Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

39
16
Medium Cost
Karthikathangarasu icon

pentest-mcp

by Karthikathangarasu

Sec8

This server provides a Model Context Protocol (MCP) interface for professional penetration testing, enabling automated execution and analysis of security tools like Nmap, John the Ripper, Gobuster, and Nikto.

Setup Requirements

  • ⚠️Requires external penetration testing tools (Nmap, John the Ripper, Gobuster, Nikto) to be installed and available in the system's PATH.
  • ⚠️Certain Nmap options (e.g., SYN scan, OS detection) require elevated privileges (root/administrator) to run effectively.
  • ⚠️Requires Node.js version 18 or newer.
Verified SafeView Analysis
The project is designed for professional penetration testing and executes powerful external tools. It uses `child_process.spawn` with an array of arguments, which is safer than `exec`. Crucially, it implements a `sanitizeOptions` function with `SAFE_OPTION_REGEX` to validate user-provided command-line arguments, significantly mitigating shell injection risks. Temporary files for John the Ripper are created and deleted. No direct `eval` or hardcoded secrets were found. The inherent risk lies in the powerful nature of the integrated tools, which requires professional judgment and a controlled environment, not in a lack of internal security practices.
Updated: 2025-12-14GitHub
39
15
Medium Cost
SamMorrowDrums icon

mcp-python-starter

by SamMorrowDrums

Sec9

A feature-complete Model Context Protocol (MCP) server template in Python for developing AI applications and agents.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️LLM API Key (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY) is required for full functionality of LLM-dependent tools like 'ask_llm' and 'generate_content'.
  • ⚠️The 'tasks' experimental feature requires additional Python dependencies (starlette, anyio) installed with `uv sync --all-extras tasks` and uses HTTP transport.
Verified SafeView Analysis
The server uses the well-regarded MCP Python SDK (FastMCP) and follows best practices for secret management by advising the use of `.env` files for configuration. No 'eval' or direct obfuscation was found in the provided code. Network exposure through HTTP transport is standard for web servers, but requires appropriate deployment security measures (e.g., firewalls, access control) when deployed publicly.
Updated: 2026-01-19GitHub
39
17
High Cost
DevEnterpriseSoftware icon

scrapi-mcp

by DevEnterpriseSoftware

Sec8

This MCP server enables AI agents to scrape web pages and retrieve their content as HTML or Markdown, with advanced browser interaction capabilities.

Setup Requirements

  • ⚠️Requires a ScrAPI API Key for practical, unrestricted usage (limited free usage available without one).
  • ⚠️Requires Node.js and npm/npx or Docker runtime.
  • ⚠️Depends on an external commercial web scraping service (scrapi.tech) for its core functionality.
Verified SafeView Analysis
The server itself is well-structured and does not contain obvious direct vulnerabilities such as 'eval' or hardcoded sensitive credentials (API key is an environment variable or config). It acts as a proxy to an external commercial scraping service (scrapi.tech). The security of the scraping process, particularly how 'browserCommands' are executed and validated, relies heavily on the upstream ScrAPI service. While 'browserCommands' allow custom JavaScript execution, this is a feature for interacting with target websites and does not pose a direct security risk to the MCP server itself or the user running it.
Updated: 2026-01-14GitHub
39
48
High Cost
bjia56 icon

cosmotop

by bjia56

Sec3

System monitoring and information exposure via MCP protocol.

Setup Requirements

  • ⚠️Initial setup on Cosmopolitan builds requires internet access to download platform-specific plugins (using `curl`, `wget`, or Python if available).
  • ⚠️On Windows, the executable must be renamed to `cosmotop.cmd` or `cosmotop.bat` before running.
  • ⚠️Docker monitoring requires access to the Docker socket (e.g., user in `docker` group) or configuration of `DOCKER_HOST` which may transmit credentials in plaintext.
Review RequiredView Analysis
The server's Cosmopolitan build dynamically downloads platform-specific plugins (executables) from GitHub releases, posing a supply chain risk if the release source is compromised. The `downloadFile` function executes `curl`, `wget`, or Python for fetching, and `chmod`s the downloaded binary to be executable. Docker monitoring, if configured via `DOCKER_HOST` to an HTTP endpoint, explicitly states that 'Access to the socket must be over plaintext (i.e. no TLS)', which exposes sensitive data and potentially credentials over an unencrypted network.
Updated: 2025-11-19GitHub
38
11
Medium Cost
Teamwork icon

mcp

by Teamwork

Sec9

Provides an MCP server to integrate Large Language Models with Teamwork.com for project management and helpdesk operations.

