Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(155)

36
2
Low Cost
panbanda icon

omen

by panbanda

Sec8

Provides AI assistants with deep code analysis context (complexity, debt, churn, dependencies, ownership, defects) to enhance code understanding, generation, review, and project management tasks.

Setup Requirements

  • ⚠️Requires Go 1.25 or later to build from source.
  • ⚠️Requires Git CLI to be installed and available in the system PATH for history-based analysis (e.g., churn, ownership, temporal coupling).
  • ⚠️Manual JSON configuration is required to integrate Omen as an MCP server with Claude Desktop or Claude Code.
Verified SafeView Analysis
The tool relies on executing the local `git` CLI for VCS operations (e.g., blame, history). While this is a common and often necessary pattern for code analysis tools, it introduces a dependency on the external `git` executable. Input paths for git commands appear to be derived internally, reducing the risk of command injection. No obvious use of `eval` or direct hardcoded secrets was found. The focus is on local codebase analysis, limiting network risks beyond standard git operations. Overall, it is a robust tool within its domain with expected operational risks related to file system and VCS access.
Updated: 2025-12-05GitHub
36
6
Medium Cost
aegntic icon

cldcde

by aegntic

Sec2

A persistent context manager that scrapes, stores, searches, and analyzes AI conversations from various platforms (ChatGPT, Grok, Gemini, Claude) to support project development and insights.

Setup Requirements

  • ⚠️Requires Node.js / Bun runtime environment.
  • ⚠️Requires Chromium browser installed for Puppeteer web scraping functionality.
  • ⚠️Manages a local SQLite database file, requiring appropriate file system permissions.
Review RequiredView Analysis
CRITICAL: The `import_project_structure` and `export_conversations` methods in `aegntic-hive-mcp/server.js` directly use `filePath` arguments from user input in `fs.readFileSync` and `fs.writeFileSync` respectively. This constitutes a severe path traversal vulnerability, allowing an attacker to read arbitrary files from the system (e.g., `/etc/passwd`) or write arbitrary files to the system (e.g., overwrite critical system files or inject malicious code). Additionally, the use of Puppeteer for web scraping could introduce risks if the scraped websites contain malicious content that could affect the headless browser environment or if cookies/sensitive data are not handled securely (though `fs.writeFileSync` is used for cookies, exposing them on the local filesystem).
Updated: 2025-12-07GitHub
35
5
Medium Cost
tomer132246 icon
Sec3

Provides a JSON-RPC bridge for x32dbg/x64dbg, allowing external automations to inspect and control a debugged process without direct UI interaction.

Setup Requirements

  • ⚠️Requires x64dbg or x32dbg to be installed and running, as it functions as a plugin.
  • ⚠️Windows-only due to extensive use of Windows API and Winsock.
  • ⚠️Requires a C++ development environment (CMake, Visual Studio 2022) for building.
Review RequiredView Analysis
The server lacks any authentication or authorization mechanisms, binding to 0.0.0.0 (all network interfaces) by default. This exposes powerful debugger control capabilities to anyone who can connect to the TCP port, making it highly vulnerable if deployed in an untrusted network environment. While the JSON-RPC commands themselves are designed for debugger interaction, the absence of access control presents a critical security risk.
Updated: 2025-11-22GitHub
35
3
Medium Cost
grapelike-class151 icon

cursor-skills

by grapelike-class151

Sec7

Web crawler for validating internal links on a website and reporting broken links.

Verified SafeView Analysis
This Python script is a web crawler, not a server. It makes HTTP GET/HEAD requests to a base URL and recursively to internal links up to a specified depth. While the `base_url` is hardcoded to a known domain, interaction with potentially malicious or malformed external web content (if discovered through crawling) carries inherent risks, such as resource exhaustion or unexpected data processing issues. However, no obvious code execution vulnerabilities, hardcoded secrets, or explicit network risks beyond standard HTTP requests are present within the script itself.
Updated: 2025-12-11GitHub
34
2
Medium Cost
cbuntingde icon

thought-chain-mcp

by cbuntingde

Sec9

Transforms any AI model into an advanced reasoning engine by providing structured, persistent step-by-step thinking capabilities and allowing recall of past thought processes.

