Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

37
11
Low Cost
charles-adedotun icon

notifications-mcp-server

by charles-adedotun

Sec4

Provides real-time sound and visual notifications on macOS when Claude Desktop completes tasks.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️Requires Claude Desktop to be installed for integration.
  • ⚠️Installation of `terminal-notifier` (e.g., via `brew install terminal-notifier`) is recommended for enhanced visual notifications.
  • ⚠️Requires Python 3.10 or higher.
Review RequiredView Analysis
The `notify-claude.sh` helper script, if present and used, is vulnerable to JSON injection via the `MESSAGE` argument, as the message string is not properly escaped when embedded in the `echo` command's JSON output. This could lead to malformed JSON and parsing errors in the Python server. The server heavily relies on `subprocess.run` to execute external macOS commands (`afplay`, `osascript`, `terminal-notifier`) and the helper shell script. While parameters are generally quoted in shell calls and macOS notification systems typically sanitize inputs, passing LLM-generated `title` and `message` arguments to external processes introduces a higher attack surface compared to purely native API calls. The `os.chmod` call to make the `notify-claude.sh` script executable also presents a minor local privilege escalation risk if the script's content is compromised.
Updated: 2025-12-12GitHub
37
9
Medium Cost
saucelabs icon

sauce-api-mcp

by saucelabs

Sec9

This server enables AI assistants to manage Sauce Labs testing infrastructure, interact with device clouds, analyze test jobs and builds, and monitor tunnels via natural language.

Setup Requirements

  • ⚠️Requires an active Sauce Labs account with API access (paid service).
  • ⚠️Requires setting SAUCE_USERNAME and SAUCE_ACCESS_KEY environment variables.
  • ⚠️LLM client configuration (e.g., Claude Desktop, Gemini CLI, Goose) is necessary to integrate the server correctly.
Verified SafeView Analysis
The server implements crucial security by refusing to run if its standard I/O streams are connected to a TTY, preventing potential STDIO hijacking attacks. It properly retrieves sensitive Sauce Labs API credentials (username and access key) from environment variables, avoiding hardcoding. The RDC component includes tools for proxying HTTP requests from a real device to arbitrary external hosts and paths. While this is an intended feature of the Sauce Labs Real Device Cloud API, its usage by an LLM client would require careful validation of generated `targetHost` and `targetPath` parameters to prevent unintended or malicious network requests from the controlled device. No `eval` or obfuscation found.
Updated: 2025-12-12GitHub
37
7
High Cost
BranchManager69 icon

dexter-mcp

by BranchManager69

Sec8

Serves as a Model Context Protocol (MCP) bridge, exposing a curated set of tools for AI agents (Claude, ChatGPT, voice bots) to interact with Solana-based financial trading, wallet management, search, and analytics services.

Setup Requirements

  • ⚠️Requires a PostgreSQL database configured for Prisma, typically provided by Supabase.
  • ⚠️Extensive environment variables for Supabase (URL, API keys, JWT secrets), OAuth/OIDC, Hyperliquid, Tavily, and other services must be populated.
  • ⚠️Many advanced tools (e.g., Hyperliquid trading, premium data) are x402 paid resources, incurring real-world costs per use.
Verified SafeView Analysis
The server relies heavily on external Supabase authentication and Dexter API for core functionalities, indicating a robust external security posture. Sensitive information is managed via environment variables. The `apps-sdk/bootstrap.js` uses `JSON.stringify(baseUrl)` to embed a base URL, which could be a vulnerability if `baseUrl` were attacker-controlled during deployment/build, but is generally safe for properly configured environment variables. The implementation includes defensive measures for external link handling and HTML attribute manipulation. No direct `eval()` of user input was found.
Updated: 2026-01-17GitHub
37
7
High Cost
fiberplane icon

mcp-gateway

by fiberplane

Sec7

A unified gateway for managing and monitoring MCP (Model Context Protocol) servers, capturing traffic logs, and troubleshooting integrations with AI clients like Claude.

Setup Requirements

  • ⚠️Requires Bun runtime for development and running from source.
  • ⚠️Accessing the Web UI requires copying an authentication token displayed in the terminal output (or configured via MCP_GATEWAY_TOKEN env var).
  • ⚠️Logs and server configurations are stored locally in the user's home directory (`~/.mcp-gateway/`), which may contain sensitive information.
Verified SafeView Analysis
Designed primarily as a local development and debugging tool. Captured MCP traffic, including potentially sensitive OAuth tokens or API keys, is stored unencrypted in SQLite databases (`~/.mcp-gateway/logs.db`) and custom HTTP headers are stored in `mcp.json`. Authentication tokens for the Gateway's Web UI/API are displayed in the terminal and can be visible in browser URLs. By default, it operates on `localhost` without TLS, making it vulnerable to local Man-in-the-Middle attacks. No built-in rate limiting, audit logging, or secret management. While generally safe for its intended local debugging purpose, it is explicitly not recommended for production use without significant security hardening (e.g., reverse proxy with TLS/auth, stricter file permissions, external secret management).
Updated: 2025-12-06GitHub
37
8
High Cost
rnett icon

gradle-mcp

by rnett

Sec7

Provides a Model Context Protocol (MCP) server for Gradle, enabling programmatic inspection, execution of tasks/tests, and interaction with Gradle builds, including Develocity Build Scan publishing.

