Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
7
Medium Cost
neverinfamous icon

sqlite-mcp-server

by neverinfamous

Sec10

Provides an MCP interface for an SQLite database, offering a wide range of data management, advanced analytics, JSON processing, text/vector search, and geospatial capabilities.

Setup Requirements

  • ⚠️Requires SQLite 3.45.0+ for full JSONB support.
  • ⚠️Docker is the recommended installation method for quick start and Cursor IDE integration.
  • ⚠️Requires Python 3.10+.
  • ⚠️Geospatial features rely on the SpatiaLite extension being installed and discoverable on the system (e.g., `mod_spatialite.dll` on Windows).
Verified SafeView Analysis
The server demonstrates a strong commitment to security, particularly against SQL injection. It consistently uses parameterized queries for all SQL operations, preventing common injection vectors. Additionally, dedicated security checks are implemented in `jsonb_utils.py` and `json_helpers.py` to detect and reject suspicious SQL patterns within JSON data and paths. There is no usage of 'eval' or similar dangerous dynamic code execution. Communication happens via stdio, reducing external network attack surface. Tool filtering (`tool_filtering.py`) allows reduction of attack surface by disabling unneeded functionalities. No hardcoded secrets were found.
Updated: 2026-01-13GitHub
36
6
High Cost
merterbak icon

Grok-MCP

by merterbak

Sec9

Provides an MCP server interface to xAI's Grok API, enabling access to agentic tool calling, image generation, vision, and reasoning models.

Setup Requirements

  • ⚠️Requires xAI API Key (Paid service)
  • ⚠️Requires Python 3.11 or higher
  • ⚠️Requires Astral UV for dependency management
  • ⚠️Local image/file path handling often requires a separate 'Filesystem MCP' server setup for full functionality within clients like Claude Desktop.
Verified SafeView Analysis
API key (XAI_API_KEY) is loaded from environment variables. Code execution for agentic tools is handled on xAI's side, not locally, which is a good security practice. Input validations are present for search parameters (e.g., max domain/handle limits). Local file access for images and file uploads (`image_paths`, `file_path`) relies on the surrounding MCP environment (e.g., Filesystem MCP) to ensure path safety and trusted access; without proper mediation, direct exposure of these tools to untrusted inputs could pose path traversal risks.
Updated: 2026-01-13GitHub
36
7
Medium Cost
tenzir icon

mcp

by tenzir

Sec7

The Tenzir MCP Server enables AI assistants to interact with Tenzir, a data pipeline engine for security operations, by providing tools for TQL execution, OCSF schema querying, package management, and code generation.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires a local Tenzir installation, 'uvx' (with 'uv' installed), or the 'TENZIR_BINARY' environment variable set, for pipeline and test execution.
  • ⚠️For bootstrapping or rebuilding embedded data (documentation, OCSF schemas), 'git' and 'pnpm' (Node.js package manager) are required system dependencies.
Verified SafeView Analysis
The server's core functionality involves executing external Tenzir binaries and test frameworks (`tenzir` and `tenzir-test`) via `asyncio.create_subprocess_exec`. While arguments are generally passed as a list to mitigate shell injection, the `TENZIR_BINARY` environment variable (if set) determines the executable, posing a risk if configured maliciously (e.g., pointing to a harmful script or containing command separators). User-provided TQL code for `run_pipeline` and `run_test` is executed by this external binary, meaning vulnerabilities could exist within the Tenzir binary or TQL itself when processing untrusted input. Initial bootstrapping of documentation and OCSF schemas involves cloning a Git repository and running `pnpm` commands, requiring external network access and Node.js dependencies, but this occurs in a temporary directory and is not user-controlled at runtime.
Updated: 2026-01-17GitHub
36
1
Low Cost
matbanik icon
Sec8

Provides a production-ready scaffolding for AI-assisted development, offering persistent memory, context, and a suite of specialized tools to AI agents.

Setup Requirements

  • ⚠️Requires Node.js and npm for installing `pomera-ai-commander` and `@modelcontextprotocol/server-sequential-thinking` globally.
  • ⚠️Requires Python `uv` package manager (installed via `pip install uv`) for `mcp-text-editor`.
  • ⚠️Requires manual creation and population of `api-keys.local.json` with API keys for external services (Brave Search, Google Custom Search, Gmail OAuth credentials, Microsoft Graph) for full functionality.
  • ⚠️Requires specific configuration steps for integrating MCP servers into the user's IDE (Cursor, VS Code + Cline, Windsurf, Zed, Claude Desktop), often involving editing JSON configuration files or using dedicated UI.
Verified SafeView Analysis
The project demonstrates good security practices for handling API keys (recommending `.local.json` and `.gitignore`), and OAuth tokens (pickle files for self-generated tokens in secure subdirectories). SQL queries are parameterized, preventing injection. External command execution via `subprocess.run` is primarily for system checks and dependency installation, mostly with fixed arguments or commands verified to be safe. The primary security considerations involve the trustworthiness of the external Node.js and Python packages (`pomera-ai-commander`, `mcp-text-editor`, `@modelcontextprotocol/server-sequential-thinking`) that the project facilitates the installation and configuration of. If these external tools are compromised, the system could be vulnerable.
Updated: 2026-01-17GitHub
36
5
High Cost
sandst1 icon

remind

by sandst1

Sec9

Generalization-capable memory layer for LLMs that extracts, stores, and retrieves semantic concepts from raw episodic experiences, mimicking human memory consolidation.

