Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
1
High Cost
croakingtoad icon

mcp-jina-supabase-rag

by croakingtoad

Sec8

This server crawls documentation websites, extracts content, chunks it, generates OpenAI embeddings, and indexes them into Supabase for Retrieval-Augmented Generation.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires a Supabase account with a database set up using the provided schema.
  • ⚠️Requires an OpenAI API Key (paid service) for embeddings.
  • ⚠️Requires a Jina AI API Key (optional but highly recommended for performance, potentially paid beyond free tier).
  • ⚠️Requires `crawl4ai-setup` to install browser dependencies for Crawl4AI functionality.
Verified SafeView Analysis
API keys for OpenAI, Jina AI, and Supabase are loaded from environment variables, which is good practice. The Supabase service key grants elevated database permissions, requiring careful protection. External web requests (via httpx and Crawl4AI) are central to its function and controlled by user-provided URL patterns, which inherently carries some risk if malicious URLs are supplied. There are no obvious signs of 'eval' or other direct code injection vulnerabilities within the provided source.
Updated: 2025-11-25GitHub
36
4
Medium Cost
effatico icon

kortx-mcp

by effatico

Sec9

Kortx is a Model Context Protocol (MCP) server providing AI-powered consultation, research, visual generation/editing, and debugging capabilities for coding copilots.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires Perplexity API Key (Paid)
  • ⚠️External context connectors (Serena, MCP Knowledge Graph, CCLSP) are stubs and return data only when those MCP servers are running and reachable.
Verified SafeView Analysis
The server demonstrates strong security practices including a hardened Docker build running as a non-root user (UID 1001), multi-stage Docker builds with 'npm audit', extensive input validation via Zod schemas, and proper handling of API keys via environment variables (with redaction in logs). The context gathering for external MCP servers (Serena, Memory, CCLSP) are noted as stubs, implying no actual external calls are made yet, which currently mitigates risks associated with third-party integrations, though future implementations would require review. No 'eval' or similar dangerous dynamic code execution patterns are observed.
Updated: 2025-11-28GitHub
36
7
Medium Cost
madeindigio icon

remembrances-mcp

by madeindigio

Sec8

Provides long-term memory, knowledge base, and semantic code indexing capabilities for AI agents.

Setup Requirements

  • ⚠️Requires NVIDIA GPU with CUDA support and NVIDIA Container Toolkit for GPU acceleration.
  • ⚠️Requires Go 1.20+ and C/C++ build tools (e.g., GCC/Clang, Make, CMake) if building from source.
  • ⚠️Requires downloading a GGUF embedding model (~260MB+).
  • ⚠️If not using embedded SurrealDB, a separate SurrealDB server is required.
Verified SafeView Analysis
The Go-llama.cpp bindings used in this project explicitly disable text generation functions (eval, predict, speculative_sampling), limiting the attack surface from arbitrary LLM output. Default SurrealDB credentials ('root'/'root') are insecure if exposed externally, but the README clearly shows how to override them via environment variables or flags. Network services (HTTP API, MCP Streamable HTTP) can be exposed, requiring proper firewalling. No obvious obfuscation or malicious patterns were found in the truncated source.
Updated: 2026-01-13GitHub
36
8
Low Cost
kontent-ai icon

mcp-server

by kontent-ai

Sec9

This server integrates Kontent.ai content management with AI tools, allowing natural language operations to create, manage, and explore structured content.

Setup Requirements

  • ⚠️Requires a Kontent.ai account, project, Management API key with appropriate permissions, and an Environment ID.
  • ⚠️For multi-tenant HTTP mode, the Environment ID must be passed as a URL path parameter and the API Key as a Bearer token in the Authorization header, requiring specific client configuration.
  • ⚠️Only active Kontent.ai languages can be modified via the API; activation/deactivation must be done through the Kontent.ai web UI.
Verified SafeView Analysis
The source code demonstrates strong security practices, including requiring API keys via environment variables or secure Bearer tokens (no hardcoded secrets). Telemetry is actively sanitized to remove sensitive information. There is no usage of 'eval' or other readily exploitable dangerous patterns. Error handling provides useful debugging context without exposing sensitive internal data. The main security concerns would lie in the Kontent.ai Management API itself and the permissions granted to the provided API key.
Updated: 2026-01-16GitHub
36
4
Low Cost
taias-mcp icon

