Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(1547)

100
4833
Medium Cost
nanbingxyz icon

5ire

by nanbingxyz

Sec3

A desktop AI assistant client that integrates with various LLM providers and supports extensible tool and prompt functionalities via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python, Node.js, and the 'uv' Python package manager for the 'tools' feature, complicating the runtime environment setup.
  • ⚠️The application downloads a large local embedding model (Xenova/bge-m3) during initial setup, requiring significant bandwidth and disk space.
  • ⚠️Requires API keys for external LLM providers (e.g., OpenAI, Anthropic, Google) for core chat functionalities, which are typically paid services.
  • ⚠️A custom `CRYPTO_SECRET` environment variable *must* be set for secure data encryption; otherwise, encryption is trivially broken due to a weak default.
Review RequiredView Analysis
The application allows installation and execution of external MCP servers, including local ones that can run arbitrary commands, posing a significant risk for arbitrary code execution. The IPC handler for network requests (`ipcMain.handle("request")`) provides broad network access from the renderer process without sufficient protocol restrictions or sandboxing for all uses, potentially enabling internal network attacks. Direct SQL execution via IPC (`db-all`, `db-run`, `db-transaction`) could be vulnerable to injection if parameters are not consistently handled as prepared statements. Critically, the `CRYPTO_SECRET` environment variable, used for encryption, defaults to an empty string if not configured, rendering encrypted data easily decipherable.
Updated: 2025-12-05GitHub
100
4626
High Cost
yusufkaraaslan icon

Skill_Seekers

by yusufkaraaslan

Sec7

Automatically convert documentation websites, GitHub repositories, and PDFs into Claude AI skills, including conflict detection and AI-powered enhancement.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires `mcp` package for MCP server functionality.
  • ⚠️Requires `PyMuPDF` (and `pytesseract`/`Pillow` for OCR) for PDF features.
  • ⚠️Requires `PyGithub` for GitHub features.
  • ⚠️`ANTHROPIC_API_KEY` is needed for API-based AI enhancement and skill upload.
  • ⚠️`claude-code` CLI tool (part of Claude Code Max plan) is needed for local AI enhancement.
Verified SafeView Analysis
The server uses `subprocess.run` and `subprocess.Popen` extensively to execute CLI tools. While arguments are constructed using `sys.executable` and `Path` objects, reducing direct shell injection risks, this still relies on the security of the invoked CLI tools and careful argument sanitization. The system processes untrusted external content (web pages, GitHub repositories, PDF files), which inherently carries risks such as resource exhaustion, parsing errors, or specific data-level attack vectors, though no direct code execution from scraped content is apparent in the core logic. API keys (ANTHROPIC_API_KEY, GITHUB_TOKEN) are correctly handled via environment variables or config, not hardcoded. The `CodeAnalyzer` uses regex for some languages which can be less robust than full parsers. Overall, it follows good security practices for its stated purpose but the inherent risks of processing external data and relying on external subprocesses remain.
Updated: 2025-11-30GitHub
100
19698
High Cost
bytedance icon

UI-TARS-desktop

by bytedance

Sec8

A multimodal AI agent stack providing a native GUI agent desktop application (UI-TARS Desktop) and a general CLI/Web UI agent (Agent TARS) for controlling computers, browsers, and mobile devices using natural language, integrating various real-world tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >= 22 and pnpm >= 9.
  • ⚠️Requires API keys for various VLM models (e.g., OpenAI, Anthropic, VolcEngine/Doubao, Gemini, Perplexity, Groq, Mistral, Azure OpenAI, OpenRouter, DeepSeek, Ollama, LM Studio), which are often paid services.
  • ⚠️Android automation requires ADB (Android Debug Bridge) to be installed and configured with connected devices.
  • ⚠️Remote computer/browser control depends on external proxy services (UI_TARS_PROXY_HOST) which may require specific setup or payment.
Verified SafeView Analysis
The project demonstrates awareness of security best practices, utilizing `secretlint` to flag potential hardcoded secrets (resolved via environment variables), implementing JWT for authentication in remote interactions, and validating file paths to prevent directory traversal in filesystem operations. Permissions for macOS system access (e.g., accessibility, screen recording) are explicitly handled. However, reliance on external proxy services (`UI_TARS_PROXY_HOST`) introduces a dependency on the security of those third-party infrastructures. There are no immediate signs of direct `eval` usage in critical agent logic (though commented out examples exist in helper utilities), and `clipboard.setContent` for typing on Windows is a common automation technique.
Updated: 2025-12-05GitHub
100
13565
Low Cost
microsoft icon

