Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
1
Low Cost
samade747 icon
Sec8

A local AI model router and orchestration server for Claude Code, integrating multiple LLM providers (Gemini, OpenAI, etc.) with fallback capabilities and supporting Model Context Protocol (MCP) servers for tool execution.

Setup Requirements

  • ⚠️Node.js v18+ required
  • ⚠️API keys required for LLM providers (e.g., Google Gemini, OpenAI), which may incur costs
  • ⚠️Python and 'modelcontextprotocol' SDK required for optional MCP server functionality
Verified SafeView Analysis
The project explicitly warns against hardcoding API keys, recommends using environment variables, and advises keeping the router bound to '127.0.0.1'. The optional MCP server example demonstrates a 'list_files' tool, which could expose local file system information if misused by an LLM or if the MCP server's 'stdio' transport were redirected insecurely, but the provided setup is local and relatively contained. No critical vulnerabilities like 'eval' or obfuscation were found.
Updated: 2025-11-26GitHub
36
6
High Cost
stancld icon

rossum-mcp

by stancld

Sec6

An AI agent toolkit for Rossum document processing, enabling conversational automation of workflows, debugging of hooks, and configuration management across different environments.

Setup Requirements

  • ⚠️Requires a valid Rossum API Token (paid Rossum account).
  • ⚠️Requires AWS credentials configured for Bedrock access (paid AWS account, Bedrock service enabled).
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Redis is recommended for chat persistence and history (optional, but full functionality may be impacted without it).
Review RequiredView Analysis
The agent utilizes Python's `exec()` function within the `evaluate_python_hook` tool to execute user-defined code for hook debugging. While efforts are made to sandbox this execution (e.g., stripping imports, whitelisting built-ins), `exec()` inherently carries a significant risk for arbitrary code execution if the sandboxing mechanisms are bypassed. This makes the system more vulnerable if exposed to untrusted inputs. However, other security practices like using environment variables for sensitive credentials (API tokens, AWS keys), and implementing URL and file path sanitization for SSRF and path traversal prevention in the API, are well-observed.
Updated: 2026-01-19GitHub
36
8
Low Cost
real-LiHua icon
Sec9

Encodes and decodes text using characters from the 'Thousand Character Classic' (千字文) for unique text representation.

Setup Requirements

  • ⚠️Requires Python 3.10+ for Python integration.
  • ⚠️Requires Rust toolchain and Cargo for building from source.
  • ⚠️Requires Maturin for building Python extension from source.
Verified SafeView Analysis
The project uses Rust, which provides strong memory safety guarantees. Encoding involves `num-bigint` for numerical conversion of input text and `rand` for character selection, both used in standard, safe ways. Decoding reverses this process. There are no direct network requests within the core logic, no hardcoded secrets, and no use of `eval` or similar high-risk functions. The `uvx` or `pipx` execution methods fetch the repository from GitHub, which is an inherent network operation of those tools, not the application itself.
Updated: 2025-11-24GitHub
36
1
Medium Cost
PageLines icon

n8n-mcp

by PageLines

Sec8

Provides opinionated workflow automation for n8n, enforcing best practices, auto-fixing issues, and offering version control.

Setup Requirements

  • ⚠️Requires a running n8n instance URL (N8N_API_URL)
  • ⚠️Requires an n8n API Key with appropriate permissions (N8N_API_KEY)
Verified SafeView Analysis
The server's internal code is well-structured and does not use dangerous patterns like 'eval' or obfuscation. It actively validates against hardcoded secrets and IDs in n8n workflows it manages, recommending environment variables for sensitive data. Network requests are made to a configurable n8n API URL and webhook endpoints, which is standard for its functionality. Security relies heavily on the secure management of the N8N_API_KEY used to connect to the n8n instance.
Updated: 2026-01-16GitHub
36
2
Low Cost
baptiste-mnh icon

bigrack.dev

by baptiste-mnh

Sec8

Provides intelligent, local-first context and task management for AI assistants like Claude Code and Cursor, enhancing their ability to plan complex features, maintain persistent context, and validate business rules during software development.

