Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

38
1
High Cost
mrorigo icon

critique-mcp

by mrorigo

Sec9

Implements an Iterative Verification-First (Iter-VF) reasoning workflow as an MCP server to enhance LLM consistency by offloading sampling to a host.

Setup Requirements

  • ⚠️Requires an external Model Context Protocol (MCP) Host/Client running and connected (e.g., via STDIO) to provide actual LLM sampling capabilities.
  • ⚠️Requires a Node.js runtime (>=18.0.0 is recommended based on package dependencies).
  • ⚠️Requires `ts-node` for running in development mode (`npm run dev`).
Verified SafeView Analysis
The server implements strict Zod validation for all inputs and outputs, mitigating common injection risks. It delegates LLM interaction to an MCP host, meaning it does not handle API keys or direct model access, shifting that responsibility to the host. While `cross-spawn` (via `execa` in `vitest` dependencies) is used for test execution, it is not present in the main server runtime. Communication is via STDIO, reducing typical network exposure, but relies on a trusted execution environment. No 'eval' or obvious hardcoded secrets are present in the provided server code.
Updated: 2025-12-04GitHub
38
46
High Cost
ndthanhdev icon

mcp-browser-kit

by ndthanhdev

Sec3

Enables AI assistants to interact with local browsers by providing tools for browser automation and content extraction.

Setup Requirements

  • ⚠️Requires an MCP (Model Context Protocol) Client to interact with the server.
  • ⚠️Requires manual download and installation of a specific browser extension (M2 or M3 build) into your browser.
  • ⚠️Lacks authentication for incoming requests; requires strict network isolation (ports 2769-2799, 59089 must be local-only) to prevent unauthorized access.
  • ⚠️Alpha stage software; developers recommend using a separate browser profile or dedicated browser instance to prevent sensitive data exposure.
  • ⚠️Requires Node.js version 22.14.0 or higher and Yarn package manager version 4.10.3 or higher.
Review RequiredView Analysis
CRITICAL: The server explicitly allows execution of arbitrary JavaScript code in browser tabs via the `invokeJsFn` tool. If the server is exposed to an untrusted AI model or network, this could lead to significant security vulnerabilities, including data exfiltration, malicious script injection, or remote code execution within the browser's context. The README clearly states a lack of authentication and advises keeping ports 59089 and 2769-2799 on the device network only, which is a critical operational security measure required due to the inherent risks.
Updated: 2026-01-04GitHub
38
2
Medium Cost
evalor icon

Dida365MCP

by evalor

Sec9

This server integrates Dida365 (TickTick) task management capabilities, allowing an AI agent to create, read, update, and delete tasks and projects via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires OAuth2 credentials (Client ID and Client Secret) from Dida365/TickTick developer portal.
  • ⚠️The OAuth Redirect URI must be precisely `http://localhost:8521/callback` and hardcoded on the Dida365 developer site.
  • ⚠️Requires Node.js 16+ and TypeScript 5.0+ runtime environment.
Verified SafeView Analysis
The server demonstrates strong security practices: OAuth2 credentials (Client ID, Client Secret) are loaded from environment variables, not hardcoded. The Client Secret is securely hashed before storage for token validation. OAuth flow uses CSRF protection via a 'state' parameter. Tokens are stored persistently in the user's home directory with secure file permissions (0o600) and validated against the current client credentials and region. A temporary HTTP callback server handles OAuth redirects, includes path traversal prevention, and uses HTML escaping for error messages. A 'read-only' mode is also available to prevent destructive AI actions. No 'eval' or other directly exploitable patterns were found.
Updated: 2025-11-26GitHub
38
1
Medium Cost
nozomi-koborinai icon

gcp-cost-mcp-server

by nozomi-koborinai

Sec9

Provides AI assistants with tools to estimate Google Cloud running costs by interacting with the Cloud Billing Catalog API and dynamically fetching free tier information.

Setup Requirements

  • ⚠️Requires Google Cloud SDK (`gcloud`) to be installed and Application Default Credentials configured via `gcloud auth application-default login`.
  • ⚠️Requires Go 1.21+ to build from source.
  • ⚠️macOS users downloading pre-built binaries must remove the quarantine attribute with `xattr -d com.apple.quarantine`.
Verified SafeView Analysis
The server uses standard Google Application Default Credentials (ADC) for authentication to the Cloud Billing API, limiting access to `cloud-billing.readonly` scope. External requests to DuckDuckGo and Google Cloud documentation are made for free tier information; these are controlled and validated (e.g., scraping only `cloud.google.com` URLs). No 'eval' or direct shell execution vulnerabilities, hardcoded secrets, or arbitrary code execution patterns were identified. The data handling and external interactions are well-constrained.
Updated: 2025-12-02GitHub
38
13
Medium Cost
ONLYOFFICE icon

