Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(1324)

100
1160
Low Cost
steipete icon

Peekaboo

by steipete

Sec8

macOS automation server that integrates AI for screen capture analysis, UI interaction, and agentic workflows.

Setup Requirements

  • ⚠️Requires macOS Sonoma (14.0) or later.
  • ⚠️Requires Screen Recording and Accessibility permissions to function.
  • ⚠️API keys required for OpenAI, Anthropic, xAI Grok (e.g., `export OPENAI_API_KEY=...`).
  • ⚠️Ollama requires local server and models (`ollama pull llama3.3`, `ollama pull llava`).
Verified SafeView Analysis
The server performs macOS automation (screen capture, UI interaction, access to private APIs) which inherently requires high system privileges (Screen Recording, Accessibility). Its inter-process communication (IPC) mechanism uses Unix sockets and performs client identity validation (via `SecTaskCopyValueForEntitlement`) for security. Path traversal attempts are explicitly blocked in file operations. While powerful, the codebase demonstrates efforts toward secure implementation practices. No obvious hardcoded secrets or malicious patterns were found in the provided code snippets.
Updated: 2026-01-18GitHub
100
5079
Medium Cost
CoplayDev icon

unity-mcp

by CoplayDev

Sec7

Enables AI assistants (LLMs) to control and automate tasks within the Unity Game Engine Editor through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Unity Editor (2021.3 LTS or newer) with the MCP Unity Plugin installed and running.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Requires `uv` and `uvx` to run from PyPI or GitHub source.
Verified SafeView Analysis
The server listens on `0.0.0.0:8080` by default when using HTTP transport, making it publicly accessible if not behind a firewall. Telemetry data is sent to a third-party endpoint (`https://api-prod.coplay.dev/telemetry/events`) by default, though users can opt-out via environment variables. The use of `eval()` in `main.py` is an internal framework workaround for `typing` annotations, not directly for user input. Path sanitization is implemented for script operations to prevent traversal attacks. The server processes regular expressions from user input in tools like `script_apply_edits` and `find_in_file`; while Python-side compilation is used, complex or inefficient regex patterns could theoretically pose a ReDoS risk.
Updated: 2026-01-19GitHub
100
8342
Low Cost
modelcontextprotocol icon

inspector

by modelcontextprotocol

Sec2

A web-based client and proxy server for inspecting and interacting with Model Context Protocol (MCP) servers, allowing users to browse resources, prompts, and tools, perform requests, and debug OAuth authentication flows.

Setup Requirements

  • ⚠️Arbitrary Command Execution Risk: The proxy server can execute arbitrary commands via URL query parameters. It is CRITICAL that the proxy is ONLY run in a trusted, isolated environment (e.g., local machine behind a firewall) and NEVER exposed to untrusted networks or users.
  • ⚠️CORS Configuration for Direct Connections: When connecting directly to an MCP server (bypassing the Inspector proxy), the target MCP server must be configured to allow Cross-Origin Resource Sharing (CORS) requests from the Inspector's origin.
  • ⚠️OAuth Client Configuration: Setting up OAuth 2.0 requires obtaining a 'client_id' (and optionally 'client_secret') from an authorization server, and configuring a 'redirect_uri' (e.g., http://localhost:6274/oauth/callback).
Review RequiredView Analysis
The proxy server (`server/src/index.ts`) is designed to execute arbitrary commands and arguments (e.g., `command`, `args`, `env`) received via URL query parameters if the `stdio` transport is used. This is a critical remote code execution vulnerability if the proxy is exposed to untrusted networks or users. While potentially intended for local/trusted development environments, this design choice poses a severe risk. Additionally, the server can be configured with the `DANGEROUSLY_OMIT_AUTH` environment variable, bypassing its session token authentication and increasing exposure risk. The client-side OAuth implementation adheres to standard practices, but the proxy's inherent capability for arbitrary command execution significantly lowers the overall security score.
Updated: 2026-01-19GitHub
100
21552
Medium Cost
ChromeDevTools icon

chrome-devtools-mcp

by ChromeDevTools

Sec8

Control and inspect a live Chrome browser programmatically via an MCP server, enabling AI coding agents to perform reliable automation, in-depth debugging, and performance analysis.

