Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

37
9
Medium Cost
opentiny icon

tiny-robot

by opentiny

Sec9

A Vue 3 component library and AI interaction kit for building AI-powered frontend applications, providing UI components and a unified API interface to interact with various large AI models.

Setup Requirements

  • ⚠️Requires API keys for AI providers (e.g., OpenAI, DeepSeek, custom providers) to function, which are typically paid services.
  • ⚠️For Aliyun Speech Handler in demos, specific `appKey` and `token` are needed, and proxy forwarding might be required for real-time WebSocket recognition.
  • ⚠️The project is a client-side library and does not include its own backend 'MCP Server'; it provides components to interact with external AI/MCP servers.
Verified SafeView Analysis
The project is a client-side Vue component library and an AI interaction kit. API keys for external AI providers (e.g., OpenAI, DeepSeek, Aliyun) are passed via configuration objects (AIModelConfig) and are expected to be securely managed by the implementing application. Demo code includes placeholder API keys for Aliyun, which must be replaced. No direct backend server processing sensitive data is provided within this codebase; it's a client for external AI/MCP services. Standard browser APIs (Web Speech API, IndexedDB) are used, and client-side markdown/HTML sanitization (Dompurify) is available for UI components.
Updated: 2026-01-18GitHub
37
3
Medium Cost
kateleext icon

claude-memory

by kateleext

Sec9

Provides Claude Code with persistent memory by indexing past conversations, enabling recall of decisions, context, and work across sessions.

Setup Requirements

  • ⚠️Python 3.10+ required
  • ⚠️Requires Claude Code installed and 'claude' CLI available
  • ⚠️Requires existing Claude Code conversation logs in ~/.claude/projects/ to be useful
Verified SafeView Analysis
The server operates locally, reading `.jsonl` conversation logs from `~/.claude/projects/` and writing `memory-notes.json`. It does not expose network services, use `eval`, or contain hardcoded credentials. Data processing involves parsing JSONL and extracting specific fields, with file paths obtained from assistant tool calls, not executing arbitrary code. The `run.sh` script sources a local `.env` file for configuration, a standard and safe practice. The architecture ensures local data handling without external data transmission or high-risk operations.
Updated: 2025-12-06GitHub
37
8
Medium Cost
luiscarbonel1991 icon

nlp2sql

by luiscarbonel1991

Sec9

Converting natural language queries to optimized SQL for enterprise databases using multiple AI providers.

Setup Requirements

  • ⚠️Requires API keys for commercial AI providers (OpenAI, Anthropic, Google Gemini), which incur costs.
  • ⚠️A database connection is required for meaningful operation, necessitating a running PostgreSQL, Redshift, or similar database.
  • ⚠️For Claude Desktop environments, `NLP2SQL_EMBEDDINGS_DIR` must be set to a writable directory to store embedding indexes.
  • ⚠️Initial startup of the MCP server can be slow (~30-50s) due to schema loading and embedding model initialization, though subsequent calls are fast (~3-5s) due to caching.
Verified SafeView Analysis
The server implements robust SQL injection prevention by strictly allowing only SELECT, WITH, and EXPLAIN queries and blocking all DDL/DML operations (INSERT, UPDATE, DELETE, DROP, etc.). It also prevents multiple statements in a single query and enforces row limits to mitigate resource exhaustion. API keys and database credentials are read from environment variables, which is a secure practice. No 'eval' or obvious malicious patterns were found. The primary risk would be from a highly sophisticated bypass of the SQL validation regex, which is a general challenge for such systems.
Updated: 2026-01-17GitHub
37
11
Medium Cost
voocel icon

mcp-sdk-go

by voocel

Sec8

A Go SDK for building applications that communicate with large language models and external tools via the Model Context Protocol (MCP), supporting both client and server implementations.

Setup Requirements

  • ⚠️Go programming language runtime and toolchain required.
  • ⚠️For Streamable HTTP transport, developers must explicitly configure `SetAllowedOrigins` to prevent DNS rebinding attacks if client-side browser usage is expected.
  • ⚠️The unofficial WebSocket transport explicitly disables origin checks, requiring custom CSRF protection if used in production and exposed to browsers.
Verified SafeView Analysis
The SDK generally demonstrates good security practices, especially with its robust middleware system for logging, recovery, timeouts, rate limiting, and authentication. Input validation for tool arguments is enforced via JSON Schema inference, significantly reducing injection risks. The Streamable HTTP transport (the latest recommended HTTP transport) correctly implements maximum body size limits and provides an opt-in mechanism for origin validation to prevent DNS rebinding attacks. However, there are some notable areas for improvement: 1) The SSE transport (marked as backward compatible/older) reads entire request bodies without size limits, which could expose servers to Denial-of-Service attacks via large payloads. 2) The unofficial WebSocket transport explicitly disables origin checks (`CheckOrigin: func(r *http.Request) bool { return true }`), introducing a significant CSRF risk if used without custom origin validation. 3) Origin validation for the Streamable HTTP transport is opt-in and not enabled by default, requiring explicit configuration by the developer for full protection.
Updated: 2026-01-18GitHub
37
15
High Cost
CursorTouch icon

