Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

99
787
High Cost
IvanMurzak icon

Unity-MCP

by IvanMurzak

Sec3

Integrates AI Language Models with the Unity Editor and runtime to automate game development tasks, generate code, debug, and enable AI-driven game mechanics.

Setup Requirements

  • ⚠️Requires the Unity MCP Plugin to be installed within a Unity project.
  • ⚠️The Unity project path cannot contain spaces.
  • ⚠️Requires a compatible MCP Client (e.g., Claude Code, Cursor, GitHub Copilot).
  • ⚠️Running the server locally requires Docker or a .NET 9.0 runtime.
  • ⚠️AI features for LLMs will incur costs depending on the chosen LLM provider (e.g., OpenAI API Key is mentioned for tool validation, implying use for LLM clients).
Review RequiredView Analysis
The server, via the Unity Plugin, exposes a 'script-execute' tool that dynamically compiles and runs C# code using Roslyn. While Roslyn itself is managed, allowing an external AI (potentially controlled by a user) to execute arbitrary C# code within the Unity Editor or a compiled game environment presents a significant security risk. A compromised or maliciously prompted AI could execute harmful code on the system running Unity. There are no clear sandboxing mechanisms mentioned for the dynamically executed code. No hardcoded secrets were found in the provided server-side code snippets; external API keys (like OpenAI's) are expected to be provided via environment variables.
Updated: 2026-01-19GitHub
99
850
Medium Cost
datalayer icon

jupyter-mcp-server

by datalayer

Sec4

This server acts as an MCP (Model Context Protocol) adapter, allowing AI agents to connect, manage, and interact with Jupyter Notebooks in real-time, supporting dual-mode operation as a standalone server or a Jupyter extension.

Setup Requirements

  • ⚠️Requires a running JupyterLab server as a backend.
  • ⚠️Specific `pycrdt` and `datalayer_pycrdt` version pinning (uninstall then install specific versions) is required for real-time collaboration features.
  • ⚠️Python 3.10+ is required.
  • ⚠️Full JupyterLab integration features (e.g., `jupyter-mcp-tools`) require the JupyterLab frontend to be loaded and the `jupyter-mcp-tools` extension to be installed.
Review RequiredView Analysis
The server's core functionality involves executing arbitrary code within a Jupyter kernel, which is a powerful operation inherent to its design. The `execute_code` and `execute_cell` tools allow running Python code and shell commands, making the server a high-privilege endpoint. Additionally, the default `FastMCPWithCORS` configuration sets `allow_origins=["*"]`, which poses a significant Cross-Origin Resource Sharing (CORS) vulnerability if the server is exposed publicly without explicitly restricting allowed origins. There are no obvious signs of obfuscation or hardcoded sensitive secrets within the provided source, but the combination of powerful execution capabilities and a permissive default CORS policy makes it risky for unhardened deployments. Users must configure CORS origins and ensure that only trusted AI agents or clients are permitted to interact with the server.
Updated: 2026-01-17GitHub
99
889
Low Cost
antfu icon

nuxt-mcp-dev

by antfu

Sec6

This server provides development context and real-time insights from Vite/Nuxt applications to AI models via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️This project is experimental and not ready for production use, as stated by the developer.
  • ⚠️Requires an existing Vite or Nuxt.js project for integration.
  • ⚠️Automatically attempts to modify IDE/editor configuration files (`.cursor`, `.vscode`, `~/.codeium/windsurf`, `.mcp.json`).
Verified SafeView Analysis
The server is explicitly marked as 'Experimental. Not ready for production.' It involves running shell commands (`nuxi add`) which, if arguments (`template`, `name`) are not sufficiently sanitized by the underlying `nuxi` or `citty` CLI tools, could lead to command injection. Additionally, it modifies IDE/editor configuration files (`.cursor/mcp.json`, `.vscode/mcp.json`, `~/.codeium/windsurf/mcp_config.json`, `.mcp.json`) to register the MCP server URL. If an attacker could inject a malicious URL into these configurations, it could redirect the IDE/tool to an attacker-controlled server, leading to information leakage or false context injection for AI models. This is a supply chain risk if untrusted options are passed.
Updated: 2026-01-13GitHub
98
981
Low Cost
jaw9c icon
Sec10

A curated directory for developers to discover, evaluate, and integrate high-quality, official remote Model Context Protocol (MCP) servers into their AI applications and LLM clients.

Verified SafeView Analysis
The provided source code consists solely of documentation (README, CONTRIBUTING, CODE_OF_CONDUCT) and does not contain any executable server logic. There are no 'eval' calls, obfuscated code, or hardcoded secrets within the repository's files. The repository itself is a static list of external MCP servers and poses no direct execution-time security risks. It does, however, highlight that some listed external MCP servers use 'Open' authentication, which implies a lower security profile for those *external* services, but this is clearly indicated.
Updated: 2026-01-08GitHub
98
735
Low Cost
higress-group icon

himarket

by higress-group

Sec8

An enterprise AI open platform for unified management and distribution of AI resources including LLMs, MCP Servers, and Agents.

