Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

38
1
Medium Cost
3rdbrain icon

architectgbt-mcp

by 3rdbrain

Sec8

Provides AI model recommendations and code templates directly within an IDE via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️ArchitectGBT Pro subscription and API key required for unlimited recommendations and code templates.
  • ⚠️Free tier recommendations are IP-based and limited to 3 per day.
Verified SafeView Analysis
The server acts as an interface to an external platform (architectgbt.com). While API keys are handled via environment variables (secure), a user-configured `ARCHITECTGBT_API_URL` could pose a risk if pointed to a malicious endpoint. No direct code execution risks like `eval` or hardcoded secrets were found in the provided source code.
Updated: 2026-01-17GitHub
38
1
Medium Cost
cmd8 icon
Sec9

Model Context Protocol (MCP) server for programmatically creating, modifying, and querying Excalidraw diagrams.

Setup Requirements

  • ⚠️Node.js >= v18.0.0 required
  • ⚠️Requires a local Excalidraw file path to operate on (`--diagram` argument)
Verified SafeView Analysis
The server uses `fs.readFile` and `fs.writeFile` to interact with a local Excalidraw diagram file. The path to this file is resolved using `path.resolve(process.cwd(), argv.diagram.trim())`, which limits file access to the current working directory and its subdirectories, mitigating arbitrary file system access risks. Data is parsed and stringified as JSON. No `eval` or dynamic code execution is observed. The server operates over stdio, not exposing network ports by default. Potential for resource exhaustion if very large or malformed Excalidraw JSON files are processed, but this is a general file processing risk.
Updated: 2025-11-29GitHub
38
14
Low Cost
microsoft icon
Sec7

Demonstrates building and packaging a C# Model Context Protocol (MCP) server for Windows in MSIX and MCPB formats, and provides client samples to interact with it.

Setup Requirements

  • ⚠️Requires .NET 9.0 SDK or later for server components.
  • ⚠️Requires NodeJS for MCPB packaging and JavaScript client samples.
  • ⚠️Requires WinAppCLI for MSIX packaging, with a non-standard installation process for the `mcp-host-electron` sample (download .tgz and install locally).
  • ⚠️Manual installation of a development certificate is necessary for MSIX packages on the machine.
  • ⚠️`odr.exe` must be accessible in the system's PATH for client applications to discover and connect to servers.
Verified SafeView Analysis
Client applications use `child_process.execFile` to invoke `odr.exe` to manage and proxy MCP server connections. This relies on the security and integrity of the `odr.exe` executable itself (which is part of the MCP platform). User-provided input for tool parameters is converted (e.g., JSON.parse, Number) before being sent to the server. The security of tool execution depends on the C# server's (source not provided) internal implementation and its handling of these inputs. MSIX packaging involves installing a development certificate, a common but privileged step for development environments.
Updated: 2026-01-07GitHub
38
9
Medium Cost
neverinfamous icon

postgres-mcp

by neverinfamous

Sec9

A PostgreSQL database management and optimization expert system, offering interactive workflows for query analysis, index tuning, health monitoring, backup strategies, and advanced functionalities like vector search and geospatial data management. It helps users understand and improve their PostgreSQL database performance and health.

Setup Requirements

  • ⚠️Requires a running PostgreSQL Instance (connection details via DATABASE_URI environment variable).
  • ⚠️Full functionality depends on PostgreSQL Extensions (e.g., pg_stat_statements, hypopg, pgvector, PostGIS) which must be manually installed in the database.
  • ⚠️Docker is the recommended deployment method, implying users need Docker installed.
Verified SafeView Analysis
The server features a robust `SafeSqlDriver` that, when operating in `RESTRICTED` access mode (the recommended deployment default), explicitly forbids DDL (CREATE, ALTER, DROP, TRUNCATE), DML (INSERT, UPDATE, DELETE), and other administrative statements, limiting operations primarily to `SELECT`. Even in `UNRESTRICTED` mode, the `execute_sql` tool includes basic SQL injection pattern detection for non-parameterized queries. Password obfuscation is applied to connection errors to prevent credential exposure. No use of `eval` or similar high-risk functions with untrusted input was identified. The `tool_filtering` mechanism further allows administrators to control exposed functionality.
Updated: 2026-01-19GitHub
38
11
Medium Cost
xxczaki icon
Sec3

Access Cursor/VS Code Local History through the Model Context Protocol for AI-powered data recovery and enhanced context awareness.