MCP-Agent

by CursorTouch

Sec3

An autonomous AI agent designed to discover, connect to, and utilize tools and resources from various Model Context Protocol (MCP) servers to accomplish tasks.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires an external LLM API Key (e.g., GOOGLE_API_KEY for Google Gemini, which may be a paid service).
  • ⚠️The agent is designed to execute arbitrary commands (e.g., for installing MCP server dependencies) on the host system. Running it without a sandboxed environment (e.g., Docker with restricted permissions) is highly risky.
  • ⚠️Connecting to `stdio` based MCP servers might require additional local runtime dependencies (e.g., Node.js/npm, specific Python versions) that are not part of the agent's `pyproject.toml`.
Review RequiredView Analysis
The `StdioTransport` is designed to execute arbitrary commands (e.g., `npm`, `python`, `uv`) via `asyncio.create_subprocess_exec` on the host system. This is based on `command` and `args` defined in MCP server configurations, which can be user-provided or dynamically discovered from external sources (e.g., GitHub). This fundamental capability allows the agent to run any code on the host, presenting a critical security risk if interacting with malicious or unvetted MCP servers, or if the agent itself is compromised. While `ast.literal_eval` is used for parsing LLM action inputs, it is generally safer than `eval()` and less of a concern compared to arbitrary subprocess execution.
Updated: 2026-01-08GitHub
37
6
Low Cost
portel-dev icon

photon

by portel-dev

Sec9

A multi-tenant platform for hosting and executing AI/ML "Photons" (modular tools/services) with robust authentication, session management, and OAuth capabilities, supporting various data stores.

Setup Requirements

  • ⚠️Requires 32+ character secrets (e.g., `SERV_JWT_SECRET`, `SERV_ENCRYPTION_KEY`, `SERV_STATE_SECRET`) for production deployments.
  • ⚠️For production, requires external data stores such as Redis, Cloudflare D1, or Cloudflare KV; the default is in-memory for development.
  • ⚠️OAuth providers (e.g., Google, GitHub) must be manually configured with their respective `clientId` and `clientSecret`.
Verified SafeView Analysis
The server architecture includes robust authentication (Bearer tokens, JWT, PKCE for OAuth), session management, and a dedicated Token Vault using AES-256-GCM with tenant-specific keys, indicating strong security considerations. The `src/serv/local.ts` file explicitly generates random secrets for local development, which is good practice for non-production environments. While the `eval()` function is present in a test fixture (`tests/beam/fixtures/calculator.photon.ts`), it is not found in the core `src/serv` server logic, thus its impact on the production server is minimal. Overall, the system appears well-designed for secure operations, provided production secrets are managed correctly.
Updated: 2026-01-19GitHub
37
10
High Cost
alishangtian icon

proteus-ai

by alishangtian

Sec4

A workflow execution engine that orchestrates multi-agent systems, integrates various tools, and provides a sandboxed environment for code execution to solve complex tasks.

Setup Requirements

  • ⚠️Requires Docker for full environment setup (including the code sandbox and Redis).
  • ⚠️Requires Redis for session management, conversation history, scratchpad, tool memory, and SOP memory.
  • ⚠️Requires MySQL for database interaction nodes (DbQueryNode, DbExecuteNode, MysqlNode).
  • ⚠️Requires Ollama for embedding models used by the SOP Memory Manager.
  • ⚠️Requires various API keys (e.g., for LLMs, Serper, Caiyun, and Sandbox API key), some of which are decrypted using a `CRYPTO_SECRET_KEY` environment variable.
  • ⚠️BrowserAgentNode requires Chrome/Chromium browser and its executable path configured.
  • ⚠️The sandbox service runs Python 3.12+ (as indicated by Dockerfiles).
Review RequiredView Analysis
The primary security risk lies in the PythonExecuteNode, which sends arbitrary Python/Shell code to an external sandbox service (running in-process `exec`). Although the sandbox attempts to apply safety checks and resource limits, `exec` is notoriously difficult to fully secure against malicious code. There is a potential for sandbox escapes, resource exhaustion, or unintended side effects if a sophisticated attacker provides malicious input. Additionally, web crawling nodes and interactions with external MCP servers introduce dependencies on the security of third-party services and require robust input validation to prevent issues like SSRF or data leakage. File writing operations also require careful handling to avoid path traversal vulnerabilities.
Updated: 2026-01-18GitHub
37
7
Medium Cost
robotmcp icon

robot-mcp-client

by robotmcp

Sec6

Integrate a Google Gemini LLM with ROS/ROS2 robots via a Model Context Protocol (MCP) server for natural language control.