taias

by taias-mcp

Sec9

A lightweight TypeScript framework designed to enable Multi-Modal Agent (MMA) or Multi-Modal Chat Protocol (MCP) server developers to define interactive flows and map them to LLM guidance and dynamic UI affordances, shaping user experiences within AI-driven interfaces.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run or develop with.
Verified SafeView Analysis
The framework itself does not appear to contain direct security vulnerabilities like 'eval', unauthorized file system access, or network requests initiated by the library's core logic. It processes predefined flows and configuration objects. Potential risks would primarily arise from how developers integrate and implement this library within their larger MCP server, specifically regarding the handling of inputs to the library (e.g., 'toolName') and the content of user-defined flow handlers. The 'devMode' feature adds valuable validation, reducing common configuration errors.
Updated: 2026-01-09GitHub
36
1
High Cost
chrstnwhlrt icon

ro-mongodb-mcp-rs

by chrstnwhlrt

Sec9

A Model Context Protocol (MCP) server for executing read-only MongoDB queries, enabling LLMs to safely interact with MongoDB databases.

Setup Requirements

  • ⚠️Requires Rust 1.85+ to build and run.
  • ⚠️For Kubernetes connections, a valid kubeconfig file is necessary, and MongoDB pods must follow specific labeling (`app=<deployment_name>`) and credential discovery conventions (environment variables `MONGO_INITDB_ROOT_USERNAME_FILE` and `MONGO_INITDB_ROOT_PASSWORD_FILE` pointing to files within the pod).
  • ⚠️The configuration file `~/.config/ro-mongodb-mcp-rs/config.yaml` must be created and correctly populated with connection details. An example configuration is generated on first run if the file is missing.
Verified SafeView Analysis
The server is explicitly designed for read-only operations, preventing accidental or malicious write/delete actions. Query injection risks are mitigated by JSON-escaping collection names and validating user-provided queries as JSON before execution. For Kubernetes connections, it uses `mongosh --eval` but with carefully constructed and escaped commands. Credentials for K8s are discovered securely from mounted files within the MongoDB pods (paths defined by environment variables). Direct connections use a native Rust MongoDB driver. A 30-second query timeout is in place to prevent resource exhaustion. Users are advised to secure the `config.yaml` file if it contains direct MongoDB connection strings with credentials.
Updated: 2025-11-27GitHub
36
1
Low Cost
epicmotionSD icon

awesome-mcp

by epicmotionSD

Sec10

A curated, comprehensive list of Model Context Protocol (MCP) servers, tools, and resources for AI assistants like Claude Desktop.

Verified SafeView Analysis
This repository is an 'Awesome List' consisting primarily of markdown documentation files (README, CONTRIBUTING, CODE_OF_CONDUCT, LAUNCH_CHECKLIST). It does not contain executable code that would typically present security risks such as 'eval' calls, obfuscation, network vulnerabilities, or hardcoded secrets. The security score reflects the safety of this repository's own source code, not the external projects it links to.
Updated: 2025-11-26GitHub
36
1
High Cost
GGBoi360 icon

mobile-dev-mcp

by GGBoi360

Sec9

Provides a read-only MCP server for observing and debugging mobile applications (Android and iOS) by giving a large language model like Claude direct access to device screenshots, logs, and UI hierarchy.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0.
  • ⚠️For Android debugging: ADB (Android Debug Bridge) must be installed as part of the Android SDK Platform Tools.
  • ⚠️For iOS debugging (macOS only, Advanced tier): Xcode with Command Line Tools must be installed.
  • ⚠️Metro bundler must be running for Metro-related tools to function.
Verified SafeView Analysis
The server's core functionality relies on executing external commands (ADB, xcrun). However, robust input validation is implemented for all user-provided parameters (device IDs, package names, UDIDs, log filters, ports) before they are used in `execAsync` calls, significantly mitigating shell injection risks. The system strictly adheres to a 'read-only' design, meaning it does not perform actions that modify device state (e.g., taps, installs, inputs), which is verified in tests and documentation. The license cache uses HMAC signing with a machine-specific secret to prevent tampering. While inherent risks exist with running external binaries and relying on an external license validation API, these are well-mitigated and standard for this type of tool.
Updated: 2026-01-18GitHub
36
1
Medium Cost
AlexLin1234 icon
Sec9

Provides AI assistants like Claude with access to the Art Institute of Chicago's public API for searching and retrieving art-related information.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) for interaction.
  • ⚠️Requires internet access to reach the Art Institute of Chicago API.
Verified SafeView Analysis
The server makes HTTP requests to a public, unauthenticated API. It uses `httpx` for network requests and includes basic error handling for API failures. There are no hardcoded secrets, 'eval' calls, or obfuscation. Input limits are applied to prevent excessive data retrieval. Overall, the codebase appears secure for its stated purpose.
Updated: 2025-11-26GitHub
36
7
Low Cost
codingsasi icon

ddev-mcp

by codingsasi

Sec4

Provides AI assistants with DDEV development environment automation for various web projects, managing environments, databases, and executing commands.

