Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
3
Medium Cost
dnaerys icon

onekgp-mcp

by dnaerys

Sec1

Provides natural language access to the 1000 Genomes Project dataset for genomic variant analysis.

Setup Requirements

  • ⚠️Requires JRE 21 for runtime.
  • ⚠️Requires a connection to the public Dnaerys variant store service at db.dnaerys.org:7443.
  • ⚠️Local build requires Maven and packaging as a single über-jar.
Review RequiredView Analysis
The GrpcChannel component explicitly configures TLS with a 'TrustManager that trusts all certificates'. This completely disables certificate validation, making all TLS connections susceptible to Man-in-the-Middle (MITM) attacks, allowing potential eavesdropping or tampering with genomic data transmitted to and from the Dnaerys variant store. This is a severe security vulnerability.
Updated: 2025-12-14GitHub
36
8
Low Cost
microcmsio icon
Sec8

This server provides AI assistants access to microCMS documentation by searching and retrieving content from local Markdown files.

Setup Requirements

  • ⚠️Requires Node.js runtime environment.
  • ⚠️Documentation content must be present in the local `docs` directory alongside the server.
  • ⚠️The server exposes the content of its `docs` directory; ensure no sensitive data is stored there.
Verified SafeView Analysis
The server primarily reads `.md` files from a predefined local `docs` directory. It uses `path.join` and `fs.access` to construct and validate file paths, which helps mitigate basic path traversal attacks. The allowed categories for document search are explicitly defined, further restricting scope. No `eval` or direct `child_process` execution based on user input is observed. No hardcoded sensitive credentials. The main security consideration is ensuring the `docs` directory itself does not contain any unintentionally sensitive information.
Updated: 2026-01-19GitHub
36
1
Medium Cost
wullemsb icon
Sec7

Provides project documentation and resources to Large Language Models (LLMs) via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires .NET 9.0 SDK installed.
Verified SafeView Analysis
The server exposes file system access via `project://file/{path}` and `project://logs/{date}`. While the README states 'security restrictions' for file access, the exact implementation is not visible in the truncated code. Inadequate restrictions could lead to path traversal vulnerabilities and unauthorized data exposure. No other obvious critical risks like 'eval' or hardcoded secrets are present in the provided context. The server runs locally via STDIO, limiting network attack surface.
Updated: 2025-11-26GitHub
36
1
Medium Cost
onbirdev icon
Sec6

Integrates Moodle's web services with AI assistants and external systems using the Model Context Protocol (MCP), exposing Moodle functions as discoverable tools.

Setup Requirements

  • ⚠️Requires Moodle 4.2 or higher
  • ⚠️Requires PHP 8.0 or higher
  • ⚠️Moodle Web Services must be enabled and an external service/token manually configured via the Moodle admin UI.
Verified SafeView Analysis
The server defaults to `Access-Control-Allow-Origin: *`, which allows cross-origin requests from any domain. This is a significant security risk for production environments and should be explicitly configured to restrict origins. Token authentication via URL query parameters (`wstoken`) is supported as a fallback, which can lead to tokens being exposed in server logs or browser history, though it prioritizes the more secure `Authorization: Bearer` header. The plugin leverages Moodle's robust web service authentication and authorization system, and employs structured input/output validation, which are strong security practices.
Updated: 2025-12-13GitHub
36
7
High Cost
VISTA-Stanford icon

meds-mcp

by VISTA-Stanford

Sec9

A Medical Context Protocol (MCP) server for retrieving and analyzing de-identified patient EHR data, facilitating LLM-powered chat interaction and evidence review with medical ontologies and faceted search.

