Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
7
Medium Cost
shelfio icon

datadog-mcp

by shelfio

Sec9

Provides Datadog monitoring and management capabilities as a Model Context Protocol (MCP) server for Claude Desktop and other MCP clients.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires UV package manager (includes uvx).
  • ⚠️Requires Datadog API Key (DD_API_KEY) and Application Key (DD_APP_KEY) environment variables set.
Verified SafeView Analysis
The server uses environment variables for Datadog API credentials, which is good practice. Input validation is performed through `inputSchema` definitions for each tool, mitigating common injection risks. API calls use `httpx` and Datadog's official SDK client, relying on their internal security. There is a `DD_SITE` validation which uses a regex and warns for unknown sites but doesn't strictly block them, which is a minor flexibility over strictness trade-off.
Updated: 2026-01-13GitHub
36
7
Low Cost
opensolon icon
Sec7

This project provides example implementations for integrating Solon.AI features, including LLM chat, RAG (Retrieval Augmented Generation), and AI agent capabilities, into various Java frameworks (Spring Boot, Solon, Quarkus, JFinal, Vert.x) while demonstrating the use of the Model Context Protocol (MCP) for server endpoint functionality.

Setup Requirements

  • ⚠️Requires a local Ollama instance running and configured for LLM interaction (default API URLs point to 127.0.0.1:11434).
  • ⚠️Java compilation with `-parameters` flag is recommended for proper parameter name resolution in `@ToolMapping`, `@ResourceMapping`, and `@PromptMapping` annotations.
  • ⚠️Framework-specific setup is required for each example (e.g., Spring Boot, Quarkus, JFinal, Solon, Vert.x) for correct Solon.AI and MCP integration.
Verified SafeView Analysis
The project is an example repository, and some security-sensitive components are provided as basic demonstrations. For instance, `_Constants.java` hardcodes LLM API URLs (to localhost for Ollama), and `McpServerAuth.java` implements a rudimentary authentication check (`if ("no".equals(authStr))`) explicitly labeled as '仅为示例' (only for example). These are not suitable for production environments without robust configuration and proper authentication mechanisms. No 'eval', obfuscation, or overtly malicious patterns were identified. Running locally for demonstration is safe, but production deployment would require significant security hardening.
Updated: 2026-01-19GitHub
36
8
Medium Cost
miklevin icon

pipulate

by miklevin

Sec4

Pipulate is a local-first AI SEO software and digital workshop, designed to automate data saving/loading, web scraping, and SEO tasks using local LLMs and browser automation with robust error handling and server restart capabilities.

Setup Requirements

  • ⚠️Requires Nix package manager for environment setup and reproducibility.
  • ⚠️Requires a local LLM, specifically Ollama with Gemma 3 model, for AI functionalities.
  • ⚠️Requires a Google API Key for integration with Google's Generative AI models (e.g., Gemini-2.5-flash).
  • ⚠️The installer downloads an SSH key (`key.rot`) from `pipulate.com/key.rot` for Git operations within the Nix environment, requiring trust in this external resource.
Verified SafeView Analysis
The server-side JavaScript execution via `eval()` for WebSocket messages (e.g., in `assets/pipulate-init.js`) is a critical vulnerability if the WebSocket input can be compromised, allowing arbitrary code execution in the client's browser. While intended for server-controlled scripts in a local-first context, it represents a significant risk for public-facing deployments. The `install.sh` script employs a 'magic cookie' approach which downloads a ROT13-encoded SSH key from `pipulate.com/key.rot`. While ROT13 is not encryption, the reliance on a potentially exposed deploy key for git operations (even if handled by Nix later) could pose a risk if that key has write permissions. External API integrations (Botify, Google AI) mean trust in these services and secure API key management is essential. Dynamic command execution via `subprocess` in Python modules is present, requiring careful sanitization of any user-controlled input.
Updated: 2026-01-14GitHub
36
5
Medium Cost
WebMCP-org icon

webmcp-sh

by WebMCP-org

Sec8

Demonstrates a client-side AI agent memory and tool ecosystem using WebMCP, enabling structured knowledge management, conversation tracking, and interaction with web applications via browser-based PostgreSQL.

Setup Requirements

  • ⚠️Relies on the WebMCP standard and `@mcp-b` packages for AI agent interaction, which might require familiarity with this specific ecosystem and browser API (`navigator.modelContext`).
  • ⚠️Uses PGlite for client-side PostgreSQL database management entirely within WebAssembly (WASM) and IndexedDB, a non-traditional database setup that may differ from typical server-side databases.
  • ⚠️The Sentry DSN for error tracking is hardcoded in `main.tsx`, which is not ideal for production environments or custom deployments, and should be managed via environment variables.
Verified SafeView Analysis
Application focuses on client-side AI memory management using PGlite (PostgreSQL in browser WASM). SQL execution tools (`sql_query`) include explicit safety checks to block dangerous operations (e.g., DROP, TRUNCATE, ALTER, CREATE) and SQL injection patterns. An append-only audit log is implemented and explicitly protected from AI modification or deletion via database triggers, enhancing data integrity and accountability. The Sentry DSN is hardcoded in `main.tsx`, which is a minor security oversight but not a critical vulnerability.
Updated: 2025-12-12GitHub
36
3
Low Cost
paoloricciuti icon

dotprompts

by paoloricciuti

Sec9

A personal prompt management system exposed as a Model Context Protocol (MCP) server, enabling AI agents to access, create, update, and delete user-defined prompts.

