Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(275)

43
31
High Cost
qiniu icon
Sec3

Provides a Model Context Protocol (MCP) server that enables AI models to interact with Qiniu cloud services including storage, intelligent multimedia processing, CDN, and live streaming.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires `uv` package manager for installation and execution.
  • ⚠️Requires Qiniu Cloud Access Key, Secret Key, Region Name, Endpoint URL, and a comma-separated list of configured buckets (or QINIU_LIVE_API_KEY for live streaming functionality) as environment variables.
  • ⚠️Users of Claude may encounter `Error: spawn uvx ENOENT` requiring the absolute path to `uvx` in the command.
Review RequiredView Analysis
CRITICAL: The `LiveStreamingService` in `src/mcp_server/core/live_streaming/live_streaming.py` explicitly prints HTTP request information, including the `Authorization` header containing API keys (either `QINIU_LIVE_API_KEY` or `QINIU_ACCESS_KEY`/`QINIU_SECRET_KEY`) directly to standard output. This is a severe security risk as it exposes sensitive credentials in logs or console output, which should never happen in a production environment. While environment variables are used for secrets, the service includes fallback placeholder values (e.g., `YOUR_QINIU_ACCESS_KEY`) if not configured, although this does not expose real secrets. No other malicious patterns, `eval` usage, or obvious obfuscation were found.
Updated: 2025-11-27GitHub
43
32
High Cost
Teradata icon
Sec1

This server provides a Model Context Protocol (MCP) interface for interacting with Teradata databases, offering tools for database administration, data quality, SQL optimization, feature store management, RAG (Retrieval Augmented Generation) workflows, vector store operations, plotting, and backup/restore, often used to enable AI agents or LLMs to perform database-related tasks.

Setup Requirements

  • ⚠️Requires a running Teradata Database instance with access credentials (`DATABASE_URI`).
  • ⚠️Python `uv` tool is required for installation and execution.
  • ⚠️Specific Teradata version `>=17.20` is assumed for many tools.
  • ⚠️RAG and SQL Optimization tools require embedding models and tokenizers to be pre-installed and configured within a Teradata database schema.
Review RequiredView Analysis
The server has critical SQL Injection vulnerabilities. Many tools construct SQL queries using f-strings with user-controlled input (e.g., `table_name`, `database_name`, `column_name`, `user_name`, `obj_name`) directly embedded into the SQL string without proper escaping or parameter binding. For example, `handle_base_tableDDL` executes `show table {table_name}` and `handle_dba_tableSqlList` uses `LIKE '%{table_name}%'`, which can be exploited to execute arbitrary SQL commands. Additionally, default credentials ('admin'/'admin') are used for DSA API access if environment variables are not set, posing a risk in non-development environments. The server listens on `0.0.0.0` by default in Docker, making it externally accessible. While `eval` is used in `resolve_type_hint`, it is within a restricted namespace and context, reducing its immediate danger compared to the SQL injection issues.
Updated: 2025-11-22GitHub
42
21
Medium Cost
onkernel icon
Sec8

A Model Context Protocol (MCP) server enabling AI assistants to securely access Kernel platform tools and perform web browser automation, app deployment, and monitoring.

Setup Requirements

  • ⚠️Requires a Clerk account and configuration.
  • ⚠️Requires a Redis instance for authentication context persistence.
  • ⚠️Requires API access keys and a base URL for the Kernel platform.
  • ⚠️Requires specific environment variables to be set, including those for Mintlify if documentation search is used.
  • ⚠️Node.js 18+ and Next.js 15.3+ are prerequisites.
Verified SafeView Analysis
The server uses robust OAuth 2.0 authentication via Clerk and securely stores authentication context in Redis using HMAC hashing. It delegates browser automation and code execution to the Kernel platform via its SDK. The 'execute_playwright_code' tool allows arbitrary TypeScript/Playwright code execution, which is an inherent risk if the underlying Kernel platform's sandbox is not fully secure; however, this is an intended feature for AI agent interaction, not an oversight. Public API routes (like OAuth endpoints) use 'Access-Control-Allow-Origin: *', which is standard for public OAuth providers. No obvious hardcoded secrets, 'eval' usage, or direct malicious patterns were found in the provided source.
Updated: 2025-12-01GitHub
41
22
Medium Cost
influxdata icon
Sec3

An MCP server that integrates with various InfluxDB v3 instances (Core, Enterprise, Cloud Dedicated, Clustered, Serverless) to provide tools, resources, and prompts for interaction via MCP clients.