Setup Requirements

  • ⚠️Access to the MedAlign dataset requires approval from Stanford and a REDIVIS_ACCESS_TOKEN.
  • ⚠️Stanford APIM LLM access requires a VAULT_SECRET_KEY, Stanford VPN connectivity, and appropriate API credentials. The `secure-llm` library is a private dependency.
  • ⚠️A MeiliSearch server must be running locally on http://localhost:7700 for faceted search functionality.
  • ⚠️Requires Python 3.10+ and `uv` for dependency management.
Verified SafeView Analysis
No obvious malicious patterns or glaring vulnerabilities were found within the provided source code. Sensitive API keys are managed via environment variables (REDIVIS_ACCESS_TOKEN, VAULT_SECRET_KEY). The system explicitly notes data privacy concerns with LLMs and recommends specific providers for handling sensitive EHR data securely. The use of a private `secure-llm` library is a dependency outside this audit's scope, but it implies an attempt at secure LLM interaction.
Updated: 2026-01-19GitHub
36
7
Medium Cost
nmeierpolys icon

mcp-structured-memory

by nmeierpolys

Sec8

Provides structured, domain-specific memory management for AI agents to use in ongoing projects, storing accumulated context in local markdown files.

Setup Requirements

  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Requires local file system access for memory storage in platform-specific directories (e.g., `~/Library/Application Support/` on macOS, `~/.local/share/` on Linux).
  • ⚠️Requires manual configuration of the LLM client (e.g., Claude Desktop `mcpServers` entry) and explicit instructions added to the project context for the AI to effectively utilize the memory server's tools.
Verified SafeView Analysis
Input `memory_id` is well-sanitized to prevent path traversal vulnerabilities. Section names are used for content parsing and manipulation within a document, not directly for file paths, further mitigating risks. The server's core function involves writing LLM-generated markdown content to local files, which inherently relies on the trustworthiness of the LLM's output. No direct `eval` calls, obfuscation, or hardcoded sensitive secrets were identified. Error handling is present to prevent exposing raw stack traces.
Updated: 2026-01-13GitHub
36
2
High Cost
ai-endurance icon

mcp

by ai-endurance

Sec8

The AI Endurance MCP server provides conversational access to personal training data, workouts, performance analytics, and training plan management for runners, cyclists, and triathletes through AI assistants.

Setup Requirements

  • ⚠️Requires an AI Endurance account and active subscription.
  • ⚠️Access to Claude Pro or an MCP-compatible client is necessary.
  • ⚠️OAuth 2.0 authorization is required for initial setup, which involves granting access to your AI Endurance data.
Verified SafeView Analysis
The server leverages OAuth 2.0 for authentication with defined scopes ('read', 'write'), limiting data access to specific user profile, workout, activity, prediction, recovery, and race goal information. It explicitly states what the server *cannot* do (e.g., start plan generation, delete account, access payment info, delete historical activities). Without direct access to the server's executable source code, a comprehensive audit for low-level vulnerabilities (like SQL injection, XSS, or 'eval' usage) cannot be performed. However, the documented security architecture and clear data access boundaries suggest a robust design.
Updated: 2025-12-03GitHub
36
1
Low Cost
frknyldz icon
Sec9

Enables AI coding agents to access and search conversation history from various local AI tools like VS Code Copilot, Cursor, and Rovodev to maintain context across sessions.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Relies on specific local storage paths for AI tools (VS Code Copilot, Cursor, Rovodev); non-standard installations might require setting `VSCODE_STORAGE`, `CURSOR_STORAGE`, or `ROVODEV_HOME` environment variables.
  • ⚠️Installation is recommended via `pipx` for isolated global access or manual `venv` setup for development.
Verified SafeView Analysis
The server operates locally via STDIN/STDOUT (Model Context Protocol). It includes a robust `ContentFilter` module with default patterns to redact sensitive information like API keys, secrets, and private keys from conversation history, enhancing security for the data it processes. No hardcoded secrets were found within the application's own configuration or logic, and there is no usage of `eval` or similar dangerous patterns. It primarily reads local files, which inherently carries some risk if the files themselves are compromised, but the active filtering is a strong positive.
Updated: 2026-01-19GitHub
36
6
Medium Cost
fungiboletus icon

mcp_cafe

by fungiboletus

Sec9

Simulates technical discussions with various AI agent personalities to aid in problem-solving and brainstorming.