Setup Requirements

  • ⚠️Requires JDK 17, Node.js 18+, Maven 3.6+, and MySQL 8.0+ for local setup.
  • ⚠️Database connection parameters (DB_HOST, DB_PORT, DB_NAME, DB_USERNAME, DB_PASSWORD) must be configured.
  • ⚠️Local backend startup requires specific Java 17 `--add-opens` arguments.
Verified SafeView Analysis
The project uses `@Encrypted` annotations for sensitive configuration fields (e.g., API keys, passwords) in backend models, ensuring they are encrypted in the database. JWT is used for authentication with role-based access control (`@AdminAuth`, `@DeveloperAuth`). Database interactions are handled via JPA, which protects against common SQL injection vulnerabilities. Critical credentials and database settings are externalized using environment variables or Java system properties, preventing hardcoding. The frontend handles authentication tokens via local storage and includes logic for redirecting on 401/403 errors. OpenAPI spec parsing uses `js-yaml` and `JSON.parse` which, if fed untrusted external specs, could potentially be a vector for YAML/JSON parsing attacks, though in an admin panel context for internal APIs, the risk is typically lower due to assumed trust. Overall, robust security practices are in place.
Updated: 2026-01-15GitHub
98
1085
Medium Cost
zinja-coder icon

jadx-ai-mcp

by zinja-coder

Sec8

Integrates an LLM with JADX decompiler to analyze Android APKs, uncover vulnerabilities, and assist in reverse engineering through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Java 11+, Python 3.10+, and JADX 1.5.1+.
  • ⚠️Requires `uv` for dependency management and running the server.
  • ⚠️Requires manual configuration within the LLM client (e.g., Claude Desktop) to register the MCP server with absolute paths.
Verified SafeView Analysis
The server runs as a JADX plugin and binds strictly to localhost (127.0.0.1), significantly limiting network attack surface. It relies on OS-level user isolation for security, with no built-in authentication for the local HTTP API. The DebugRoutes utilize Java reflection to access private GUI components, which can be fragile to JADX internal changes and poses a minor risk if an attacker could manipulate the reflection calls (though contained by local binding). Refactoring routes apply user-intended changes to the decompiled project model. Overall, for its intended local, user-controlled operation, it is reasonably secure.
Updated: 2026-01-08GitHub
98
616
Medium Cost
googleapis icon

gcloud-mcp

by googleapis

Sec7

Enables AI assistants to interact with the Google Cloud environment using the gcloud CLI for natural language cloud management and workflow automation.

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Requires the gcloud CLI to be installed and authenticated with appropriate permissions.
  • ⚠️Custom configuration file paths must be absolute.
Verified SafeView Analysis
The server's core functionality is to execute `gcloud` CLI commands, which is inherently a high-privilege operation. The project mitigates this risk by enforcing a default denylist of 'unsafe' commands (e.g., interactive sessions, arbitrary inputs) and providing configurable allow/deny lists for users to implement the principle of least privilege. Command execution uses `child_process.spawn` with an array of arguments, which is safer than direct shell injection. No hardcoded secrets were found. The primary remaining risk is sophisticated prompt injection bypassing denylists to execute unintended `gcloud` commands, or misconfiguration by the user.
Updated: 2026-01-13GitHub
98
726
Medium Cost
GreatScottyMac icon

context-portal

by GreatScottyMac

Sec8

Manages structured project context for AI assistants and developer tools, enabling Retrieval Augmented Generation (RAG) and prompt caching within IDEs.

Setup Requirements

  • ⚠️Python 3.10+ required
  • ⚠️uv recommended for installation
  • ⚠️Manual handling of `alembic.ini` may be needed for older workspaces during migration if auto-provisioning fails
Verified SafeView Analysis
Good input validation using Pydantic and parameterized SQL queries prevents common injection attacks. Active dependency management addresses known CVEs (e.g., `filelock`, `mcp`, `authlib`, `starlette`, `urllib3`). The local ML embedding model (`all-MiniLM-L6-v2`) carries standard supply chain risks. While paths for workspace data are derived from `workspace_id` (a local path typically provided by the IDE), this relies on the client providing a trusted path. A maliciously crafted `workspace_id` in some deployment scenarios (e.g., if an external untrusted client directly controls it) could potentially lead to directory traversal or unintended file system operations, though the primary `--base-path` CLI option does sanitize the workspace ID component.
Updated: 2026-01-19GitHub
98
1134
Medium Cost
korotovsky icon

slack-mcp-server

by korotovsky

Sec6

Provides a Model Context Protocol (MCP) server for integrating Slack workspace data and communication capabilities with AI models and agents.

