Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
4
Medium Cost
Traves-Theberge icon

PDFlow

by Traves-Theberge

Sec9

Transform PDF documents into structured data (Markdown, JSON, XML, etc.) using multimodal AI, with web UI, CLI, and AI agent integration.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (free tier has usage limits, paid tier recommended for heavy use).
  • ⚠️Relies on external system dependencies `pdftocairo` (from poppler-utils) and `imagemagick` for PDF-to-image conversion, which need to be installed system-wide or are included in the Docker image.
  • ⚠️Requires Node.js 20+ for local development due to Next.js 16 requirements.
Verified SafeView Analysis
The project demonstrates a strong focus on security. Explicit path validation functions (`isValidPathComponent`, `getSecureFilePath`) are implemented to prevent directory traversal in API routes. The `child_process.spawn` method is used over `exec` with arguments passed as an array to prevent command injection when executing shell scripts. API keys are managed client-side in `sessionStorage` or via environment variables, not hardcoded. Docker configuration uses a non-root user (`nextjs:nodejs`), `read_only: true` for the filesystem (with exceptions for necessary write directories), `no-new-privileges:true`, and resource limits, adhering to robust container security practices. The MCP server also implements file path validation against a configurable list of `ALLOWED_DIRECTORIES`.
Updated: 2025-11-21GitHub
36
17
Low Cost
0GiS0 icon
Sec9

This server provides examples of Model Context Protocol (MCP) implementations, integrating the YouTube API to enable Large Language Models (LLMs) like GitHub Copilot Chat to search for YouTube channels and videos.

Setup Requirements

  • ⚠️Requires a YouTube API Key (must be obtained from Google Cloud Console).
  • ⚠️Requires Node.js v18.0.0 or higher.
Verified SafeView Analysis
The project follows good security practices by loading API keys from environment variables (YOUTUBE_API_KEY) using `dotenv`. Input validation for tool arguments is implemented with `Zod`, which helps prevent malformed input issues. The server relies on the `@modelcontextprotocol/sdk` for MCP handling and `express.js` for the remote (SSE) transport, which are widely used and maintained libraries. No 'eval', obfuscation, or immediately identifiable malicious patterns were found in the provided source code. For production deployments of the remote server, further consideration of web security headers and access control might be beneficial beyond what the SDK provides.
Updated: 2026-01-07GitHub
36
6
Low Cost
tonybentley icon

signalk-mcp-server

by tonybentley

Sec9

Provides AI agents with efficient, token-optimized access to SignalK marine data through secure V8 isolate code execution.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher
  • ⚠️Requires access to a running SignalK server
  • ⚠️Docker recommended for easy setup of a local SignalK server (e.g., for E2E testing)
Verified SafeView Analysis
The server uses a V8 isolate sandbox (via 'isolated-vm') to execute agent-provided JavaScript code. This architecture provides strong security by isolating the code from the Node.js host environment. Key security features include: no access to Node.js globals (e.g., process, require), no direct filesystem access, no direct network access (all external interactions are through controlled, RPC-style bindings), enforced memory limits (128MB), and execution timeouts (30s). SignalK authentication tokens are handled by the binding layer and are not exposed to the agent's code in the isolate. No 'eval' or similar dangerous patterns are used directly in the main Node.js process to execute untrusted code.
Updated: 2025-11-26GitHub
36
2
High Cost
suchwow-sysadmin icon

claude-code-factchecker

by suchwow-sysadmin

Sec9

AI-powered fact-checking and research assistant for long-form content, verifying factual claims, citations, and generating comprehensive reports.

Setup Requirements

  • ⚠️Anthropic Claude subscription required (paid)
  • ⚠️MCP server (e.g., Hyperbrowser) requires Docker Desktop (for Magic Mode)
  • ⚠️Node.js required for Claude Code setup
Verified SafeView Analysis
The repository itself consists mainly of Markdown and XML configuration files, which pose minimal direct security risks. The system relies on an external MCP (Multi-Modal Communication Protocol) server (e.g., Hyperbrowser) configured via `npx -y @hyperbrowserai/mcp`. The security of the overall system depends on the robustness of the chosen MCP server, the underlying Node.js environment, and Claude Code itself. The protocol's design to independently verify user assertions is a positive security feature against misinformation.
Updated: 2025-12-09GitHub
36
6
Low Cost
tivaliy icon