Setup Requirements

  • ⚠️Requires Go 1.25 or later to build and run locally.
  • ⚠️Requires valid Teamwork.com API credentials (Bearer Token or OAuth2 setup) to interact with the Teamwork API.
  • ⚠️Optional HAProxy integration requires specific network configuration and disables TLS verification for internal communication.
Verified SafeView Analysis
The server demonstrates strong security practices including explicit separation of credentials into environment variables, redaction of sensitive information in logs, and a clear security policy. Middleware is used for authentication and request context. A potential minor risk, if not managed carefully, is the `InsecureSkipVerify: true` option for TLS when HAProxy is enabled, though this is stated to be for internal, trusted HAProxy setups.
Updated: 2026-01-19GitHub
38
1
Medium Cost
mrsimpson icon

prompts-mcp

by mrsimpson

Sec9

A Model Context Protocol (MCP) server for managing, templating, and exposing AI prompts defined in markdown files via stdio and HTTP transports.

Setup Requirements

  • ⚠️Requires Node.js >= 22
  • ⚠️Requires pnpm >= 9.0.0
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, MCP Inspector) to interact with.
Verified SafeView Analysis
The server uses Handlebars templating with `noEscape: true` for prompt content, which is intentional to preserve code formatting in prompts. While this means the server itself does not attempt to sanitize the *output* to the LLM, the content is intended for an AI, not direct rendering in a browser, mitigating typical XSS risks. All file paths are handled using `path.resolve` and `existsSync` which helps prevent directory traversal vulnerabilities. Configuration parsing includes validation for ports and log levels. No obvious hardcoded secrets or direct arbitrary code execution via user input were found. The directory discovery mechanism allows overrides via environment variables, which is a flexible but secure pattern.
Updated: 2025-12-03GitHub
38
1
Medium Cost
kadinsayani icon

lxd-mcp

by kadinsayani

Sec6

Manages LXD containers and virtual machines through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires LXD to be installed and running on the system.
  • ⚠️Requires Go 1.25.4 or higher to build from source.
  • ⚠️User account must be in the `lxd` group for socket access, implying elevated privileges.
Verified SafeView Analysis
The server interacts directly with the LXD daemon via a Unix socket, requiring the user to be in the `lxd` group, granting high privileges. The `exec_instance` tool allows arbitrary command execution within instances, which carries inherent security risks. The `README` explicitly states 'Consider implementing authentication for production use', indicating a lack of built-in authentication for generic exposure beyond its intended local, stdin/stdout use case (e.g., with GitHub Copilot CLI). No 'eval' or obvious malicious patterns found.
Updated: 2025-12-05GitHub
38
10
Medium Cost
microsoft icon
Sec9

Enables AI assistants to securely access and analyze retail sales data through a Model Context Protocol (MCP) server, integrating with PostgreSQL and Azure AI services.

Setup Requirements

  • ⚠️Requires Docker Desktop for local development.
  • ⚠️Requires an Azure Subscription and Azure CLI for resource deployment and authentication.
  • ⚠️Requires access to Azure OpenAI models (specifically `text-embedding-3-small`, and optionally `gpt-4o-mini`) which may have quota limits.
  • ⚠️PostgreSQL database is required with the `pgvector` extension enabled for semantic search functionality.
  • ⚠️Python 3.8+ is a prerequisite for server development.
Verified SafeView Analysis
The server implements robust security features including Row Level Security (RLS) for data isolation, Azure AD authentication for AI services (DefaultAzureCredential), input validation for table names, and parameterized queries (implied by `asyncpg` usage in Python for database interaction). Secrets like database passwords and Azure API keys are expected to be provided via environment variables, reducing the risk of hardcoding. Docker containers run as a non-root user. Minor exposure of PGPASSWORD in a healthcheck is noted but generally within a trusted network context.
Updated: 2026-01-13GitHub
38
174
Medium Cost
garylab icon

MakeMoneyWithAI

by garylab

Sec9

This server curates a list of AI tools and projects from GitHub, generating concise business model descriptions for each to help users identify income-generating open-source opportunities.