Setup Requirements

  • ⚠️Requires obtaining and securely managing sensitive Slack authentication tokens (xoxp, xoxb, or both xoxc/xoxd). Obtaining browser tokens (xoxc/xoxd) involves using browser developer tools, while OAuth tokens require creating and configuring a Slack app with specific permissions.
  • ⚠️External dependencies are required based on the chosen deployment method: Go runtime for direct execution, Node.js/npm for 'npx' installation, or Docker for containerized deployment. For SSE transport with HTTPS, Ngrok (and an NGROK_AUTH_TOKEN) is often recommended.
  • ⚠️For Enterprise Slack environments, custom configuration of 'SLACK_MCP_USER_AGENT' and 'SLACK_MCP_CUSTOM_TLS' (for custom TLS handshakes) may be necessary for proper operation. Debugging with HTTP Toolkit may require setting 'SLACK_MCP_SERVER_CA_TOOLKIT'.
Verified SafeView Analysis
The server relies on highly sensitive Slack authentication tokens (xoxc/xoxd, xoxp, xoxb), which grant extensive access to Slack workspace data. Their security is paramount and depends on strict environment variable management. The 'stealth mode' using browser tokens (xoxc/xoxd) and custom TLS fingerprinting (utls) is an advanced technique that might bypass Slack's official API app controls, but is inherently fragile and could be against Slack's terms of service, leading to potential blocking or detection. The custom TLS implementation also introduces complexity, and while intended for enterprise compatibility, could pose risks if not perfectly secure. The 'conversations_add_message' tool, which allows posting messages, is disabled by default, which is a good security practice; if enabled, it offers channel-specific restrictions. Sensitive cached data (users, channels) is stored in local files, requiring secure file system permissions. No 'eval' or obfuscation was found in the provided code.
Updated: 2026-01-08GitHub
98
1575
High Cost
glidea icon

zenfeed

by glidea

Sec7

An AI-powered information hub that acts as an intelligent RSS reader, real-time news knowledge base, and personal assistant for monitoring events and delivering analysis reports.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for deployment.
  • ⚠️Requires API keys for Large Language Models (LLMs), such as SiliconFlow or Google Gemini. These are not free.
  • ⚠️Lack of authentication means strict firewall/security group rules are CRITICAL to prevent API_KEY leakage if exposed to public networks.
  • ⚠️Relies on an RSSHub instance (provided in docker-compose, but needs to be functional).
  • ⚠️Content processing using LLMs can incur significant token costs.
Verified SafeView Analysis
The server lacks built-in authentication, which means exposing it directly to public networks could lead to unauthorized access and API_KEY leakage. Users are explicitly warned in the README to configure strict firewall/security group rules and are responsible for safeguarding API keys and credentials. The default `docker-compose.yml` exposes several ports (1400, 1300, 1301, 9090) that need careful management.
Updated: 2025-11-22GitHub
98
725
Medium Cost
stickerdaniel icon

linkedin-mcp-server

by stickerdaniel

Sec8

Enables AI assistants to connect to LinkedIn for accessing profiles, companies, job searches, and job details via web scraping.

Setup Requirements

  • ⚠️Docker required for most deployment methods (including Claude Desktop DXT)
  • ⚠️Requires LinkedIn manual authentication (via browser login for session file or `li_at` cookie)
  • ⚠️Requires `uv` package manager and Playwright Chromium browser installed locally for `uvx` setup or development
  • ⚠️Python 3.12+ required for local development
Verified SafeView Analysis
The server performs web scraping on LinkedIn. It handles sensitive user-provided LinkedIn session data (stored in `~/.linkedin-mcp/session.json` or provided via `li_at` cookie), which requires the user to ensure its security. The code does not contain 'eval', obfuscation, or hardcoded secrets. It explicitly warns users about potential violations of LinkedIn's Terms of Service regarding web scraping.
Updated: 2026-01-19GitHub
98
746
High Cost
cisco-ai-defense icon

mcp-scanner

by cisco-ai-defense

Sec8

Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires 'uv' Python package manager for recommended installation
  • ⚠️Requires Cisco AI Defense API Key for API Analyzer
  • ⚠️Requires LLM Provider API Key (e.g., OpenAI, AWS Bedrock) for LLM and Behavioral Analyzers
Verified SafeView Analysis
The `mcp-scanner` is designed to detect security vulnerabilities in *other* MCP servers and tools. It employs robust static analysis techniques, integrates with Cisco AI Defense API, and uses LLM-as-a-judge for behavioral analysis. The tool itself follows good security practices by using environment variables for API keys and randomized delimiters to prevent prompt injection in its LLM interactions. File and function size limits are applied when scanning source code to prevent resource exhaustion during analysis.
Updated: 2026-01-14GitHub
PreviousPage 10 of 713Next