Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(275)

100
1673
Medium Cost
bytebase icon

dbhub

by bytebase

Sec8

A universal database abstraction layer exposing databases as tools for AI/ML agents via the Model Context Protocol (MCP), and providing an admin console for monitoring requests.

Setup Requirements

  • ⚠️Requires explicit database connection configuration (either via DSN in command-line arguments/environment variables or a TOML configuration file) to start; the server will exit if no valid configuration is provided.
  • ⚠️If a `dbhub.toml` configuration file is used, command-line flags such as `--id`, `--readonly`, and `--max-rows` are intentionally disabled to prevent conflicts. Per-source configuration for these options must then be defined directly within the TOML file.
  • ⚠️Deployment in containers (e.g., Docker) for MySQL and MariaDB might encounter 'container privilege restrictions' that prevent full introspection of stored procedures and functions without additional database user permissions or container configuration.
  • ⚠️SSH private key paths (e.g., `~/.ssh/id_rsa`) specified in TOML configuration or environment variables are expanded relative to the user's home directory on the host system, and these files require appropriate read permissions.
Verified SafeView Analysis
The server demonstrates strong security awareness through features like DSN password redaction, explicit `SafeURL` parsing to handle special characters in connection strings, and structured validation for custom SQL tools' parameters. For its HTTP API, it includes CORS configuration and `Origin` header validation to mitigate DNS rebinding attacks. File system interactions, such as loading TOML configuration, environment files, and SSH keys, are part of the setup, implying a reliance on a trusted deployment environment where these paths and configurations are controlled by an administrator. SQL injection risks are mitigated via parameterized queries for user-provided SQL in custom tools and built-in SQL execution, and through robust identifier quoting for database metadata access. The primary security considerations for operators are the inherent risks of executing user-defined SQL (even if validated) and managing access to sensitive configuration files and network ports.
Updated: 2025-12-06GitHub
100
1402
Medium Cost
agentgateway icon

agentgateway

by agentgateway

Sec3

A flexible API gateway designed for routing and managing network traffic, with specialized capabilities for integrating AI/LLM models, Model Context Protocol (MCP) agents, and Agent-to-Agent (A2A) communications through configurable listeners, routes, and policies.

Setup Requirements

  • ⚠️Requires OpenSSL for certificate management and testing.
  • ⚠️Building from source requires a Rust toolchain.
  • ⚠️Specific AI/LLM backends (e.g., AWS Bedrock, Google Vertex AI) will require corresponding cloud credentials and project setup.
  • ⚠️The UI is a separate Next.js application that needs to be built or run in development mode alongside the Rust backend.
Review RequiredView Analysis
CRITICAL: Test private keys are committed to the repository for integration tests (crates/agentgateway/tests/common/testdata), which is highly dangerous if accidentally used in production. The UI allows direct configuration updates (including highly privileged operations like executing arbitrary `stdio` commands in MCP targets) via HTTP endpoints. While the UI uses `http://localhost:15000` by default, a production deployment without proper authentication and authorization on the `/config` endpoint (and other management endpoints) could allow remote unauthenticated configuration modifications, including remote code execution. Configuration dumps could also expose sensitive details. The 'Restart Setup Wizard' functionality allows deleting all configuration. Strong authentication and authorization must be implemented for the backend management endpoints in any non-test environment.
Updated: 2025-12-05GitHub
99
898
Medium Cost
doobidoo icon
Sec8

A comprehensive, AI-enhanced memory service for AI agents, enabling semantic search, intelligent consolidation, and multi-backend storage via a token-efficient API and MCP protocol.

Setup Requirements

  • ⚠️Requires PyTorch and sentence-transformers for embeddings, which can involve large downloads (300MB+) and complex GPU-specific installations (e.g., CUDA, DirectML, MPS). ONNX Runtime is an alternative but also needs to be installed.
  • ⚠️Using Cloudflare or Hybrid storage backends requires configuration of Cloudflare API tokens, account IDs, and specific service IDs (Vectorize, D1, R2), linking to external paid services.
  • ⚠️Specific compatibility patches exist for Windows timeouts and LM Studio's non-standard 'notifications/cancelled' messages, indicating potential stability issues in these environments without proper setup.
Verified SafeView Analysis
The server includes a robust OAuth 2.0 implementation, extensive input validation (e.g., for tags, query limits), and secure handling of temporary files. It explicitly enforces offline mode for HuggingFace models to prevent unintended external model downloads. No direct 'eval()' usage was found in the Python server code. The default host binding ('0.0.0.0') for the HTTP server means it listens on all interfaces, which requires proper firewall configuration in production environments.
Updated: 2025-12-06GitHub
92
91
Medium Cost
gregorydickson icon

memory-graph

by gregorydickson

Sec9

A graph-based MCP server that provides intelligent memory capabilities for Claude Code, enabling persistent knowledge tracking, relationship mapping, and contextual development assistance for AI agents.