Setup Requirements

  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Requires an MCP-compatible AI coding assistant (e.g., Claude Desktop, Cursor, VS Code with MCP extensions) to interact with the server.
  • ⚠️The 'token cost' refers to the AI model's consumption of the server's output, which can be verbose during chain reviews or recalls, potentially leading to higher token usage by the AI.
Verified SafeView Analysis
The server demonstrates a high level of security consciousness. It employs extensive input validation and sanitization against XSS, SQL injection, control characters, and path traversal. Cryptographically secure random bytes are used for ID generation. All database interactions utilize parameterized queries, preventing SQL injection. The database is local (SQLite) and stored in a user-specific directory with secure file permissions (0o700/0o600). A rate limiter is implemented to prevent abuse. No network risks are identified as communication is via standard I/O (stdio) and no outbound network calls are made. Error handling is designed to prevent information disclosure. No use of `eval` or dynamic code execution is found. A dedicated `SECURITY.md` outlines policies and features.
Updated: 2025-11-23GitHub
34
3
Medium Cost
sgaunet icon

postgresql-mcp

by sgaunet

Sec9

Provides PostgreSQL database integration tools for LLM-powered coding agents using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires an active and accessible PostgreSQL database instance.
  • ⚠️Requires Go 1.25 or later if building from source.
  • ⚠️Relies on 'POSTGRES_URL' or 'DATABASE_URL' environment variables for automatic database connection, or explicit use of the 'connect_database' tool.
Verified SafeView Analysis
The server strictly enforces read-only operations for 'execute_query' and 'explain_query', rejecting write/delete/alter statements. All database interactions utilize parameterized queries, providing strong protection against SQL injection. Connection parameters are managed via environment variables or a dedicated 'connect_database' tool, preventing hardcoded credentials. The Go codebase exhibits no signs of obfuscation or 'eval'-like dangerous patterns.
Updated: 2025-12-07GitHub
33
1
Medium Cost
aashnakunk icon
Sec9

A Model Context Protocol (MCP) server providing AI assistants with structured access to macOS development environment, productivity tools, and Chrome browser history.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Specific macOS operating system is required for full functionality.
  • ⚠️Google Chrome browser must be installed and used for browser tools.
  • ⚠️Requires manual configuration of `MCP_ALLOWED_ROOTS` environment variable or `src/config.ts` to define accessible directories.
  • ⚠️MCP client (e.g., Claude Desktop) requires specific configuration including an absolute path to the server's `dist/index.js`.
Verified SafeView Analysis
The server implements robust security measures for filesystem and command execution. It enforces `ALLOWED_ROOTS` for all file operations, preventing access to sensitive system directories. A `DANGEROUS_PATTERNS` list actively blocks common malicious commands like `rm -rf /`, fork bombs, and piping untrusted downloads to shell. Input to `sqlite3` queries for browser history and `osascript` calls for macOS integrations is carefully escaped to prevent injection. The core `execCommand` wrapper handles timeouts and output truncation, further enhancing safety. No direct `eval` calls or hardcoded sensitive credentials were found. It is highly secure for its intended purpose, provided the `ALLOWED_ROOTS` are configured responsibly by the user.
Updated: 2025-11-23GitHub
33
1
Low Cost
polboo icon
Sec9

Provides a sample Model Context Protocol (MCP) server with a calculator tool and a dynamic greeting resource, designed for integration with a VS Code Cline agent.

Setup Requirements

  • ⚠️Requires Node.js (version 16+)
  • ⚠️Requires manual VS Code Cline agent configuration with an absolute path in `settings.json`.
  • ⚠️The project needs to be built (`npm run build`) before running.
Verified SafeView Analysis
The server uses standard input/output (stdio) for communication, limiting direct network exposure. Input validation for the 'add' tool ensures numerical arguments, and URI parsing for 'greeting' uses decodeURIComponent, reducing obvious injection vectors. No 'eval' or hardcoded secrets were found.
Updated: 2025-11-23GitHub
33
1
Medium Cost
Genaker icon

Agento_MCP

by Genaker

Sec2

AI-powered development tools for Magento 2, enabling seamless AI integration with Cursor IDE for executing SQL queries, managing cache, and accessing magerun commands via natural language.