Setup Requirements

  • ⚠️Requires an InfluxDB 3 instance with specific URL and token combinations, which vary significantly based on the InfluxDB product type (Core/Enterprise, Cloud Serverless, Cloud Dedicated, Clustered).
  • ⚠️The configuration for Cloud Dedicated and Clustered instances can be complex, requiring separate database and management tokens, and in some cases, account/cluster IDs.
  • ⚠️For InfluxDB Clustered deployments, the server explicitly disables SSL certificate validation (`rejectUnauthorized: false`), posing a significant security risk for data in transit.
Review RequiredView Analysis
The server uses `rejectUnauthorized: false` for `InfluxProductType.Clustered` in its HTTP client, which disables SSL certificate validation and makes it vulnerable to man-in-the-middle attacks. This is a critical network security risk. Additionally, sensitive token management operations (creation, listing, regeneration, deletion of admin and resource tokens) are exposed via tools, which could be exploited if the MCP client or the underlying environment is compromised. While environment variables are used for secrets, the `ContextFileService` reads local files, which, if combined with other vulnerabilities or misconfigurations, could lead to local file inclusion risks.
Updated: 2025-12-02GitHub
40
16
Low Cost
ravitemer icon

mcp-registry

by ravitemer

Sec7

This repository serves as a centralized, community-maintained registry for Model Context Protocol (MCP) servers, providing structured installation configurations to facilitate discovery and integration for MCP clients and hubs.

Setup Requirements

  • ⚠️Requires Node.js and npm for running maintenance scripts (build, validate, enrich).
  • ⚠️The 'enrich' script (for adding GitHub stars/last commit) benefits from a 'GITHUB_TOKEN' environment variable to avoid GitHub API rate limits.
Verified SafeView Analysis
The registry codebase (scripts and schemas) is generally sound. It uses 'js-yaml.load' which can be risky with untrusted input; however, YAML files are part of the version-controlled repository, subject to PR review, and validated by a strict Zod schema, significantly mitigating this vulnerability by preventing unexpected fields. No 'eval', obfuscation, or hardcoded secrets are present within the registry's core logic. The 'enrich.js' script safely retrieves data from GitHub API. The potential for malicious commands within the 'config' field of server definitions is a risk for external MCP clients that execute these configurations, not the registry's own operations.
Updated: 2025-12-06GitHub
40
20
Medium Cost
alaturqua icon

mcp-trino-python

by alaturqua

Sec6

The MCP Trino Server provides seamless integration with Trino and Iceberg for advanced data exploration, querying, and table maintenance capabilities through a standard interface.

Setup Requirements

  • ⚠️Requires a running Trino server, either locally (e.g., via Docker Compose) or remotely.
  • ⚠️Python 3.12 or higher is required for local execution.
  • ⚠️Essential Trino connection details (TRINO_HOST, TRINO_PORT, TRINO_USER) must be configured via environment variables (e.g., in a .env file).
Verified SafeView Analysis
The server executes SQL queries provided by tools or constructed using f-strings for identifiers (table/schema/catalog names). This design poses a SQL injection risk if the inputs to the MCP tools are not adequately sanitized by the calling client or AI model. Specifically, the `execute_query` tool accepts raw SQL, and other tools embed string parameters directly into queries. Environment variables are correctly used for sensitive configuration (e.g., TRINO_PASSWORD) via python-dotenv. HTTP transports expose network ports, requiring proper network security if deployed publicly. The server itself is not inherently malicious, but its interaction with Trino requires careful input validation from upstream consumers.
Updated: 2025-12-01GitHub
40
16
Medium Cost
bejaminjones icon

bear-notes-mcp

by bejaminjones

Sec8

Provides a Model Context Protocol (MCP) interface for Claude Desktop to interact with Bear notes, enabling comprehensive read and sync-safe write operations.