Setup Requirements

  • ⚠️Requires a database backend (SQLite embedded by default, but external services like Neo4j, Memgraph, FalkorDB, or Turso require separate setup or Docker).
  • ⚠️Relies heavily on environment variables for configuration (e.g., `MEMORY_BACKEND`, database credentials, API keys) which must be correctly set up.
  • ⚠️Specific Python dependencies (e.g., `neo4j`, `falkordb`, `libsql_experimental`) are required only if their respective backends are used, but ensure the correct ones are installed if switching from default SQLite.
  • ⚠️For Claude Code Web environments, a special setup involving copying a `.claude` directory is recommended for auto-installation via hooks.
Verified SafeView Analysis
The server uses `subprocess.run` for Git commands, which is common in development tools and appears safely implemented (not using `shell=True`). It explicitly sanitizes sensitive information (API keys, tokens, passwords) from memory content and logs using `_sanitize_content`. Database credentials are primarily sourced from environment variables, avoiding hardcoding. Pydantic is used for input validation, mitigating common API injection risks. The `CloudBackend` uses `httpx` with circuit breaking for external network calls, enhancing resilience.
Updated: 2025-12-05GitHub
85
556
High Cost
mark3labs icon
Sec9

Provides secure and controlled access to the local filesystem via the Model Context Protocol (MCP) for AI agents and other applications.

Setup Requirements

  • ⚠️Requires explicit specification of allowed directories at startup for security.
  • ⚠️If not using Docker, requires a Go development environment for installation or compilation.
  • ⚠️When using Docker with host filesystem interaction, proper volume mounting is necessary.
Verified SafeView Analysis
The server implements robust path validation including absolute path resolution, explicit allowed directories, and comprehensive symlink resolution with security checks to prevent directory traversal attacks. All file operations leverage this validation. The 'modify_file' tool uses regex, which could theoretically be vulnerable to ReDoS if patterns are untrusted, but this is mitigated by the overall path restrictions. No hardcoded secrets or arbitrary code execution mechanisms ('eval') were found. The server operates with the privileges of its running user, which is standard for local tools.
Updated: 2025-11-24GitHub
83
4
Medium Cost
iceener icon
Sec9

Provides a sandboxed filesystem interface for AI agents to explore directories, read, search, and safely edit text files with checksum verification and diff previews.

Setup Requirements

  • ⚠️Requires 'FS_ROOTS' (or 'FS_ROOT') environment variable to be correctly set by the user to define accessible directories; otherwise, it defaults to the current working directory, which may not be the intended sandbox.
  • ⚠️Requires 'bun' runtime for execution, as indicated by 'bun install' and 'bun run' commands in package.json and README.
  • ⚠️When connecting to clients like Claude Desktop or Cursor, the 'args' for the 'bun run' command must specify the absolute path to the 'src/index.ts' entry point.
Verified SafeView Analysis
The server implements robust sandboxing through explicit path resolution, checking for absolute paths and directory traversal attempts ('..'). Access is restricted to user-configured 'FS_ROOTS' (or 'FS_ROOT') environment variables. Checksum verification prevents stale overwrites during file edits. No 'eval' or other dynamic code execution patterns were identified in the provided source. The server's security is highly dependent on the user correctly configuring the 'FS_ROOTS' variable to trusted directories.
Updated: 2025-12-04GitHub
56
69
Medium Cost
timescale icon

tiger-cli

by timescale

Sec8

Manages Timescale Cloud database services and provides an integrated Model Context Protocol (MCP) server enabling AI assistants to programmatically interact with and query the infrastructure.

Setup Requirements

  • ⚠️Requires a Tiger Cloud account for authentication (`tiger auth login`).
  • ⚠️Requires local configuration of the AI assistant (e.g., Claude Code, Cursor) to recognize and use the MCP server.
  • ⚠️Operations like `service create` and `service fork` create billable resources in Tiger Cloud.
  • ⚠️Requires `psql` to be installed for database connection commands (`tiger db connect`).
Verified SafeView Analysis
The project demonstrates strong security awareness, with credential handling (API keys, database passwords) following PostgreSQL best practices (e.g., PGPASSWORD environment variable) and using system keyring for secure storage. A previous critical issue regarding keyring service name detection was resolved. Analytics explicitly exclude sensitive data. However, there is a recognized potential 'High' severity issue of insufficient input validation for user-provided psql arguments, which could lead to command injection in specific scenarios, though its practical exploitability is considered limited due to running with user privileges. The visibility of PGPASSWORD in process environments is noted as a standard but visible practice.
Updated: 2025-12-05GitHub
55
1
Low Cost
pand40x icon

crypto-mcp

by pand40x

Sec9

Provides real-time and historical cryptocurrency data to LLM applications, using Binance as the primary source and CoinMarketCap as a fallback.

