Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
6
Medium Cost
searchcraft-inc icon

searchcraft-mcp-server

by searchcraft-inc

Sec3

An MCP server that enables AI agents to manage Searchcraft clusters by performing operations on indexes, documents, federations, authentication keys, analytics, and generating search applications from JSON data via natural language prompts.

Setup Requirements

  • ⚠️Requires Searchcraft ENDPOINT_URL and CORE_API_KEY environment variables.
  • ⚠️The `create_vite_app` tool requires `git`, `Node.js`, and `yarn` or `npm` to be installed in the environment.
  • ⚠️Analytics tools like `get_measure_conversion` and `get_measure_summary` require a local Clickhouse instance if not using Searchcraft Cloud.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `create_vite_app` tool uses `child_process.exec` to clone a Git repository, incorporating the `app_name` parameter directly into the shell command string without proper sanitization or escaping. This allows for command injection, where a malicious `app_name` (e.g., `'; rm -rf / ;'`) could execute arbitrary commands on the host system, leading to severe compromise. Additionally, file path validation for `analyze_json_from_file` and `create_index_from_json` is basic and might not prevent all path traversal attacks, although the `exec` vulnerability is far more critical. The server fetches JSON from URLs and installs external dependencies, which are inherent network risks that need careful monitoring.
Updated: 2026-01-10GitHub
35
5
High Cost
0x5457 icon

ts-index

by 0x5457

Sec3

Indexes TypeScript code for semantic and symbol search, with Language Server Protocol (LSP) and Model Context Protocol (MCP) integration, enabling advanced code analysis and interaction.

Setup Requirements

  • ⚠️Requires a running Python FastAPI embedding server (scripts/gte-small.py or compatible API) on http://localhost:8000/embed by default.
  • ⚠️Requires Node.js and npm to install Language Server Protocol (LSP) servers like vtsls or typescript-language-server.
  • ⚠️Requires ast-grep executable to be installed and available in system PATH for AST-based search functionality.
Review RequiredView Analysis
CRITICAL: The `read_file` MCP tool allows reading arbitrary files on the server's filesystem if `file_path` is provided as an absolute path, potentially leading to sensitive data disclosure. This is a severe vulnerability if the MCP server is exposed to untrusted network clients. HIGH: The `ast_grep_search` tool passes user-supplied patterns and globs directly to the `ast-grep` executable. While `exec.CommandContext` is generally safer, a complex or malicious pattern could potentially exploit vulnerabilities in `ast-grep` itself. MEDIUM: The system relies on external executables (`npm`, `node`, LSP servers like `vtsls`, `ast-grep`) and an external embedding API. Vulnerabilities in these third-party components or misconfiguration of the `--embed-url` could lead to supply chain attacks or data leakage. LOW: Temporary files are created in `/tmp` by the `ast-grep` client which, if the server crashes, could be left behind and potentially expose sensitive information to other local users.
Updated: 2026-01-19GitHub
35
2
Medium Cost
ArangoGutierrez icon

k8s-gpu-mcp-server

by ArangoGutierrez

Sec8

Provides just-in-time, real-time NVIDIA GPU hardware introspection for Kubernetes clusters for AI-assisted SRE troubleshooting.

Setup Requirements

  • ⚠️Requires proper NVIDIA GPU setup on Kubernetes nodes, either via RuntimeClass (e.g., `nvidia`), NVIDIA Device Plugin, or NVIDIA DRA Driver.
  • ⚠️Cross-node pod-to-pod HTTP communication (for HTTP transport mode with gateway) might require specific CNI configurations, such as enabling VXLAN encapsulation for Calico CNI on AWS in the same subnet.
  • ⚠️Correct Kubernetes RBAC permissions are critical for the agent to access node/pod metadata and for the gateway to route requests, especially for /dev/kmsg access for XID errors.
Verified SafeView Analysis
The project prioritizes security with detailed RBAC configurations, security contexts (e.g., `readOnlyRootFilesystem: true`, `allowPrivilegeEscalation: false`), and optional NetworkPolicies. The default agent mode is `read-only`. The agent container requires `runAsUser: 0` (root) for NVML access, which is explicitly justified but inherently carries higher privilege. Access to `/dev/kmsg` for XID error analysis requires `CAP_SYSLOG` and potentially `privileged: true`. The gateway supports `kubectl exec` routing as a fallback, which can be less secure than direct HTTP if not properly constrained, but the recommended `HTTP` routing mode mitigates this. Comprehensive documentation on the security model and verification steps is provided.
Updated: 2026-01-19GitHub
35
4
Medium Cost
thoughtspot icon

mcp-chat-client

by thoughtspot

Sec7

A modern chat client that integrates with Model Context Protocol (MCP) servers to provide AI-powered conversations with access to various tools and resources.

