Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

38
12
Medium Cost
effytech icon

freshservice_mcp

by effytech

Sec8

Integrates AI models with Freshservice for automated IT service management operations across tickets, changes, products, requesters, agents, and solution articles.

Setup Requirements

  • ⚠️Requires a Freshservice account and API key (may be a paid service).
  • ⚠️Requires 'uvx' (or 'uv') for Python environment management.
  • ⚠️Python 3.13 or higher is required.
  • ⚠️Correctly setting `FRESHSERVICE_APIKEY` and `FRESHSERVICE_DOMAIN` environment variables is critical.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, which is good practice. It handles API requests via `httpx` and `base64` for basic authentication. There are no obvious signs of 'eval', obfuscation, or hardcoded secrets. Filtering functions pass query strings directly to the Freshservice API; while URL-encoded, the underlying Freshservice API's handling of these queries would determine vulnerability to injection, not this server's direct code.
Updated: 2025-12-01GitHub
38
7
High Cost
clempat icon

ai-tools-flake

by clempat

Sec8

Unified Nix flake for configuring AI tools, MCP servers, and AI agents across Claude Code, OpenCode, and other platforms.

Setup Requirements

  • ⚠️Requires Home Manager `unstable` branch.
  • ⚠️Recommends Nixpkgs `nixos-unstable`.
  • ⚠️Full functionality for many agents (e.g., Atlassian, GitHub, Sentry MCPs) requires configuration of various external API keys.
Verified SafeView Analysis
The project leverages Nix for declarative configuration, enhancing reproducibility and auditability of dependencies. Agent definitions explicitly instruct to avoid hardcoding secrets and encourage credential vaults or environment variables. The `mcp-gateway` acts as a stdio-to-HTTP proxy, introducing a controlled network interaction point, which is a common pattern for bridging MCP types. The `nixos-command-not-found` skill uses `nix shell` for execution, providing some isolation. Overall, appears well-considered within the Nix ecosystem.
Updated: 2026-01-14GitHub
38
1
Medium Cost
looptech-ai icon

artifact-mcp

by looptech-ai

Sec8

AI agent server for high-fidelity document generation and manipulation (Word, Excel, PowerPoint, PDF, Markdown, EPUB, MS Project, Email) via a declarative workspace pattern.

Setup Requirements

  • ⚠️Requires an MCP client to interact with its tools.
  • ⚠️EPUB document generation and editing requires the `EbookLib` Python package (`pip install EbookLib`).
  • ⚠️Reading Outlook `.msg` files (for email analysis/editing) requires the `extract-msg` Python package (`pip install extract-msg`).
  • ⚠️PDF chart generation functionality requires the `matplotlib` Python package.
  • ⚠️Visio (`.vsdx`) document generation and editing relies on the `vsdx` Python package (`pip install vsdx`) and is template-based, meaning it cannot create shapes from scratch without an existing .vsdx template.
  • ⚠️Markdown to HTML export functionality requires the `markdown` Python package (`pip install markdown`).
Verified SafeView Analysis
Uses robust path validation (`artifact_mcp.config.validate_path`) to sandbox all file operations within a defined workspace (`./workspace`), mitigating directory traversal risks. Leverages well-established document processing libraries (python-docx, openpyxl, python-pptx, WeasyPrint, ebooklib, vsdx, markdown, email) which handle underlying file formats. Custom XML manipulation for specific Word/PPTX features (e.g., comments, sections, fields) is present but targets predefined document structures, reducing the risk of arbitrary XML injection. `yaml.safe_load` is used for Markdown front matter, which is generally secure against arbitrary code execution. No direct `eval` or unvalidated `subprocess` calls were observed. Overall, the implementation appears secure for its intended sandboxed document generation purpose.
Updated: 2025-11-26GitHub
38
36
High Cost
Teradata icon
Sec6

A comprehensive Model Context Protocol (MCP) server for Teradata, exposing a rich suite of database administration, data quality, security, SQL optimization, vector store, plotting, backup/restore, feature store, and LLM chat/RAG capabilities as MCP tools for client applications like AI agents.

Setup Requirements

  • ⚠️Requires a running Teradata Database (version >= 17.20).
  • ⚠️Requires Teradata-specific Python client libraries (`teradataml`, `teradatagenai`, `tdfs4ds`).
  • ⚠️For Backup & Restore features, a Teradata DSA (Data Stream Architecture) system must be installed and accessible. Insecure default credentials (`admin`/`admin`) are used if environment variables are not set for DSA.
  • ⚠️For Chat Completion features, an OpenAI-compatible `CompleteChat` Java Table Operator UDF must be installed in the Teradata database.
  • ⚠️Extensive environment variable configuration is necessary to enable all features securely.
Verified SafeView Analysis
The `eval` function in `src/teradata_mcp_server/utils.py` is used with a restricted namespace, limiting direct arbitrary code execution risk. However, `src/teradata_mcp_server/tools/bar/dsa_client.py` sets default `DSA_USERNAME='admin'` and `DSA_PASSWORD='admin'` if not overridden by environment variables, posing a critical security vulnerability if deployed in production. The `chat_tools.py` can be configured with `ignore_https_verification=True` for external LLM calls, which is an insecure option. Authentication attempts are rate-limited.
Updated: 2026-01-05GitHub
38
11
High Cost
bluewings1211 icon

codebase-RAG

by bluewings1211

Sec8

A Retrieval-Augmented Generation (RAG) server designed to assist AI agents and developers in understanding and navigating codebases through semantic search.