Setup Requirements

  • ⚠️Requires CoinMarketCap API keys for fallback functionality, which must be obtained and configured in a .env file.
  • ⚠️The MCP client configuration requires the absolute path to the 'build/index.js' file, which can be a common point of error.
  • ⚠️Node.js v20.0.0 or higher is required.
Verified SafeView Analysis
The server uses environment variables for API keys and `zod` for input validation, which are good security practices. It avoids hardcoding secrets and utilizes public API endpoints where possible. No 'eval' or other directly dangerous functions are used. Symbol normalization helps prevent injection. The overall design prioritizes robustness and security within its operational scope.
Updated: 2025-11-29GitHub
55
1
Medium Cost
athavala icon

mysql-mcp-server

by athavala

Sec1

This server provides a FastMCP interface to interact with a MySQL database, allowing retrieval of database schema and execution of arbitrary SQL queries.

Setup Requirements

  • ⚠️Requires a running MySQL database instance.
  • ⚠️Requires `mysql-connector-python` and `mcp-server` Python packages.
  • ⚠️Default database credentials are highly insecure and should be overridden with environment variables for any practical use.
Review RequiredView Analysis
The `query_data` function is critically vulnerable to SQL injection as it executes arbitrary SQL queries directly without any input validation, sanitization, or query parameterization. This allows attackers to perform any operation on the database (e.g., data exfiltration, deletion, modification). Additionally, the server uses insecure default database credentials (`root`/`password`) if environment variables are not set, posing a significant risk in non-production or misconfigured environments.
Updated: 2025-12-02GitHub
51
22
High Cost
Epistates icon

turbovault

by Epistates

Sec10

Transforms an Obsidian vault into an intelligent knowledge system, providing AI agents with specialized tools for reading, writing, searching, analyzing, and managing notes through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Rust 1.90.0 or later to build/install from source or crates.io.
  • ⚠️Requires an existing Obsidian vault directory to manage; it does not initialize a blank vault with the '.obsidian' folder structure by default if one is not present.
  • ⚠️Integrating with Claude Desktop requires manual modification of a JSON configuration file (`~/.config/claude/claude_desktop_config.json`).
Verified SafeView Analysis
The project demonstrates comprehensive security features including explicit path traversal protection (using `path_trav` crate), type-safe deserialization to prevent injection, atomic file writes for data integrity, hash-based conflict detection for edits, and configurable file size limits to mitigate DoS attacks. Crucially, it avoids shell execution, eliminating command injection risks. An external `mcp-scanner` audit explicitly marks all 44 MCP tools as 'Safe: Yes'. While optional network transports (HTTP, WebSocket, TCP) introduce potential attack surfaces if enabled, the default mode for AI agent integration is `stdio`, which is inherently safer. The `docker-compose.yml` specifies running as a non-root `obsidian` user, adhering to the principle of least privilege.
Updated: 2025-12-04GitHub
50
84
High Cost
box-community icon

mcp-server-box

by box-community

Sec2

The Box MCP Server provides a Microservice Context Protocol (MCP) interface to interact with the Box API, enabling AI agents and other clients to perform various file, folder, collaboration, metadata, and AI-powered operations on Box content.

Setup Requirements

  • ⚠️Requires extensive Box Custom App configuration (OAuth, CCG, or JWT) via the Box Developer Console, including pre-registering all callback URLs for OAuth flows.
  • ⚠️Heavily relies on environment variables (often from a .env file) for all Box API and MCP server authentication credentials; misconfiguration will lead to startup or runtime errors.
  • ⚠️The `uv` tool is recommended for Python dependency management and execution, which might require an additional setup step for some users.
Review RequiredView Analysis
CRITICAL: The server's `/oauth/register` endpoint, when running with `--transport=http` or `--transport=sse`, directly exposes the configured `BOX_CLIENT_ID` and `BOX_CLIENT_SECRET` in its response. This is a severe hardcoded secret exposure, as these credentials should remain confidential. Anyone accessing this public endpoint can retrieve the client ID and client secret, which could then be used for unauthorized access to the Box API or to impersonate the application.
Updated: 2025-12-02GitHub
45
49
Medium Cost
IzumiSy icon
Sec9

Serves as a local knowledge graph memory backend for LLMs, storing entities, relations, and observations using DuckDB for efficient querying and data management.

Setup Requirements

  • ⚠️Requires Node.js 22.x (as specified in package.json engines).
  • ⚠️Docker required if opting for Docker deployment.
  • ⚠️Manual configuration involves editing `claude_desktop_config.json`.
Verified SafeView Analysis
The server primarily operates over standard I/O (stdio) via the MCP SDK, minimizing direct network exposure. It uses DuckDB as an embedded, file-based database. While `MEMORY_FILE_PATH` allows users to specify the database location, this is expected for a memory server and doesn't expose sensitive information or allow arbitrary file access beyond the configured path. No hardcoded secrets or obvious malicious patterns were found. Concurrent write operations to DuckDB are handled by opening one connection at a time, ensuring data integrity within the application's design.
Updated: 2025-12-03GitHub
PreviousPage 1 of 23Next