Setup Requirements

  • ⚠️JDK 17 or higher is required.
  • ⚠️JBang must be installed.
  • ⚠️If multiple MCP roots are configured, 'projectRoot' must be explicitly specified in tool calls. If only one root is configured, it defaults to that. If no roots are configured, 'projectRoot' is required.
  • ⚠️The server forwards its environment variables to Gradle. For critical build-related environment variables (e.g., JAVA_HOME), it might be necessary to run the 'jbang' command within a shell wrapper to ensure the correct environment is inherited by the MCP server itself.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary Gradle commands (`run_gradle_command`, `run_tests_with_gradle`) and accessing project data. While the server itself does not contain explicit 'eval' or malicious patterns, this inherent capability means that if the server is exposed to untrusted clients or networks, it could be leveraged to execute arbitrary commands or access files within the configured Gradle project roots on the host system. The `README.md` explicitly warns, "DO NOT EVER EXPOSE THIS SERVER TO THE INTERNET," which confirms this risk.
Updated: 2026-01-18GitHub
37
4
Low Cost
pgmoneta icon

pgmoneta_mcp

by pgmoneta

Sec9

Provides a Model Context Protocol (MCP) server for querying PostgreSQL backup and restore information via natural language.

Setup Requirements

  • ⚠️Requires an existing PostgreSQL 14+ and pgmoneta installation, with pgmoneta configured in remote admin mode and a management port.
  • ⚠️The pgmoneta-mcp-admin tool must be used to set a master key and add users, which encrypts credentials for connecting to pgmoneta.
  • ⚠️Requires creation of a pgmoneta-mcp.conf configuration file to specify server host/port and pgmoneta backend host/port.
Verified SafeView Analysis
The server uses SCRAM-SHA-256 for authentication with the pgmoneta backend, which is a strong authentication mechanism. User passwords for connecting to pgmoneta are encrypted using a master key stored in a securely permissioned file (.pgmoneta-mcp/master.key in the user's home directory). Input parsing for tool requests relies on `serde_json`, which is generally robust against malformed input. There is no evidence of 'eval', obfuscation, or directly hardcoded secrets in the source code; secrets are either user-provided (master key) or derived/encrypted. File permissions for the master key are explicitly managed on Unix systems to restrict access.
Updated: 2026-01-19GitHub
37
9
Medium Cost
axiomhq icon

mcp

by axiomhq

Sec8

Connect AI assistants (e.g., Claude, Cursor) to Axiom's observability platform, enabling natural language querying of datasets, traces, monitors, and dashboards via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires deployment to Cloudflare Workers, involving setup of KV Namespaces, Durable Objects, and configuration via Wrangler CLI.
  • ⚠️Requires registering an OAuth client with Axiom to obtain `AXIOM_OAUTH_CLIENT_ID` and `AXIOM_OAUTH_CLIENT_SECRET`.
  • ⚠️Multiple environment variables must be configured correctly for both local development (via `.dev.vars`) and production deployments (via Wrangler secrets).
Verified SafeView Analysis
The server implements a robust OAuth 2.0 flow using PKCE for client authentication, with session state managed via encrypted and signed cookies (using `COOKIE_ENCRYPTION_KEY`) and refresh tokens stored in Cloudflare KV. This provides good protection against common OAuth threats. Client-provided information in UI rendering is sanitized to prevent XSS. OpenTelemetry integration includes secure key handling. The `/icon` endpoint, which fetches external images based on a `domain` query parameter, could theoretically be used for minor external request triggering (e.g., as a low-level SSRF vector), though it has a timeout and is restricted to image content types, limiting its impact. No `eval` or blatant malicious patterns were found in the provided code.
Updated: 2026-01-13GitHub
37
3
Low Cost
Sikbik icon
Sec9

Provides an MCP (Model Context Protocol) server to expose Flux Cloud / FluxOS node API workflows as structured tools for AI agents.

Setup Requirements

  • ⚠️Requires Node.js 20+ to run.
  • ⚠️The `flux-mcp/dist/index.js` path must be absolute when configuring MCP clients.
  • ⚠️Requires a Flux node API base URL (e.g., `http://<node-ip>:16127`); providing the UI URL (`https://cloud.runonflux.com/`) is a common mistake.
Verified SafeView Analysis
The server implements robust safety measures: mutating actions require explicit `confirm=true` or `allowMutation=true` arguments. The `flux_daemon_call` tool uses a strict read-only allowlist and parameter validation to prevent arbitrary RPC execution. Sensitive information is redacted in resource outputs. File upload tools include checks to prevent misuse via proxies. Authentication (`zelidauth`) is handled via environment variables or runtime configuration. The `flux_apps_exec` tool allows remote command execution on the target Flux node, but it is explicitly gated with `confirm=true` due to its high privilege.
Updated: 2026-01-19GitHub
37
9
Medium Cost
ezhuk icon