docspace-mcp

by ONLYOFFICE

Sec8

The DocSpace MCP server provides an interface for AI clients to interact with an ONLYOFFICE DocSpace collaborative platform, enabling file management, folder operations, room management, and user interaction through a Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18+ environment.
  • ⚠️Requires an existing ONLYOFFICE DocSpace instance with API access, configured via environment variables (e.g., DOCSPACE_API_BASE_URL, authentication credentials).
  • ⚠️Relies on pnpm for package management; other package managers might cause issues due to pnpm-lock.yaml.
Verified SafeView Analysis
The server utilizes Express with CORS and rate-limiting middleware, indicating an attempt to secure web endpoints. Zod schemas are used for input validation, which is a good practice for API robustness. Authentication relies on standard methods (API keys, OAuth tokens, basic auth) and expects secrets to be provided via environment variables, avoiding hardcoding. File chunk uploading is handled, but comprehensive validation of file content beyond basic size/name would typically reside on the backend DocSpace server, which is external to this MCP component. No obvious 'eval' or malicious patterns were found in the provided code snippets.
Updated: 2026-01-14GitHub
38
14
High Cost
atxtechbro icon

dotfiles

by atxtechbro

Sec7

An AI agent orchestration infrastructure designed for 100x developer throughput, managing tasks and projects through a modular and reproducible development environment.

Setup Requirements

  • ⚠️Requires GitHub CLI authentication (`gh auth login`) to enable core GitHub integration and token export.
  • ⚠️Requires manual editing of `~/.bash_secrets` to add sensitive API keys (e.g., `BRAVE_API_KEY`) after initial setup.
  • ⚠️Relies heavily on Node.js/NPM (managed via NVM) and Python (with `uv` and `debugpy`) for various AI tools and utilities.
  • ⚠️On macOS, an iTerm2 restart is required for programmatically applied preferences to take effect.
Verified SafeView Analysis
The setup script `setup.sh` uses `set +e` which can mask errors during critical environment setup, potentially leading to an incomplete or misconfigured environment without clear indication. Multiple installation scripts utilize the `curl ... | bash` pattern, which carries an inherent risk of executing arbitrary code if the download source is compromised, though it's a common practice for installing well-known tools. The `eval` command is used in `utils/clipboard.sh` but is constrained to known shell commands (pbcopy, xclip, xsel), mitigating its direct risk. Hardcoded secrets are explicitly avoided with clear guidelines for `~/.bash_secrets`.
Updated: 2025-12-09GitHub
38
7
Medium Cost
emergent-lab icon

mcp-playground

by emergent-lab

Sec9

A web-based developer tool for testing, inspecting, and debugging Model Context Protocol (MCP) servers, supporting OAuth integration, request logging, and interactive execution of tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher, pnpm v10 or higher, and Docker v20 or higher.
  • ⚠️A PostgreSQL 17 database is required, typically run via Docker Compose.
  • ⚠️Multiple environment variables are mandatory, including `DATABASE_URL`, `BETTER_AUTH_SECRET`, `BETTER_AUTH_URL`, and `ENCRYPTION_KEY` (a 64-character hex string generated with `openssl rand -hex 32`). GitHub OAuth and Resend API keys are also required for full authentication features.
Verified SafeView Analysis
The project demonstrates strong security practices for a web application. It uses Node.js's `crypto` module for AES-256-GCM encryption of sensitive data like OAuth tokens and client secrets, with the encryption key securely loaded from environment variables and validated for correct format. Sensitive data in logs (headers like 'Authorization', 'Cookie', and body fields like 'password', 'token') are sanitized and redacted. Environment variables are strictly validated using Zod via `@t3-oss/env-nextjs`. Security headers are configured in `next.config.ts` to prevent common web vulnerabilities like XSS and clickjacking. PII is configured to be sent to Sentry, which is a conscious operator choice rather than a code vulnerability. The markdown rendering component likely uses `isomorphic-dompurify` for XSS protection.
Updated: 2025-12-13GitHub
38
12
Low Cost
StacklokLabs icon

sqlite-mcp

by StacklokLabs

Sec3

A Model Context Protocol (MCP) server that enables LLMs to interact with SQLite databases by providing tools and resources for querying and managing data.

Setup Requirements

  • ⚠️Requires Go 1.21 or later
  • ⚠️Requires an existing SQLite database file or uses an in-memory database
Review RequiredView Analysis
CRITICAL: The `handleDescribeTable` function in `internal/tools/query.go` is vulnerable to SQL injection. The `table_name` parameter, taken directly from user input, is unsafely formatted into a `PRAGMA table_info()` query using `fmt.Sprintf` without sanitization or parameterization. This allows an attacker to inject arbitrary SQL commands (e.g., `users'); DROP TABLE products; --`) which can lead to data loss, modification, or information leakage, especially when the server is run in read-write mode. While `execute_query` and `execute_statement` use parameterized queries, this specific vulnerability is severe.
Updated: 2026-01-19GitHub
38
12
Medium Cost
Contrast-Security-OSS icon

mcp-contrast

by Contrast-Security-OSS

Sec9

This server acts as a Microservice Chassis Platform (MCP) host, providing AI agents with a set of tools to interact with the Contrast Security platform. It enables querying and managing application security data, including vulnerabilities, attacks, SAST results, software composition analysis (SCA), and route coverage.