Setup Requirements

  • ⚠️Requires Ollama to be installed and running locally (or at a specified endpoint)
  • ⚠️Requires the specified Ollama model (default `gemma3`) to be available or pullable via Ollama
  • ⚠️Requires Python virtual environment setup and dependencies installed from `requirements.txt`
Verified SafeView Analysis
The server uses environment variables for configuration (Ollama endpoint, model, token), avoiding hardcoded secrets. It makes network calls to a specified Ollama endpoint, which defaults to localhost, minimizing external network risks. Authentication uses bearer tokens for Ollama if configured. No 'eval' or other dynamic code execution patterns were found. The primary security consideration would be configuring the Ollama endpoint to an untrusted external server, potentially exposing data.
Updated: 2025-11-28GitHub
36
3
Low Cost
alexha11 icon

Junction-2025

by alexha11

Sec6

The MCP Server acts as a bridge, exposing OPC UA (Open Platform Communications Unified Architecture) digital twin variables and historical data through an MCP (Microservice Communication Protocol) interface, enabling other services like AI agents to read, write, browse, and aggregate real-time industrial data.

Setup Requirements

  • ⚠️Requires an OPC UA server to be running and accessible at 'OPCUA_SERVER_URL'.
  • ⚠️Needs the 'opcua-client' Python library (e.g., 'python-opcua') and 'mcp' library to function correctly.
Verified SafeView Analysis
The MCP server binds to '0.0.0.0', making it accessible from all network interfaces. The 'write_opcua_variable' tool allows writing arbitrary float values to specified OPC UA variables, which could impact a physical system if this were a live digital twin and the MCP server were exposed externally without strong authentication and authorization. No explicit authentication or authorization mechanisms are detailed within the provided code snippets for the MCP server itself. While intended for internal Docker network communication, direct exposure could be a significant risk.
Updated: 2025-11-22GitHub
36
7
High Cost
elastic icon
Sec9

This MCP server exposes indexed code data to AI coding agents, enabling structured interaction for codebase understanding, code discovery, symbol analysis, and file content reconstruction.

Setup Requirements

  • ⚠️Requires a running Elasticsearch instance (v8.0+) with the ELSER model downloaded and deployed.
  • ⚠️A codebase must first be indexed using the Semantic Code Search Indexer (from the referenced GitHub repository).
  • ⚠️Requires Node.js v20+ and npm for local development/running outside Docker.
Verified SafeView Analysis
The server uses `JSON.parse` but only on internally generated and stringified data, which is a safe pattern. Configuration, including Elasticsearch credentials, is loaded from environment variables, preventing hardcoded secrets. There is no usage of 'eval' or other dynamic code execution from arbitrary inputs. External network calls are limited to the configured Elasticsearch instance. Overall, the security posture appears robust for its intended use.
Updated: 2026-01-13GitHub
36
7
Low Cost
Nicolaas0411 icon

investec-mcp

by Nicolaas0411

Sec8

An MCP server that integrates with the Investec Open Banking API, enabling AI agents to access banking information and perform transactions.

Setup Requirements

  • ⚠️Python 3.12+ is required.
  • ⚠️Requires an Investec Developer account with API credentials (Client ID, Client Secret, API Key).
  • ⚠️Requires `uv` for easy Python dependency management or manual `pip` installation.
  • ⚠️A Docker build step is required if deploying as a container.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive Investec API credentials, preventing hardcoding. It does not use `eval` or exhibit obfuscation. Network communication is via standard HTTP(S) and SSE. Error messages from tools might reveal some internal exception details, which could be refined for production. The primary security risk lies in the secure management of API keys and the deployment environment, as the server provides extensive banking access to an AI agent.
Updated: 2025-11-25GitHub
PreviousPage 119 of 713Next