Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

37
9
High Cost
erickemj icon

BloodHound-MCP

by erickemj

Sec3

An AI assistant integrated with an MCP Server to query and analyze Active Directory (AD) and Azure Active Directory (AAD) environments using a Neo4j database populated with BloodHound data.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires a running Neo4j database instance populated with BloodHound data.
  • ⚠️Relies on environment variables BLOODHOUND_URI, BLOODHOUND_USERNAME, BLOODHOUND_PASSWORD for Neo4j connection, or uses weak hardcoded defaults.
Review RequiredView Analysis
Critical Cypher injection vulnerability due to direct string formatting of user/AI-generated input into database queries in most of the predefined tools, rather than using parameterized queries. This allows for arbitrary database manipulation if an attacker can control input. Default Neo4j credentials ('neo4j'/'bloodhound') are used if environment variables are not set, which are weak defaults but common for local testing setups.
Updated: 2025-12-15GitHub
37
18
Low Cost
roman icon

mcps.nix

by roman

Sec9

Provides a curated library of pre-configured Model Context Protocol (MCP) server presets for Claude Code, integrating seamlessly with Nix-based system configurations like devenv and Home Manager.

Setup Requirements

  • ⚠️Requires Nix package manager (devenv or Home Manager) for installation and configuration.
  • ⚠️Many MCP servers require external API keys/tokens (e.g., GitHub, Asana) that users must obtain and store securely in files.
  • ⚠️Relies on the Claude Code CLI, which must be installed (handled by Nix through this project).
Verified SafeView Analysis
The project strongly emphasizes secure credential management, advocating for reading API tokens from files instead of environment variables, with explicit support for this pattern. It also highlights path restrictions for filesystem access and ensures API tokens are not exposed in the Nix store. While the security of the integrated upstream MCP servers is external to this project, mcps.nix provides a secure framework for their configuration. No 'eval' or malicious patterns are evident in the provided `package-lock.json` or documentation.
Updated: 2026-01-07GitHub
37
8
Low Cost
HaithamOumerzoug icon

keycloak-mcp

by HaithamOumerzoug

Sec8

Manages Keycloak users, realms, clients, roles, and groups through a standardized Model Context Protocol (MCP) interface for AI agents.

Setup Requirements

  • ⚠️Requires a running Keycloak instance to connect to.
  • ⚠️Requires Keycloak admin URL, username, and password for authentication.
  • ⚠️Node.js version 20 or higher is required (as per package.json engines field, or latest LTS as per README).
Verified SafeView Analysis
The server uses the official Keycloak Admin Client and implements robust input validation using Zod schemas for all tool arguments. Admin credentials (URL, username, password) are loaded from environment variables or command-line arguments and are validated to ensure they are not empty. There are no direct 'eval' calls or obvious malicious patterns in the provided source. The primary security consideration is the sensitive nature of the Keycloak admin credentials, which grant full administrative access to Keycloak. Proper handling of these credentials in the deployment environment (e.g., using secure secrets management) is critical to prevent unauthorized access to the Keycloak instance.
Updated: 2025-12-01GitHub
37
10
Medium Cost
DimonSmart icon

NugetMcpServer

by DimonSmart

Sec7

Provides AI assistants with accurate NuGet package information for C# APIs and types.

Setup Requirements

  • ⚠️Requires Docker to be installed and running (for Docker option).
  • ⚠️Requires .NET 9.0 SDK to be installed (for .NET tool option).
  • ⚠️Configuring private NuGet feeds may require setting environment variables (NUGET_SOURCES, NUGET_CONFIG) or custom command-line arguments.
Verified SafeView Analysis
A full security audit of the application's core logic (C# source code) could not be performed as it was not provided in the truncated source. The analysis is based on the README, manifest files, and deployment configurations. The server interacts with external NuGet feeds (nuget.org, private feeds), which involves network communication. Configuration options allow passing custom NuGet sources and configuration files, potentially via environment variables (NUGET_SOURCES, NUGET_CONFIG). While this is necessary for its function, care should be taken to secure any sensitive credentials passed through these channels. No obvious malicious patterns, hardcoded secrets, or 'eval' like constructs were found in the provided manifest or README files. The tool uses standard .NET execution and Docker containers, relying on their inherent security features.
Updated: 2026-01-11GitHub
37
23
Medium Cost
influxdata icon
Sec8