Setup Requirements

  • ⚠️Requires Node.js v20.19 or a newer LTS version, and a current stable version of Chrome.
  • ⚠️May fail to start Chrome if running in a sandboxed environment (e.g., macOS Seatbelt, Linux containers), requiring explicit `--browser-url` configuration or disabling sandboxing.
  • ⚠️Connecting to a running Chrome instance (instead of launching a new one) via `--autoConnect` requires Chrome 144+ and remote debugging enabled via `chrome://inspect/#remote-debugging`. Manual connection via `--browser-url` requires starting Chrome with `--remote-debugging-port` and `--user-data-dir`.
  • ⚠️Specific client configurations (e.g., Windows 11 with Codex) might require additional environment variables (`env`) and startup timeout (`startup_timeout_ms`) parameters.
Verified SafeView Analysis
The `evaluateScript` tool directly executes JavaScript code provided by the agent within the browser context, which is a core feature for enabling advanced control and inspection. The `README` explicitly states: "`chrome-devtools-mcp` exposes content of the browser instance to the MCP clients allowing them to inspect, debug, and modify any data in the browser or DevTools. Avoid sharing sensitive or personal information that you don't want to share with MCP clients." This clearly communicates the inherent risk of granting an AI agent full control over a browser instance, emphasizing that the client (user) is responsible for the data exposed. The `--acceptInsecureCerts` option allows bypassing SSL certificate errors, which could expose the user to MITM attacks if used carelessly, but it's an explicit opt-in with a caution. No direct `eval` calls or similar code execution patterns are observed on the Node.js server itself. The main security consideration is the extensive control granted to the connected AI agent over the browser, which is by design for its purpose.
Updated: 2026-01-19GitHub
100
9787
Medium Cost
JoeanAmier icon

XHS-Downloader

by JoeanAmier

Sec7

A tool for extracting links and downloading watermark-free images and videos from Xiaohongshu (RedNote), supporting multiple operational modes including a server-based MCP interface.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Administrator privileges may be required on Windows for browser cookie extraction.
  • ⚠️Linux users may need to install `xclip` or `xsel` for clipboard functionality.
  • ⚠️`gettext` package and proper environment variable setup are required for translations.
Verified SafeView Analysis
The tool uses `rookiepy` to extract browser cookies, which may require administrator privileges on some operating systems and could expose sensitive user data if not used carefully. When a proxy is configured for HTTP requests, `httpx` is configured with `verify=False`, which disables SSL certificate verification and can make connections vulnerable to Man-in-the-Middle (MITM) attacks if the proxy is untrusted. The project's JavaScript userscript is obfuscated, which, while not part of the Python server, raises a general concern about transparency in the overall project ecosystem.
Updated: 2026-01-14GitHub
100
18852
High Cost
oraios icon

serena

by oraios

Sec6

AI Agent framework for interacting with code via Language Servers, facilitating automated development tasks and comprehensive code analysis.

Setup Requirements

  • ⚠️Requires `uv` (universal Python package installer/resolver) to run the server.
  • ⚠️Language-specific runtimes are required for their respective language server functionalities (e.g., Node.js for JS/TS, Java JDK for Java, Elixir for Elixir, .NET SDK for F# and C#, Go for Go, Rustup for Rust, Perl for Perl, Zig for Zig, Julia for Julia, Free Pascal Compiler for Pascal). The framework attempts to auto-install language servers, but core runtimes are external prerequisites.
  • ⚠️Initial setup involves manual repository cloning, creation/copying of configuration files (`serena_config.yml`, `project.yml`), and project registration for the AI agent to operate correctly.
Review RequiredView Analysis
The system is designed to allow an AI agent to execute arbitrary shell commands (via `ExecuteShellCommandTool`) and download/run external binaries (language servers via `requests.get` and `subprocess.Popen`). This grants significant privileges and requires strong trust in the AI's directives. While these actions are central to its function as a coding agent, they represent a high-risk capability if the AI is compromised or misbehaves.
Updated: 2026-01-19GitHub
100
8954
High Cost
mcp-use icon

mcp-use

by mcp-use

Sec7

A comprehensive framework for building full-stack Model Context Protocol (MCP) applications, including AI agents, MCP servers with UI widgets, and integrated debugging tools in both Python and TypeScript.

