Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

36
6
Low Cost
IvanMurzak icon

MCP-Plugin-dotnet

by IvanMurzak

Sec6

Integrates .NET applications with the Model Context Protocol (MCP) to expose methods and data as tools, prompts, and resources to AI assistants like Claude.

Setup Requirements

  • ⚠️Requires a separate .NET application to integrate the `McpPlugin` library, as this is a bridge, not a standalone tool.
  • ⚠️Relies on SignalR for communication between your .NET app and the bridge, potentially requiring firewall adjustments for the default port 8080.
  • ⚠️The power of fuzzy matching and complex type support relies on `ReflectorNet`, which requires understanding of dynamic method invocation and careful consideration of exposed methods.
Verified SafeView Analysis
The server uses a bridge architecture with SignalR for real-time, bidirectional communication and dynamic method invocation (ReflectorNet) to expose C# methods to AI clients. While powerful, this design introduces security risks, particularly if the bridge server is exposed over HTTP to untrusted networks without explicit authentication and authorization. The safety heavily depends on what methods the application developer chooses to expose using `[McpPluginTool]` attributes; exposing sensitive operations (e.g., file system access, shell commands) without careful validation can lead to severe vulnerabilities. The provided code snippets and documentation do not detail authentication/authorization mechanisms for the SignalR hub or the MCP bridge itself.
Updated: 2026-01-18GitHub
36
5
Low Cost
anand-92 icon
Sec5

A professional MCP server for Google's Gemini 3 Pro Image Preview, enabling state-of-the-art image generation with advanced reasoning, high-resolution output (1K-4K), up to 14 reference images, Google Search grounding, and automatic thinking mode.

Setup Requirements

  • ⚠️Requires a Google Gemini API key (via `GEMINI_API_KEY` or `GOOGLE_API_KEY` environment variable; free tier available).
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️The `image_size` parameter (e.g., '1K', '2K', '4K') critically requires an uppercase 'K'; lowercase will be rejected by the Gemini API.
  • ⚠️On macOS, when configured with Claude Desktop or Cursor, the `uvx` command might require specifying its full path in the MCP configuration (e.g., `/Users/yourusername/.local/bin/uvx`).
Verified SafeView Analysis
The `reference_image_paths` parameter allows specifying arbitrary local file paths. While validation checks for file existence and type, it does not restrict access to a safe directory, potentially allowing the server to read any image file accessible to its process on the local system (an information disclosure risk) if given untrusted input. The content is then base64 encoded and passed to the Google API. No `eval` or obvious malicious patterns were found. For its intended use as a local MCP server, it is generally considered safe but the path handling is a point of concern for broader deployments.
Updated: 2026-01-18GitHub
36
1
Low Cost
moche-ai icon
Sec3

Provides a Model Context Protocol (MCP) server for verified knowledge with trust scores, reasoning capabilities, and fact-checking.

Setup Requirements

  • ⚠️Requires a running Neo4j graph database instance, configured via environment variables (NEO4J_URI, NEO4J_USER, NEO4J_PASSWORD).
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️The `/knowledge/collect` endpoint (for data ingestion) may require additional, unspecified 'knowledge collectors' to be installed or a specific deployment environment ('agents container'), indicating extra setup if collection features are desired.
Review RequiredView Analysis
The `/knowledge/collect` endpoint in `src/api/server.py` uses `sys.path.insert` to add `/data/apps/agents/src` to Python's import path, then dynamically imports modules. This creates a critical vulnerability: if an attacker can gain write access to `/data/apps/agents/src` (e.g., through container compromise or misconfigured volumes), they can inject malicious Python modules, leading to arbitrary code execution on the server. Proper container security and access controls are paramount to mitigate this specific risk. Other aspects like Neo4j credential handling via environment variables and controlled tool execution (using `getattr` on predefined methods) are more secure.
Updated: 2025-11-27GitHub
36
5
High Cost
nvdigitalsolutions icon

mcp-ai-wpoos

by nvdigitalsolutions

Sec8

Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.

Setup Requirements

  • ⚠️Requires PHP 7.4+ and WordPress 6.0+.
  • ⚠️Most core AI functionalities require paid API keys for external providers (e.g., OpenAI, Gemini, Anthropic, Huggingface).
  • ⚠️Local LLM support requires local Ollama or LM Studio servers running.
  • ⚠️Persistent chat transcripts and advanced CPT features strongly depend on the JetEngine plugin (Custom Content Types and Data Stores modules).
  • ⚠️Some tools require Node.js, Python, or specific WordPress plugins (e.g., WooCommerce, Elementor, Rank Math, WPCode).
Verified SafeView Analysis
Comprehensive multi-layered security including robust authentication (WordPress nonces, custom bearer tokens, Auth0, mesh keys, guest tokens), detailed access control, input sanitization, encryption (AES-256-CBC), and internal compliance features (ISO 27001 audit/training, asset/supplier security, nefarious usage monitoring). Potential areas requiring continuous vigilance include the custom JWT validation implementation and sandboxing of external Node.js/Python subprocess execution for certain tools, though mitigations are present. The project uses `hash_equals` for key comparisons and explicit `Cache-Control` headers for REST API responses.
Updated: 2026-01-19GitHub
36
2
Medium Cost
M3-Technology-Group icon