mcp-xray

by tivaliy

Sec8

A lightweight server that bridges the MCP protocol with the Atlassian Jira Xray API, exposing Xray functionality via FastMCP for integration with AI language models or other clients.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires an Xray API Personal Access Token (PAT) from a Jira Xray Server/Data Center instance.
  • ⚠️The Xray OpenAPI spec (JSON format only) must be obtained and manually curated, as no single official complete spec is provided by Xray.
  • ⚠️Requires `uv` for easy installation as there is no PyPI package yet, necessitating a `uvx --from git+https://...` command.
Verified SafeView Analysis
The project uses standard practices for handling sensitive information, primarily relying on environment variables for API tokens. No direct hardcoding of secrets is evident. Network communication for fetching OpenAPI specs or connecting to Xray API uses `httpx.AsyncClient` with `raise_for_status()` for error handling. The primary security consideration outside the codebase itself is the manual curation and maintenance of the Xray OpenAPI specification, which could lead to discrepancies if not validated.
Updated: 2025-12-03GitHub
36
1
Low Cost
fabriciodf icon
Sec8

Provides AI assistants with access to Prometheus metrics and PromQL query execution through standardized Model Context Protocol (MCP) interfaces.

Setup Requirements

  • ⚠️Requires a running Prometheus server accessible from the server's environment.
  • ⚠️Requires Python 3.10+ for direct execution outside of Docker.
  • ⚠️The full demo environment (including UI and LLM for PromQL generation) requires Docker, Docker Compose, and a 1-2GB Ollama model download.
Verified SafeView Analysis
The server uses environment variables for sensitive data (Prometheus credentials) and runs as a non-root user ('app') within its Docker container, which are good security practices. It performs external HTTP requests to a Prometheus server, with an explicit configurable option (`PROMETHEUS_URL_SSL_VERIFY=False`) to disable SSL verification, which is logged as insecure. The `PROMETHEUS_CUSTOM_HEADERS` variable uses `json.loads` to parse custom headers, which is generally safe for its intended purpose of adding HTTP headers. No `eval` or similar dangerous patterns were identified.
Updated: 2025-11-27GitHub
36
1
Low Cost
shizhMSFT icon

diagnose-mcp

by shizhMSFT

Sec7

Transparent proxy for debugging and monitoring Model Context Protocol (MCP) servers, including local (stdio) and remote (HTTP/WebSocket) servers, with file monitoring capabilities.

Setup Requirements

  • ⚠️Requires Go 1.25.4 or later.
  • ⚠️Azure CLI is required for the `setup-azure-blob-logging.sh` helper script, if Azure Blob logging is desired.
  • ⚠️Binary needs to be built or installed locally before use (e.g., `go build -o diagnose-mcp ./cmd/diagnose-mcp`).
Verified SafeView Analysis
The server's core functionality involves executing user-provided binaries and arguments (`os/exec`). While this is expected for a proxy, it means `diagnose-mcp` can execute arbitrary code if its inputs (`<server-binary>`, `[server-args...]`) are untrusted. It passes all parent environment variables to the child process, which could expose sensitive data. The remote proxy mode connects to arbitrary URLs, potentially to malicious endpoints. File watching can lead to resource exhaustion with very large, rapidly changing files if not managed (though a 100KB content limit is a mitigation). Azure Blob Storage logging relies on a user-provided SAS token, which must be managed securely (short-lived, not hardcoded) by the user.
Updated: 2025-12-04GitHub
36
6
High Cost
domdomegg icon

gmail-mcp

by domdomegg

Sec8

Manages Gmail emails programmatically, enabling AI systems to read, send, archive, and perform other email operations on behalf of a user.

Setup Requirements

  • ⚠️Requires manual creation and configuration of Google OAuth 2.0 Client ID and Client Secret (or a direct access token for stdio transport) via Google Cloud Console.
  • ⚠️Requires enabling the Gmail API in your Google Cloud Project to interact with Gmail.
  • ⚠️Requires Node.js (version >=18) and npm to be installed for local execution.
Verified SafeView Analysis
The server functions as an OAuth proxy for the Google Gmail API. It is designed to be stateless and does not persistently store user access or refresh tokens, which is a significant security advantage. Google OAuth client credentials (ID and Secret) are correctly sourced from environment variables, preventing hardcoding. Input and output data for tools are rigorously validated using Zod schemas, mitigating risks from malformed requests. A token validation cache is implemented to efficiently check token validity and provide appropriate HTTP 401 responses, enabling clients to handle token expiration gracefully. The primary security consideration for deployment is the protection of the Google OAuth Client ID and Secret that the server uses to proxy authentication. If the server is exposed publicly, robust network security measures (e.g., HTTPS, appropriate firewall rules, secure hosting environment) are critical to safeguard these credentials. No 'eval' or other directly malicious code patterns were found.
Updated: 2026-01-07GitHub
36
7
Low Cost
UiPath icon
Sec9