Setup Requirements

  • ⚠️Requires API keys for OpenAI, Anthropic, or Azure OpenAI (typically paid services).
  • ⚠️If using Ollama, requires a local Ollama server running and models pulled (e.g., 'llama3.2', 'nomic-embed-text').
  • ⚠️Requires Python 3.11+.
  • ⚠️Building the Web UI requires Node.js/npm and running 'cd web && npm install && npm run build'.
Verified SafeView Analysis
The server explicitly restricts database names to prevent path traversal vulnerabilities. API keys are sourced from environment variables, not hardcoded. JSON parsing from LLM output is handled with error recovery. Overall, the design demonstrates good security practices for its intended use.
Updated: 2026-01-19GitHub
36
1
Low Cost
adriancs2 icon

Claude-MCP

by adriancs2

Sec8

Extends Claude Desktop's capabilities with surgical file editing, database operations, and document processing.

Setup Requirements

  • ⚠️Requires Windows operating system.
  • ⚠️Requires .NET Framework 4.8 runtime.
  • ⚠️Requires Claude Desktop to function as the client.
  • ⚠️Manual creation and configuration of 'allowed_directories.txt' and 'mysql_constr.txt' are necessary.
Verified SafeView Analysis
The server includes strong local security features such as 'Allowed Directories' to restrict file access to user-defined paths, and 'Caller Validation' to ensure requests originate from Claude Desktop. Configuration for sensitive operations like MySQL uses external files ('mysql_constr.txt'), avoiding hardcoded secrets within the executable. Automatic backups mitigate data loss from edits. While it inherently handles high-privilege operations (file/DB access, HTTP requests), the design incorporates specific mitigations for common risks. No 'eval' or obfuscation is indicated.
Updated: 2025-12-08GitHub
36
7
High Cost
everford icon

fetcher-mcp

by everford

Sec7

Fetching and processing web page content (HTML to Markdown) using a headless browser for AI-driven applications.

Setup Requirements

  • ⚠️Requires a Node.js environment (version >= 18) to run.
  • ⚠️Playwright Chromium browser binaries must be installed using `npx playwright install chromium` before the server can operate.
Verified SafeView Analysis
The Playwright browser context is configured to `ignoreHTTPSErrors: true` by default, which bypasses SSL/TLS certificate validation. This can expose the client to Man-in-the-Middle (MITM) attacks when fetching content from untrusted networks or malicious sites. While potentially useful in specific debugging or problematic scenarios, it reduces the overall security posture for web fetching. The tool otherwise appears to be safe from direct malicious intent, and `disableMedia` is true by default, reducing some attack surface.
Updated: 2025-12-15GitHub
36
6
Medium Cost
connectaman icon

Pitchlense-mcp

by connectaman

Sec9

Provides AI-powered, multi-category risk analysis for startups, aiding in investment due diligence, growth potential evaluation, and portfolio risk management.

Setup Requirements

  • ⚠️Requires `GEMINI_API_KEY` for Google Gemini AI (paid service).
  • ⚠️Requires `SERPAPI_API_KEY` for Google News and PDF search (paid service).
  • ⚠️Requires `PERPLEXITY_API_KEY` for advanced web search and synthesis (paid service).
  • ⚠️For Google Cloud specific tools (e.g., Vertex AI RAG, Agent Builder, GCS operations), `GOOGLE_CLOUD_PROJECT`, `GOOGLE_APPLICATION_CREDENTIALS`, and `VERTEX_AI_LOCATION` environment variables are required, necessitating a Google Cloud project and service account setup.
Verified SafeView Analysis
The server demonstrates strong security practices for handling API keys, consistently loading them from environment variables (`os.getenv`) rather than hardcoding. Input validation is present for `startup_text`. There's no evidence of direct `eval` or `exec` on user-provided input. File uploads in the GCP Cloud Function are handled by downloading to the `/tmp` directory, which is standard for temporary serverless storage, and processing relies on LLM-based content extraction rather than arbitrary code execution. LLM prompts include explicit `SECURITY INSTRUCTIONS` to prevent prompt injection and generate professional, unbiased content. The `GoogleContentModerationMCPTool` currently uses a *mock* keyword-based check, which is a functional limitation (not actual Google moderation) but is transparently stated and doesn't introduce a code vulnerability. Network risks are inherent with multiple external API calls (Gemini, Perplexity, SerpAPI), but robust error handling is implemented.
Updated: 2026-01-13GitHub
36
5
Low Cost
aparsoft icon
Sec8

This server provides a comprehensive Text-to-Speech toolkit for content creators and developers, integrating with AI tools via the Model Context Protocol (MCP), offering CLI and Streamlit interfaces, and supporting audio enhancement and multi-engine TTS (Kokoro, Indic, OpenVoice).