Setup Requirements

  • ⚠️Requires a Cloudflare account for deployment and Cloudflare Workers KV for caching.
  • ⚠️Requires a Supabase account with PostgreSQL and Auth configured for user management and MCP server metadata storage.
  • ⚠️Requires API keys for OpenAI (or Azure OpenAI) and Exa.ai for core AI functionality and web search.
Verified SafeView Analysis
Hardcoded Google Client ID on the frontend is a minor issue. Backend relies on environment variables for sensitive API keys, which is standard secure practice for Cloudflare Workers. Input to AI models is handled via JSON stringification, mitigating direct code injection. OAuth flows for MCP servers are critical and appear to be handled with standard mechanisms.
Updated: 2025-11-25GitHub
35
8
Low Cost
CorgiBoyG icon

mcp-server-csdn

by CorgiBoyG

Sec4

The server automatically publishes Markdown articles to the CSDN platform, acting as a tool called by a Spring AI agent.

Setup Requirements

  • ⚠️Requires manual extraction and configuration of a CSDN login cookie from browser developer tools, which is prone to expiration.
  • ⚠️Specific Java Development Kit (JDK 17+) and Maven (3.6+) versions are required.
  • ⚠️Relies on the stability and undocumented authentication mechanisms of CSDN's internal `bizapi.csdn.net` API, which could change without notice.
Verified SafeView Analysis
The example `application.yml` in the project's README and provided source code includes a very long, real-looking CSDN authentication cookie directly. This encourages users to hardcode sensitive session information in a configuration file, which is a critical security risk if committed to version control or otherwise exposed. While the `push.sh` script handles Aliyun credentials more securely via a `.local-config` file, the primary CSDN API key (cookie) is suggested to be directly in `application.yml`. The server also hardcodes numerous HTTP headers for the CSDN API, which might be brittle but not inherently a security flaw.
Updated: 2025-11-22GitHub
35
4
Low Cost
oalles icon
Sec6

An OAuth 2.1 secured Spring AI MCP gateway enabling ChatGPT Connectors to interact with local development tools via a streamable HTTP endpoint.

Setup Requirements

  • ⚠️Requires Java 25 and Maven.
  • ⚠️Requires a separate Authorization Server module (auth-server) to be running concurrently on port 9090.
  • ⚠️Cloudflare Tunnel setup is required for public access and ChatGPT integration, including a domain managed by Cloudflare and specific path-based routing configuration.
  • ⚠️The Authorization Server and MCP Gateway must have their 'issuer'/'issuer-uri' configured to match the public domain used by the Cloudflare Tunnel.
Verified SafeView Analysis
The project is explicitly labeled as a 'learning and integration reference' and 'not meant to be a production-grade gateway'. Security relaxations are made for simplicity, including disabled CSRF protection and broadly configured CORS (allowing all origins, methods, and headers with credentials). It uses a hardcoded in-memory user ('omar/secret') and a client ID ('springai-gateway-client') for the Authorization Server demo, with explicit warnings against using these in production. While transparent about these known issues, they represent significant vulnerabilities if deployed without modification. The use of Cloudflare Tunnel for exposure offers some network security benefits.
Updated: 2025-11-27GitHub
35
6
Medium Cost
theforeman icon

foreman-mcp-server

by theforeman

Sec8

A Model Context Protocol (MCP) server that enables Language Models (LLMs) to interact with a Foreman instance for IT automation, reporting, and configuration management.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires access to an existing Foreman instance
  • ⚠️Foreman API credentials (username/password or token) are mandatory and handled differently based on transport mode (CLI/ENV for stdio, headers for streamable-http)
  • ⚠️Requires an MCP-compatible client (e.g., VSCode with Copilot, Claude Desktop, MCP Inspector) to interact with the server
Verified SafeView Analysis
The `AuthMiddleware`'s `user_map` can grow indefinitely, which is noted as a TODO to consider cleanup mechanisms; this could pose a potential resource exhaustion (DoS) risk. For the `streamable-http` transport, authentication relies on credentials (username and token) passed in request headers, shifting security responsibility for credential handling to the client application. Sensitive headers are sanitized before logging. SSL verification with Foreman is configurable via command-line options or environment variables, including support for custom CA bundles.
Updated: 2026-01-12GitHub
35
4
Medium Cost
Snowflake-Labs icon
Sec10

Enables organizations to leverage AI agents for secure, natural language querying and activation of vast financial services data within Snowflake to derive insights and actions.

Setup Requirements

  • ⚠️Requires access to a Snowflake account and a configured database (e.g., DASH_MCP_DB).
  • ⚠️Requires an API key for an AI model provider (e.g., OpenAI API Key) to power the AI agents.
Verified SafeView Analysis
The provided source code is a declarative YAML definition of a semantic model and standard SQL queries. It does not contain executable code, 'eval' statements, obfuscation, hardcoded secrets, or malicious patterns. The 'public_access' modifiers are part of the metadata definition, not runtime security vulnerabilities in this file. The security of the actual 'MCP Server' that uses this model would depend on its implementation, which is not provided.
Updated: 2025-12-05GitHub
35
3
Low Cost
YashMakan icon

fastmcp

by YashMakan

Sec9

Build fast, declarative, and type-safe servers implementing the Model Context Protocol (MCP) in Dart.