Setup Requirements

  • ⚠️Requires Node.js 20+ (22 recommended) and pnpm 10+ for TypeScript development.
  • ⚠️Requires Python 3.11+ and uv for Python development.
  • ⚠️Utilizes various AI models (OpenAI, Anthropic, Google, Groq) which require API keys (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY) and incur usage costs.
Verified SafeView Analysis
The framework supports 'Code Mode' which allows executing JavaScript/TypeScript code using Node.js VM-based or E2B cloud sandboxes. The VM-based executor explicitly warns that 'VM isolation is not perfect for untrusted code,' requiring careful validation if code input originates from untrusted sources. Additionally, the framework includes a general-purpose MCP proxy middleware which, if explicitly deployed without strong authentication or request validation, could function as an open CORS proxy, posing a significant security risk. However, this proxy is not enabled by default in a server scaffolded by `create-mcp-use-app`; it is used internally by the Inspector application or if a developer explicitly adds it to their server.
Updated: 2026-01-19GitHub
100
5593
Medium Cost
Klavis-AI icon

klavis

by Klavis-AI

Sec3

Develop and deploy AI agents that interact with a wide array of web services (e.g., Gmail, YouTube, LinkedIn, Supabase, Salesforce, Kubernetes) through a standardized Model Context Protocol (MCP), often orchestrated by an intelligent routing layer like Strata.

Setup Requirements

  • ⚠️Requires Klavis API Key for hosted services and simplified OAuth flows.
  • ⚠️Requires specific API keys and/or OAuth setup for each integrated third-party service (e.g., OpenAI, Google, Spotify, Supabase, LinkedIn, Tavily).
  • ⚠️Docker is required for self-hosting individual MCP servers.
  • ⚠️Some operations (e.g., creating Supabase projects) require explicit cost confirmation from the user/LLM.
  • ⚠️Specific OAuth scopes/permissions must be configured for full functionality for certain integrations (e.g., LinkedIn `w_member_social`).
Review RequiredView Analysis
The project includes multiple MCP servers that execute arbitrary system commands (e.g., `kubectl`, `helm`, general shell commands via `local/terminal`) or direct SQL queries (`supabase_execute_sql`) based on user or LLM input. While some attempts at input validation and sandboxing are present (`local/terminal`'s `SecurityConfig`), these mechanisms are inherently difficult to secure completely against sophisticated injection attacks. This poses significant shell and SQL injection risks if not deployed in highly controlled and sandboxed environments. Access tokens and API keys are generally handled via environment variables or `x-auth-data` headers, which is good practice, but the privilege escalation potential of the command execution tools remains a critical concern. Exposed HTTP/SSE endpoints for local servers also present a network risk if not properly firewalled.
Updated: 2026-01-16GitHub
100
3561
Medium Cost
exa-labs icon

exa-mcp-server

by exa-labs

Sec9

Provides AI assistants and coding agents with real-time web search, code context, and deep research capabilities via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires an EXA_API_KEY from dashboard.exa.ai/api-keys to function.
  • ⚠️Designed to be used with an MCP-compatible AI client (e.g., Cursor, Claude Desktop, Claude Code, Codex).
  • ⚠️Deep research tools ('deep_researcher_start', 'deep_researcher_check') require the client agent to poll for results, implementing an asynchronous workflow.
  • ⚠️Vercel free tier deployments may experience function timeouts (10s limit) for longer operations, especially deep research tasks.
Verified SafeView Analysis
The server demonstrates strong security practices. It uses Zod for robust input validation for all tool parameters. API keys are securely handled, preferring explicit configuration or environment variables, and are not hardcoded. All external HTTP requests to Exa AI are made via axios with configured timeouts (25-30 seconds) and comprehensive error handling, distinguishing between Axios-specific and generic errors. There is no usage of 'eval' or other inherently dangerous functions, and the codebase is clear and follows standard practices. The primary network risk is reliance on the external Exa AI API, which is a standard part of its functionality.
Updated: 2026-01-15GitHub
100
42477
Medium Cost
upstash icon

context7

by upstash

Sec7

Provides up-to-date, version-specific documentation and code examples to Large Language Models (LLMs) and AI coding assistants to improve code generation accuracy and relevance, preventing outdated or hallucinated information.