mqtt-mcp

by ezhuk

Sec9

Connects LLM agents to MQTT devices for real-time monitoring and control in smart home, building automation, and industrial control systems.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires a running MQTT broker (default: 127.0.0.1:1883)
  • ⚠️Examples require OPENAI_API_KEY (a paid service)
Verified SafeView Analysis
The server uses pydantic-settings for configuration, allowing sensitive data like MQTT credentials and AuthKit details to be externalized via environment variables or .env files, which is a good security practice. There are no obvious hardcoded secrets or malicious patterns in the provided source code. The MQTT client handles connections, subscriptions, and publishing with basic error handling. The overall security depends heavily on the configuration of the underlying MQTT broker and proper ACLs.
Updated: 2026-01-17GitHub
37
7
Medium Cost
agent-network-protocol icon

mcp2anp

by agent-network-protocol

Sec8

Provides a bridge service enabling Model Context Protocol (MCP) clients to interact with Agent Network Protocol (ANP) agents.

Setup Requirements

  • ⚠️Requires DID document (JSON) and private key (PEM) files for authentication. Users must generate these via didhost.cc or provide their own, ensuring secure storage and file permissions.
  • ⚠️The project exclusively uses `uv` for dependency management and running commands; users must have `uv` installed (e.g., `curl -LsSf https://astral.sh/uv/install.sh | sh`).
  • ⚠️For remote HTTP mode, an external authentication service (`https://didhost.cc/api/v1/mcp-sk-api-keys/verify`) is mandatory for API key validation. The server will not function without connectivity to this service or a custom authentication logic.
Verified SafeView Analysis
The server uses Pydantic for input validation, structured logging with redaction for sensitive keys in logs, and handles various HTTP errors. Authentication in remote HTTP mode relies on an external DID Host service (`didhost.cc`) to verify API keys and retrieve DID credentials, which introduces a dependency on an external service's security. For local stdio mode, DID credentials (document and private key files) are loaded from specified paths (environment variables or default files), requiring proper file permissions and secure management of these files by the user. There is a customizable authentication callback that could introduce vulnerabilities if implemented insecurely by users. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-13GitHub
37
2
Low Cost
jiahuidegit icon

ssh-mcp-server

by jiahuidegit

Sec9

Provides secure remote server management capabilities, including SSH connection, command execution, and SFTP file transfers, via the MCP protocol for integration with AI agents.

Setup Requirements

  • ⚠️Requires Node.js v20.0.0 or higher.
  • ⚠️Credential storage (via `keytar`) may require system build tools (e.g., Python, C++ compiler) on some OS/environments; otherwise, it falls back to encrypted file storage.
  • ⚠️For encrypted file-based credential storage, the `SSH_MCP_MASTER_PASSWORD` environment variable must be set.
Verified SafeView Analysis
The server demonstrates strong security awareness by implementing a robust dangerous command detection mechanism that requires explicit user confirmation for potentially destructive operations (e.g., `rm -rf /`). Sensitive credentials are securely stored using the system's Keychain (macOS, Windows) or via AES-256-GCM encrypted files protected by an optional master password. Additionally, audit logs automatically mask sensitive information like passwords and private keys. There are no indications of 'eval' or malicious obfuscation in the provided source code.
Updated: 2026-01-17GitHub
37
9
Medium Cost
eastlondoner icon

emceepee

by eastlondoner

Sec9

A proxy server enabling AI agents to dynamically connect to and interact with multiple Model Context Protocol (MCP) backend servers, exposing the full MCP protocol via a simplified tool interface or a sandboxed JavaScript execution environment.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0 or Bun runtime.
  • ⚠️Requires an existing MCP client (e.g., Claude Code/Desktop) to connect to `emceepee`.
  • ⚠️Requires backend MCP servers to connect to *through* `emceepee` (via HTTP or stdio).
  • ⚠️Initial backend server configurations can be loaded via a JSON file (`--config`) or `EMCEEPEE_CONFIG` environment variable.
Verified SafeView Analysis
The project demonstrates a strong commitment to security, especially in its `codemode_execute` feature. It explicitly uses Node.js `vm` module to create a sandboxed execution environment. This sandbox blocks access to critical Node.js globals (`process`, `require`, `module`, `global`, `globalThis`, `Buffer`), network/IO APIs (`fetch`, `XMLHttpRequest`, `WebSocket`), dynamic code execution (`eval`, `Function`), and direct filesystem access. It also enforces execution timeouts (default 30s, max 5min) and limits the number of `mcp.*` API calls (default 100) and code length (100KB) to prevent abuse and denial-of-service. While `vm` provides strong isolation, it's not as absolutely foolproof as a separate process or `isolated-vm` (which is noted as a future enhancement in `CODEMODE_PLAN.md`), but for its intended use case as an intermediary for trusted AI agents, it provides a highly secure execution model. No obvious hardcoded secrets or malicious patterns were found.
Updated: 2026-01-18GitHub
PreviousPage 111 of 713Next