mcp-for-beginners

by microsoft

Sec7

Automating GitHub repository cloning and VS Code integration for streamlined development workflows.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Git CLI installed and configured in the environment where the server runs.
  • ⚠️Requires VS Code (or VS Code Insiders) installed for the `open_in_vscode` tool to function.
Verified SafeView Analysis
The server uses `subprocess.run` to execute external commands like `git clone` and platform-specific VS Code launch commands. The `open_in_vscode` function on Windows utilizes `shell=True` with the `start` command, which inherently carries a higher risk of command injection if input paths are not perfectly sanitized or if a malicious executable is placed in a predictable path. While the code attempts to mitigate this with path expansion, caution is advised. Additionally, cloning untrusted GitHub repositories can introduce vulnerabilities from the repository content itself.
Updated: 2025-12-04GitHub
100
19478
Medium Cost
1Panel-dev icon

MaxKB

by 1Panel-dev

Sec6

An enterprise-grade intelligent agent platform for building knowledge bases, RAG, complex workflows, and AI agents, targeting intelligent customer service and office assistants.

Setup Requirements

  • ⚠️Requires Docker for easy deployment, or manual setup of Python environment, PostgreSQL, and Redis.
  • ⚠️Requires configuration of Large Language Models (LLMs) from various providers (e.g., OpenAI, Anthropic, Tencent, etc.) or local models, which may involve obtaining API keys or setting up local inference servers.
  • ⚠️Default administrator password 'MaxKB@123..' is set upon initial setup and should be changed immediately.
Verified SafeView Analysis
The server includes dynamic Python code execution capabilities (e.g., `ToolExecutor.exec_code`) for AI tools, which is inherently high-risk, though attempts are made to sandbox execution (`sandbox.c`). Extensive file processing is present, which could be a vector for vulnerabilities if not meticulously secured. Credential management involves RSA encryption, which is a good practice. URL validation (`is_private_ip`) is implemented to prevent SSRF in file handling. Potential for SQL injection exists if raw SQL queries, especially through custom compilers, are not perfectly parameterized, although Django ORM is generally robust. Overall, security is actively considered, but the nature of dynamic execution and file processing requires continuous vigilance.
Updated: 2025-12-05GitHub
100
2264
Low Cost
microsoft icon

mcp

by microsoft

Sec8

Provides AI agents with local-first Model Context Protocol (MCP) integration and tooling for Azure, offering access to Azure API specifications, resource definitions, and best practices in Visual Studio Code and other compatible clients.

Setup Requirements

  • ⚠️Requires Node.js (Latest LTS version, e.g., Node 20+) for `npx` installation.
  • ⚠️Manual configuration in `mcp.json` or equivalent requires precise pathing and argument syntax (e.g., `--project` for dotnet run).
  • ⚠️Development builds and VSIX packaging use PowerShell scripts (`.ps1`).
  • ⚠️The server functions as a backend for AI agents/IDEs; direct user interaction is limited to CLI commands for diagnostics.
Verified SafeView Analysis
The server emphasizes 'local-first security' and primarily uses standard I/O (stdio) for communication when integrated with clients like VS Code, reducing direct network exposure. Telemetry collection is explicitly tied to VS Code's user settings, allowing users to opt-out. However, the installation via `npx` relies on trusting external npm packages. Additionally, a debug profile (`debug-remotemcp`) shows the capability to run with HTTP transport and outgoing authentication, implying that the server (or tools it exposes) can make external network calls to Azure APIs if configured this way. Hardcoded `aiKey` values in `package.json` appear to be placeholders, not active secrets.
Updated: 2025-12-06GitHub
100
2565
Medium Cost
kreuzberg-dev icon