Setup Requirements

  • ⚠️Requires macOS, as Bear is a macOS/iOS application.
  • ⚠️Requires Claude Desktop to be granted 'Full Disk Access' manually in macOS System Preferences.
  • ⚠️Requires Node.js 18+ to be installed.
Verified SafeView Analysis
The server's design to use direct database reads and Bear's x-callback-url API for writes (hybrid sync-safe mode) is a good practice to prevent database corruption. It leverages 'child_process.exec' for local system commands (AppleScript to check Bear status, 'open' for Bear API calls). While 'exec' can be a security risk if not carefully controlled, its usage here appears confined to specific, documented local interactions with the Bear application. The primary security concern is the requirement for 'Full Disk Access' for Claude Desktop, which the server transparently guides the user through, but is a high-privilege permission.
Updated: 2025-11-26GitHub
40
18
Medium Cost
teaguesterling icon

duckdb_mcp

by teaguesterling

Sec8

Integrates DuckDB with the Model Context Protocol (MCP), enabling it to consume resources/tools from external MCP servers and expose its own database capabilities as an MCP server.

Setup Requirements

  • ⚠️Requires a DuckDB binary to be built or installed, and its path might need to be explicitly set via the `DUCKDB` environment variable.
  • ⚠️The DuckDB MCP extension itself needs to be built before use ('make' in the project root).
  • ⚠️For production use, critical security settings like `allowed_mcp_commands` and `allowed_mcp_urls` must be explicitly configured to exit 'permissive mode' and enable strict validation.
Verified SafeView Analysis
The extension features a robust security framework, including an allowlist for executable commands (`allowed_mcp_commands`), argument sanitization against shell injection (`..`, `|`, `;`, `&`, backticks, `$`), and immutability of command settings after first use. The `execute` server tool (for DDL/DML) is disabled by default. However, by default, the client-side `ATTACH` command operates in a 'permissive mode' if `allowed_mcp_commands` is not explicitly set, which is a potential risk if deployed without proper configuration. TCP/WebSocket/HTTP transports are noted as 'planned' or 'placeholder' and may not yet have the same level of security vetting as the `stdio` transport.
Updated: 2025-11-30GitHub
39
7
Low Cost
meloncafe icon
Sec9

A Streamable HTTP MCP server enabling remote ChromaDB access for AI assistants like Claude, providing cross-platform AI memory and semantic search capabilities.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for easy setup and dependency management (ChromaDB).
  • ⚠️For public internet access, setting the `MCP_AUTH_TOKEN` environment variable is mandatory for security, as emphasized in the documentation.
  • ⚠️Requires Node.js 20.0.0+ and Yarn 1.22.22+ if building and running from source.
Verified SafeView Analysis
The project demonstrates a very strong commitment to security, implementing numerous best practices: - **Comprehensive Authentication**: Supports Bearer token, X-Chroma-Token header, and (optionally, with deprecation warning) query parameters. Uses `timingSafeEqual` for constant-time token comparison to prevent timing attacks. - **Rate Limiting**: Integrated using `express-rate-limit` (configurable via `RATE_LIMIT_MAX`). - **Strict Security Headers**: Sets `X-Frame-Options`, `X-Content-Type-Options`, `X-XSS-Protection`, `Referrer-Policy`, `Content-Security-Policy`, `Permissions-Policy`, and `Strict-Transport-Security`. - **Origin Header Validation**: Prevents DNS rebinding attacks by validating the `Origin` header against a whitelist (including localhost, Claude.ai domains, and configurable `ALLOWED_ORIGINS`). - **Log Injection Prevention**: Implements robust sanitization functions (`sanitizeLogValue`, `sanitizeForLogging`, `sanitizeErrorForClient`, `sanitizeHttpMethod`) to filter control characters and sensitive information from logs and error messages, mitigating log injection and information disclosure risks. - **Static Analysis & Audits**: README and SECURITY.md highlight continuous monitoring with DeepSource, CodeQL, Dependabot, and container vulnerability scanning, claiming 'Zero Active Issues' and compliance with OWASP Top 10. - **No Hardcoded Secrets**: Sensitive configurations like `MCP_AUTH_TOKEN` and `CHROMA_AUTH_TOKEN` are handled via environment variables, with helper scripts for secure token generation. Explicit warning for `ALLOW_QUERY_AUTH=true` in production (violates MCP spec). While the security posture is excellent, a perfect 10 is rarely given to allow for unforeseen edge cases or novel attack vectors. However, the proactive and transparent approach to security is highly commendable.
Updated: 2025-12-06GitHub
38
1
Medium Cost
kadinsayani icon