Setup Requirements

  • ⚠️Requires Magento 2.4.x and PHP 8.1+.
  • ⚠️Requires n98-magerun2 PHAR to be installed (auto-installer available, but insecure).
  • ⚠️The `n98-magerun2` installer uses insecure SSL verification (`CURLOPT_SSL_VERIFYPEER, false`).
  • ⚠️Primarily designed for Cursor IDE integration, though it uses a generic MCP server.
Review RequiredView Analysis
CRITICAL RISKS: 1. `agento:query` and `execute_sql` tool allow direct execution of arbitrary SQL queries without sanitization, leading to potential data exfiltration, modification, or deletion. 2. `magerun` tool executes arbitrary `n98-magerun2` commands with user-controlled arguments, posing severe command injection risks and enabling highly destructive operations (e.g., `db:drop`, `module:uninstall`, `admin:user:create`). 3. `clear_redis` tool executes `FLUSHALL` on Redis, wiping all Redis data (sessions, cache, etc.). 4. `MagerunInstallCommand` downloads `n98-magerun2.phar` using `CURLOPT_SSL_VERIFYPEER, false`, making the installation vulnerable to Man-in-the-Middle attacks. 5. Resources like `database_schema` and `magento_config` expose sensitive information (database schemas, config files) although read-only and with path traversal protection. Running this module grants powerful, potentially destructive access to the Magento instance via AI interaction.
Updated: 2025-11-24GitHub
33
1
Low Cost
MatMercer icon

mcpinspect

by MatMercer

Sec6

A CLI tool to inspect MCP (Model Context Protocol) servers configured for Claude Code.

Setup Requirements

  • ⚠️Requires macOS (due to keychain integration and explicit support statement)
  • ⚠️Requires a `~/.claude.json` configuration file with MCP servers defined
  • ⚠️Authentication to HTTP/SSE MCP servers relies on OAuth tokens being present in the macOS keychain, saved by Claude Code.
Verified SafeView Analysis
The `stdio` server type executes arbitrary commands and arguments directly from the `.claude.json` configuration file via `exec.CommandContext`. If the config file is compromised or contains malicious entries (e.g., a `stdio` server with `command: "rm", args: ["-rf", "/"]`), running `mcpinspect <server-name>` for such a server could lead to arbitrary code execution. The tool correctly uses the macOS keychain for OAuth tokens instead of hardcoding, which is a good security practice. However, the direct execution of user-defined commands for `stdio` servers presents a significant risk if the user's configuration file is not implicitly trusted.
Updated: 2025-11-22GitHub
33
1
Medium Cost
jonpspri icon

n7m-mcp

by jonpspri

Sec9

Provides AI assistants with geocoding, reverse geocoding, and OpenStreetMap object lookup capabilities via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Relies on external Nominatim API, subject to its fair use policy (1 request per second).
  • ⚠️Requires `uvx` for the fastest setup as an MCP server, or `uv` for local development.
Verified SafeView Analysis
The server uses `httpx` for external API calls to Nominatim, and internally enforces Nominatim's rate limit of 1 request per second. Input parameters are type-hinted and validated using Pydantic models for API responses. No `eval` or obvious obfuscation found. Environment variables are used for configuration, preventing hardcoded secrets. The HTTP client instance is managed correctly for async operations. The primary external dependency is OpenStreetMap's Nominatim service.
Updated: 2025-11-23GitHub
32
1
Low Cost
nemesiscodex icon

pulse-tm

by nemesiscodex

Sec9

Pulse is a terminal-based task manager designed for developers to manage projects and tasks, offering CLI, TUI, and seamless integration with AI agents via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Bun 1.0.0 or higher; Node.js is not supported.
  • ⚠️Tasks are stored in local YAML files within a '.pulse/' directory, not cloud-synced.
  • ⚠️Automatic project root detection (via .git folder) might place the .pulse/ directory in an unexpected location if not explicitly specified with '--working-dir'.
Verified SafeView Analysis
The MCP server uses StdioServerTransport, communicating over standard I/O rather than network ports, which inherently limits direct network exposure. Task data is stored locally in YAML files within a .pulse directory. The project explicitly states no data is sent to remote servers by default and warns users about AI tools potentially reading/modifying local tasks. Input parsing for tool arguments includes validation (e.g., parseInt, trim, sanitizeTagName). No 'eval' or direct arbitrary command execution via child processes were identified in the provided runtime code.
Updated: 2025-12-02GitHub
PreviousPage 3 of 13Next