Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
4
Medium Cost
dirmacs icon

ares

by dirmacs

Sec8

A production-grade agentic chatbot server with multi-provider LLM support, tool calling, Retrieval Augmented Generation (RAG), and advanced research capabilities.

Setup Requirements

  • ⚠️Requires a local Ollama server running with a compatible LLM (e.g., 'ministral-3:3b') for default LLM functionality.
  • ⚠️Mandatory environment variables (JWT_SECRET, API_KEY) must be set for the server to start, even in development.
  • ⚠️For UI development, requires Rust toolchain (with wasm32-unknown-unknown target), Trunk bundler, and Node.js/npm for Tailwind CSS.
Verified SafeView Analysis
The server demonstrates good security practices by requiring critical secrets (JWT_SECRET, API_KEY) via environment variables and offering configurable CORS and rate limiting. There is no direct use of 'eval' or similar dynamic code execution within the core Rust backend. Tool execution is managed through a registry of pre-defined Rust traits, and external tools via MCP are handled by the 'rmcp' crate which focuses on inter-process communication rather than arbitrary code execution within the server. However, the system's flexibility in loading dynamic configurations (TOON files) for user-created agents and their tool definitions could introduce risks if these configuration files are not securely managed or sourced from untrusted origins. The default rate limiting is disabled, which is not recommended for production without re-enabling.
Updated: 2026-01-16GitHub
35
5
Medium Cost
yshalsager icon

mcp-4get

by yshalsager

Sec9

An MCP server providing LLM clients seamless access to the 4get Meta Search engine API for web, image, and news searches.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires uv for dependency management and running
  • ⚠️Relies on the external 4get.ca API, which may require an optional pass token for rate-limited instances.
Verified SafeView Analysis
The server uses standard HTTP client libraries (httpx) with connection pooling and timeout handling. Configuration is loaded from environment variables, avoiding hardcoded secrets. Input parameters are handled via `httpx.QueryParams` and normalized, reducing direct injection risks. Custom error handling and retry logic enhance resilience. No direct 'eval' or similar dangerous functions were found. Input validation for configuration values is also implemented.
Updated: 2026-01-17GitHub
35
1
High Cost
null-runner icon

chrome-mcp-docker

by null-runner

Sec9

Provides a persistent, stable Chrome DevTools environment for AI coding assistants to perform UI debugging and web interactions.

Setup Requirements

  • ⚠️Requires Docker Desktop (or Docker Engine) to be installed and running.
  • ⚠️The official Docker MCP Gateway has known bugs affecting custom servers; standalone installation (using 'docker run' directly) or a patched Gateway fork is recommended.
  • ⚠️When configuring for Windows/WSL, catalog paths in `~/.claude.json` must use Windows-style paths (e.g., `C:\Users\...`) with double backslashes for escaping.
Verified SafeView Analysis
The server runs inside a Docker container and connects to a separate Chrome container. It uses `puppeteer-core` to interact with Chrome via the DevTools Protocol (CDP). The `Host` header spoofing (setting 'Host: localhost' when connecting to Chrome) is a necessary workaround for Docker's networking on `host.docker.internal` and is not a general security vulnerability. The `page.evaluate()` function is used internally by specific tools (e.g., `get_computed_styles`, `scroll`) for controlled operations, not exposed as a generic `eval` tool, limiting direct arbitrary code execution. Chrome runs with `--no-sandbox` in Docker, which is common but reduces internal browser isolation if a Chrome vulnerability were exploited. Overall, the design prioritizes isolated and controlled browser interaction.
Updated: 2025-12-10GitHub
35
31
Medium Cost
Tommertom icon

awesome-ionic-mcp

by Tommertom

Sec7

Acts as an intelligent server for AI assistants to access Ionic Framework and Capacitor component definitions, plugin documentation, code examples, and execute CLI commands for mobile app development.