Setup Requirements

  • ⚠️Requires specific system dependencies like `espeak-ng`, `ffmpeg`, and `libsndfile1`, which may require manual installation on Windows.
  • ⚠️High RAM requirements for multi-engine setups: 4GB for Kokoro only, 6GB+ for OpenVoice, 8GB+ for Indic, and 10GB+ for all engines combined.
  • ⚠️Python dependencies require specific installation options (e.g., `pip install -e ".[complete]"` for full features) and some engines like Indic and OpenVoice have additional git-based `pip install` commands and model checkpoint downloads.
Verified SafeView Analysis
The server primarily operates locally (stdio transport by default). An optional HTTP server (`run_http_server.py`) can bind to `0.0.0.0`, which could expose it to the local network if not behind a firewall. File operations (saving/deleting audio/scripts) are generally confined to dedicated output/temp directories (`outputs/`, `logs/`, `temp/`), reducing arbitrary file system access risks. The `normalize_path` function attempts to handle various path formats robustly for user-provided file paths, which is good practice to prevent path traversal, but careful auditing of user input against this function is always recommended. No clear hardcoded secrets or malicious patterns were identified.
Updated: 2025-12-14GitHub
36
7
High Cost
PStryder icon

MemoryGate

by PStryder

Sec7

MemoryGate provides durable memory-as-a-service for AI agents, combining structured storage, semantic search, OAuth-based authentication, and lifecycle controls for retention and archiving.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for embedding generation (unless `EMBEDDING_PROVIDER` is set to 'none' or 'local_cpd').
  • ⚠️Requires PostgreSQL with pgvector extension for full semantic search capabilities (SQLite fallback available, but lacks vector search).
  • ⚠️Full OAuth functionality requires configuring credentials for Google, GitHub, and PStryder Desktop environments.
  • ⚠️Python 3.11+ is recommended.
Verified SafeView Analysis
The server implements strong authentication mechanisms including OAuth 2.0 + PKCE, API keys with bcrypt hashing, and an ASGI middleware to protect MCP endpoints, preventing unauthorized access and OpenAI API usage. Rate limiting and security headers are configured by default. However, a high-severity timing attack vulnerability exists in `oauth_discovery.py` for `OAUTH_CLIENT_SECRET` comparison (not using `secrets.compare_digest`), which could potentially aid in credential disclosure via side-channel attacks. Previous critical issues like in-memory OAuth state storage and API key prefix collisions appear to be resolved. No 'eval' or other obviously malicious patterns were found.
Updated: 2026-01-17GitHub
36
7
Medium Cost
INPAYXWEB3 icon

INPAYX

by INPAYXWEB3

Sec2

Develops and manages autonomous, evolving AI agents on the Solana blockchain for Web3 interactions, including trading, governance, and data analysis, treating code as a living, self-mutating organism.

Setup Requirements

  • ⚠️Requires Solana wallet with SOL for transaction fees (devnet/testnet for development).
  • ⚠️Optimal AI training/inference may require GPU/TPU hardware acceleration.
  • ⚠️Multiple language toolchains (Node.js, Python, Go, Rust) must be installed.
  • ⚠️Default hardcoded secrets in Python and Go backends are present; production deployment requires setting environment variables for all secrets.
Review RequiredView Analysis
Critically low due to multiple hardcoded JWT secret keys across Python and Go backends, severe authorization bypasses (e.g., hardcoded user ID in Go JWT middleware), arbitrary code execution vulnerability via `torch.load` (allowing malicious model uploads), and excessively broad CORS/WebSocket origin policies (`AllowAllOrigins = true`). Private key handling in client-side JavaScript examples also poses a significant risk if deployed as-is. These issues make the system highly vulnerable to unauthorized access, data breaches, and remote code execution.
Updated: 2026-01-16GitHub
36
7
Low Cost
OleksandrKucherenko icon

mcp-obsidian-via-rest

by OleksandrKucherenko

Sec7

An MCP server that enables AI assistants to read, search, and interact with Obsidian notes via its Local REST API, supporting multiple network transports and self-healing connections.

Setup Requirements

  • ⚠️Requires Obsidian Desktop running with the 'Local REST API' community plugin enabled and configured.
  • ⚠️A valid Obsidian API Key (minimum 32 characters) is required and must be provided via environment variables.
  • ⚠️Network access to Obsidian's REST API is critical, often requiring specific firewall rules (e.g., Windows Firewall for WSL2 setups) to allow inbound connections to port 27124.
Verified SafeView Analysis
The Obsidian API client uses `rejectUnauthorized: false` for HTTPS connections, which is a significant security risk in general but might be a practical necessity for local, self-signed Obsidian REST APIs. The HTTP transport defaults to binding on `0.0.0.0` (all interfaces), requiring external firewall configuration (as advised in documentation) to prevent unauthorized access. Test secrets (API keys, VNC passwords) are present in test-specific Docker Compose files, which is acceptable for non-production code. Authentication for the HTTP transport is implemented via Bearer tokens, which is a good practice when enabled.
Updated: 2026-01-18GitHub
PreviousPage 116 of 713Next