Setup Requirements

  • ⚠️Requires VS Code or Cursor editor to have local history enabled and populated for functionality.
  • ⚠️Requires Node.js (version >=22.22.0) to be installed.
  • ⚠️The 'restore_from_history' tool has significant security implications due to arbitrary file write capabilities; exercise extreme caution or disable this tool if not fully trusting the AI agent and the environment it runs in.
Review RequiredView Analysis
The 'restore_from_history' tool allows writing arbitrary content (from a history entry) to any absolute file path provided by the AI. This means a malicious or compromised AI could instruct the server to overwrite critical system files or inject malicious code into user files at arbitrary locations. While it includes an optional backup, this does not mitigate the risk of arbitrary file writes to unintended locations. This is a critical vulnerability if the server is run with elevated permissions or if the AI is not fully trusted.
Updated: 2026-01-15GitHub
38
1
Medium Cost
Infinityay icon

nowcoder-mcp

by Infinityay

Sec8

Enable AI assistants to search and retrieve content from the NowCoder platform, including job interview experiences, discussion posts, and career-related information.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires `uv` (recommended) or `pip` for dependency management
Verified SafeView Analysis
The server interacts with external NowCoder APIs using the `requests` library with defined timeouts, a standard practice. HTML content is converted to plain text using regex, which is generally acceptable for cleaning known structured output. No usage of `eval` or similar dangerous functions, and no hardcoded secrets were found in the provided source code. Appears generally safe for its intended purpose.
Updated: 2025-12-11GitHub
38
1
Medium Cost
vijayyarabolu icon
Sec7

A secure serverless gateway for accessing Large Language Models (LLMs) via Amazon Bedrock, incorporating input sanitization and routing.

Setup Requirements

  • ⚠️Requires an AWS account and configured AWS credentials with appropriate permissions.
  • ⚠️Requires AWS SAM CLI to be installed for deployment.
  • ⚠️Requires Amazon Bedrock access to be enabled in the AWS account and region.
  • ⚠️The Bedrock invocation in `src/lambda_function.py` is currently mocked and needs to be uncommented for actual LLM interaction.
Verified SafeView Analysis
The `sanitize_input` function provides only basic blocking of hardcoded words (`password`, `secret_key`, `ssn`) and explicitly notes it's not as sophisticated as dedicated libraries (e.g., Microsoft Presidio). The README mentions a 'Prompt Firewall' to prevent jailbreaks, but the provided `lambda_function.py` does not contain explicit logic for system prompt enforcement or advanced prompt injection prevention beyond the basic word list. This is a gap between the described features and the implemented code. There are no hardcoded secrets or `eval` statements. The serverless architecture and IAM policies for Bedrock invocation (`bedrock:InvokeModel`) are good security practices.
Updated: 2025-11-27GitHub
38
84
Medium Cost
DeepLcom icon

deepl-mcp-server

by DeepLcom

Sec9

Provides DeepL translation and linguistic capabilities as a Model Context Protocol (MCP) server for integration with AI clients.

Setup Requirements

  • ⚠️Requires a DeepL API key (paid, though a free tier is available with usage limits).
  • ⚠️Needs a Node.js runtime environment to execute the JavaScript server.
  • ⚠️Requires npm for dependency installation if cloning the repository, or npx for zero-install usage.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, which is a good security practice. It relies on standard and reputable SDKs (`deepl-node`, `@modelcontextprotocol/sdk`). The communication model via stdio limits external network attack surface. The `translate-document` tool involves file system interaction (`inputFile`, `outputFile`), which, while necessary for its function, could be a potential vector if not rigorously handled by the underlying DeepL SDK. Assuming the DeepL SDK manages file paths and content securely, the overall risk is low.
Updated: 2025-12-30GitHub
38
1
High Cost
leocaogit icon

ABAP_CHECK_MCP

by leocaogit

Sec6

Provides ABAP REPORT program syntax checking capabilities for IDEs by connecting to SAP ERP systems via RFC.

