Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

97
678
Medium Cost
johnhuang316 icon

code-index-mcp

by johnhuang316

Sec9

Intelligent code indexing and analysis for Large Language Models, enabling tasks such as code review, refactoring, documentation generation, debugging assistance, and architectural analysis.

Setup Requirements

  • ⚠️Requires Python 3.10+ and `uv` for easy installation and execution.
  • ⚠️Relies on external command-line search tools (ugrep, ripgrep, ag, grep) for advanced search functionality; falls back to basic Python search if unavailable.
  • ⚠️File monitoring requires the `watchdog` library to be installed.
  • ⚠️On Windows, `uvx` may require `HOME`, `APPDATA`, `LOCALAPPDATA`, `SystemRoot` environment variables to be set for stable startup.
  • ⚠️On macOS, for large projects using the `kqueue` file watcher, increasing `ulimit -n` may be necessary.
Verified SafeView Analysis
The server employs robust path validation to prevent directory traversal and uses `subprocess.run` with careful argument handling (`--` before pattern) to mitigate shell injection risks when executing external search tools (ugrep, ripgrep, ag, grep). It includes regex safety checks to prevent ReDoS attacks and a FIFO concurrency limiter to mitigate resource exhaustion. File size and line limits are also in place during indexing. No hardcoded secrets were found in the core server logic; sample projects included environment variable fallbacks for secrets.
Updated: 2026-01-09GitHub
97
524
Medium Cost
brave icon
Sec8

Integrates the Brave Search API to provide comprehensive search functionalities including web, local, image, video, news, and AI-powered summarization through an MCP server.

Setup Requirements

  • ⚠️Requires a Brave Search API Key, with Free plans having limitations and Pro plans required for full local search and AI summarization capabilities.
  • ⚠️Requires Node.js 20 or higher to run.
  • ⚠️The default transport mode is STDIO; for HTTP communication, the `BRAVE_MCP_TRANSPORT` environment variable or `--transport` command-line argument must be set to `http`.
Verified SafeView Analysis
The server uses Zod for robust input validation on all tool parameters, significantly reducing common injection risks. API keys are properly handled via environment variables, not hardcoded. The `@modelcontextprotocol/sdk` is used for transport and RPC, which is expected to provide a secure communication layer. However, the internal rate-limiting for calls to the Brave API (`checkRateLimit()`) is currently commented out, which means the server relies solely on the upstream Brave API's rate limits. This could lead to API key exhaustion if not managed by external factors.
Updated: 2026-01-18GitHub
97
1142
Medium Cost
taylorwilsdon icon

google_workspace_mcp

by taylorwilsdon

Sec9

Provides comprehensive natural language control over Google Workspace services (Gmail, Calendar, Drive, Docs, Sheets, Slides, Forms, Tasks, Chat, Custom Search) through MCP clients and AI assistants.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with OAuth 2.0 'Desktop Application' credentials (Client ID and Client Secret).
  • ⚠️Requires specific Google Workspace APIs (Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Tasks, Chat, Custom Search) to be enabled in your Google Cloud Project.
  • ⚠️Requires `GOOGLE_OAUTH_CLIENT_ID` and `GOOGLE_OAUTH_CLIENT_SECRET` to be set as environment variables (or via `.env` file, `client_secret.json`, or Helm chart secrets).
Verified SafeView Analysis
The server employs robust security practices, including a strong emphasis on loading sensitive credentials (Google OAuth Client ID and Secret, Custom Search API Key/Engine ID) from environment variables or Kubernetes secrets, explicitly discouraging hardcoding. It supports OAuth 2.1 for multi-user, bearer token authentication, with an `AuthInfoMiddleware` to process and validate tokens. A stateless mode (`WORKSPACE_MCP_STATELESS_MODE=true`) is available for containerized deployments to avoid file system writes. Attachment handling for Drive files uses temporary storage with expiration. The `create_drive_file` tool's support for fetching content from `file://`, `http://`, and `https://` URLs, while a powerful feature, could be a potential SSRF vector if the execution environment is not secured. Warnings regarding `OAUTHLIB_INSECURE_TRANSPORT=1` for development-only HTTP redirects are clearly stated, emphasizing HTTPS for production. The Helm chart sets good defaults for pod security contexts (non-root, dropped capabilities). Overall, the project demonstrates a high level of security awareness.
Updated: 2026-01-07GitHub
97
596
Medium Cost
elastic icon
Sec8

Connects Model Context Protocol (MCP) clients to Elasticsearch instances, enabling natural language queries and interactions with Elasticsearch indices and data.

