Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(911)

98
575
Medium Cost
johnhuang316 icon

code-index-mcp

by johnhuang316

Sec8

Provides intelligent code indexing, searching, and analysis capabilities for large language models to understand and navigate codebases.

Setup Requirements

  • ⚠️Requires Python 3.10+ and the `uv` package manager as core prerequisites.
  • ⚠️Optimal performance for `search_code_advanced` depends on the availability of external command-line tools like `ugrep`, `ripgrep`, or `ag` in the system's PATH. It falls back to slower pure-Python or basic `grep` if preferred tools are not found.
  • ⚠️Real-time file monitoring for auto-refresh requires the `watchdog` Python library; if unavailable, this feature is disabled (troubleshooting suggests `pip install watchdog`).
Verified SafeView Analysis
The server uses `subprocess.run` to execute external search tools (`ugrep`, `ripgrep`, `ag`, `grep`). While necessary for performance, this introduces a risk of command injection if input is not perfectly sanitized. The project mitigates this by using `is_safe_regex_pattern` to validate regex patterns and appending `--` to separate arguments from search patterns for some tools. File system operations are mostly contained within project-specific temporary directories. No direct `eval` or `exec` is used. No hardcoded secrets were found within the server's own code.
Updated: 2025-11-27GitHub
97
489
Medium Cost
mbailey icon

voicemode

by mbailey

Sec7

Voice interaction capabilities for MCP (Model Context Protocol) servers, providing advanced Speech-to-Text and Text-to-Speech services, locally or via cloud APIs and LiveKit for real-time communication.

Setup Requirements

  • ⚠️Requires 'uv' package manager to run the installer and manage the Python environment.
  • ⚠️Requires Python 3.10+.
  • ⚠️Requires 'ffmpeg' for core audio processing.
  • ⚠️For Linux, 'sudo' access is needed for system package installation and specific build tools (e.g., CUDA toolkit for GPU support).
  • ⚠️For macOS, Xcode Command Line Tools are required for building 'whisper.cpp', and Homebrew for package management.
  • ⚠️OpenAI API Key ('OPENAI_API_KEY') is required for cloud STT/TTS services (paid).
  • ⚠️Building local 'kokoro' (TTS) on ARM64 systems may require Rust/Cargo.
  • ⚠️LiveKit frontend development requires Node.js and a package manager (npm/pnpm/yarn).
Verified SafeView Analysis
Extensive use of 'subprocess.run' and 'subprocess.Popen' for system commands (e.g., 'git', 'make', 'brew', 'apt', 'dnf', 'cmake', 'uvx', 'npm'/'pnpm'/'yarn', 'launchctl', 'systemctl', 'ffmpeg') is inherent for installation and service management, requiring trust in external binaries and scripts. Initial 'uv' installation via 'curl | sh' is a common but inherently risky practice. Default LiveKit development keys ('devkey:secret') and frontend access password ('voicemode123') are hardcoded for local development, posing a risk if exposed without changes. The system relies on downloading external binaries and source code from GitHub and Hugging Face. Sensitive environment variables are masked in diagnostic outputs.
Updated: 2025-12-10GitHub
97
412
Low Cost
whillhill icon

mcpstore

by whillhill

Sec7

MCPStore acts as an orchestration layer for managing Microservice Context Protocol (MCP) services and adapting them as tools for AI frameworks like LangChain, AutoGen, and others.

Setup Requirements

  • ⚠️Requires `fastmcp` to be installed (e.g., `pip install fastmcp`).
  • ⚠️Specific AI framework adapters (e.g., LangChain) require additional optional dependencies (e.g., `pip install mcpstore[langchain]`).
  • ⚠️For Redis backend, a running Redis instance is required.
Verified SafeView Analysis
Default FastAPI CORS `allow_origins=["*"]` should be restricted in production environments. Redis sensitive configuration (URL, password) is not loaded from environment variables by default, which could lead to accidental hardcoding in user code if not managed carefully. Hub services run in subprocesses and expose HTTP endpoints; proper authentication and network isolation are responsibilities of the deployer.
Updated: 2025-12-05GitHub
97
503
Medium Cost
line icon
Sec6

Integrates LINE Messaging API with AI Agents to enable automated communication and rich menu management for LINE Official Accounts.

