Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(290)

38
11
Low Cost
JamesANZ icon

memory-mcp

by JamesANZ

Sec8

Provides persistent memory and intelligent context window caching for LLM conversations within AI coding environments.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm installed.
  • ⚠️Requires a running MongoDB instance (defaults to 'mongodb://localhost:27017', but custom URI needs to be set via MONGODB_URI environment variable).
  • ⚠️Manual setup for Claude Desktop involves editing a JSON config file or running an automated script that modifies the config.
Verified SafeView Analysis
The server uses standard Node.js practices and connects to MongoDB. Communication with clients (like Cursor or Claude Desktop) occurs via standard I/O (stdio), limiting direct network exposure. No 'eval' or obvious code obfuscation was found. The primary security considerations are proper configuration and securing the MongoDB instance, as sensitive conversation data is stored there. The `postinstall` script modifies Claude Desktop's configuration, which is an expected integration step but involves file system modification. Overall, it appears designed with a reasonable security posture for its intended use case.
Updated: 2025-12-10GitHub
37
9
Medium Cost
gmacev icon
Sec7

A persistent key-value memory store for AI agents, designed to extend context windows and enable semantic search over stored memories.

Setup Requirements

  • ⚠️Requires Python 3.8+ installed on the system to run the semantic search embedding service.
  • ⚠️A large E5 embedding model (intfloat/multilingual-e5-large-instruct, several GBs) will be downloaded and cached on the first run, which may take some time and consume significant disk space.
Verified SafeView Analysis
The server's HTTP endpoint explicitly sets 'Access-Control-Allow-Origin: *', making it accessible from any origin. While common for local development tools as intended here, this configuration poses a significant security risk if the server is exposed publicly without additional network layers or authentication. The system relies on `JSON.parse` for agent-provided values, which could be a vector for memory exhaustion attacks if the agent's output is not properly constrained and large/complex JSON is provided. SQL queries are parameterized, mitigating SQL injection risks. The Python embedding service is spawned as a child process, communicating via stdin/stdout with JSON, which is a generally secure pattern as long as the data passed through it is controlled and validated by the Node.js application. The embedding process itself truncates inputs to 512 tokens, which helps prevent memory exhaustion from excessively large text inputs.
Updated: 2025-11-27GitHub
36
6
Medium Cost
spences10 icon

mcp-sqlite-tools

by spences10

Sec9

An MCP server enabling AI assistants to perform comprehensive, secure, and efficient SQLite database operations on local files, including data manipulation, schema changes, and transaction management.

Setup Requirements

  • ⚠️Requires 'better-sqlite3' which is a native Node.js module; while 'prebuild-install' typically handles prebuilt binaries, some environments might require specific build tools (e.g., node-gyp dependencies, Python, C++ compiler) if a prebuilt binary isn't available for the target system.
  • ⚠️Effective integration requires specific MCP client configuration (e.g., 'mcp.json' for VS Code or Claude Desktop) to define the server command and environment variables.
Verified SafeView Analysis
The server explicitly prioritizes security with multiple layers: query classification (read-only, destructive, schema), strict path validation (preventing directory traversal, controlling absolute path access), and comprehensive input validation for all tool parameters using Valibot. Tools are categorized ('SAFE', 'DESTRUCTIVE', 'SCHEMA CHANGE', 'TRANSACTION') to enable fine-grained approval control by MCP clients. No direct 'eval' or unvalidated command injection vectors were identified. The use of 'better-sqlite3' relies on a native C++ module, which is generally secure, but its build process could expose supply chain risks if prebuilt binaries are not used or verified.
Updated: 2025-12-03GitHub
36
6
Low Cost
tonybentley icon