Provides a framework for building MCP servers that manage and report on long-running, blocking operations with real-time progress and logging for automation and system tasks.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️The 'uv' package manager is recommended for dependency management and virtual environment setup (`uv venv`, `uv sync`).
  • ⚠️Requires a UiPath Automation Cloud account and a Personal Access Token with Orchestrator API Access scopes for authentication (`uipath auth`).
  • ⚠️Requires the `UIPATH_FOLDER_PATH` environment variable to be set for local debugging of folder-scoped servers.
Verified SafeView Analysis
The 'Long Running Operations MCP Server' sample code itself is straightforward, primarily utilizing `asyncio.sleep` and standard Python types for timed delays. It does not directly handle arbitrary user code execution, file system modifications based on user input, or sensitive network interactions beyond its core MCP communication channel. Sensitive configurations like API tokens are expected via environment variables. The broader `uipath-mcp` SDK includes examples (e.g., 'mcp-dynamic-server', 'mcp-functions-server') that employ `exec` for dynamic code execution, which inherently carries security risks. However, these mechanisms are not present in the specific 'Long Running Operations MCP Server' sample being analyzed. The server relies on a trusted `mcp.json` configuration for defining its command and arguments, which, if tampered with, could introduce risks to the underlying platform.
Updated: 2026-01-15GitHub
36
7
Low Cost
crowecawcaw icon

click-mcp

by crowecawcaw

Sec4

A Python library that enables AI agents to interact with Click CLI applications by converting commands into Model Context Protocol (MCP) tools.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️The security of the server depends on the careful design of the underlying Click CLI commands, as it directly exposes them to external agents.
Review RequiredView Analysis
The server's core functionality involves taking parameters from an MCP client (e.g., an AI agent) and directly passing them as arguments to a Click CLI application for execution via `cli_group.main(args=args)`. This design inherently means that `click-mcp` acts as a conduit for executing commands on the host system. If the underlying Click application contains commands that can perform destructive actions, access sensitive resources, or execute arbitrary code (e.g., through `os.system`, `subprocess.run`, or `eval` if poorly implemented within the Click command's logic) based on user-supplied input, then an MCP client could potentially trigger these actions. The `click-mcp` library itself does not introduce direct `eval` or similar dangerous patterns, but it enables the execution of the decorated Click commands with parameters controlled by the client. Therefore, the overall security largely depends on the care with which the developer implements and exposes their Click commands.
Updated: 2026-01-12GitHub
36
6
Low Cost
jddunn icon

tenets

by jddunn

Sec9

Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.

Setup Requirements

  • ⚠️Requires Python 3.9+ to be installed.
  • ⚠️Requires `pip install tenets[mcp]` for MCP server functionality; ML features require `tenets[ml]` extra package (2GB+ download).
  • ⚠️Manual configuration (JSON file editing) is often needed for AI clients (Cursor, Claude Desktop), though a VSCode extension simplifies this for VSCode users.
  • ⚠️The `tenets-mcp` executable path needs to be correctly specified in IDE configurations, especially when using virtual environments.
Verified SafeView Analysis
The core processing is 100% local, ensuring privacy by design. Optional external connections (e.g., for LLM summarization, issue fetching) are opt-in and explicitly documented regarding data sent. The VSCode extension uses `child_process.spawn` with `shell: true`, which can be a minor security risk if the executable path (`tenets-mcp`) were compromised or user-supplied in a malicious way. However, the path is either user-configured via settings or detected via `which` command, limiting direct arbitrary command injection from prompt input. The use of environment variables for API keys is good practice.
Updated: 2026-01-19GitHub
36
6
Medium Cost
Knuckles-Team icon

vector-mcp

by Knuckles-Team

Sec6

Provides a standardized API for AI agents to manage and interact with various vector database technologies for Retrieval Augmented Generation (RAG).

Setup Requirements

  • ⚠️Requires an LLM provider (e.g., local Ollama, or a commercial API like OpenAI/Anthropic/Google/HuggingFace with an API key and potential costs).
  • ⚠️Requires a configured vector database instance (e.g., ChromaDB locally, or a remote PGVector, MongoDB, Couchbase, or Qdrant instance).
  • ⚠️For production deployments, the `vector-mcp` server's default `AUTH_TYPE=none` must be explicitly configured to a more secure option.
Review RequiredView Analysis
The `vector-mcp` server defaults to `AUTH_TYPE=none`, which is a critical security risk for any production deployment, leaving the server unprotected. While robust authentication mechanisms (JWT, OAuth, OIDC) are supported and configurable via environment variables, the default insecure posture is a significant concern. Database credentials are passed via environment variables, which relies on the user's secure environment configuration. The server binds to `0.0.0.0`, requiring external network isolation.
Updated: 2026-01-19GitHub
PreviousPage 121 of 713Next