Setup Requirements

  • ⚠️Requires Node.js v20+ (or a Docker environment with Chromium dependencies for image generation).
  • ⚠️Requires a LINE Official Account with Messaging API enabled and a Channel Access Token.
  • ⚠️DESTINATION_USER_ID is optional but required if `userId` is not provided for messaging tools.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive tokens. However, the `create_rich_menu` tool utilizes Puppeteer with the `--no-sandbox` argument to render rich menu images, where user-provided `chatBarText` and action `label` fields are embedded into an HTML template. While input validation (Zod) is present for general structure, if malicious HTML/JavaScript is injected into these text fields and not sufficiently sanitized by the Marp rendering process, it could potentially be executed within the unsandboxed Puppeteer instance, posing a security risk. This is noted as a preview version, suggesting it may not be production-hardened.
Updated: 2025-12-10GitHub
97
483
Medium Cost
GoogleCloudPlatform icon

cloud-run-mcp

by GoogleCloudPlatform

Sec9

Enables MCP-compatible AI agents to deploy applications to Google Cloud Run, facilitating automated code deployment from various AI-powered development tools.

Setup Requirements

  • ⚠️Requires Google Cloud SDK installation and authentication (gcloud auth login, gcloud auth application-default login).
  • ⚠️Requires an active Google Cloud account with billing enabled.
  • ⚠️For local execution, Node.js (LTS version) or Docker must be installed.
Verified SafeView Analysis
The server leverages official Google Cloud SDKs and services like Cloud Build and Artifact Registry for secure deployment pipelines. It includes mechanisms for DNS rebinding protection (ENABLE_HOST_VALIDATION, ALLOWED_HOSTS), although these are disabled by default. The SKIP_IAM_CHECK variable, defaulting to 'true', makes deployed Cloud Run services publicly accessible, which is a common configuration but requires awareness from the user regarding the security of their deployed application. There are no obvious signs of 'eval', obfuscation, or unsanitized shell command execution. Authentication relies on Google Cloud Application Default Credentials, which promotes secure credential handling.
Updated: 2025-12-11GitHub
97
458
Medium Cost
vercel icon
Sec7

Provides a Model Context Protocol (MCP) server that acts as a comprehensive development toolkit for Next.js projects, enabling AI agents to interact with live dev servers, access documentation, automate upgrades, set up Cache Components, and perform browser-based testing.

Setup Requirements

  • ⚠️Requires Node.js 20.9+.
  • ⚠️Runtime diagnostic tools (`nextjs_index`, `nextjs_call`) require Next.js 16+ with a running development server (`npm run dev`).
  • ⚠️The `upgrade_nextjs_16` tool's codemod requires a clean Git working directory (no uncommitted changes).
  • ⚠️The `browser_eval` tool automatically installs `@playwright/mcp` globally if not present.
Verified SafeView Analysis
The `browser_eval` tool includes an `evaluate` action that allows arbitrary JavaScript code to be executed within a browser context controlled by Playwright. While this is an intended feature for web automation and testing, it presents a security risk if the AI agent invoking this tool is compromised or misinstructed, potentially leading to malicious script execution within the user's browser session. The server itself does not expose direct arbitrary code execution on the host machine via `eval` in its Node.js process. Telemetry data collection is anonymous and opt-out capable.
Updated: 2025-12-10GitHub
95
258
Low Cost
elusznik icon
Sec8

This server enables LLM agents to execute Python code in a highly secure, isolated container environment, facilitating complex multi-tool orchestration and data analysis with minimal LLM context token usage.

Setup Requirements

  • ⚠️Requires Podman or Docker (rootless configuration is the default and recommended).
  • ⚠️Requires Python 3.11+ (Python 3.14-slim is the default container image).
  • ⚠️Requires `uv` or `pip` for dependency management (`uv` recommended for installation).
  • ⚠️Pydantic >= 2.12.0 is needed for Python 3.14+ to avoid `TypeError: _eval_type() got an unexpected keyword argument 'prefer_fwd_module'`.
Verified SafeView Analysis
The server executes user-provided Python code using `eval(compile(code, ...), ...)` within a highly restricted, rootless container sandbox. This sandbox enforces strict isolation: no network, read-only rootfs, all capabilities dropped, no new privileges, unprivileged user (65534:65534), and resource limits (memory, PIDs, CPU, timeout). All MCP traffic is mediated by the host, providing an audit trail and preventing direct access to the host or external networks. While `eval` is used, it is the core function of the isolated sandbox, not a direct vulnerability in this hardened setup. The project's history explicitly details lessons from failed insecure prototypes, indicating a strong architectural commitment to security.
Updated: 2025-12-05GitHub
95
204
Low Cost
intellectronica icon

skillz

by intellectronica

Sec8

Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Skills must be placed in a designated directory (defaults to `~/.skillz` or specified path)
  • ⚠️Potentially unsafe; skills should be treated as untrusted code and run in sandboxes/containers (as advised by the README)
  • ⚠️Requires an MCP-compatible client to consume the skills
Review RequiredView Analysis
The server uses `yaml.safe_load` for parsing skill metadata, mitigating direct YAML injection risks. It explicitly implements path traversal prevention in resource URIs (e.g., checks for '..') to restrict access. The core functionality is to discover and expose skill definitions and resources; the execution of any bundled helper scripts or code is deferred to the consuming AI client. The README explicitly warns users to treat skills as untrusted code and run in sandboxes/containers, indicating that while the server implements some hardening, the overall system design involves a critical security boundary at the client's execution of skill content.
Updated: 2025-11-26GitHub
95
202
Low Cost
aws icon
Sec9

The MCP Proxy for AWS enables AI applications to securely connect to Model Context Protocol (MCP) servers hosted on AWS by automatically handling AWS IAM (SigV4) authentication.