Setup Requirements

  • ⚠️Requires initial download of an ~80MB vector embedding model (Xenova/all-MiniLM-L6-v2) upon first `bigrack init`.
  • ⚠️Initial repository and project creation, as well as context management, are primarily designed to be performed via an AI assistant (using MCP tools) rather than direct CLI commands, which are "not yet available" for some core features like `bigrack_create_repo` and `bigrack_store_context`.
  • ⚠️Requires Node.js >= 20.0.0 and npm >= 9.0.0.
Verified SafeView Analysis
The project is designed as a local-first application, reducing inherent network attack surfaces. It uses SQLite for local storage and Prisma ORM, which generally handles SQL injection risks through parameterized queries. Tool arguments are defined with JSON schemas, indicating input validation. The `execSync` calls in scripts are for known system commands (like `claude mcp list` or `git rev-parse`) which, while `execSync` is generally discouraged for untrusted input, appear to be used in controlled contexts. No obvious `eval` or obfuscation. The local GUI server could have XSS/CSRF concerns, but its local nature mitigates external exploitation. Overall, good practices for a local application, with risks primarily tied to the execution environment or local data handling.
Updated: 2025-12-10GitHub
36
5
Low Cost
Alexander-Panov icon

finam-mcp

by Alexander-Panov

Sec8

Integrate Finam Trade API with AI assistants for natural language trading operations via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires 'uv' (or 'uvx') for dependency management and execution.
  • ⚠️Requires Finam Trade API Key and Account ID (FINAM_API_KEY, FINAM_ACCOUNT_ID) configured via environment variables or HTTP headers.
  • ⚠️Requires an MCP client (e.g., Claude Desktop, Cursor, VS Code) to interact with the server.
Verified SafeView Analysis
The server securely handles API keys by requiring them via environment variables or HTTP headers, avoiding hardcoded secrets. It utilizes standard Python libraries (`httpx`) for robust network requests and pydantic for data validation. Sensitive trading operations (`place_order`, `cancel_order`) are explicitly marked with `meta={'sensitive': True}` for client awareness. No use of dangerous functions like `eval` or `exec` was found. Security depends on the user's careful handling of Finam API keys and the inherent robustness of the Finam Trade API itself.
Updated: 2026-01-19GitHub
36
1
Medium Cost
omri3193 icon
Sec8

Orchestrates multiple AI agents for complex reasoning and real-time information retrieval, integrating large language models with web search capabilities.

Setup Requirements

  • ⚠️Requires `GROQ_API_KEY` environment variable.
  • ⚠️Requires `TAVILY_API_KEY` environment variable.
  • ⚠️The `Screenshot 2025-12-29 095100.png` image file must be present in the project root for the frontend UI to display correctly without errors.
Verified SafeView Analysis
The code uses `subprocess.run` for internal service orchestration with hardcoded commands, which is safe. API keys are loaded from environment variables. There are no obvious code-level vulnerabilities like `eval()` with user input or hardcoded secrets. Standard LLM application risks such as prompt injection exist but are not code-specific vulnerabilities here. The `requests.post` to localhost is an internal communication.
Updated: 2026-01-19GitHub
36
6
Medium Cost
kweinmeister icon

fast-diff-mcp

by kweinmeister

Sec9

Provides a high-performance text diffing service for LLMs, enabling them to compare text blocks and receive differences in unified diff format via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Rust Toolchain to compile the Python extension.
  • ⚠️Requires `uv` for Python environment and package management, instead of standard `pip`.
Verified SafeView Analysis
The server binds to '0.0.0.0' by default, meaning it listens on all network interfaces. While common for containerized or local servers, it requires proper network segmentation or firewalling if exposed publicly without additional authentication. No 'eval', hardcoded secrets, or obvious malicious patterns were found in the source code. The core functionality is safe string diffing.
Updated: 2026-01-11GitHub
36
4
Medium Cost
mcpland icon