lxd-mcp

by kadinsayani

Sec6

Manages LXD containers and virtual machines through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires LXD to be installed and running on the system.
  • ⚠️Requires Go 1.25.4 or higher to build from source.
  • ⚠️User account must be in the `lxd` group for socket access, implying elevated privileges.
Verified SafeView Analysis
The server interacts directly with the LXD daemon via a Unix socket, requiring the user to be in the `lxd` group, granting high privileges. The `exec_instance` tool allows arbitrary command execution within instances, which carries inherent security risks. The `README` explicitly states 'Consider implementing authentication for production use', indicating a lack of built-in authentication for generic exposure beyond its intended local, stdin/stdout use case (e.g., with GitHub Copilot CLI). No 'eval' or obvious malicious patterns found.
Updated: 2025-12-05GitHub
38
9
Medium Cost
piotr-agier icon

google-drive-mcp

by piotr-agier

Sec9

Provides secure integration with Google Drive, Docs, Sheets, and Slides for Model Context Protocol (MCP) clients, enabling file management and content manipulation through a standardized interface.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with Google Drive, Docs, Sheets, and Slides APIs enabled, and OAuth 2.0 Desktop app credentials configured (non-trivial for new users).
  • ⚠️Initial authentication requires browser interaction (locally), which means it must be run outside Docker first if planning to use Docker.
  • ⚠️For Google OAuth apps in 'Testing' status, refresh tokens expire after 7 days, requiring weekly re-authentication until the app is published.
Verified SafeView Analysis
The server demonstrates robust security practices. OAuth 2.0 authentication is handled securely via a local web server (localhost:3000-3004), a standard method for desktop applications. Tokens are stored with restrictive file permissions (0o600) and automatically refreshed. Input validation for all tool calls is rigorously implemented using Zod schemas, significantly mitigating injection risks. There are no hardcoded secrets, 'eval' usage, or obvious malicious patterns in the provided source code. Extensive logging to stderr helps with monitoring, and the use of well-established Google API libraries adds to its reliability.
Updated: 2025-11-26GitHub
38
11
Medium Cost
JamesANZ icon

memory-mcp

by JamesANZ

Sec8

This MCP server provides memory storage and intelligent context window caching capabilities for Large Language Model (LLM) conversations, including archiving, retrieval, and summarization.

Setup Requirements

  • ⚠️Requires a running MongoDB instance for persistent storage.
  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️The `postinstall` script automatically configures Claude Desktop, indicating a strong integration focus on specific LLM clients like Cursor/Claude.
Verified SafeView Analysis
The server appears well-structured with no obvious malicious code, obfuscation, or hardcoded sensitive secrets beyond a default local MongoDB URI which can be overridden by an environment variable. It uses standard `StdioServerTransport` for MCP communication. The `setup-claude-config.js` script modifies a user's local Claude Desktop configuration file (`claude_desktop_config.json`) to integrate the MCP server, which is part of its intended installation process. The primary security consideration lies with the external MongoDB instance; if not properly secured, it could expose the stored memory data. No `eval` or similar dangerous patterns are used without clear justification.
Updated: 2025-12-04GitHub
PreviousPage 2 of 23Next