issues are detected. `sudo` commands for system operations are handled carefully with checks for password requirements. No apparent hardcoded secrets or direct vulnerabilities in the server's own codebase; its primary function is to provide a safe interface for interacting with potentially unsafe external content.
Updated: 2025-11-30GitHub
41
38
Low Cost
aliyun icon
Sec9

Provides AI assistants with the ability to interact with Alibaba Cloud DevOps (Yunxiao) platform for tasks like code review, task management, pipeline execution, and deployment, to assist enterprise development teams.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Requires an Alibaba Cloud DevOps Personal Access Token with extensive read/write permissions across organization management, project collaboration, code management, pipeline management, artifact repository management, application delivery, and testing management.
  • ⚠️The `YUNXIAO_ACCESS_TOKEN` must be set as an environment variable (`YUNXIAO_ACCESS_TOKEN`) or passed as a query parameter (`yunxiao_access_token`) in SSE mode.
Verified SafeView Analysis
The server uses `YUNXIAO_ACCESS_TOKEN` for authentication, which is expected via environment variables or URL query parameters in SSE mode, a standard and recommended practice. Input validation is thoroughly implemented using Zod schemas, mitigating risks like injection attacks. API calls target official Alibaba Cloud domains. No use of `eval` or other obvious malicious code patterns were found in the provided source.
Updated: 2026-01-07GitHub
41
2
Low Cost
Litash icon
Sec9

Allows AI agents to access Moomoo trading platform's market data, account information, and execute trades.

Setup Requirements

  • ⚠️Requires Moomoo OpenD gateway application to be installed and running locally on port 11111.
  • ⚠️REAL account access requires MOOMOO_TRADE_PASSWORD (or MOOMOO_TRADE_PASSWORD_MD5) and MOOMOO_SECURITY_FIRM environment variables.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server uses environment variables for sensitive trading passwords (MOOMOO_TRADE_PASSWORD, MOOMOO_TRADE_PASSWORD_MD5), which is a good practice. It connects to the local Moomoo OpenD gateway (127.0.0.1:11111) by default, limiting direct external network exposure. Critical trading tools (place_order, modify_order, cancel_order) include explicit warnings in their docstrings, instructing AI agents to ask for user confirmation before executing actions, especially in 'REAL' trading environments. No 'eval' or direct execution of arbitrary code from user input was found. The main security risk comes from the AI agent's interpretation of instructions and the default 'REAL' environment for account tools, which is mitigated by strong AI agent guidance in the README and tool docstrings.
Updated: 2026-01-19GitHub
41
23
High Cost
teaguesterling icon

duckdb_mcp

by teaguesterling

Sec4

Integrate SQL databases with AI assistants (e.g., Claude) using the Model Context Protocol (MCP) for data querying, tool execution, and resource management.

Setup Requirements

  • ⚠️Requires C++ build environment (compiler, DuckDB development headers) for compilation.
  • ⚠️Running example MCP servers (e.g., for pagination tests or web-api) requires Python.
  • ⚠️Requires manual configuration in Claude Desktop's `mcp.json` to register the DuckDB server.
  • ⚠️The `allowed_mcp_commands` security setting is critical for client usage; if not set, no commands are allowed by default, leading to errors.
Verified SafeView Analysis
The server-side functionality, if exposed over a network (e.g., TCP, HTTP, WebSocket - though not fully implemented in provided source), defaults to *no authentication*, posing a critical security risk. Custom tools built with `mcp_publish_tool` use naive string substitution for parameters, which is a **SQL injection vulnerability** if the SQL template is not carefully constructed with proper quoting (e.g., `WHERE col = ''$param''` for strings). The `execute` tool, allowing DDL/DML, is safely disabled by default. Client-side `ATTACH` commands are secured by a robust command allowlisting mechanism (`allowed_mcp_commands`) which prevents arbitrary executable paths and unsafe arguments, and becomes immutable after initial configuration, making client usage generally safer.
Updated: 2026-01-17GitHub
41
21
Low Cost

mcp-server

by thoughtspot

Sec7

Provides secure OAuth-based authentication and a set of tools for querying and retrieving data from ThoughtSpot instances, acting as a Model Context Protocol (MCP) server for integration with various Large Language Models (LLMs).

Setup Requirements

  • ⚠️Requires a ThoughtSpot account and a TS_AUTH_TOKEN for API access or self-hosted deployments.
  • ⚠️For local development or stdio support, Node.js version >=18 is required.
  • ⚠️Proper configuration of CORS and SAML redirect domains in the ThoughtSpot instance is necessary for successful OAuth flows.
Verified SafeView Analysis
The server handles sensitive OAuth credentials and bearer tokens (e.g., TS_AUTH_TOKEN, OPENAI_API_KEY), requiring careful management by the user/deployer. It explicitly outlines configurations for CORS and SAML within ThoughtSpot instances, indicating a design focus on secure web interactions. As a self-hosted option is available, the security of the deployment environment and credential handling shifts to the user.
Updated: 2025-11-17GitHub
40
18
High Cost
hrrrsn icon

mcp-vnc

by hrrrsn

Sec7

An MCP server for AI agents to remotely control VNC-enabled desktops (Windows, Linux, macOS) through mouse, keyboard, text input, and screen capture commands.

