Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(1661)

100
7798
Medium Cost
xinnan-tech icon

xiaozhi-esp32-server

by xinnan-tech

Sec7

Provides a robust backend service for the Xiaozhi ESP32 intelligent terminal hardware, enabling AI assistant functionalities such as voice recognition, natural language processing, knowledge base integration, voice cloning, and device control through MQTT, Websocket, and MCP protocols.

Setup Requirements

  • ⚠️Requires external AI API keys for cloud-based LLM, ASR, TTS, and VLLM services (typically paid).
  • ⚠️Deployment is primarily designed for Docker Compose, involving multiple services (Java API, Python AI server, Redis, MySQL, MQTT Gateway, RAGFlow).
  • ⚠️Full functionality, especially device control, requires connection to actual ESP32 hardware devices running compatible firmware.
  • ⚠️The Python `xiaozhi-server` component relies on FFmpeg for certain audio processing tasks, which needs to be installed.
  • ⚠️The backend is split across Java (Spring Boot) and Python (Flask/WebSocket server), requiring both environments to be managed.
Verified SafeView Analysis
The project demonstrates efforts in security by including XSS/SQL injection filters, JWT-based authentication, HMAC for data signing, and SM2 for password encryption. Configuration parameters, including API keys for external AI services, are externalized. However, the extensive control over connected ESP32 devices (e.g., reboot, firmware upgrade, photo capture) via MCP endpoints introduces a significant attack surface. The multi-service (Java, Python, Vue.js) and distributed nature (IoT devices, external APIs) increases complexity and potential for misconfiguration, which could be exploited. Users must ensure strict security practices for device pairing, network segmentation, and API key management.
Updated: 2025-12-06GitHub
100
37549
High Cost
mindsdb icon

mindsdb

by mindsdb

Sec5

A configuration-driven, automated testing framework for MindsDB data source integrations, designed to validate handler functionality and performance using pytest.

Setup Requirements

  • ⚠️Requires a running MindsDB server to connect to.
  • ⚠️Requires various external API keys (e.g., OpenAI, Anthropic, Google) for LLM-based features and specific data source integrations, which often correspond to paid services. These must be manually configured in a '.env' file.
  • ⚠️May require local instances of specific services like Ollama or vLLM servers for certain integrations.
  • ⚠️Requires `uv` for dependency installation (`uv pip install`).
  • ⚠️Some vector store integrations require PostgreSQL with the `pgvector` extension configured.
Review RequiredView Analysis
The framework involves dynamic code execution for Bring Your Own Model (BYOM) handlers, which inherently carries risk, even with attempts at virtual environment isolation. It uses subprocesses for dependency installation (`pip install`), a potential supply-chain vector. Extensive reliance on external APIs requires careful management of API keys and robust URL validation to prevent SSRF and other network-based attacks. While some mitigations (e.g., `validate_urls`, structured API key retrieval, `PATAuthMiddleware`) are present, the broad attack surface from dynamic code and numerous external integrations necessitates vigilant configuration and auditing.
Updated: 2025-12-11GitHub
100
1652
Medium Cost
OpenAgentPlatform icon

Dive

by OpenAgentPlatform

Sec7

Dive is an AI assistant desktop application for chat, LLM model management, and integration with local or OAP (Open AI Platform) Model Context Protocol (MCP) servers for advanced tool orchestration and code execution.

Setup Requirements

  • ⚠️Requires API keys for external LLM providers (e.g., OpenAI, Anthropic, AWS Bedrock), which are typically paid services.
  • ⚠️Requires local host dependencies (Python, Node.js, uv) to be downloaded and installed automatically upon first run or update, which consumes disk space and involves executing third-party binaries.
Verified SafeView Analysis
The application interacts with external LLM APIs and an OAP hub, managing API keys locally (entered via UI). It downloads and installs core host dependencies (Python, Node.js, uv) and dynamically configured Model Context Protocol (MCP) servers. While some dependencies use checksums (e.g., `uv`), this introduces a supply chain risk. A notable security concern is the `skip_tls_verify` option for model configurations, which disables SSL certificate validation and makes connections vulnerable to Man-in-the-Middle attacks if enabled by the user (though it includes a warning). The security of dynamically added custom MCP servers is external to the application itself and depends on user vetting.
Updated: 2025-12-11GitHub
100
24466
Medium Cost
assafelovic icon