signalk-mcp-server

by tonybentley

Sec9

Provides AI agents with efficient, token-optimized access to SignalK marine data through secure V8 isolate code execution.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher
  • ⚠️Requires access to a running SignalK server
  • ⚠️Docker recommended for easy setup of a local SignalK server (e.g., for E2E testing)
Verified SafeView Analysis
The server uses a V8 isolate sandbox (via 'isolated-vm') to execute agent-provided JavaScript code. This architecture provides strong security by isolating the code from the Node.js host environment. Key security features include: no access to Node.js globals (e.g., process, require), no direct filesystem access, no direct network access (all external interactions are through controlled, RPC-style bindings), enforced memory limits (128MB), and execution timeouts (30s). SignalK authentication tokens are handled by the binding layer and are not exposed to the agent's code in the isolate. No 'eval' or similar dangerous patterns are used directly in the main Node.js process to execute untrusted code.
Updated: 2025-11-26GitHub
35
3
Low Cost
YashMakan icon

fastmcp

by YashMakan

Sec9

Build fast, declarative, and type-safe servers implementing the Model Context Protocol (MCP) in Dart.

Setup Requirements

  • ⚠️Requires `dart run build_runner build` to be executed after code changes (e.g., adding/modifying annotated functions) to generate boilerplate.
  • ⚠️Mandatory `part 'your_file.fastmcp.g.dart';` directive must be added at the top of files containing `@Tool`, `@Resource`, or `@Prompt` annotations.
  • ⚠️Requires Dart SDK version >= 3.0.0.
Verified SafeView Analysis
The framework leverages build-time code generation (`fastmcp_generator`) to create type-safe argument parsing, handler wrappers, and robust error handling with `try-catch` blocks. This design inherently reduces common runtime vulnerabilities associated with dynamic input processing. No use of 'eval' or similar dangerous dynamic code execution patterns are present in the provided source. Network transports (e.g., HTTP) would still require standard security practices (e.g., authentication, authorization, rate-limiting) for the deployed application, but the framework itself promotes a secure foundation. Recent updates mention support for OAuth and security schemes, indicating active security considerations.
Updated: 2025-11-26GitHub
35
6
Medium Cost
aj-geddes icon

fastfs-mcp

by aj-geddes

Sec3

Enables AI assistants (like Claude) to interact with local filesystems, manage Git repositories, and engage users through interactive prompts via a standardized JSON-based protocol.

Setup Requirements

  • ⚠️Requires Docker for deployment and easy setup.
  • ⚠️Requires GitHub Personal Access Token or GitHub App credentials (ID, private key, installation ID) for full Git integration with private repositories.
  • ⚠️Requires a local filesystem volume to be mounted into the Docker container at `/mnt/workspace` for file operations.
Review RequiredView Analysis
The server uses `subprocess.run(..., shell=True)` extensively for both shell and Git commands, which is a critical security vulnerability. Although some inputs are escaped, constructing commands from potentially AI-generated or user-controlled input can lead to arbitrary command execution. GitHub Personal Access Tokens are embedded directly into URLs for authentication, potentially exposing them in logs, though the server attempts redaction. Private keys for GitHub Apps can be exposed if passed as environment variables. Requires careful management of permissions for the mounted workspace.
Updated: 2025-12-04GitHub
35
2
Medium Cost
sumo-mcp icon

sumo-mcp

by sumo-mcp

Sec8

Powers AI chatbots with historical and live sumo wrestling data via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Functionality critically depends on the external https://sumo-api.com being available and operational.
Verified SafeView Analysis
The server acts as a proxy for sumo-api.com. While the provided source code for the MCP server appears secure, free of hardcoded secrets, and uses standard Go practices, its functionality is entirely dependent on the security and availability of the external https://sumo-api.com. Any issues with the upstream API would directly impact this server.
Updated: 2025-12-07GitHub
35
6
High Cost
iniarfia icon
Sec9

Implements a multi-agent system for advanced sequential thinking, problem decomposition, and analysis, supporting iterative revisions and branching in complex problem-solving scenarios.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires DEEPSEEK_API_KEY (paid LLM API service)
  • ⚠️Requires EXA_API_KEY (paid search API service) if the Researcher agent is utilized
Verified SafeView Analysis
Utilizes environment variables for API keys, preventing hardcoded secrets. Input validation is performed using Pydantic. The server communicates via standard I/O (stdio), reducing its direct network attack surface. It relies on external LLM (DeepSeek) and search (Exa) APIs, which inherently involve data transmission and external service dependencies.
Updated: 2025-12-11GitHub
34
1
High Cost
shaharwiener icon

mcp-sql-server

by shaharwiener

Sec9

Provides AI assistants with safe, read-optimized access to SQL Server databases.