qrwc-svelte-mcp

by M3-Technology-Group

Sec8

This MCP server assists LLMs in building Svelte UI components that interact with Q-SYS systems by providing tools to discover Q-SYS components and controls, documentation resources, and optimized prompts.

Setup Requirements

  • ⚠️A Q-SYS Core IP address is required as the first command-line argument; only hardware and VCore are supported, not emulation.
  • ⚠️Q-SYS components must have 'Script Access' property set to 'All' or 'External' in Q-SYS Designer.
  • ⚠️The Q-SYS Remote WebSocket Control (QRWC) service must be enabled on the core via Core Manager.
Verified SafeView Analysis
The server uses `process.argv` to obtain the Q-SYS Core IP address, which is then used to establish a WebSocket connection. While the connection is handled robustly (closing on completion), the underlying Q-SYS QRWC protocol currently lacks authentication, meaning anyone with network access to the core (and the MCP server) could retrieve component/control information. This is a characteristic of the QRWC protocol itself, not a flaw in this MCP server's code. No 'eval' or malicious patterns were found. The tool is designed to connect to a user-specified trusted Q-SYS core.
Updated: 2025-11-25GitHub
36
2
Low Cost
chuxinliu icon
Sec9

Builds an MCP server to integrate AI agents with Gmail for reading unread emails, generating AI-powered replies, and sending emails.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires Gmail App Password (Gmail 2-Step Verification must be enabled)
  • ⚠️Requires `uv` for dependency management
Verified SafeView Analysis
The server correctly uses environment variables (`.env`) for sensitive information like email credentials and OpenAI API keys, preventing hardcoding. It leverages Google App Passwords for Gmail access, which is a more secure practice than using the primary account password. The README explicitly mentions `ALLOWED_ORIGINS` for GitHub Codespaces, indicating an awareness of network access controls. Standard `smtplib` and `imaplib` are used for email communication. No `eval` or obvious malicious patterns were found.
Updated: 2025-12-08GitHub
36
1
Low Cost
belvg-public icon

belvg_mcp_auth

by belvg-public

Sec7

Simplifies authentication for PrestaShop's Micro-Commerce Protocol (MCP) server for development and testing environments by replacing OAuth2 with a bearer token system.

Setup Requirements

  • ⚠️Intended for development, testing, and educational purposes ONLY; explicitly warns against production use without additional security layers due to bypassing standard OAuth2.
  • ⚠️Requires PrestaShop 8.0 or higher.
  • ⚠️Requires the official `ps_mcp_server` module to be installed, but it does not need to be configured/onboarded via PS Accounts.
  • ⚠️Requires `composer install --no-dev` to install dependencies after uploading to the modules directory.
Verified SafeView Analysis
The module explicitly warns that it is for 'DEVELOPMENT USE ONLY' and bypasses standard OAuth2 security protocols. It should not be used in a production environment without strict IP restrictions or additional security layers. The implementation itself uses cryptographically secure token generation (`random_bytes`) and sanitizes database inputs (`pSQL`), preventing common vulnerabilities like SQL injection. No 'eval', obfuscation, hardcoded secrets, or directly malicious patterns were found. The lower score reflects the inherent security reduction by design for its stated purpose (developer convenience) rather than flaws in its implementation.
Updated: 2025-11-26GitHub
36
8
High Cost
iniarfia icon
Sec9

Enhances sequential thinking and complex problem-solving through a multi-agent system, supporting revisions and branching paths.

Setup Requirements

  • ⚠️Requires DeepSeek API Key for LLM functionality (DeepSeek is a paid service).
  • ⚠️Requires Exa API Key for the Researcher agent to perform web research.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The server uses standard Python practices for loading environment variables and logging. It logs to the user's home directory ('.sequential_thinking/logs/'), which is a safe practice. No 'eval' or other direct code injection vulnerabilities were found. Communication is via stdio, as expected for MCP servers, reducing external network attack surface.
Updated: 2026-01-19GitHub
36
6
Medium Cost
M3l3r0 icon

MCP-buddy

by M3l3r0

Sec9

A local desktop or web application to manage and interact with multiple MCP (Model Context Protocol) servers, offering optional AI orchestration and enhancement for responses.

