Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(92)

87
981
High Cost
cgoinglove icon

better-chatbot

by cgoinglove

Sec3

An advanced open-source AI chatbot supporting multiple LLMs, extensive tools (web search, code execution, data visualization, MCP protocol), image generation, and workflow automation for individuals and teams.

Setup Requirements

  • ⚠️Requires at least one API key from a major LLM provider (e.g., OpenAI, Google, Anthropic), which are typically paid services.
  • ⚠️Requires a PostgreSQL database (`POSTGRES_URL` environment variable) for persistent storage.
  • ⚠️Full functionality of custom MCP tools may require setting up and managing external MCP servers.
  • ⚠️File storage needs to be configured (e.g., Vercel Blob, S3) for features like image generation and file ingestion.
Review RequiredView Analysis
The application allows arbitrary JavaScript and Python code execution (via `new Function` for JS and Pyodide for Python) and arbitrary HTTP requests (SSRF risk) based on AI model outputs. While there are attempts at sandboxing for code execution, these are inherently high-risk features that are difficult to secure against all exploits. Connections to external Model Context Protocol (MCP) servers also introduce a vector for interacting with potentially untrusted services. Careful vetting of user input and external server configurations is critical.
Updated: 2025-12-29GitHub
64
11
Medium Cost
BiboyQG icon

WeChat-MCP

by BiboyQG

Sec8

Automate WeChat interactions on macOS for LLMs, enabling programmatic control over chat, contact management, and Moments (social feed) publishing via accessibility APIs and screen capture.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️WeChat for Mac application must be installed and actively running.
  • ⚠️Python 3.12+ is required.
  • ⚠️Requires granting Accessibility permissions to the terminal application (e.g., Terminal.app, iTerm2) in macOS System Settings, enabling it to control other applications.
Review RequiredView Analysis
The server leverages macOS Accessibility APIs and screen capture to directly control the WeChat application. This requires granting significant system-level permissions to the terminal running the server, which inherently carries a risk. While the source code does not contain 'eval', obfuscation, hardcoded secrets, or overt malicious patterns, the power of UI automation means that if a controlling LLM or user misuses the exposed tools, it could perform unintended actions within WeChat (e.g., sending messages, adding contacts, publishing posts). Trust in the LLM and careful permission management are critical.
Updated: 2025-12-12GitHub
63
223
Medium Cost
carterlasalle icon

mac_messages_mcp

by carterlasalle

Sec7

Enables AI assistants to interact with the macOS Messages app for reading, sending, and searching messages, including universal messaging capabilities with SMS/RCS fallback.

Setup Requirements

  • ⚠️Requires macOS 11+ and the Messages app to be configured and active.
  • ⚠️Requires 'Full Disk Access' permission for the terminal application or AI assistant in macOS System Settings.
  • ⚠️Requires Python 3.10+ and the 'uv' package manager to be installed first.
Verified SafeView Analysis
The application requires 'Full Disk Access' permission on macOS for the terminal or AI application, which grants high privileges and should be granted with caution. It interacts with macOS system services (AppleScript) and SQLite databases. While efforts are made to sanitize user inputs for AppleScript commands using string replacement to prevent injection, and parameterized queries are used for SQLite, direct interaction with shell commands (`subprocess.run(cmd, shell=True)`) in `get_addressbook_contacts_subprocess` is generally discouraged even if the command string is static. If exposed via `mcp-proxy` for Docker, binding to `0.0.0.0` is a network security risk if not properly restricted or authenticated in production.
Updated: 2026-01-18GitHub
61
17
Medium Cost
cardmagic icon

messages

by cardmagic

Sec9

Fuzzy search and browse Apple Messages (iMessage/SMS) from the command line or as an MCP server.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️Requires Node.js version 22 or higher.
  • ⚠️Requires 'Full Disk Access' permission for your terminal application to read `~/Library/Messages/chat.db`.
Verified SafeView Analysis
The server primarily operates locally, reading from the Apple Messages database (`~/Library/Messages/chat.db`) and AddressBook, then building local search indexes in `~/.messages/`. It uses `better-sqlite3` in read-only mode for the source databases, which is a good security practice. The `node-typedstream` library handles parsing binary blobs for message content, which is a potential, but non-obvious, vector for malformed data. The MCP server uses `StdioServerTransport`, meaning communication is over standard I/O, not a network, reducing network-based attack surfaces. No `eval` or obvious hardcoded secrets were found. The most significant security consideration is the explicit requirement for 'Full Disk Access' permission for the terminal, which grants broad access but is necessary for its core functionality and is a user-controlled setting.
Updated: 2026-01-18GitHub
44
40
Medium Cost
jlucaso1 icon

whatsapp-mcp-ts

by jlucaso1

Sec8

Connects a personal WhatsApp account to an AI agent, enabling the agent to search messages and contacts, list chats, retrieve message history, and send messages via WhatsApp.