Setup Requirements

  • ⚠️Requires a Turso or compatible SQLite database, configured via DATABASE_URL and DATABASE_TOKEN environment variables.
  • ⚠️Social login features necessitate setting up GitHub and Google OAuth applications, requiring GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, GOOGLE_CLIENT_ID, and GOOGLE_CLIENT_SECRET environment variables.
  • ⚠️The base URL for the authentication service, BETTER_AUTH_URL, must be correctly configured.
Verified SafeView Analysis
All sensitive information (database credentials, OAuth client IDs/secrets) are correctly sourced from private environment variables, preventing hardcoding. The 'better-auth' library is used for robust authentication and session management, including social logins (GitHub, Google). CRUD operations on prompts enforce user ownership, preventing unauthorized access or modification of other users' data. While the server uses broad CORS headers (Access-Control-Allow-Origin: *), which is typical for MCP integration, this is balanced by strong authentication and data access controls.
Updated: 2025-12-12GitHub
36
6
High Cost
spences10 icon

mcp-sqlite-tools

by spences10

Sec9

A Model Context Protocol (MCP) server for LLMs to safely and efficiently interact with local SQLite databases, providing comprehensive operations from schema management to query execution and transactions.

Setup Requirements

  • ⚠️Requires Node.js and pnpm (or npm/yarn) installed on the local machine.
  • ⚠️Operates exclusively on local SQLite database files, not remote databases.
  • ⚠️Default path validation restricts access to directories outside `SQLITE_DEFAULT_PATH`; users may need to explicitly configure `SQLITE_ALLOW_ABSOLUTE_PATHS` or `SQLITE_DEFAULT_PATH` for broader access.
Verified SafeView Analysis
The server implements robust security features including comprehensive input validation (Valibot), strict query classification (separating read-only, write, and schema operations), and path validation to prevent directory traversal attacks. It supports configurable path restrictions and uses parameterized queries to mitigate SQL injection. Resources are gracefully cleaned up on shutdown, and transaction safety is built-in. No direct 'eval' or other highly dangerous dynamic code execution patterns were identified. Its local nature, combined with these protections, makes it generally safe, provided the host environment is secure and configurations like `SQLITE_ALLOW_ABSOLUTE_PATHS` are managed carefully.
Updated: 2026-01-17GitHub
36
4
Medium Cost
AIConfigPlaza icon

acp

by AIConfigPlaza

Sec8

A platform for unified management, sharing, and synchronization of AI programming tool configurations (Agents, Prompts, MCP Services, Skills) across various AI IDEs.

Setup Requirements

  • ⚠️To run the full platform backend, .NET SDK is required. Essential environment variables like `ConnectionStrings:DefaultConnection` (for database), `Jwt:Key` (for JWT signing), `GitHub:ClientId`, and `GitHub:ClientSecret` must be configured.
  • ⚠️A GitHub OAuth App must be registered to obtain `Client ID` (for frontend and backend) and `Client Secret` (for backend) for user authentication. The `Authorization callback URL` must be correctly set for the GitHub app.
  • ⚠️A database compatible with the `DefaultConnection` string (e.g., PostgreSQL, SQL Server) must be available and configured for the backend.
Verified SafeView Analysis
The CLI component includes `sanitizeFileName` and `sanitizePath` functions to mitigate path traversal vulnerabilities during file writing, and prompts for user confirmation before overwriting existing files, which is a strong security practice. Backend configuration files (appsettings.json) correctly use placeholders for sensitive data (database connection strings, JWT keys, GitHub secrets), indicating external configuration is required. The frontend implements standard GitHub OAuth authentication with CSRF protection. No `eval()` or code obfuscation was detected.
Updated: 2026-01-13GitHub
36
3
Medium Cost
wearzdk icon
Sec9

Generates images using the Volcengine SeeDream model via the Model Context Protocol (MCP) for AI agents and clients.