Setup Requirements

  • ⚠️AI enhancement and orchestration features require an API key from a supported LLM provider (e.g., OpenAI, Anthropic, Snowflake Cortex), which may incur costs.
  • ⚠️Requires access to and configuration of at least one MCP server to be fully functional.
  • ⚠️For developers, initial configuration can be loaded from `public/config.local.json`; for other users, configuration is done via the UI and saved in browser localStorage.
Verified SafeView Analysis
The application is designed to run 100% locally, with user configurations (including sensitive API keys and tokens) stored either in the browser's localStorage or a git-ignored `public/config.local.json` file. It explicitly warns against committing sensitive data and provides a `check-secrets.sh` script. CORS is enabled for local communication, and OAuth tokens are cached with expiration. No direct `eval` calls or obfuscation were found. Network risks are minimal as it's intended for localhost use.
Updated: 2026-01-19GitHub
36
8
High Cost
MadnessEngineering icon

Omnispindle

by MadnessEngineering

Sec3

Omnispindle acts as a coordination layer providing standardized Model Context Protocol (MCP) tools for AI agents to manage todos, capture lessons, and facilitate cross-project coordination within the Madness Interactive ecosystem.

Setup Requirements

  • ⚠️Requires Python 3.13 for optimal performance and specified deployments.
  • ⚠️MongoDB is required for 'hybrid' and 'local' operation modes (Docker Compose includes it).
  • ⚠️Auth0 authentication is required; the system attempts browser-based login automatically on first use, or requires manual `AUTH0_TOKEN`, `MCP_USER_EMAIL`, or `MCP_USER_ID` environment variables.
  • ⚠️Requires `mosquitto-clients` package (for `mosquitto_pub` command) for MQTT status publishing functionality.
Review RequiredView Analysis
CRITICAL: The `bring_your_own` tool (in `src/Omnispindle/tools.py`) allows arbitrary code execution (Python, JavaScript, Bash) via `subprocess.run` and `importlib.util.module_from_spec` (equivalent to `eval`). While its docstring claims it is 'DISABLED for security reasons,' the code for execution is present and it is enabled in the default 'full' tool loadout when running in local mode. This is a severe security risk. Additionally, Auth0 configuration defaults (domain, client ID, audience) are hardcoded in `src/Omnispindle/auth_utils.py` and `src/Omnispindle/token_exchange.py`, which the README explicitly warns against deploying as-is. The `mqtt_publish` function uses `subprocess.run` directly with input strings, posing a potential command injection risk if not properly sanitized.
Updated: 2026-01-17GitHub
36
7
Low Cost
XenoXilus icon

outlook-mcp

by XenoXilus

Sec9

Enables AI assistants to interact with Microsoft Outlook for email, calendar, and SharePoint operations through the Microsoft Graph API.

Setup Requirements

  • ⚠️Requires manual setup of an Azure Active Directory application to obtain Client ID and Tenant ID.
  • ⚠️Initial authentication requires user interaction via a browser for OAuth 2.0 consent.
Verified SafeView Analysis
The server employs robust security practices including OAuth 2.0 with PKCE for secure delegated authentication, ensuring no client secrets are stored. Tokens are encrypted and stored locally, leveraging the OS keychain if available, or encrypted file storage as a fallback. Critical configuration values (Client ID, Tenant ID) are explicitly handled via environment variables, preventing hardcoding. Input and output content are actively sanitized using DOMPurify and custom malicious pattern detection to mitigate XSS and other injection vulnerabilities. Furthermore, HTTP connections to the Microsoft Graph API utilize TLSv1.2 with strong ciphers and configured connection pooling, enhancing network security and reliability. There is active validation of file paths to prevent traversal attacks. No instances of 'eval' or obvious obfuscation were found.
Updated: 2026-01-18GitHub
36
8
High Cost
lirantal icon
Sec9

Provides up-to-date Node.js API documentation and release schedule information as a service via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js version >=22.0.0.
  • ⚠️Requires internet access for initial data fetching from nodejs.org and github.com (cached thereafter).
  • ⚠️Specific client-side configuration (e.g., for Claude Desktop or Cursor AI) is needed to integrate the MCP server.
Verified SafeView Analysis
The server primarily fetches data from trusted, official Node.js documentation sources (nodejs.org, raw.githubusercontent.com) and uses an in-memory cache to reduce external calls. Explicit security linting rules (via eslint-plugin-security) are configured to prevent common vulnerabilities like arbitrary file system access, unsafe regex, child process execution, and eval with expressions. While object injection warnings are present in `src/tools/index.ts`, analysis shows the keys used are internally defined and not user-controlled, mitigating this specific risk. No hardcoded secrets or other malicious patterns were identified in the provided source code.
Updated: 2026-01-19GitHub
PreviousPage 125 of 713Next