Provides a Model Context Protocol (MCP) server for integrating with various InfluxDB v3 instances (Core, Enterprise, Cloud Dedicated, Clustered, Cloud Serverless) through tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires a running InfluxDB 3 instance (Core, Enterprise, Cloud Dedicated, Clustered, or Cloud Serverless) with appropriate URL and token(s).
  • ⚠️Specific environment variables (`INFLUX_DB_INSTANCE_URL`, `INFLUX_DB_TOKEN`, `INFLUX_DB_PRODUCT_TYPE`, etc.) must be correctly configured based on the InfluxDB product type.
  • ⚠️Node.js v18 or newer and npm v9 or newer are required for local execution. Docker is required for Docker-based setups.
Verified SafeView Analysis
The server uses environment variables for all sensitive credentials (tokens, IDs), which is good practice. It communicates via StdioServerTransport, implying a local process-to-process communication model that reduces network exposure. However, the `HttpClientService` conditionally disables SSL certificate validation (`rejectUnauthorized: false`) for `InfluxProductType.Clustered`, which is a security risk (vulnerable to MITM attacks) if the environment is not fully trusted or secured otherwise. The project's `SECURITY.md` explicitly warns users about exposing system capabilities and emphasizes trusting the MCP client and deploying on the same device as a trusted agent.
Updated: 2026-01-08GitHub
37
2
Medium Cost
GleeMCP icon

Glee

by GleeMCP

Sec8

Glee is an essential MCP toolkit that acts as an orchestration layer for AI coding agents, providing persistent memory, AI code review, and session hooks to consolidate developer tools.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires 'uv' or 'pipx' for installation
  • ⚠️Requires external CLI agents (Codex, Claude, Gemini) to be installed and authenticated for core features
  • ⚠️Requires API keys/OAuth authentication for underlying LLM services (e.g., OpenAI, Anthropic, Google) and GitHub for integration features
Verified SafeView Analysis
The project directly invokes external CLI agents (Codex, Claude, Gemini) via subprocess, which carries inherent risks, but mitigation strategies are in place. These include explicit permission models for subagents and tools (filesystem, network, secrets), an allowed commands whitelist for shell execution, and the requirement for human approval for sensitive operations. Sensitive data (API keys, tokens, passwords) is redacted from logs, and credential files are stored with restricted permissions (0o600). Full OS-level sandboxing is planned for future versions, indicating a proactive security posture.
Updated: 2026-01-17GitHub
37
30
High Cost
tjhop icon
Sec9

Serves as an MCP (Model Context Protocol) gateway, enabling Large Language Models (LLMs) to interact with and analyze a running Prometheus instance through its API.

Setup Requirements

  • ⚠️Requires a running Prometheus-compatible API endpoint (specified by `--prometheus.url`).
  • ⚠️Prometheus TSDB administrative tools (`snapshot`, `delete_series`, `clean_tombstones`) are disabled by default and require `--dangerous.enable-tsdb-admin-tools` to enable, which carries significant risks of data loss.
  • ⚠️Local LLM development/testing often requires additional tools like Ollama, `mcp-inspector`, or `mcphost` to be installed and running.
  • ⚠️Docker is recommended for simplified installation and testing.
Verified SafeView Analysis
The project transparently handles potentially destructive operations via the `--dangerous.enable-tsdb-admin-tools` flag, requiring explicit user acknowledgement. It supports securing connections to Prometheus and its own endpoints using HTTP configuration files (TLS, basic auth, bearer tokens), and correctly proxies authorization headers from incoming MCP requests to Prometheus API calls. No apparent `eval` usage, obfuscation, or hardcoded sensitive credentials. The main risk is user choice in enabling dangerous tools or misconfiguring security for the MCP server itself.
Updated: 2026-01-05GitHub
37
11
Medium Cost
StacklokLabs icon

ocireg-mcp

by StacklokLabs

Sec9

An MCP server enabling LLM-powered applications to interact with OCI registries for querying image information, tags, manifests, and configurations.

Setup Requirements

  • ⚠️Requires Go 1.21+ for building.
  • ⚠️Access to private OCI registries requires providing authentication credentials (Bearer token via Authorization header or OCI_TOKEN env, or Username/Password via OCI_USERNAME/OCI_PASSWORD env, or Docker config file).
  • ⚠️Running with ToolHive (recommended) requires ToolHive to be installed and configured.
Verified SafeView Analysis
The server uses `go-containerregistry` for OCI interactions. Authentication is handled robustly via HTTP Authorization headers, environment variables (OCI_TOKEN, OCI_USERNAME, OCI_PASSWORD), or the default Docker keychain, in a clear priority order. No hardcoded secrets, `eval` usage, or obvious malicious patterns were found in the provided source. The project follows a defined security policy for vulnerability reporting.
Updated: 2026-01-19GitHub
37
3
Low Cost
abda11ah icon

serencp

by abda11ah

Sec5

Provides a standard MCP server for bidirectional communication with VM serial consoles and live viewer capabilities.