Setup Requirements

  • ⚠️Requires an existing Elasticsearch instance (8.x or 9.x).
  • ⚠️Requires Elasticsearch authentication credentials (API key or username/password).
  • ⚠️Primarily distributed as a Docker image, requiring Docker for deployment.
  • ⚠️Explicitly stated as deprecated, superseded by Elastic Agent Builder's MCP endpoint.
  • ⚠️The `ES_SSL_SKIP_VERIFY` flag bypasses SSL verification, which can be insecure if misused.
Verified SafeView Analysis
The server is implemented in Rust, offering strong memory safety. Authentication relies on standard Elasticsearch API keys or username/password, typically provided via environment variables, or passed through an 'Authorization' HTTP header from the MCP client. The `ES_SSL_SKIP_VERIFY` option, if set to `true`, bypasses critical SSL/TLS certificate verification, which is a significant security risk and should be avoided in production environments. No 'eval' or similar dynamic code execution patterns are observed.
Updated: 2026-01-19GitHub
97
408
High Cost
jina-ai icon

MCP

by jina-ai

Sec7

A remote Model Context Protocol (MCP) server that provides access to Jina Reader, Embeddings and Reranker APIs with a suite of URL-to-markdown, web search, image search, and embeddings/reranker tools.

Setup Requirements

  • ⚠️A Jina AI API Key is required for most tools; optional for some, but higher rate limits and performance necessitate it. A free key is available upon signup.
  • ⚠️The server is designed for deployment on Cloudflare Workers, implying a Cloudflare account is needed for production. Local development uses `wrangler dev`.
  • ⚠️The `VITE_GHOST_API_KEY` environment variable is required for the `search_jina_blog` tool to function.
Verified SafeView Analysis
The server acts as a proxy to various Jina AI APIs and can fetch arbitrary external URLs for content reading and screenshot capture. While deployed on Cloudflare Workers (which provides some isolation) and employing URL normalization and API key checks, fetching user-provided external content always carries inherent risks like large payloads or unexpected data. No 'eval' or hardcoded secrets were identified; API keys are expected via environment variables or headers. Error handling for API calls is present.
Updated: 2026-01-15GitHub
97
518
Low Cost
GoogleCloudPlatform icon

cloud-run-mcp

by GoogleCloudPlatform

Sec7

Enables MCP-compatible AI agents to deploy applications to Google Cloud Run, abstracting underlying GCP infrastructure operations.

Setup Requirements

  • ⚠️Requires an active Google Cloud Platform account with billing enabled.
  • ⚠️Requires Google Cloud SDK to be installed and Application Default Credentials to be set up (`gcloud auth application-default login`).
  • ⚠️Node.js (LTS recommended) must be installed to run locally, or Docker for containerized local execution. When running in HTTP mode, host validation is disabled by default.
Verified SafeView Analysis
By default, the HTTP server disables `ENABLE_HOST_VALIDATION`, which can make it vulnerable to DNS Rebinding attacks if exposed publicly without a proxy. Users are explicitly warned about this and provided with options to enable host validation via environment variables. `SKIP_IAM_CHECK` defaults to `true`, making deployed Cloud Run services publicly accessible, which is a configurable deployment choice rather than a code vulnerability. No 'eval' or obvious obfuscation detected. Relies on standard Google Cloud SDKs for authentication and API interactions.
Updated: 2026-01-19GitHub
97
511
High Cost
neiltron icon

apple-health-mcp

by neiltron

Sec9

Query and analyze personal Apple Health data using SQL for health insights and automated reports.

Setup Requirements

  • ⚠️Requires Apple Health data exported as CSV files using the 'Simple Health Export CSV' iOS app.
  • ⚠️The `HEALTH_DATA_DIR` environment variable must be set to the path of the unzipped health export directory.
  • ⚠️Requires Node.js (or Bun) installed for `npx` execution.
Verified SafeView Analysis
The server uses an in-memory DuckDB instance and explicitly forbids DML/DDL operations ('drop', 'delete', 'truncate', 'insert', 'update', 'create table', 'alter') in the 'health_query' tool, allowing only SELECT statements. It processes local CSV files from a user-defined directory (`HEALTH_DATA_DIR`). The primary security considerations revolve around ensuring the `HEALTH_DATA_DIR` is trusted (as malicious CSV content could theoretically lead to resource exhaustion) and the robustness of the SQL query validation, which is a keyword-based check. Given it's designed as an internal MCP server for local data, these measures provide a high level of safety against typical external threats.
Updated: 2026-01-16GitHub
97
425
Medium Cost
archestra-ai icon

archestra

by archestra-ai

Sec9

A platform for securely deploying, orchestrating, and managing Model Context Protocol (MCP) servers and their AI-powered tools within an enterprise environment.

Setup Requirements

  • ⚠️Requires Kubernetes for full orchestration of local MCP servers.
  • ⚠️Requires Docker, Node.js 20, or Python 3.12+ for custom MCP server development.
  • ⚠️External LLM API keys (e.g., OpenAI, Anthropic) are required for core chat and AI functionalities.
  • ⚠️HashiCorp Vault setup is necessary for advanced Bring-Your-Own-Secrets (BYOS) management in enterprise deployments.
Verified SafeView Analysis
The Archestra platform demonstrates a strong commitment to security through features like non-root user execution for MCP servers, minimal Alpine Linux base images, robust Role-Based Access Control (RBAC), Single Sign-On (SSO) integration, comprehensive secrets management (including HashiCorp Vault support), and advanced policy enforcement against prompt injections and data exfiltration (e.g., Trusted Data Policies, Dual LLM sub-agents). The codebase also uses a linter rule to prevent `noExplicitAny`, contributing to code quality. While `node -e` is used to execute the base server script, this is a controlled deployment mechanism for a known script and not a vector for arbitrary user code execution.
Updated: 2026-01-19GitHub
96
310
High Cost
microsoft icon
Sec8

Connects AI agents to Power BI semantic models to enable natural language interaction for building, modifying, and managing data models.