gpt-researcher

by assafelovic

Sec8

The GPT Researcher MCP Server enables AI assistants (like Claude) to conduct comprehensive, in-depth web research and generate detailed, curated reports via the Machine Conversation Protocol (MCP), providing higher quality, optimized context, and better reasoning compared to standard search tools.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid).
  • ⚠️Requires Tavily API Key (Paid).
  • ⚠️Requires Python 3.10+ (for the MCP server itself, main `gpt-researcher` is 3.11+).
  • ⚠️PDF generation (via WeasyPrint) may require `gobject-2.0-0` and `pango` system libraries to be installed manually.
  • ⚠️Selenium-based web scraping may encounter Chrome/ChromeDriver version compatibility issues.
Verified SafeView Analysis
The project demonstrates good security practices including explicit filename sanitization (`sanitize_filename` function is present and tested) and the use of environment variables for API keys. Unit tests (`tests/test_security_fix.py`) specifically target common vulnerabilities like path traversal and null byte injection, indicating a proactive approach to security within the core application. However, the `docker-compose.yml` and `backend/server/app.py` configure CORS with a wildcard (`"*"`) for local/dev use, which should be restricted in production. The system acts as an MCP client, potentially sending commands to an external MCP server (e.g., `gptr-mcp`). The security of this external server's execution environment (especially regarding arbitrary command execution from `mcp_configs`) is critical and beyond the direct control of *this* repository's codebase. The `LANGCHAIN_API_KEY` shown in `frontend/nextjs/components/Langgraph/Langgraph.js` is a client-side public token for Langsmith tracing, not a server-side secret.
Updated: 2025-12-10GitHub
100
2522
Medium Cost
Jpisnice icon
Sec4

Provides AI assistants with comprehensive access to shadcn/ui v4 components, blocks, demos, and metadata across React, Svelte, Vue, and React Native for enhanced development workflows.

Setup Requirements

  • ⚠️Requires GitHub Personal Access Token for reliable performance and to avoid aggressive API rate limits (60 requests/hour without, 5000/hour with).
  • ⚠️Requires Node.js 18+.
  • ⚠️Requires external network access to GitHub repositories to fetch component data and themes.
Review RequiredView Analysis
The server uses `new Function()` in `src/tools/tweakcn/fetch-presets.ts` to parse JavaScript content fetched from a remote GitHub raw URL (`jnsahaj/tweakcn`). While the intent is to parse an exported object, executing code from an external source via `new Function()` is a significant security risk. A compromise of the remote repository could allow arbitrary code execution within the server's environment. Additionally, network calls to GitHub APIs (api.github.com, raw.githubusercontent.com) are central to its operation, necessitating caution regarding data integrity and rate limits. No explicit hardcoded secrets were found, as API keys are managed via environment variables or CLI arguments. Input parameters are validated using Joi schemas.
Updated: 2025-12-10GitHub
100
2579
Medium Cost
Goldziher icon

kreuzberg

by Goldziher

Sec9

High-performance document intelligence for extracting text, metadata, and structured information from various formats like PDFs, Office documents, images, and other structured and unstructured files.

Setup Requirements

  • ⚠️Requires LibreOffice for processing legacy Office document formats (.doc, .ppt).
  • ⚠️Requires Tesseract OCR engine and corresponding language data packs for OCR functionality.
  • ⚠️Native library dependencies for language bindings (Python, Node.js, Go, Ruby, C#) must be correctly configured on the system's dynamic linker paths (LD_LIBRARY_PATH, DYLD_LIBRARY_PATH, PATH on Windows).
Verified SafeView Analysis
The project demonstrates strong security awareness through explicit input validation (e.g., path traversal in MCP server), use of Rust for performance and safety, and dedicated security tests for common vulnerabilities (zip bombs, XML attacks). Subprocess execution is integral for language bindings and external tool integration (e.g., Tesseract, LibreOffice), which always carries inherent risks, but seems managed with caution. No direct 'eval' or malicious obfuscation patterns were found in the provided code snippets.
Updated: 2025-12-11GitHub
100
7396
Medium Cost
xpzouying icon

xiaohongshu-mcp

by xpzouying

Sec7

Automate content creation and management on Xiaohongshu (RedNote) platform by exposing functionality via Model Context Protocol (MCP) and HTTP API for AI agents.