kreuzberg

by kreuzberg-dev

Sec7

High-performance document intelligence platform for extracting text, metadata, and structured information (tables, images, chunks) from over 50 diverse document formats (PDFs, Office, images, HTML, etc.). It offers advanced OCR capabilities, multilingual support, and features like chunking, embeddings, and keyword extraction. Functionality is exposed via multiple language bindings and a Micro-service Communication Protocol (MCP) server for flexible integration.

Setup Requirements

  • ⚠️Native Binary Dependency: All language bindings and the CLI depend on a compiled Rust FFI library. Users might need to build it with a Rust toolchain or ensure pre-compiled binaries are available for their specific platform.
  • ⚠️External Tool Dependencies (Conditional): Full functionality for certain document types or advanced features requires external system-level tools. This includes Tesseract OCR (with language packs), LibreOffice (for older .doc, .ppt, .xls formats), and Pandoc (for various text-based formats like Markdown, LaTeX).
  • ⚠️Language Runtime Setup: Requires a compatible runtime environment (e.g., Python 3.8+, Node.js 18+, Ruby, Go, .NET) depending on the chosen client library or execution method.
Verified SafeView Analysis
The core library is implemented in Rust, providing strong memory safety. However, the system integrates with multiple language bindings and invokes external command-line tools (e.g., Tesseract, LibreOffice, Pandoc) for specific functionalities, which expands the attack surface. The MCP server handles file content (via paths or base64 encoded data) and configuration inputs. While input validation (e.g., path traversal checks in `_validate_file_path`) and resource management (e.g., `max_concurrent_extractions`) are in place, direct file access based on user input always carries inherent risks. Thorough sandboxing and strict input sanitization are crucial for deployments exposed to untrusted data. No obvious hardcoded secrets were identified in the truncated source code.
Updated: 2025-12-06GitHub
100
4419
High Cost
mrexodia icon

ida-pro-mcp

by mrexodia

Sec3

An AI-powered reverse engineering assistant that integrates IDA Pro with Model Context Protocol clients for enhanced analysis.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires IDA Pro 8.3 or higher (9 recommended); IDA Free is not supported.
  • ⚠️Requires IDA Pro GUI to be running (unless using `idalib-mcp` for headless mode).
  • ⚠️Debugger operations require the `--unsafe` flag due to inherent risks.
Review RequiredView Analysis
The `py_eval` tool, marked as `@unsafe`, allows arbitrary Python code execution within the IDA Pro context. While explicitly flagged as unsafe, exposing such a powerful capability to an external client (LLM, potentially compromised) introduces significant risk. An attacker or a malfunctioning LLM could execute malicious code, interact with the file system, or manipulate IDA's state. Although default network configuration binds to localhost and includes CORS protections, the presence of this tool necessitates extreme caution, especially if `--unsafe` is enabled.
Updated: 2025-11-28GitHub
100
10525
Medium Cost
czlonkowski icon

n8n-mcp

by czlonkowski

Sec9

Provides an AI-friendly interface for n8n, enabling advanced documentation search, comprehensive workflow validation (including autofixing), template discovery, and workflow management (create, update, test, deploy workflows) to assist AI agents in building and managing n8n automations.

Setup Requirements

  • ⚠️Requires `AUTH_TOKEN` environment variable to be set for HTTP server mode; default token blocked in production.
  • ⚠️Requires `nodes.db` database to be pre-built (e.g., using `npm run rebuild` or `npm run rebuild:optimized`).
  • ⚠️AI-powered template metadata generation requires `OPENAI_API_KEY` environment variable.
  • ⚠️n8n workflow management tools (create, update, test workflows, etc.) require `N8N_API_URL` and `N8N_API_KEY` environment variables to connect to an n8n instance.
Verified SafeView Analysis
High awareness and implementation of security best practices. Uses `AuthManager.timingSafeCompare` for authentication, sets robust HTTP security headers, implements rate limiting, and performs PII/sensitive data redaction for telemetry and workflow storage. SSRF protection is explicitly implemented for webhooks. Docker config parsing includes shell quoting and dangerous key filtering. `eval` is present but contained within the `Code` node's execution logic, a necessary feature of n8n itself, with additional validation logic to mitigate risks.
Updated: 2025-12-05GitHub
100
1250
Medium Cost
maximhq icon