Setup Requirements

  • ⚠️Strictly requires a *nix-like operating system (Linux, macOS, BSD); Windows is only supported via WSL.
  • ⚠️Requires Perl with `IO::Pty` and `JSON::PP` modules installed.
  • ⚠️VMs must be configured to expose their serial console over a TCP port (default 4555).
  • ⚠️Guest OS must be configured to use the serial console (e.g., GRUB, inittab, systemd).
Review RequiredView Analysis
A comprehensive security audit of the `serencp.pl` script is impossible as the actual Perl source code for the server logic was not provided, only the README and LICENSE files. Therefore, this score reflects general design considerations and potential risks inherent in this type of application, rather than specific code vulnerabilities. Potential areas of concern based on the README: - **Unix Socket Exposure**: The server creates Unix sockets (`/tmp/serial_${VM_NAME}`). Permissions on these sockets are critical. If not properly secured, any local user could potentially connect and gain full control of the associated VM's serial console, allowing arbitrary command execution within the VM. - **Input Sanitization**: Writing to a VM serial console (`write` tool) could be an attack vector if input is not properly sanitized. Malicious input might lead to unintended behavior in the VM or, in extreme cases, affect the bridge itself (though less likely given PTY separation). - **Child Processes and Resource Management**: The server forks child processes for each VM bridge. While 'Zombie Management' is mentioned, potential resource exhaustion or unhandled errors in child processes could lead to denial of service or instability. - **No Authentication/Authorization**: The README does not mention any authentication or authorization mechanisms for connecting to the MCP server or the Unix sockets. This implies that any client capable of connecting can interact with the VMs. Without access to the full source code, it's impossible to check for common vulnerabilities like command injection, buffer overflows, improper error handling, hardcoded secrets, or insecure use of `IO::Pty` or other system calls. Running this server without a thorough code review presents an unknown risk, especially in multi-user or sensitive environments.
Updated: 2026-01-16GitHub
37
9
Medium Cost
jordanburke icon

reddit-mcp-server

by jordanburke

Sec9

Provides tools for fetching and creating Reddit content through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires creating a Reddit app and configuring it as a 'script' type to obtain API credentials.
  • ⚠️Write operations (create, reply, edit, delete) require a Reddit username and password to be set as environment variables, in addition to client credentials.
  • ⚠️Requires a Node.js environment with pnpm for installation and execution.
Verified SafeView Analysis
The server correctly loads sensitive credentials (Client ID, Client Secret, Username, Password, OAuth Token) from environment variables, preventing hardcoding. Input validation for tool parameters is implemented using Zod, reducing common injection vulnerabilities. The RedditClient handles OAuth2 token acquisition and refresh, and includes a retry mechanism for 401 errors. Optional OAuth protection for the HTTP endpoint is available, with token generation if none is provided during setup. No 'eval' or obvious malicious patterns were found in the provided code. However, the OAuth token generation during startup if `OAUTH_ENABLED` is true but `OAUTH_TOKEN` is unset, prints the token to console.error, which might be a minor security exposure if not properly managed in a production environment.
Updated: 2026-01-18GitHub
37
12
High Cost
sgaunet icon

pplx

by sgaunet

Sec9

This server exposes Perplexity AI's query and chat functionalities to MCP-compatible clients like Claude Code, allowing programmatic interaction with the AI model.

Setup Requirements

  • ⚠️Requires Perplexity AI API Key (Paid service, usage-based billing applies).
  • ⚠️Requires Go 1.24.0 or later to build from source.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Code, Claude Desktop) to interact with the 'mcp-stdio' server.
Verified SafeView Analysis
The project demonstrates good security practices by explicitly requiring and managing API keys via environment variables or configuration files, rather than hardcoding them. It includes robust key masking and sanitization logic for logs and output, preventing accidental exposure. The server operates over standard I/O (stdio) rather than a network port, reducing direct network attack surface. Outbound network calls are made to the legitimate Perplexity AI API. Minor `gosec` warnings exist for file permissions and external command execution (`EDITOR`), but they are either handled with explicit permissions or acknowledged as intentional for user experience.
Updated: 2026-01-19GitHub
37
8
Medium Cost
0xReLogic icon

Cognio

by 0xReLogic

Sec7

Cognio provides persistent semantic memory for AI assistants, enabling long-term context retention and semantic search across conversations.

Setup Requirements

  • ⚠️Requires LLM API keys (Groq/OpenAI) if auto-tagging or abstractive summarization are enabled (can incur costs).
  • ⚠️A ~1GB embedding model is downloaded on first run, requiring disk space and time.
  • ⚠️Requires Python 3.11+ or Docker for the main backend server.
Verified SafeView Analysis
The default CORS configuration allows all origins (`allow_origins=["*"]`), which is a significant security risk for production deployments. API key authentication is optional by default (`API_KEY=None`), meaning the API is open unless explicitly configured. The Node.js MCP server and setup scripts use `execSync`, but this is for controlled, internal auto-configuration (e.g., writing client config files) rather than executing arbitrary user input, which mitigates immediate exploit concerns. LLM API keys (Groq, OpenAI) are loaded from environment variables, which is good practice. SQL queries use parameterization, preventing SQL injection.
Updated: 2026-01-18GitHub
PreviousPage 110 of 713Next