Setup Requirements

  • ⚠️Requires `dart run build_runner build` to be executed after code changes (e.g., adding/modifying annotated functions) to generate boilerplate.
  • ⚠️Mandatory `part 'your_file.fastmcp.g.dart';` directive must be added at the top of files containing `@Tool`, `@Resource`, or `@Prompt` annotations.
  • ⚠️Requires Dart SDK version >= 3.0.0.
Verified SafeView Analysis
The framework leverages build-time code generation (`fastmcp_generator`) to create type-safe argument parsing, handler wrappers, and robust error handling with `try-catch` blocks. This design inherently reduces common runtime vulnerabilities associated with dynamic input processing. No use of 'eval' or similar dangerous dynamic code execution patterns are present in the provided source. Network transports (e.g., HTTP) would still require standard security practices (e.g., authentication, authorization, rate-limiting) for the deployed application, but the framework itself promotes a secure foundation. Recent updates mention support for OAuth and security schemes, indicating active security considerations.
Updated: 2025-11-26GitHub
35
5
Medium Cost
tsukuboshi icon
Sec9

Orchestrates an AI agent using Amazon Bedrock and AWS ECS to perform automated browser interactions via the Playwright MCP server.

Setup Requirements

  • ⚠️Requires Node.js v20 or higher, AWS CDK v2 or higher, and Docker v20 or higher.
  • ⚠️Requires AWS credentials (Access Key/Secret Key/Session Token) for local development or appropriate IAM roles for AWS deployment.
  • ⚠️Amazon Bedrock model must be enabled in the AWS Console before deployment.
Verified SafeView Analysis
The project adheres to good practices by distinguishing between local development credentials (via .env file) and production credentials (via AWS IAM roles/credential providers). There are no apparent hardcoded secrets for production. The `AmazonBedrockFullAccess` policy is quite broad, but it's applied to the ECS task role, which is the correct way to grant permissions to services. No `eval` or similar dangerous patterns were found.
Updated: 2025-11-26GitHub
35
2
High Cost
B-AROL-O icon
Sec6

A local AI-powered wheeled robot (RAMIE) capable of listening, speaking, and executing commands via a Gradio web interface, designed for local compute and real-time interaction.

Setup Requirements

  • ⚠️Requires specific robot hardware: Latte Panda Mu N100 16GB, Latte Panda Mu Lite Carrier Board, Atmel AT324PA microcontroller, HS422 servo motors, and custom 3D-printed parts.
  • ⚠️Requires local Ollama installation and specific LLM models (`qwen3:4b-instruct`, `qwen3:4b`) to be pulled.
  • ⚠️Requires specific Linux OS (Ubuntu 24.04 Server LTS) on the SBC, with careful serial port (`/dev/ttyS4`) permissions (`dialout` group) and network configuration.
  • ⚠️Requires `pyserial`, `gradio`, and `llama_index` Python packages, typically managed with `uv`.
Review RequiredView Analysis
The system features a custom C++ `Uniparser` for serial communication, mapping ASCII commands to function calls on the microcontroller. While designed for this purpose, any vulnerability in this parser could allow arbitrary command execution on the embedded system. The Python component uses `subprocess.Popen` to launch Ollama and `requests.post` for API calls, and `tty.setraw` for terminal input, which can be sensitive. The system is intended to run locally, limiting external attack vectors, but remote SSH development and local network access for the Gradio interface introduce potential risks. Extensive debug logging macros in C++ firmware could expose internal state if enabled in production.
Updated: 2025-11-30GitHub
35
11
Low Cost
xwang152-jack icon
Sec8

Provides a Model Context Protocol (MCP) service to enable AI applications to interact with WeChat Official Account APIs, managing features like authentication, media, drafts, and publishing.

Setup Requirements

  • ⚠️Requires WeChat AppID and AppSecret to be provided via CLI arguments.
  • ⚠️Node.js 18+ runtime is required.
  • ⚠️For SSE mode, `CORS_ORIGIN` environment variable should be configured for security (e.g., `https://your-domain.com`).
  • ⚠️Sensitive data encryption for SQLite storage (`WECHAT_MCP_SECRET_KEY` environment variable) should be used with a strong, securely managed key.
Verified SafeView Analysis
The project demonstrates good security awareness by implementing optional AES encryption for sensitive fields (AppSecret, Access Token) via `WECHAT_MCP_SECRET_KEY`. It also explicitly warns about configuring `CORS_ORIGIN` for SSE mode to prevent cross-site scripting (XSS) risks. SQL operations use parameterized queries, mitigating SQL injection. Error logging is designed to be desensitized. The security largely depends on the user correctly configuring strong environment variables and CORS policies.
Updated: 2025-11-19GitHub
PreviousPage 127 of 713Next