Setup Requirements

  • ⚠️Requires a locally running vector database (Qdrant) for persistent storage.
  • ⚠️Requires a locally running embedding model server (Ollama or MLX Server) for generating code embeddings.
  • ⚠️A Python 3.8+ environment with 'uv' (a modern package manager) is necessary for setup and running the server/tools.
Verified SafeView Analysis
The server's core functionality involves extensive file system access (`os.walk`, file I/O) to read and index codebases. This is an inherent risk for any code analysis tool. However, the system includes mitigations such as respecting `.ragignore` files and internal exclusion lists (`exclude_dirs`, `exclude_patterns` in `ProjectAnalysisService`). Input validation (`PromptValidator`) specifically checks for dangerous directory patterns (e.g., path traversal attempts) in user-provided paths. Network connections are primarily to configurable local services (Qdrant, Ollama, MLX Server), reducing exposure to arbitrary external network risks. No direct `eval()` or `exec()` on untrusted user input was observed. The main residual risk is the potential exposure of sensitive internal code if an untrusted codebase is indexed and then queried by an LLM, or if internal code could be misused through generated LLM responses. Overall, it appears robust against common remote execution vulnerabilities, but careful deployment and use with trusted codebases are recommended.
Updated: 2025-12-11GitHub
38
9
High Cost
Daghis icon

teamcity-mcp

by Daghis

Sec9

A Model Control Protocol (MCP) server that bridges AI coding assistants with JetBrains TeamCity CI/CD server, exposing TeamCity operations as MCP tools.

Setup Requirements

  • ⚠️Requires Node.js version >= 20.10.0 and < 21.
  • ⚠️Requires access to a running JetBrains TeamCity Server 2020.1+ with its REST API enabled.
  • ⚠️A valid TeamCity authentication token with appropriate permissions is mandatory for operation.
Verified SafeView Analysis
The server explicitly prioritizes sensitive configuration (TeamCity URL and Token) via CLI arguments, environment variables, or .env files, avoiding hardcoded secrets. It employs a global error handler that sanitizes messages by redacting sensitive patterns (like 'token=', 'password=', 'apikey=', 'authorization:') before logging them, enhancing security in production environments. The core API client uses Axios for HTTP requests, which is a well-vetted library. There's no apparent use of `eval` or other dynamic code execution that could introduce direct arbitrary code execution vulnerabilities.
Updated: 2026-01-19GitHub
38
50
Low Cost
nickytonline icon
Sec8

This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.

Setup Requirements

  • ⚠️Requires Node.js >= 22.18.0
Verified SafeView Analysis
The implementation follows good practices for Node.js applications, such as environment variable validation using Zod, structured logging with Pino, and secure session ID generation with node:crypto.randomUUID(). No explicit 'eval' or direct arbitrary code execution vulnerabilities are apparent in the provided source code. Security relies on the robustness of the underlying 'express' and '@modelcontextprotocol/sdk' libraries for request parsing and protocol adherence. Proper error handling returns generic 500 errors for unexpected issues.
Updated: 2026-01-01GitHub
38
1
Medium Cost
newline53 icon

newline-mcp-server

by newline53

Sec8

Enables AI agents to interact with the Newline Banking API for managing synthetic accounts, transfers, customers, transactions, and other banking operations via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Newline API HMAC authentication key (`NEWLINE_HMAC_KEY`).
  • ⚠️Requires a Newline program identifier (`NEWLINE_PROGRAM_ID`).
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server uses JWT-based authentication with HMAC signing, relying on a secret key (`NEWLINE_HMAC_KEY`). While sensitive keys are loaded from environment variables as recommended, the `config.ts` provides default placeholder strings if these variables are not set. This would lead to authentication failures rather than a direct security compromise, but is a noteworthy configuration risk. The project explicitly states that external pull requests are not accepted due to operating within a regulated banking environment, and directs vulnerability reports to a HackerOne program, indicating a strong internal security focus. Proxy support is implemented via `https-proxy-agent`. Running via `npx git+...` involves executing remote code, which is a common practice but carries inherent supply chain risks.
Updated: 2025-12-12GitHub
38
12
High Cost
create-with-swift icon

Flint

by create-with-swift

Sec8

A server that generates 3D models in Blender and exports them as USDZ files from text prompts using an AI agent.