Setup Requirements

  • ⚠️Requires Node.js version 23.10.0 or higher.
  • ⚠️Requires an initial manual WhatsApp QR code scan for authentication, which can be time-sensitive.
  • ⚠️Initial message history synchronization can take significant time depending on your WhatsApp history size.
  • ⚠️Specific configuration JSON is required for the AI client (e.g., Claude Desktop, Cursor) to launch and connect to the MCP server.
Verified SafeView Analysis
The server stores all WhatsApp authentication credentials and message history locally in a SQLite database and authentication cache, which is good for privacy from the server's perspective. It communicates with the AI client via standard input/output (stdio), avoiding direct network exposure to the outside for the MCP protocol itself. No 'eval' or other direct dangerous dynamic code execution patterns were found. The primary security considerations are the security of the local machine storing sensitive WhatsApp data and the trustworthiness of the connected AI agent that will access this data via MCP tools.
Updated: 2025-12-06GitHub
42
52
Medium Cost
mailtrap icon

mailtrap-mcp

by mailtrap

Sec9

The Mailtrap MCP server provides tools for sending transactional emails and managing email templates, including a sandbox environment for testing.

Setup Requirements

  • ⚠️Requires a Mailtrap account and API token (paid service potentially involved for full functionality).
  • ⚠️Domain verification is necessary for sending actual transactional emails.
  • ⚠️Specific Mailtrap Account ID is required for template management operations.
  • ⚠️A Mailtrap Test Inbox ID is required for sandbox email functionality.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API tokens and account IDs, preventing hardcoding. Input validation for all tools is implemented using Zod schemas. Error handling is structured, returning clear messages and an 'isError' flag. There is no usage of 'eval' or other directly dangerous dynamic code execution. Network communication relies on standard SDK and web server practices.
Updated: 2026-01-07GitHub
39
14
Low Cost
ActiveCampaign icon

postmark-mcp

by ActiveCampaign

Sec9

Provides a Model Context Protocol (MCP) server to enable AI assistants to send emails and manage templates via Postmark.

Setup Requirements

  • ⚠️Requires Node.js v16 or higher.
  • ⚠️Requires an active Postmark account and server API token.
  • ⚠️Requires configuration of `POSTMARK_SERVER_TOKEN`, `DEFAULT_SENDER_EMAIL`, and `DEFAULT_MESSAGE_STREAM` environment variables.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive data like the Postmark server token, and the README explicitly warns against storing secrets in version control. It employs Zod for input validation, which helps prevent malformed requests. Logging practices appear secure, avoiding direct exposure of sensitive information in console outputs. Network requests are limited to the official Postmark API. There is no usage of 'eval' or similar dangerous patterns. The main point of caution, common to any tool that manages external credentials, is securing the environment where the server runs and ensuring proper access controls for the `.env` file.
Updated: 2025-12-01GitHub
37
11
Low Cost
charles-adedotun icon

notifications-mcp-server

by charles-adedotun

Sec4

Provides real-time sound and visual notifications on macOS when Claude Desktop completes tasks.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️Requires Claude Desktop to be installed for integration.
  • ⚠️Installation of `terminal-notifier` (e.g., via `brew install terminal-notifier`) is recommended for enhanced visual notifications.
  • ⚠️Requires Python 3.10 or higher.
Review RequiredView Analysis
The `notify-claude.sh` helper script, if present and used, is vulnerable to JSON injection via the `MESSAGE` argument, as the message string is not properly escaped when embedded in the `echo` command's JSON output. This could lead to malformed JSON and parsing errors in the Python server. The server heavily relies on `subprocess.run` to execute external macOS commands (`afplay`, `osascript`, `terminal-notifier`) and the helper shell script. While parameters are generally quoted in shell calls and macOS notification systems typically sanitize inputs, passing LLM-generated `title` and `message` arguments to external processes introduces a higher attack surface compared to purely native API calls. The `os.chmod` call to make the `notify-claude.sh` script executable also presents a minor local privilege escalation risk if the script's content is compromised.
Updated: 2025-12-12GitHub
36
5
Low Cost
1052666 icon
Sec4