bifrost

by maximhq

Sec4

A high-performance AI gateway with a unified interface for multiple providers, offering real-time monitoring, configuration management, and comprehensive observability for AI infrastructure.

Setup Requirements

  • ⚠️The 'image.tag' parameter is required for Helm deployments.
  • ⚠️Requires Persistent Volume (PV) provisioner support in the underlying infrastructure for persistent storage if persistent storage is enabled.
  • ⚠️Setting 'bifrost.encryptionKey' is critical for securing sensitive data at rest; leaving it empty (the default) is a major security flaw for any production deployment handling API keys.
  • ⚠️Requires Kubernetes 1.23+ and Helm 3.2.0+ for deployment.
Review RequiredView Analysis
Critical security risks include an empty default 'bifrost.encryptionKey' in Helm charts, which if not configured, leaves sensitive data (like AI provider API keys) unencrypted. Default PostgreSQL database credentials ('bifrost_password') also pose a risk if not changed. The system supports dynamic plugin loading from file paths or HTTP/HTTPS URLs, which introduces potential vulnerabilities if untrusted plugins are used or if sandboxing is insufficient. While the UI uses environment variables for sensitive data, the backend's storage and handling without a robust encryption key are concerning.
Updated: 2025-12-06GitHub
100
2698
High Cost
icip-cas icon

PPTAgent

by icip-cas

Sec6

PPTAgent is an AI-powered system for generating and evaluating presentations (PowerPoint slides) from input documents, supporting advanced features like deep research integration, free-form visual design, and autonomous asset creation for a comprehensive workflow.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for LLM access.
  • ⚠️Requires a `soffice` (LibreOffice/OpenOffice) installation for PPTX to image conversions.
  • ⚠️Requires `MINERU_API` endpoint for PDF document parsing functionality, otherwise PDF inputs will not work.
Verified SafeView Analysis
The system utilizes subprocess calls (e.g., `soffice`) for file conversions, which are generally safe when inputs are controlled. However, PDF parsing relies on an external `MINERU_API` endpoint, meaning document content is sent to a third-party service, which is a significant privacy/security consideration. The FastAPI server's CORS policy is set to `allow_origins=["*"]`, which is overly permissive for production environments. While the `CodeExecutor` executes LLM-generated API calls only for internal slide manipulation, there's always a theoretical risk with agentic code generation in complex scenarios, though the exposed APIs appear limited in scope to PPT objects.
Updated: 2025-12-05GitHub
100
1803
Medium Cost
perplexityai icon

modelcontextprotocol

by perplexityai

Sec8

Provides AI assistants with real-time web search, reasoning, and research capabilities through Perplexity's API.

Setup Requirements

  • ⚠️Requires a Perplexity API Key (paid service) set as an environment variable (PERPLEXITY_API_KEY).
  • ⚠️Requires Node.js >= 18.
  • ⚠️For HTTP mode, 'ALLOWED_ORIGINS' requires careful configuration if exposing publicly, otherwise it defaults to local addresses.
Verified SafeView Analysis
The server explicitly requires 'PERPLEXITY_API_KEY' as an environment variable and does not hardcode secrets. It supports proxy configurations for secure network environments. In HTTP mode, the 'ALLOWED_ORIGINS' for CORS can be set to '*' for public access, which could be a misconfiguration risk if not intended. However, the default binding address is '127.0.0.1' and default origins are 'localhost', promoting secure local setup. Uses 'undici' for HTTP requests, which is a robust fetch implementation.
Updated: 2025-11-24GitHub
PreviousPage 2 of 129Next