Setup Requirements

  • ⚠️Requires GitHub Copilot (which typically implies a paid subscription) and GitHub Copilot Chat extensions.
  • ⚠️Requires Visual Studio Code for the recommended installation path.
  • ⚠️Connecting to a Semantic Model in a Fabric workspace may not work in all tenants due to ongoing client ID rollout for authentication.
Verified SafeView Analysis
The server explicitly states that it uses Azure Identity SDK for secure credential handling and does not store tokens directly. It offers `--readonly` mode and confirmation prompts for operations. However, the README provides strong warnings about the inherent risks when connecting AI agents, including potential for unintended changes, exposure of sensitive information by LLMs, and the need for user backups and adherence to least-privilege RBAC. The actual executable code was not provided for a full audit, so this score is based on documented claims and warnings. Users are responsible for their client LLM's security and compliance.
Updated: 2026-01-12GitHub
96
296
Low Cost
19-84 icon
Sec8

Archiving and providing AI-optimized access to Reddit-like platform data via a PostgreSQL-backed system and a RESTful API.

Setup Requirements

  • ⚠️Requires a PostgreSQL database to store archive data.
  • ⚠️Requires Docker and Docker Compose for full stack deployment (recommended for ease of setup).
  • ⚠️Python 3.10 or newer is required to run the application.
  • ⚠️The 'uv' Python package installer/manager is recommended for local development dependencies.
  • ⚠️External command-line tools like `zstandard` (for .zst files) and `7zip` (for .7z files) may be needed for importing specific archive formats.
Verified SafeView Analysis
The project implements rate limiting, CSRF protection, and parameterized queries for SQL injection prevention within its API. Input validation regex whitelists are used to sanitize user input. Docker containers for core services are configured with read-only filesystems. Wildcard CORS is explicitly enabled for the public archive API. Peripheral 'tools' use 'sudo docker exec psql' which requires elevated Docker privileges but is not part of the continuously running server. The 'POSTGRES_PASSWORD' in `docker-compose.yml` defaults to 'CHANGE_THIS_PASSWORD' and requires user modification for security.
Updated: 2026-01-19GitHub
96
337
Low Cost
bitbonsai icon

mcp-obsidian

by bitbonsai

Sec9

Provides a secure, universal AI bridge for Obsidian vaults, enabling MCP-compatible AI assistants to read, write, and manage notes.

Setup Requirements

  • ⚠️Requires Node.js runtime (v18.0.0 or later).
  • ⚠️Requires an absolute path to your Obsidian vault directory.
  • ⚠️ChatGPT Desktop integration is limited to Enterprise, Education, or Team subscriptions.
Verified SafeView Analysis
The server demonstrates a strong focus on security, crucial for interacting with personal knowledge bases. It explicitly prevents path traversal with `resolvePath` checks, filters access to sensitive directories like `.obsidian`, `.git`, and `node_modules` via `PathFilter`, and whitelists file extensions (`.md`, `.markdown`, `.txt`). Frontmatter input is validated to prevent dangerous YAML structures (functions, symbols) and ensure data integrity. Destructive operations like `delete_note` require explicit confirmation. Communication occurs over stdio, limiting network exposure. The `README` and `SECURITY.md` are thorough in outlining security measures and best practices. No `eval` or unsafe command execution patterns were found. This server is designed for safe operation within its defined scope.
Updated: 2026-01-12GitHub
96
269
High Cost
m1rl0k icon
Sec7

Self-improving code search and context engine for IDEs and AI agents, providing hybrid semantic/lexical search, symbol graph navigation, and persistent memory.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for local stack deployment.
  • ⚠️Requires Python 3.8+ with `requests`, `urllib3`, `charset_normalizer` installed for client scripts.
  • ⚠️Optional LLM models (e.g., Llama.cpp .gguf, GLM, OpenAI) may require significant computational resources (GPU, RAM) or API keys.
  • ⚠️Kubernetes cluster (1.19+) and `kubectl` are required for Kubernetes deployment.
Review RequiredView Analysis
The system extensively uses `subprocess.run` and `subprocess.Popen` for internal orchestration (e.g., Git commands, Python scripts, Docker operations). This introduces a potential risk of shell injection if user inputs (e.g., file paths, queries) are not rigorously sanitized. While environment variables are used for secrets (e.g., `GITHUB_TOKEN`, `OPENAI_API_KEY`), default passwords like 'contextengine' for Neo4j exist in development configurations. Network communication between services (MCP, Qdrant, Llama.cpp) is managed, but exposed ports require network segmentation in production. The `ctxce` CLI, driven by the VS Code extension, also represents a potential attack surface.
Updated: 2026-01-19GitHub
PreviousPage 12 of 713Next