Setup Requirements

  • ⚠️Requires GITHUB_TOKEN environment variable (from GitHub for API access)
  • ⚠️Requires OPENAI_API_KEY environment variable (for GPT-5-mini API calls, which are paid)
  • ⚠️Assumes 'excluded-repos.txt' and 'extra-repos.txt' files exist or are configured as needed
Verified SafeView Analysis
The script uses environment variables for GitHub and OpenAI API keys, which is a good security practice. It makes outbound network requests to these well-known APIs. No 'eval' or obvious malicious patterns were found. The primary security consideration is the secure management of the API keys in the environment where the script is run.
Updated: 2025-12-17GitHub
38
11
High Cost
KxSystems icon

kdb-x-mcp-server

by KxSystems

Sec8

Enables natural language interaction and AI-powered querying of KDB-X and KDB+ databases through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running KDB-X or KDB+ service with its SQL interface loaded (and AI libraries loaded for vector search tools if used).
  • ⚠️Requires a valid PyKX license; the `QLIC` environment variable must be set to point to your license directory.
  • ⚠️Requires `uv` (Astral's Python package manager/installer) to be installed to run the server.
  • ⚠️Using AI-powered tools (similarity/hybrid search) necessitates configuring external embedding providers (e.g., OpenAI, SentenceTransformers), which may require API keys (e.g., OPENAI_API_KEY) and an `embeddings.csv` configuration file.
Verified SafeView Analysis
The server includes explicit guardrails to prevent dangerous SQL operations (e.g., INSERT, DROP) by filtering queries for keywords. Passwords for database connections are handled as SecretStr. Dynamic module loading for tools, prompts, and resources is used for extensibility, requiring careful management of the server's filesystem content. The `streamable-http` network transport is recommended not to be exposed externally, and TLS is configurable for KDB-X database connections.
Updated: 2026-01-19GitHub
38
6
Low Cost
missdeer icon

gemini-mcp-rs

by missdeer

Sec8

A high-performance Rust MCP server that enables AI-driven tasks by wrapping the Gemini CLI, facilitating integration with MCP-compatible clients like Claude Code.

Setup Requirements

  • ⚠️Requires Gemini CLI (from Google) installed and configured on the system.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Code) to interact with the server after setup.
Verified SafeView Analysis
The server wraps the Gemini CLI, with robust input validation, timeout enforcement, and configurable sandbox mode. It uses `Command::new` for process spawning, correctly quoting arguments to prevent shell injection. The `run.js` script handles binary downloads via HTTPS from GitHub Releases, including redirect handling and timeouts, and uses `spawn` for extraction (tar/powershell). There are checks for unbounded output from the CLI and a locking mechanism for concurrent downloads. The primary implicit risk is reliance on the security of the underlying Gemini CLI and the trust placed in the official GitHub repository for binary downloads. No `eval` or blatant malicious patterns were found.
Updated: 2026-01-18GitHub
38
1
Medium Cost
txn2 icon
Sec9

Connects AI assistants to DataHub metadata catalogs for searching datasets, exploring schemas, tracing lineage, and accessing glossary terms and domains. It can be used as a standalone server or as a composable Go library for custom MCP servers with advanced features.

Setup Requirements

  • ⚠️Requires `DATAHUB_URL` environment variable pointing to your DataHub GraphQL API endpoint.
  • ⚠️Requires a `DATAHUB_TOKEN` (personal access token) environment variable for authentication, which must be generated from DataHub with appropriate permissions.
  • ⚠️For full functionality (e.g., lineage), your DataHub instance needs to have the relevant metadata ingested.
Verified SafeView Analysis
The project demonstrates strong security practices: tokens are handled via environment variables and explicitly not logged, connections use HTTPS, TLS certificate verification is enabled by default. It provides middleware interfaces for custom access control, audit logging, and rate limiting. Supply chain security is also addressed with SLSA Level 3 provenance and Cosign-signed releases. No 'eval' or obfuscation patterns were found. The tool performs read-only operations on DataHub.
Updated: 2026-01-16GitHub
PreviousPage 100 of 713Next