Setup Requirements

  • ⚠️Requires Contrast Security platform credentials (CONTRAST_HOST_NAME, CONTRAST_API_KEY, CONTRAST_SERVICE_KEY, CONTRAST_USERNAME, CONTRAST_ORG_ID), which typically means a paid Contrast Security account.
  • ⚠️Requires Java 17+ for JAR deployment; Docker is recommended for simpler deployment.
  • ⚠️The 'get_scan_results' tool is deprecated and may return very large SARIF JSON, potentially exceeding AI context limits.
Verified SafeView Analysis
The server demonstrates strong security practices for an API proxy. It uses a dedicated SDK for Contrast API interaction, enforces input validation on all tool parameters (using a fluent validation API), and explicitly checks for all required API credentials at startup. There's no apparent use of 'eval' or direct arbitrary command execution. Credentials are externalized via environment variables. The API calls are wrapped in a structured error handling and logging pipeline. The deprecated SAST results tool warns about large output, indicating awareness of potential context overflow. Overall, the design prioritizes secure interaction with the Contrast platform.
Updated: 2026-01-16GitHub
38
13
Low Cost
RedberryProducts icon

mcp-client-laravel

by RedberryProducts

Sec8

Laravel-native client for interacting with Model Context Protocol (MCP) servers to discover and call tools, and access resources for AI agents.

Setup Requirements

  • ⚠️STDIO transporter does not work when the Laravel project is running with `php artisan serve`.
  • ⚠️Using the STDIO transporter (e.g., with 'npx' commands) may require a Node.js/NPM environment on the server running the Laravel application.
  • ⚠️Requires PHP 8.3 or 8.4 and Laravel 10.x, 11.x, or 12.x.
Verified SafeView Analysis
The client primarily uses Guzzle for HTTP and Symfony Process for STDIO communication. No 'eval' or direct obfuscation found. Hardcoded secrets are not present, relying on environment variables for API tokens. The STDIO transporter executes external commands; while it uses a secure array-based command execution (Symfony Process), the consuming application must ensure the 'command' configuration elements are from trusted sources to prevent potential command injection if dynamic user input were ever used to construct them. Overall, it follows good practices for handling external communication.
Updated: 2026-01-12GitHub
38
5
Medium Cost
ibm-ecm icon
Sec2

Provides a standardized interface to enable AI models to interact with IBM FileNet Content Manager (FNCM) for document, folder, and metadata management.

Setup Requirements

  • ⚠️Requires Python 3.13+ and 'uv' package manager.
  • ⚠️Requires access to an IBM FileNet Content Platform Engine (CPE) with Content Services GraphQL API (CS-GQL) installed.
  • ⚠️Requires 'Persistent Text Extract Add-on' in FileNet for 'get_document_text_extract' functionality.
  • ⚠️Known compatibility issues with Watson Orchestrate, including limitations with complex Pydantic inputs for some tools.
Review RequiredView Analysis
CRITICAL: Multiple SQL Injection vulnerabilities exist in `repository_object_search`, `folders.py` (e.g., `lookup_folder_id`), and `mcp_manage_hold.py` (e.g., `find_hold_relationship_object`, `list_holds_by_name_tool`). These tools construct SQL `WHERE` clauses by directly embedding user-provided string values (like `property_value`, `folder_id_or_path`, `hold_object_id`, `held_object_id`, `hold_display_name`) without proper escaping of internal single quotes. This allows a malicious actor to inject arbitrary SQL commands. MEDIUM: The `create_document` and `checkout_document` tools perform local file system operations (uploading/downloading content) based on paths provided to the server. While basic path validation is present, an AI agent or malicious user could potentially leverage this to read from or write to unintended locations on the server's file system. WARNING: The server supports disabling SSL/TLS verification (`SSL_ENABLED=false` etc.), explicitly noted in the README as 'not recommended for production,' which can expose communications to man-in-the-middle attacks.
Updated: 2025-12-12GitHub
38
1
Medium Cost
rubenaguir icon

clickup-mcp-server

by rubenaguir

Sec9

Integrate AI-powered clients with ClickUp's task management system via the Model Context Protocol (MCP) to manage tasks and lists.

Setup Requirements

  • ⚠️Requires a ClickUp API Access Token, which needs to be generated manually from ClickUp account settings or obtained using the provided OAuth helper script (which in turn requires ClickUp client credentials).
  • ⚠️Requires Node.js and npm/yarn installed to install dependencies and run the server.
  • ⚠️The project must be built using `npm run build` before the server can be run.
Verified SafeView Analysis
The server correctly retrieves the ClickUp API access token from environment variables, enforcing good security practices by not hardcoding secrets. Communication with clients occurs via standard input/output (stdio), limiting direct network exposure for the server. API calls to ClickUp are made over HTTPS via axios. Error handling for ClickUp API responses includes an 'isError' flag and detailed messages, preventing internal server errors from leaking. A helper script for OAuth token generation also uses environment variables for client credentials and PKCE, enhancing security for the token acquisition process.
Updated: 2025-11-27GitHub
PreviousPage 104 of 713Next