Setup Requirements

  • ⚠️Requires AWS credentials (AWS CLI, environment variables, or IAM roles) to be configured.
  • ⚠️Requires Python 3.10+ and the 'uv' package manager.
Verified SafeView Analysis
The project uses standard AWS SDK (boto3, botocore) for SigV4 authentication, which is a robust security mechanism. It incorporates `httpx` for secure HTTP communication. There are no apparent hardcoded secrets, 'eval' calls, or malicious patterns. The code includes a monkey-patch to a dependency (`fastmcp`) to improve error handling, which is a known practice but requires careful review. The primary security consideration for users is ensuring proper AWS IAM credential management.
Updated: 2025-12-10GitHub
95
201
Low Cost
awslabs icon
Sec9

An open source Model Context Protocol (MCP) server that helps AI coding assistants quickly create baseline AWS IAM policies by analyzing application code locally and fixing AccessDenied errors.

Setup Requirements

  • ⚠️Requires AWS CLI and configured credentials to apply policy changes.
  • ⚠️Only supports generating identity-based IAM policies (does not support resource-based policies, SCPs, or permission boundaries).
  • ⚠️Cannot predict resource ARNs determined dynamically at runtime (e.g., S3 bucket names from variables).
Verified SafeView Analysis
The server applies several security safeguards: it validates ARNs, checks for account mismatches before applying policies, explicitly rejects root/service-linked/federated principals, and binds the HTTP server to localhost (127.0.0.1) to limit network exposure. User confirmation is required before applying policy changes, unless the `--yes` flag is used. While the `install.sh` script follows a common `curl | sh` pattern, which carries inherent supply-chain risks, the application logic itself appears robust.
Updated: 2025-12-10GitHub
94
162
Low Cost
portofcontext icon

pctx

by portofcontext

Sec9

PCTX acts as a proxy for AI agents to interact with various tools and services via a sandboxed TypeScript 'Code Mode' interface, aggregating multiple MCP servers into a single endpoint.

Setup Requirements

  • ⚠️Requires Rust toolchain (version 1.89+).
  • ⚠️Requires Python 3.10+ for Python client, with optional 'langchain' or 'crewai' extras.
  • ⚠️Potential port conflicts (default 8080 for pctx, 3000 for example upstream MCP).
  • ⚠️External API keys (e.g., NASA_API_KEY, STRIPE_MCP_KEY, GROQ_API_KEY) are often required for upstream MCP servers or AI models.
Verified SafeView Analysis
Code execution is performed within an isolated Deno sandbox with strict network, filesystem, and environment access controls, mitigating risks from LLM-generated code. Authentication credentials are managed by pctx and not exposed to the LLM. Network access is explicitly whitelisted. The core TypeScript runtime is minified, which is a standard practice but could be considered an obfuscation layer.
Updated: 2025-12-11GitHub
94
626
Medium Cost
apify icon
Sec9

Enables AI agents to interact with Apify Actors for web scraping, data extraction, and web automation from various online platforms.

Setup Requirements

  • ⚠️Requires an Apify API Token (APIFY_TOKEN environment variable or ~/.apify/auth.json file) which typically implies an Apify account and potential billing.
  • ⚠️For full functionality, specific Apify Actors (e.g., apify/rag-web-browser, apify/instagram-scraper, apify/python-example) may need to exist on the target Apify platform.
  • ⚠️Node.js version 20.0.0 or higher is required.
Verified SafeView Analysis
The codebase is well-structured with no detected 'eval' usage or obfuscation. Hardcoded secrets are not present, with sensitive API keys (e.g., APIFY_TOKEN) correctly sourced from environment variables or local configuration files. The server's 'open world' tools like 'get-html-skeleton' or 'apify/rag-web-browser' interact with external URLs, but this is the intended functionality of web scraping tools. These operations are typically executed within the sandboxed and managed Apify platform, mitigating direct network risks to the server itself. Security is generally strong, relying on secure handling of the APIFY_TOKEN.
Updated: 2025-12-10GitHub
PreviousPage 3 of 76Next