Setup Requirements

  • ⚠️Requires an external VNC server to be running and accessible at the specified host and port.
  • ⚠️Requires Node.js version 22.0.0 or higher.
  • ⚠️VNC_HOST, VNC_PORT, and optionally VNC_PASSWORD environment variables must be configured.
Verified SafeView Analysis
The server uses environment variables for VNC connection details (host, port, password), which is good practice. Coordinate validation is present for mouse actions. However, the `typeCharacter` function logs the exact characters being typed to `console.error` in plain text. If `stderr` is captured and logged, this could lead to the exposure of sensitive information (e.g., passwords, private messages) typed by the AI agent on the remote VNC desktop. The core security risk is inherent in giving an AI agent remote control capabilities, rather than a flaw in the server's implementation, but the logging of typed characters presents a minor information leak risk.
Updated: 2026-01-18GitHub
40
21
Low Cost
chenyeju295 icon

mcp_generate_images

by chenyeju295

Sec9

Generate images using Volcengine Doubao model, integrated with Cursor IDE.

Setup Requirements

  • ⚠️Requires a paid Volcengine API Key (ARK_API_KEY).
  • ⚠️Requires 'uv' package manager installed.
  • ⚠️Requires 'volcengine-python-sdk[ark]' dependency.
  • ⚠️Save folder path must be absolute and have write permissions.
Verified SafeView Analysis
API key (ARK_API_KEY) is correctly handled via environment variables, not hardcoded. Robust path validation (`validate_save_path`) is implemented to prevent path traversal and ensure write permissions. Image downloads from external Volcengine URLs are handled with appropriate error checking and timeouts. No 'eval' or other direct code execution vulnerabilities were found.
Updated: 2025-12-02GitHub
40
2
High Cost
quanticsoul4772 icon

mcplint

by quanticsoul4772

Sec9

A comprehensive security and quality assurance platform for Model Context Protocol (MCP) servers, supporting protocol validation, vulnerability scanning, fuzzing, and AI-assisted explanations to integrate security into development pipelines.

Setup Requirements

  • ⚠️Requires API keys for commercial AI providers (Anthropic, OpenAI) if AI explanation features are enabled and a local Ollama setup is not used. These are paid services.
  • ⚠️Requires a locally running Ollama server instance if 'ollama' is chosen as the AI provider.
  • ⚠️Building from source requires a Rust toolchain (typically installed via rustup).
  • ⚠️Optional Neo4j integration (if `neo4j` feature is enabled during compilation) requires a running Neo4j database and associated configuration environment variables (NEO4J_URI, NEO4J_USERNAME, NEO4J_PASSWORD, NEO4J_DATABASE).
  • ⚠️Optional Voyage AI integration (used for Neo4j embeddings) requires an API key (VOYAGE_API_KEY), which is a paid service.
Verified SafeView Analysis
The MCPLint tool itself demonstrates strong security practices in its implementation, such as secure handling of API keys via environment variables or configuration files, robust JSON schema validation, and compartmentalized modules. It functions as a security scanner, interacting with user-specified MCP servers for testing. While this involves executing external commands (via `stdio` transport) or connecting to remote endpoints, these interactions are managed with safety mechanisms like timeouts and resource limits. No `eval` equivalents, direct code injection vulnerabilities, or hardcoded secrets were identified in the Rust source. The fuzzer is designed to intentionally generate potentially malicious inputs, but these are directed at the *target server* under test, not executed within MCPLint's core logic.
Updated: 2025-12-14GitHub
40
22
Medium Cost
seanivore icon

mcp-file-preview

by seanivore

Sec3

This server provides capabilities to preview local HTML files by capturing full-page screenshots and analyzing their structural content.

Setup Requirements

  • ⚠️Hardcoded Absolute Screenshot Directory: The server attempts to save screenshots to a hardcoded absolute path (`/Users/seanivore/Projects/mcp-file-preview/screenshots`). This must be manually changed in `src/index.ts` for the server to function correctly in any other environment.
  • ⚠️Puppeteer Requirements: Running Puppeteer can be resource-intensive (CPU, memory) and requires significant disk space for the Chromium browser binary. The host system must have the necessary libraries for Chromium to run.
  • ⚠️Specific Local File Structure for CSS: The `preview_file` tool expects `style.css` one directory up from the HTML file and `[filename].css` in the same directory. This specific structure might not apply to arbitrary HTML files, leading to unstyled previews or errors.
Review RequiredView Analysis
1. Arbitrary Local File Access (High Risk): The `preview_file` and `analyze_content` tools accept `filePath` directly from user input. This allows an MCP client to request reading or screenshotting any file on the host system where the server is running, given the server's process permissions, potentially leading to information disclosure (Local File Inclusion). 2. Hardcoded Absolute Screenshot Path (Critical Flaw/Misconfiguration): The server saves screenshots to a hardcoded absolute path: `/Users/seanivore/Projects/mcp-file-preview/screenshots`. This path is specific to a developer's machine and user. For anyone else to use this server, this path *must* be manually changed in the source code. Otherwise, it will likely fail to write screenshots or attempt to write to an inaccessible/unintended location. 3. Content Security Policy (CSP) Bypass (Medium Risk): The `page.setBypassCSP(true)` call disables a crucial browser security feature. If the HTML content being previewed contains malicious scripts, they could execute without CSP restrictions, potentially interacting with local filesystem or network resources available to the Puppeteer instance. 4. Path Traversal in CSS Injection (Potential): The server attempts to inject CSS files using relative paths (`path.join(baseDir, '..', 'style.css')`). A maliciously crafted `filePath` containing path traversal sequences (e.g., `../../`) could potentially lead to reading unintended CSS files from other system directories, exacerbating the LFI risk.
Updated: 2025-11-29GitHub
PreviousPage 91 of 760Next