Setup Requirements

  • ⚠️Requires Docker for local development setup (SQL Server and MCP server).
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires installation of ODBC Driver 18 for SQL Server on the host system.
Verified SafeView Analysis
The server has a strong security posture for its intended use case (internal VPN deployment). It strictly enforces read-only access, includes comprehensive input validation to prevent SQL injection and dangerous commands (xp_cmdshell, OPENROWSET), and uses robust audit logging with PII sanitization. Dangerous write operations (e.g., `execute_stored_procedure`) are explicitly disabled by default. Credentials for production are managed via AWS SSM. Known limitations like no application-level authentication, rate limiting, or fine-grained access control are clearly documented and deemed acceptable for internal VPN use, but make it unsuitable for external exposure without significant modification.
Updated: 2025-11-24GitHub
34
4
Low Cost
jdlemes icon

MsSqlMCP

by jdlemes

Sec9

Provides an MCP Server for SQL Server database schema inspection and safe, read-only query execution to AI clients.

Setup Requirements

  • ⚠️Requires .NET 10 (or .NET 9 with minor adjustments).
  • ⚠️Requires an accessible SQL Server instance.
  • ⚠️Manual configuration of SQL Server connection string in 'appsettings.json' is mandatory.
Verified SafeView Analysis
The project places a strong emphasis on security by implementing a ReadOnlySqlQueryValidator that blocks 27 common keywords associated with DML, DDL, DCL, and execution commands (e.g., INSERT, UPDATE, DELETE, DROP, EXEC). This validation is backed by 42 dedicated security tests. Connection strings are externalized in 'appsettings.json', preventing hardcoded secrets directly in the codebase. As long as the 'appsettings.json' is securely managed on the host, the application itself is designed to prevent malicious SQL operations.
Updated: 2025-11-28GitHub
34
5
High Cost
MelloB1989 icon

karma

by MelloB1989

Sec7

This server provides a memory-augmented AI chat interface, allowing users to interact with an AI agent that remembers conversation context and dynamically switches between memory retrieval and caching strategies.

Setup Requirements

  • ⚠️Requires both Go (1.23+) and Node.js (18+) with npm to run the full application (backend/frontend).
  • ⚠️Requires paid API keys for OpenAI (LLM and Embeddings) and a Vector Database (Pinecone or Upstash).
  • ⚠️Redis is an optional dependency for one of the caching strategies.
Verified SafeView Analysis
The Go backend handles external API keys via environment variables, which is a good practice. It incorporates authentication and rate-limiting middleware for its own MCP server. JSON parsing of AI responses uses regex cleaning, which could be fragile if AI output deviates unexpectedly, but includes retry mechanisms. The `knowledge_graph` MCP tool example explicitly disables authentication, which would be a security risk if deployed without modification in a production environment, but is noted as an example.
Updated: 2025-12-08GitHub
34
4
Low Cost
chrisribe icon

simple-memory-mcp

by chrisribe

Sec8

A Model Context Protocol (MCP) server for persistent memory storage, providing intelligent tagging and full-text search for AI assistants to remember context across conversations.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Starting the web server (`web-server.js`) requires an existing database; it will not auto-create one. Run the main MCP server first to initialize the database.
  • ⚠️Storing the database directly in cloud storage (OneDrive/Dropbox) is strongly discouraged due to potential corruption and slower performance (2-10x slower). If unavoidable, `MEMORY_CLOUD_SAFE=true` must be set, which further reduces performance.
Verified SafeView Analysis
The server uses `better-sqlite3` with prepared statements, mitigating SQL injection risks. File system operations are confined to expected database and backup paths. The HTTP transport uses wide-open CORS (`Access-Control-Allow-Origin: *`), but the README explicitly warns against exposing it externally without additional security measures. No `eval`, obfuscation, or hardcoded secrets were identified.
Updated: 2025-12-07GitHub
PreviousPage 3 of 25Next