Integrate WeChat message sending capabilities into AI assistants using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Windows 10/11 operating system.
  • ⚠️WeChat client must be installed, running, logged in, and its window visible (not minimized or obscured).
  • ⚠️Significant account, data, privacy, and legal risks associated with automating WeChat, as explicitly warned by the developer.
Review RequiredView Analysis
The server uses UI automation (pyautogui, win32 API calls) to control the WeChat desktop application. This inherently carries significant risks, as outlined in the project's '重要免责声明' (Important Disclaimer), including potential account bans, data loss/leakage, system instability, and legal/privacy issues. While there's no evidence of malicious code (e.g., 'eval', hardcoded secrets), the nature of the operation allows the configured AI assistant to control a sensitive user application. The clipboard is temporarily used for text input, with an attempt to restore its original content. The window activation logic is robust but also signifies the level of control this server can exert.
Updated: 2026-01-19GitHub
36
5
High Cost
hp0912 icon
Sec2

This server acts as a Model Context Protocol (MCP) gateway, integrating various AI capabilities (image recognition, TTS, image/video generation, chat summarization, personality analysis) and WeChat-specific functions (song requests, emoji extraction, group management) for a WeChat robot.

Setup Requirements

  • ⚠️Requires a MySQL database for configuration storage and message history, with tenant databases created dynamically based on 'RobotCode'.
  • ⚠️Relies on external AI service providers (e.g., OpenAI, Doubao, Jimeng, GLM, Hunyuan) for AI capabilities, which will incur API usage costs.
  • ⚠️Assumes the existence of a separate 'WeChat client' component that this server communicates with via HTTP for sending messages.
Review RequiredView Analysis
CRITICAL vulnerability identified: The `buildDSNForRobot` function constructs a MySQL DSN using `robotCode` directly as the database name. If `robotCode` can be controlled or influenced by an attacker, this allows for database name injection, potentially enabling access to arbitrary databases on the MySQL server or causing denial of service by repeatedly attempting to connect to non-existent databases. Additionally, the server makes external HTTP requests to various AI service providers (e.g., OpenAI, Doubao, Jimeng, GLM, Hunyuan) and a music API (`api.cenguigui.cn`). While parameters are typically encoded, the reliability and security of these third-party services are external dependencies. AI API keys and other sensitive settings are stored in the database, requiring robust database security. No 'eval' or obvious obfuscation detected.
Updated: 2026-01-17GitHub
34
3
Low Cost
innocuous-stiffness915 icon

Vibe-Agent

by innocuous-stiffness915

Sec1

A tutorial for building an AI infinite canvas application using Gemini for image generation and manipulation.

Setup Requirements

  • ⚠️Requires access to Google Gemini for generating the application code.
  • ⚠️Instructs users to download and run an unverified executable from a raw GitHub link (potential security risk).
  • ⚠️Operating System is restricted to Windows 10 or newer for the Vibe-Agent application.
Review RequiredView Analysis
The provided source code consists solely of README markdown files. The main README instructs users to download and run an executable (Vibe-Agent-v2.4.zip) directly from a raw GitHub link. There is no actual source code provided for the executable itself to perform a security audit. Downloading and executing untrusted software from an unverified source is a significant security risk, as its contents are unknown and could be malicious or contain vulnerabilities. Therefore, a meaningful security analysis of the executable is impossible with the provided information.
Updated: 2026-01-19GitHub
33
3
Medium Cost
Chris31372 icon

better-chat

by Chris31372

Sec8

An AI chat application focused on interacting with technical documentation, featuring multi-model support and per-user data isolation via Cloudflare Durable Objects.

Setup Requirements

  • ⚠️Requires a Cloudflare account with configured Workers, D1 (database), KV (key-value store), and Durable Objects (stateful serverless instances).
  • ⚠️Deployment and local development rely on the Alchemy framework, requiring its CLI and understanding of its specific commands and environment configurations (e.g., `.env.dev`, `.env.prod`).
  • ⚠️Full functionality, particularly access to premium AI models, depends on providing various API keys for AI providers (e.g., OpenAI, Google, Anthropic), email services (Resend in production), social authentication, and web search (Exa).
Verified SafeView Analysis
The provided server-side source code demonstrates strong security practices. Sensitive user API keys are encrypted at rest using AES-GCM with a user-specific PBKDF2-derived key, and secrets are properly managed via environment variables. User sessions are secured with Cloudflare KV, and rate limiting is implemented. The authentication system, Better Auth, uses email OTP and OAuth securely. However, the accompanying README's instructions to download and execute a `.zip` file for the client application from GitHub (`better-chat.zip`) represent a critical security risk for end-users, as the contents of this client binary are not provided for audit. Users should exercise extreme caution and ideally build the client from source if provided, or verify its integrity through trusted channels.
Updated: 2026-01-19GitHub
PreviousPage 1 of 8Next