Setup Requirements

  • ⚠️Requires macOS with Blender installed at `/Applications/Blender.app/Contents/MacOS/Blender` (or `BLENDER_PATH` set in `.env`).
  • ⚠️Requires `uv` toolchain (`brew install uv`) for `uvx blender-mcp`.
  • ⚠️Requires a valid Anthropic API key (`ANTHROPIC_API_KEY`) for Claude Sonnet 4.5, which is a paid service.
Verified SafeView Analysis
The server uses `subprocess.run` to interact with Blender and the `uvx blender-mcp` toolchain, which is necessary for its functionality. Inputs to these subprocess calls are derived from controlled configurations (`BLENDER_PATH`, `EXPORT_FOLDER`, `EXPORT_FILENAME`) rather than direct user input, mitigating command injection risks. The `/download` endpoint is explicitly restricted to `exported_model.usdz` to prevent arbitrary file access. The MCP agent uses `toolAllowList` to restrict the LLM's capabilities, enhancing security by limiting potential malicious tool calls. The primary remaining risk is the inherent power of the `execute_blender_code` tool, which allows the LLM to generate and run arbitrary Python code within Blender, though the agent's constraints (max steps, prompt truncation, system hints) aim to guide it to safe operations. Hardcoded API keys are avoided, relying on `.env` for sensitive information.
Updated: 2025-11-26GitHub
38
4
Medium Cost
Fervoyush icon

plotnine-mcp

by Fervoyush

Sec3

A Model Context Protocol (MCP) server that brings ggplot2's grammar of graphics to Python through plotnine, enabling AI-powered data visualization via natural language.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️For full functionality (Parquet and Excel support), optional dependencies (`pyarrow`, `openpyxl`) must be installed via `pip install -e ".[full]"`.
  • ⚠️Requires configuration within an MCP client (e.g., Claude Desktop, Cursor, VSCode) with the full path to the `plotnine-mcp` executable or `python -m plotnine_mcp.server`.
Review RequiredView Analysis
The `apply_mutate` function in `src/plotnine_mcp/transforms.py` uses `pandas.DataFrame.eval()` with user-provided expressions, which is highly dangerous if the `mutations` parameter can be controlled by an untrusted entity, allowing arbitrary code execution. Additionally, the `data_loader.py` allows loading data from arbitrary URLs, posing a Server-Side Request Forgery (SSRF) risk if an attacker can control the `path` parameter.
Updated: 2025-11-26GitHub
38
1
Medium Cost
samtalki icon

AgentREPL.jl

by samtalki

Sec8

Provides a persistent Julia REPL for AI agents via Model Context Protocol (MCP) to eliminate the Time to First X (TTFX) startup penalty.

Setup Requirements

  • ⚠️Requires Julia 1.10+ installed and available in PATH.
  • ⚠️Requires the AgentREPL.jl package to be installed.
  • ⚠️Designed specifically for integration with Claude Code environment.
Verified SafeView Analysis
The server explicitly uses STDIO transport, which eliminates network attack surfaces by not opening any network ports. It runs with user permissions and automatically terminates when the Claude session ends. The core functionality involves executing arbitrary Julia code, which is an inherent risk, but the documentation is highly transparent about what it *does not* protect against (e.g., malicious code execution, file system access, network access from Julia). The plugin explicitly advises AI agents to display code to the user for review before execution. There are no obvious hardcoded secrets or obfuscation.
Updated: 2026-01-19GitHub
38
1
Medium Cost
contributte icon

mcp

by contributte

Sec8

Integrates the Multi-Capability Protocol (MCP) server SDK into Nette Framework applications, enabling web and console interfaces for managing and interacting with MCP capabilities (tools, resources, prompts).

Setup Requirements

  • ⚠️Requires Nette Framework (PHP framework) for integration.
  • ⚠️Requires PHP 8.4+.
  • ⚠️Relies on a specific 'dev-main' commit of 'mcp/sdk', which might impact stability or future compatibility.
  • ⚠️If 'file' session type is chosen, 'session.path' must be explicitly configured if Nette's 'tempDir' parameter is not available.
Verified SafeView Analysis
The codebase appears generally secure, with no direct 'eval' or malicious patterns. It handles HTTP requests by converting Nette's IRequest to PSR-7 ServerRequest, passing responsibilities for deeper request sanitization to Nette and the external 'mcp/sdk'. A potential configuration-time risk exists where a developer could inject a malicious 'Statement' for service definitions (e.g., container, cache) in the Nette DI configuration, leading to arbitrary code execution during compilation, but this is not a runtime vulnerability for end-users.
Updated: 2025-12-13GitHub
PreviousPage 108 of 713Next