Setup Requirements

  • ⚠️Requires Node.js 20+ (22+ preferred)
  • ⚠️Requires DDEV to be installed and available in the system's PATH
  • ⚠️By default, dangerous commands (e.g., `platform environment:delete`) are blocked and require `ALLOW_DANGEROUS_COMMANDS=true` environment variable to be set for execution.
  • ⚠️The server operates on the 'current working directory' principle; users must manually navigate to the DDEV project directory or explicitly provide `projectPath` for operations.
Review RequiredView Analysis
The server's primary tool, `ddev_exec`, directly executes arbitrary shell commands provided by AI input within the DDEV container. While a 'Dangerous Command Protection' feature is implemented using regex patterns, blacklisting is inherently vulnerable to bypass. There is no explicit shell escaping or robust whitelisting for the `command` argument before it's passed to `child_process.exec`. This poses a significant command injection risk if the AI-generated input is not strictly validated and sanitized by an external client or if a malicious prompt bypasses the regex filters, allowing execution of arbitrary code on the host system. The `sanitizeCommand` and `sanitizeOptions` functions are for logging purposes only, not for preventing injection into the execution itself. Running with `ALLOW_DANGEROUS_COMMANDS=true` escalates this risk further.
Updated: 2026-01-09GitHub
36
1
Low Cost
splinesreticulating icon

claude-svelte5-skill

by splinesreticulating

Sec10

Provides expert guidance on Svelte 5 and SvelteKit development for the Claude Code AI environment.

Setup Requirements

  • ⚠️Requires the Claude Code AI environment.
  • ⚠️Installation involves specific directory structure for skills (`.claude/skills/svelte5-development`).
Verified SafeView Analysis
The project consists of documentation files (`README.md`, `SKILL.md`) that serve as guidance for an AI. It is not an executable server or application in itself. The source code provided is entirely instructional markdown, containing no direct security vulnerabilities. Any code examples provided within the skill are for user implementation and do not pose a direct risk from the skill itself.
Updated: 2025-11-25GitHub
36
7
Medium Cost
knitli icon

codeweaver

by knitli

Sec6

A code intelligence platform that provides semantically rich, context-aware code search for AI agents, aimed at reducing cognitive load and token costs for coding tasks.

Setup Requirements

  • ⚠️Python 3.12+ Required
  • ⚠️API Keys for Cloud Providers (e.g., VoyageAI, OpenAI, Cohere, Bedrock, Mistral for embeddings/reranking)
  • ⚠️Qdrant Setup (requires a running Qdrant instance, often via Docker, if not using in-memory provider)
Verified SafeView Analysis
- **`pickle.loads` usage**: The `NodeTypeParser` uses `pickle.loads` to deserialize a pre-built cache (`node_types_cache.pkl`). While the developers state it's generated during their build process and validated, `pickle` is inherently insecure for untrusted data and can lead to Remote Code Execution (RCE) if the cache or build process is compromised. - **Network Exposure**: The server runs HTTP services (MCP on 9328, Management on 9329) which are local-only (`127.0.0.1`) by default. However, these hosts and ports are configurable, potentially allowing public exposure without adequate authentication or firewalling, creating a network attack surface. - **Telemetry**: Integrates PostHog telemetry, which collects usage data. The system allows opting out and provides a `tools_over_privacy` setting for fine-grained control over what data is sent, and models include `_telemetry_keys` for redaction. This seems transparent. - **`subprocess.run`**: Used for `git` commands and system service installation in CLI tools. These calls are generally safe as they don't involve user-controlled arguments being passed directly to the shell, but the system service installation part (`cli/commands/init.py`) could be a vector if the system itself is compromised or misconfigured.
Updated: 2026-01-19GitHub
PreviousPage 124 of 713Next