Setup Requirements

  • ⚠️Initial setup requires manual login by scanning a QR code using the Xiaohongshu mobile app and running a separate login tool.
  • ⚠️First run automatically downloads a ~150MB headless browser, requiring a stable internet connection.
  • ⚠️Windows users might encounter false positive virus detection and need to configure Windows Defender exclusions.
  • ⚠️When using Docker, local image paths for publishing must be mounted to `/app/images` and referenced using this internal container path.
Verified SafeView Analysis
The application stores user session cookies in a local file (e.g., `cookies.json`), which is sensitive and requires proper host-level protection to prevent account compromise. The default backward-compatible path `/tmp/cookies.json` is less secure than a dedicated data directory. The server exposes HTTP APIs and MCP endpoints locally, and CORS is set to allow all origins, which is common for developer tools but requires awareness. Logs generated on panic include stack traces, which could reveal internal paths if logs are publicly accessible. Image downloading involves network requests and local file writes, which introduces standard risks, though file type detection is used.
Updated: 2025-12-10GitHub
100
1662
High Cost
agentset-ai icon

agentset

by agentset-ai

Sec9

Open-source platform for building, evaluating, and deploying RAG and agentic AI applications with end-to-end tooling.

Setup Requirements

  • ⚠️Requires `bun` for package management and script execution.
  • ⚠️Extensive setup of numerous environment variables is required for various external services (PostgreSQL, Redis, Resend, Stripe, Vercel, PostHog, Trigger.dev, and multiple LLM/embedding/vector store providers).
  • ⚠️Requires a PostgreSQL-compatible database (e.g., Supabase) for primary data storage and Redis (e.g., Upstash) for caching and rate limiting.
Verified SafeView Analysis
The project follows good security practices by extensively using environment variables for sensitive data (API keys, secrets). There are no apparent uses of `eval`, code obfuscation, or malicious patterns. A 'dev' JWT secret is used in a testing container, which is acceptable for its specific development context. The extensive reliance on third-party services, while handled with API keys, introduces inherent external dependencies and potential attack surfaces common to modern cloud applications.
Updated: 2025-12-10GitHub
100
21060
Low Cost
jlowin icon

fastmcp

by jlowin

Sec8

An ergonomic, extensible, and high-performance framework for building and interacting with Model Context Protocol (MCP) servers and clients. It facilitates modular AI component development and robust integration with external APIs via OpenAPI specifications.

Setup Requirements

  • ⚠️Requires Python (typically 3.9+ for Pydantic v2 features).
  • ⚠️Specific integrations (e.g., OpenAI, various OAuth providers) require corresponding API keys, client IDs, and client secrets.
  • ⚠️The 'uv' tool (Rust-based Python package manager) may be required for environment setup when using `UVEnvironment` configurations.
  • ⚠️Client-side OAuth authentication flows might involve opening a browser and running a local callback server, which requires user interaction and local port availability.
Verified SafeView Analysis
The framework utilizes Pydantic for strong input validation, mitigating common injection vulnerabilities. UI components (e.g., OAuth callback pages) are designed with HTML escaping and Content Security Policies (CSP) to prevent XSS and clickjacking. Authentication providers are comprehensive, supporting various OAuth flows and token verification. Dynamic loading of user-defined servers or components, while a core feature, inherently introduces a trust requirement for the loaded code. Rate limiting middleware is available to prevent abuse.
Updated: 2025-12-10GitHub
100
161950
High Cost
n8n-io icon

n8n

by n8n-io

Sec8

N8n is a workflow automation platform that integrates with the Model Context Protocol (MCP) to enable AI-assisted workflow building and interaction with external AI models/tools. It serves as an MCP server, hosting tools that can be consumed by MCP clients, and provides nodes to interact with AI services.