Setup Requirements

  • ⚠️Requires `GOOGLE_API_KEY` from Google AI Studio (commercial LLM, potential cost).
  • ⚠️Requires an active instance of `ros-mcp-server` (external project) to be installed and running.
  • ⚠️Requires `rosbridge` to be running on the target robot.
  • ⚠️The `mcp.json` configuration for `ros-mcp-server` command path must be correctly set, especially for WSL users requiring `/mnt/c/` paths.
  • ⚠️Requires Python 3.10+ and either `uv` or `pip` for dependency management.
Verified SafeView Analysis
The client executes an external command specified in `mcp.json` to start the `ros-mcp-server` (`uv run server.py`). If the `mcp.json` file is tampered with or the specified `ros-mcp-server` itself is malicious, arbitrary code could be executed. Users must ensure the integrity of their `mcp.json` configuration and the `ros-mcp-server` instance. The client correctly loads the `GOOGLE_API_KEY` from an environment file, avoiding hardcoded secrets.
Updated: 2026-01-19GitHub
37
7
High Cost
youdotcom-oss icon

youdotcom-mcp-server

by youdotcom-oss

Sec9

Provides AI agents with real-time access to web information, including search, AI-powered answers, and content extraction, through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires You.com API Key (Paid, available via you.com/platform/api-keys)
  • ⚠️Requires Bun or Node.js (version >=18)
Verified SafeView Analysis
The server code demonstrates good security practices: - No direct usage of 'eval' or similar dangerous functions found in the provided source code. - API keys (YDC_API_KEY) are consistently handled via environment variables or explicitly passed configuration, preventing hardcoding of sensitive credentials. - External network calls are directed to You.com's official API endpoints (ydc-index.io, api.you.com), which are expected for its core functionality. - Input schemas for tools are rigorously validated using Zod, mitigating risks from malformed or malicious inputs. - Robust error handling is implemented for API calls, providing informative messages and generating pre-filled error report links rather than exposing raw system details. - The codebase structure, use of TypeScript, and reliance on established libraries (Hono, Bun, Zod) contribute to overall code quality and maintainability, indirectly enhancing security.
Updated: 2026-01-19GitHub
37
2
Low Cost
duolingo icon

slack-mcp

by duolingo

Sec9

A read-only Model Context Protocol (MCP) server for Slack, providing secure, multi-user access to Slack data through a set of API tools.

Setup Requirements

  • ⚠️Requires a Slack App to be created with specific user token scopes and redirect URLs configured.
  • ⚠️Requires `SLACK_CLIENT_ID` and `SLACK_CLIENT_SECRET` environment variables to be set.
  • ⚠️Local development for OAuth requires an HTTPS proxy (e.g., ngrok) to handle Slack's HTTPS-only callback requirement.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in its OAuth and session management. It explicitly implements immutable session-to-user bindings and uses cryptographically secure state parameters for CSRF protection during the OAuth flow. Environment variables are used for sensitive credentials (Client ID/Secret), preventing hardcoding. It leverages well-established libraries like `fastmcp`, `fastapi`, and `slack-sdk`. No direct 'eval' or other obvious arbitrary code execution vectors were found. The primary risk would be misconfiguration of environment variables or allowing access to untrusted clients, which is external to the code's direct vulnerabilities.
Updated: 2025-11-25GitHub
37
10
Medium Cost
friendsofhyperf icon

mcp-server

by friendsofhyperf

Sec9

A Hyperf-based server implementation of the Model Context Protocol (MCP) to manage and serve AI tools, resources, and prompts.

Setup Requirements

  • ⚠️Requires an existing Hyperf ~3.1.0 project setup, as this is a Hyperf component.
  • ⚠️PHP >= 8.1 is strictly required.
  • ⚠️Redis PHP extension is required if using Redis for session management, though InMemorySessionStore is the default.
Verified SafeView Analysis
The server framework itself appears robust, following Hyperf's dependency injection principles. It relies on the security of the underlying `mcp/sdk` and user-implemented handlers. Configuration-driven class discovery means that if configuration files were compromised, malicious classes could be loaded, but this is a standard risk for any framework. No hardcoded credentials or obvious arbitrary code execution vectors were found in the provided source code. The HTTP transport handles CORS headers and uses standard PSR-7 message processing.
Updated: 2025-11-30GitHub
37
6
Low Cost
kweinmeister icon

toon-mcp

by kweinmeister

Sec8

This server provides tools to encode JSON into TOON format and decode TOON back to JSON, primarily for optimizing LLM prompts and context by reducing token count.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Requires manual configuration in Gemini CLI settings (`~/.gemini/settings.json`) to register as an MCP server.
  • ⚠️The quick start uses `npx` to run directly from a Git repository, which implies trusting the repository's code at the time of execution.
Verified SafeView Analysis
The server uses the `@toon-format/toon` library for core encoding/decoding, and `JSON.parse` for handling input JSON strings. While `JSON.parse` is generally safe against code injection, an attacker controlling the input `json` string could potentially craft malformed JSON that triggers unexpected behavior in the `toon` library. The server is built using `FastMCP` which likely includes standard web server security practices like rate limiting. No direct 'eval' or malicious patterns are observed in the provided source code, and network exposure is handled by the `FastMCP` SDK.
Updated: 2026-01-16GitHub
PreviousPage 113 of 713Next