Setup Requirements

  • ⚠️Requires a Volcengine API Key to function, which must be obtained and provided.
  • ⚠️Generated image links are temporary and typically expire after 24 hours.
  • ⚠️The API key is passed as a command-line argument, potentially visible in process lists; using environment variables is generally more secure for secrets.
Verified SafeView Analysis
The server explicitly requires a Volcengine API Key, passed as a command-line argument (--ark-key). While this avoids hardcoding, command-line arguments can sometimes be visible in process lists, which is less secure than using environment variables for sensitive keys. No 'eval' or other dynamic code execution patterns were found. Network communication is via HTTPS to the official Volcengine API.
Updated: 2025-12-06GitHub
36
6
Medium Cost
aegntic icon

cldcde

by aegntic

Sec2

A persistent context manager that scrapes, stores, searches, and analyzes AI conversations from various platforms (ChatGPT, Grok, Gemini, Claude) to support project development and insights.

Setup Requirements

  • ⚠️Requires Node.js / Bun runtime environment.
  • ⚠️Requires Chromium browser installed for Puppeteer web scraping functionality.
  • ⚠️Manages a local SQLite database file, requiring appropriate file system permissions.
Review RequiredView Analysis
CRITICAL: The `import_project_structure` and `export_conversations` methods in `aegntic-hive-mcp/server.js` directly use `filePath` arguments from user input in `fs.readFileSync` and `fs.writeFileSync` respectively. This constitutes a severe path traversal vulnerability, allowing an attacker to read arbitrary files from the system (e.g., `/etc/passwd`) or write arbitrary files to the system (e.g., overwrite critical system files or inject malicious code). Additionally, the use of Puppeteer for web scraping could introduce risks if the scraped websites contain malicious content that could affect the headless browser environment or if cookies/sensitive data are not handled securely (though `fs.writeFileSync` is used for cookies, exposing them on the local filesystem).
Updated: 2025-12-07GitHub
36
7
Low Cost
devsapp icon
Sec7

Converts an OpenAPI 3.0 Specification into a Model Context Protocol (MCP) Server instance, enabling AI models to interact with the defined API.

Setup Requirements

  • ⚠️Requires a valid OpenAPI 3.0 Specification to be provided (base64 encoded) during deployment.
  • ⚠️Requires an OpenAPI Security Configuration (base64 encoded) if the OpenAPI spec defines security schemes.
Verified SafeView Analysis
The server loads OpenAPI specifications and security configurations from local JSON files (`openapi.json`, `security.json`) at runtime. These files are expected to be generated during deployment from base64-encoded parameters (`OPENAPI_SPEC_BASE64`, `OPENAPI_SECURITY_CONFIG_BASE64`). The security of the deployed server heavily depends on the integrity and trustworthiness of these input specifications and how sensitive information (like API keys in `security.json`) is handled by the deployment platform. The `publish.yaml` does not explicitly mark `OPENAPI_SPEC_BASE64` or `OPENAPI_SECURITY_CONFIG_BASE64` as sensitive parameters, which could be a concern if they contain secrets that are not appropriately protected during the deployment process or at rest. No direct `eval` or remote code execution vectors are apparent in the provided Node.js source code.
Updated: 2026-01-19GitHub
36
7
Low Cost
1Dark134 icon

arxiv-mcp-server

by 1Dark134

Sec9

The server enables researchers to search for academic papers on arXiv, analyze citations and trends, and export data in multiple formats, with a stated aim for AI-assisted discovery and processing.

Setup Requirements

  • ⚠️Requires Python >= 3.13
  • ⚠️Full AI assistant features (e.g., generative summaries, question answering) are mentioned in the README but not implemented in the provided source code, implying potential external AI service integration (and associated costs/API keys) would be needed for their realization.
Verified SafeView Analysis
The source code does not contain 'eval' or obvious malicious patterns. Input validation through JSON schemas for MCP tools is a good practice. It interacts with the public arXiv API using httpx for HTTP requests and xml.etree.ElementTree for XML parsing. While parsing external XML always carries a minimal inherent risk, ElementTree is generally robust against common XML vulnerabilities. No hardcoded secrets were found. The 'AI assistant' features described in the README are not fully implemented in the provided source code snippets, which currently use existing paper abstracts for 'summaries' rather than generative AI.
Updated: 2026-01-19GitHub
36
8
Medium Cost
michaelwybraniec icon

mcp-agentic-sdlc

by michaelwybraniec

Sec7

A comprehensive framework for managing software development lifecycle with AI agents, combining structured development processes with intelligent workflow management.

Setup Requirements

  • ⚠️Requires Node.js (version >= 18).
  • ⚠️Requires npm for installation and build steps.
  • ⚠️Designed to be run as an MCP server, requiring client-side configuration with specific AI clients like Cursor or Claude Desktop.
Verified SafeView Analysis
The server uses `fs.mkdirSync` and `fs.writeFileSync` with a user-provided `appDir` parameter. While intended for project initialization in a controlled environment (MCP client), if the `appDir` input is not properly sanitized or validated by the calling client, it could potentially be exploited for directory traversal attacks, allowing file creation/modification outside the intended project directory.
Updated: 2026-01-18GitHub
PreviousPage 120 of 713Next