Setup Requirements

  • ⚠️Requires proprietary SAP NetWeaver RFC SDK (requires SAP S-user to download and specific OS-level installation).
  • ⚠️Requires an active SAP ERP system with a custom ABAP function module (`Z_CHECK_ABAP_SYNTAX`, `ZSYNTAX_ERROR` structure, `ZSYNTAX_CHECK` function group) manually deployed.
  • ⚠️The SAP RFC user requires highly privileged authorizations, specifically `S_PROGRAM` with create (01) and delete (06) activities, and `S_DEVELOP`.
Review RequiredView Analysis
The Python server itself has good security practices (e.g., sensitive data filtering in logs) and no direct 'eval' or malicious patterns. The primary security risk lies with the required SAP backend setup. The deployed ABAP function module `Z_CHECK_ABAP_SYNTAX` dynamically creates and deletes temporary ABAP programs (`INSERT REPORT`, `SYNTAX-CHECK FOR`, `DELETE REPORT`) on the SAP system based on user-provided ABAP code. This requires granting the RFC user highly privileged SAP authorizations (`S_PROGRAM` for create/delete programs). While these temporary programs are intended for syntax checking and are deleted, allowing arbitrary code to be inserted and processed, even temporarily, presents a significant attack surface if the input ABAP code is not from a trusted source or if the SAP system's handling of `INSERT REPORT` or `SYNTAX-CHECK` could be exploited. The Python server does not perform content-based sanitization of the ABAP code before sending it to SAP.
Updated: 2025-11-27GitHub
38
12
Medium Cost
aviaryhq icon
Sec9

Connects Cloudglue to AI assistants for video collection understanding, enabling LLMs to analyze videos, extract structured data, and gain insights from visual and audio content.

Setup Requirements

  • ⚠️Requires a Cloudglue API Key for authentication (paid service).
  • ⚠️Requires an MCP client (e.g., Cursor, Claude Desktop) to interact with the server.
  • ⚠️Node.js runtime environment is necessary to run the server locally.
Verified SafeView Analysis
The server acts as a wrapper around the Cloudglue API, routing requests and responses. It properly handles API keys via environment variables or CLI arguments, not hardcoding them. Input schemas are validated using Zod. The server uses stdio for transport, reducing direct network exposure beyond its interaction with the Cloudglue backend. The core security depends on the robustness of the Cloudglue API itself and its handling of external URLs.
Updated: 2026-01-13GitHub
38
12
Low Cost
FradSer icon
Sec9

Integrate Apple Reminders and Calendar with MCP clients for comprehensive management and automation on macOS.

Setup Requirements

  • ⚠️Requires macOS for Apple Reminders and Calendar integration.
  • ⚠️Requires Node.js 18 or later.
  • ⚠️Requires Xcode Command Line Tools for compiling the Swift bridge.
Verified SafeView Analysis
The server demonstrates strong security practices. It utilizes `execFile` with explicit argument arrays, mitigating shell injection risks. Input is rigorously validated using Zod schemas (e.g., `SAFE_TEXT_PATTERN`, `URL_PATTERN`), preventing common injection attacks and SSRF by blocking private/internal network addresses. The native Swift binary (`EventKitCLI`) is subject to comprehensive path and integrity validation (file existence, type, size, executability, and optional SHA256 hash check) via `binaryValidator.ts`, significantly reducing the risk of executing untrusted code. macOS EventKit permissions are handled natively by the Swift layer with proactive AppleScript fallbacks, ensuring user consent and system-level security. No hardcoded secrets were identified.
Updated: 2026-01-18GitHub
38
13
Medium Cost
dbankscard icon

jamf-mcp-server

by dbankscard

Sec8

This server enables AI assistants like Claude and ChatGPT to interact with Jamf Pro for comprehensive Apple device management through natural language conversations and intelligent workflows.

Setup Requirements

  • ⚠️Requires a Jamf Pro instance with API access (OAuth2 Client ID/Secret or Basic Auth credentials).
  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️For AI analysis features (e.g., in documentation), an Anthropic API Key (ANTHROPIC_API_KEY) is necessary. Other AI providers (OpenAI, Bedrock) can be configured for the CLI agent.
  • ⚠️For external AI integration (e.g., ChatGPT via HTTP server), OAuth2 provider configuration (Auth0/Okta details) and a public endpoint (via Cloudflare/ngrok) are needed.
Verified SafeView Analysis
The project demonstrates strong security awareness, employing Zod for robust input validation, standard OAuth2/JWKS practices for authentication, and explicit handling for development-only settings (e.g., dev tokens). It includes safety rules for AI agent actions and an audit logging mechanism. However, a potential risk exists in the documentation generation feature (`src/documentation/generator.ts`) where the `outputPath` parameter could be vulnerable to path traversal if not adequately sanitized when user-controlled input is provided, potentially allowing file writes outside the intended directory. While environment variables for sensitive data are used, the hardcoded `DEV_TOKEN` in `src/server/chatgpt-endpoints.ts`, though guarded by `NODE_ENV`, is a point to note.
Updated: 2026-01-18GitHub
PreviousPage 101 of 713Next