mock-mcp

by mcpland

Sec7

Facilitates AI-generated mock data for testing web applications by bridging test runners with Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires an MCP (Model Context Protocol) client (e.g., Cursor, Claude Desktop) to be configured and running separately to generate mock data.
  • ⚠️The test runner must set the `MOCK_MCP=1` environment variable to enable mock generation.
  • ⚠️Tests need to use an HTTP interception library (e.g., `fetchMock`, Playwright's `page.route`) to route requests to `mock-mcp`.
Verified SafeView Analysis
The server primarily acts as a conduit between a test process and an external AI client. While the server's code itself appears robust without direct `eval` or obvious vulnerabilities, a critical security consideration lies in the trust placed in the AI-generated data. The server forwards mock data supplied by the AI client without deep validation against the original OpenAPI schema (only structural validation is performed on the mock data arguments, not content). This means if the external AI client is compromised or manipulated (e.g., via prompt injection), it could generate malicious data (e.g., XSS payloads, SQL injection strings) that is then injected into the test environment. While the server doesn't execute this malicious data, it acts as the delivery mechanism.
Updated: 2025-11-22GitHub
36
6
Medium Cost
wxkingstar icon

doc-hub-mcp

by wxkingstar

Sec8

Provides offline, local Markdown document retrieval and resource reading capabilities for IDEs, Agents, or debugging tools, primarily focused on WeChat Work and Feishu developer documentation.

Setup Requirements

  • ⚠️Node.js version 20.18 or higher is strictly required due to dependency requirements.
  • ⚠️Requires manual configuration of the `DOC_ROOT` environment variable if Markdown documents are not located in the default 'docs/', 'wecom/', or 'feishu/' directories.
  • ⚠️The initial setup and first launch using `npx` may involve downloading over 100MB of data and can take several minutes to complete.
Verified SafeView Analysis
The server's file access is strictly confined to configured document root directories (e.g., 'docs/', 'wecom/', 'feishu/' or a custom path via `DOC_ROOT`). The internal path handling mechanism (`path.relative`, `path.join`, `encodeResourcePath`, `decodeResourcePath`) is designed to prevent path traversal vulnerabilities from client-provided resource URIs. However, if the `DOC_ROOT` environment variable (an administrator-level configuration) is intentionally or inadvertently set to an untrusted or overly broad path (e.g., `/`), it could expose sensitive files readable by the Node.js process to any client with MCP access.
Updated: 2026-01-19GitHub
36
9
Medium Cost
schemacrawler icon

SchemaCrawler-AI

by schemacrawler

Sec6

Provides an AI-powered interface for natural language database schema exploration, analysis, visualization, and SQL assistance.

Setup Requirements

  • ⚠️Requires JDBC connection details to a database (e.g., URL, user, password), provided via environment variables.
  • ⚠️Requires a Java Runtime Environment or Docker to run.
  • ⚠️The MCP Server transport type (`SCHCRWLR_MCP_SERVER_TRANSPORT`) must be explicitly configured as 'http' or 'stdio', otherwise it defaults to 'stdio' and might not be accessible over the network as expected.
  • ⚠️Relies on Spring AI framework for its core functionality.
Verified SafeView Analysis
The HTTP transport profile in `application.yaml` explicitly allows all origins (`allowed-origin: '*'`), which is a Cross-Origin Resource Sharing (CORS) vulnerability for public APIs, though potentially intended for flexible AI agent integration. User-provided regular expressions for filtering database objects are directly used in `InclusionRule`s, posing a potential Regular Expression Denial of Service (ReDoS) risk if not adequately validated or sandboxed by the underlying SchemaCrawler library. Stack traces are logged to the client on exceptions (`logExceptionToClient`), which can lead to information disclosure. No hardcoded secrets or obvious command injection vulnerabilities were found. Database credentials are handled via environment variables.
Updated: 2026-01-19GitHub
36
25
High Cost
Eth3rnit3 icon

FerrumMCP

by Eth3rnit3

Sec7

A browser automation server for AI assistants, enabling interaction with web pages through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Ruby 3.2+.
  • ⚠️Docker deployments require `--security-opt seccomp=unconfined` for Chromium to function.
  • ⚠️BotBrowser profiles, used for anti-detection, require separate licensing or purchase.
  • ⚠️The `solve_captcha` tool requires `whisper-cli` to be installed and available on the system.
Verified SafeView Analysis
The server is designed for trusted environments and should not be publicly exposed without additional security layers. It implements XSS/XPath injection prevention, API key authentication, and rate limiting (when enabled). It features non-root Docker execution and session isolation. Inherent risks like arbitrary JavaScript execution and file system access (for screenshots) are present but managed with explicit caveats. Logging of full backtraces is a potential concern if logs are not secured.
Updated: 2025-12-29GitHub
PreviousPage 117 of 713Next