Setup Requirements

  • ⚠️Requires Node.js >= v18.0.0
  • ⚠️Requires an MCP client (e.g., Cursor, Claude Code, VSCode)
  • ⚠️Context7 API Key is optional but recommended for higher rate limits and private repositories.
Verified SafeView Analysis
The `CLIENT_IP_ENCRYPTION_KEY` used for client IP encryption has a hardcoded default value in `packages/mcp/src/lib/encryption.ts`. While it can be overridden by an environment variable, relying on a default hardcoded key, even for non-critical data like client IPs, is generally not recommended in a security-first approach. Users are advised to provide their own `CLIENT_IP_ENCRYPTION_KEY`.
Updated: 2026-01-19GitHub
100
1170
High Cost
NPC-Worldwide icon

npcpy

by NPC-Worldwide

Sec2

Core library of the NPC Toolkit that supercharges natural language processing pipelines and agent tooling. It's a flexible framework for building state-of-the-art applications and conducting novel research with LLMs. Supports multi-agent systems, fine-tuning, reinforcement learning, genetic algorithms, model ensembling, and NumPy-like operations for AI models (NPCArray). Includes a built-in Flask server for deploying agent teams via REST APIs, and multimodal generation (image, video, audio).

Setup Requirements

  • ⚠️Requires Ollama for local LLMs (e.g., llama3.2, gemma3:4b) installed and running.
  • ⚠️Platform-specific dependencies for audio (ffmpeg, portaudio, espeak) and screenshots (pywin32 on Windows, screencapture on Mac, gnome-screenshot/scrot on Linux).
  • ⚠️Requires API keys for various cloud LLM/generation providers (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, DEEPSEEK_API_KEY, PERPLEXITY_API_KEY, ELEVENLABS_API_KEY).
  • ⚠️Dependencies for local fine-tuning and diffusion models require PyTorch, diffusers, transformers, and sentence-transformers, which can be resource-intensive and require CUDA for optimal performance.
  • ⚠️Uses SQLite for conversation history and internal state; `psycopg2-binary` required for PostgreSQL.
  • ⚠️Jinja templates can be complex to debug without prior experience.
Review RequiredView Analysis
The system allows execution of arbitrary Python code within Jinx steps and direct shell commands generated by LLMs via `subprocess.run(..., shell=True)`. This creates severe command injection and remote code execution vulnerabilities if not rigorously sandboxed. The Flask server exposes various endpoints for executing commands, Jinxs, ML models, and fine-tuning, often without explicit authentication mechanisms shown in examples, making it vulnerable to unauthorized access and execution. Deserialization of untrusted data via `pickle.loads` in ML functionalities also poses a risk.
Updated: 2026-01-18GitHub
100
26078
Medium Cost
github icon
Sec9

The GitHub MCP Server enables AI agents, assistants, and chatbots to interact with GitHub's platform for repository management, issue/PR automation, CI/CD intelligence, code analysis, and team collaboration through natural language.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) for authentication, which needs to be generated and configured with appropriate scopes.
  • ⚠️Running locally typically requires Docker installed and running, or Go 1.21+ for building from source.
  • ⚠️Remote server OAuth support varies by host application and may require a registered GitHub App or OAuth App to be set up.
Verified SafeView Analysis
The project demonstrates strong security practices: * **Authentication & Authorization:** Emphasizes secure Personal Access Token (PAT) handling, OAuth, and GitHub App installation controls with policies for minimum scopes, token rotation, and non-committal storage. * **Input Sanitization:** Uses 'bluemonday' to sanitize HTML content, mitigating Cross-Site Scripting (XSS) risks. * **Lockdown Mode:** Provides an additional security layer for public repositories by filtering content from users without push access. * **Error Handling:** Differentiates user-actionable errors from developer errors and stores detailed error information in context for middleware analysis without exposing sensitive data. * **Dependency Audits:** Lists third-party licenses, indicating awareness of supply chain security. * **No Obvious Malicious Patterns:** No direct 'eval' or uncontrolled shell execution with untrusted input in the server's core logic. Docker execution is for deployment or testing, not part of the server's internal runtime processing of user input.
Updated: 2026-01-19GitHub
PreviousPage 1 of 111Next