Setup Requirements

  • ⚠️Enterprise License: Certain advanced AI Workflow Builder features may require a valid n8n Enterprise License.
  • ⚠️External API Keys: Requires API keys for various LLM providers (e.g., OpenAI, Anthropic, Google Gemini), which are typically paid services and can accrue significant costs.
  • ⚠️External Dependencies: Running certain functionalities, such as Ollama models or a separate Model Context Protocol (MCP) server, requires pre-configured external services.
  • ⚠️Development Setup: Local development, especially when involving Docker, is noted as a cumbersome experience with 'lots of waiting for building and running the container'.
  • ⚠️Strict Versioning: Requires specific Node.js (>=22.16) and pnpm (>=10.22.0) versions, enforced by pre-install scripts.
Verified SafeView Analysis
The project demonstrates a high level of security awareness through Node.js VM sandboxing for user-provided code, explicit module allow-lists for task runners, and strict prevention of code generation from strings. It implements robust input validation using Zod schemas and includes dedicated 'Guardrails' features to detect and mitigate content-based risks like PII, NSFW content, jailbreak attempts, and malicious URLs. Proprietary enterprise features imply advanced security behind a paywall. While dependency management with `pnpm` and patches is common in large projects, it requires diligent auditing. Overall, the system shows strong defenses for an extensible platform.
Updated: 2025-12-11GitHub
100
1420
Low Cost
stacklok icon

toolhive

by stacklok

Sec9

Manages, secures, and integrates Model Context Protocol (MCP) servers across local development and Kubernetes environments, facilitating secure deployment, authentication, authorization, and workflow orchestration for AI/ML agents.

Setup Requirements

  • ⚠️Requires Go 1.25 to build the ToolHive CLI.
  • ⚠️Requires Docker, Podman, or Colima for local containerized MCP server execution.
  • ⚠️Kubernetes deployment requires a working Kubernetes cluster (e.g., Kind) and kubectl.
  • ⚠️Keycloak deployment and realm setup are required for full authentication testing in Kubernetes.
Verified SafeView Analysis
The project exhibits a strong focus on security. It's designed to be secure by default, isolating MCP servers in containers with minimal permissions. Secrets are managed securely via multiple backends (1Password, encrypted files, environment variables with a fallback mechanism) and are not stored in plaintext. Authentication is handled via OIDC/OAuth2 (e.g., Keycloak), and authorization uses Cedar policies. It implements a zero-trust security model with API-level authentication and token exchange per backend to ensure fine-grained token scoping. Network isolation is recommended, and the remote proxy ensures tokens are not stored. Vulnerability reporting is also well-documented.
Updated: 2025-12-11GitHub
99
842
Medium Cost
neo4j-contrib icon

mcp-neo4j

by neo4j-contrib

Sec6

The Neo4j Cypher MCP server facilitates AI agent interaction with Neo4j graph databases by exposing Cypher query execution and schema retrieval as tools, supporting Text2Cypher workflows for data analysis and insights.

Setup Requirements

  • ⚠️Requires an external Neo4j database instance to function.
  • ⚠️Neo4j APOC plugin must be installed and enabled on the database for schema retrieval (`get_neo4j_schema` tool).
  • ⚠️The default Neo4j password is 'password'; it is critical to override this with strong credentials in production via environment variables or a secret manager.
  • ⚠️Local development typically requires `uv` for environment setup and running Python scripts.
Verified SafeView Analysis
The server includes robust network security features like CORS and DNS rebinding protection (TrustedHostMiddleware), which are configurable and default to secure settings. Cloud deployment examples correctly use AWS Secrets Manager for credentials. However, a significant vulnerability exists if the `NEO4J_PASSWORD` environment variable or CLI argument is not provided, as the server defaults to a weak 'password'. While a warning is logged, this default makes it easy to deploy with insecure credentials.
Updated: 2025-12-08GitHub
PreviousPage 3 of 139Next