Setup Requirements

  • ⚠️Requires GITHUB_TOKEN environment variable for full functionality, otherwise GitHub API rate limits will be hit during startup when fetching community and CapGo plugin data.
  • ⚠️Puppeteer launches a visible browser window (`headless: false`) for some documentation lookups, requiring a graphical environment or Xvfb if run on a headless server.
  • ⚠️Requires active internet connection for initial data loading and most documentation lookups.
Verified SafeView Analysis
The server executes Ionic and Capacitor CLI commands using `execa` (via `npx`). Input arguments for these commands are sanitized to prevent shell metacharacters. Commands are intended to be restricted to `npx @ionic/cli` and `npx @capacitor/cli`. A critical bug exists in `src/tools/ionic-cli/cli-utils.ts::validateCommand` where the `npx` package validation incorrectly targets the `'-y'` argument instead of the actual CLI package (`@ionic/cli` or `@capacitor/cli`). This bug would currently prevent `npx` commands from executing successfully if strictly enforced. If this bug were fixed to correctly validate only `npx @ionic/cli` and `npx @capacitor/cli`, the command execution would be considered reasonably secure against arbitrary shell injection for the intended CLIs. The server also uses Puppeteer to scrape official documentation sites, launching a browser (often in `headless: false` mode, meaning visible) which increases the attack surface, but it is used against known, trusted URLs specified in the code. No hardcoded secrets or 'eval' were found.
Updated: 2026-01-04GitHub
35
6
High Cost
chronosphereio icon

chronosphere-mcp

by chronosphereio

Sec8

The Chronosphere MCP server acts as an intermediary, exposing Chronosphere monitoring data (logs, metrics, traces, events) and configuration as tools for AI applications and agents.

Setup Requirements

  • ⚠️Requires a Chronosphere API Token or OAuth configuration for backend authentication.
  • ⚠️Requires a Chronosphere Organization Name for API endpoint construction.
  • ⚠️Relies on 'unstable' Chronosphere APIs which are not recommended for production use and may change without warning.
  • ⚠️Requires a YAML configuration file to define server transports (stdio, SSE, HTTP) and Chronosphere API details.
Verified SafeView Analysis
The server uses standard practices for loading credentials (API tokens, OAuth) via configuration files and environment variables, avoiding hardcoding. It integrates with OpenTelemetry for tracing and metrics, enhancing operational visibility without introducing direct security flaws. A dynamic tool disabling mechanism via HTTP headers (`X-Chrono-MCP-Disable-Tools`) allows administrators to limit exposed functionality. However, a notable risk is the explicit reliance on 'unstable' Chronosphere APIs, which are marked as experimental and subject to breaking changes without notice. While the MCP server itself handles these calls securely, unexpected behavior or changes in the underlying unstable APIs could indirectly lead to operational issues or unintended data exposure if not managed carefully by Chronosphere.
Updated: 2026-01-15GitHub
35
6
Medium Cost
exasol icon

mcp-server

by exasol

Sec9

Provides an LLM access to the Exasol database via MCP tools, enabling metadata browsing, SQL query execution, and BucketFS file system interaction.

Setup Requirements

  • ⚠️Requires an Exasol database to connect to, configured via environment variables.
  • ⚠️Specific Python version constraint (>=3.10,<3.14).
  • ⚠️`uv` package is required for recommended installation/execution methods.
  • ⚠️Extensive environment variable configuration if using advanced features like OAuth2 or SaaS for authentication and/or BucketFS access.
Verified SafeView Analysis
The project demonstrates strong security awareness. It explicitly handles secrets via environment variables, with sensitive data masked in logs. SQL queries are rigorously validated using `sqlglot` to prevent injection, with DML/DDL operations requiring user elicitation and confirmation. Identifiers are properly quoted to prevent injection. The HTTP server explicitly checks for authentication by default, mitigating unauthorized access. File system operations on BucketFS also use elicitation and path validation.
Updated: 2026-01-16GitHub
35
6
Low Cost
Fluid-AI icon

fluidmcp

by Fluid-AI

Sec9

Orchestrates Model Context Protocol (MCP) servers and LLM inference engines (like vLLM) via a unified FastAPI gateway, enabling dynamic management, tool invocation, and multi-model LLM serving.

Setup Requirements

  • ⚠️Requires Python 3.9+ to run.
  • ⚠️For LLM features, vLLM must be separately installed (`pip install vllm>=0.6.0`).
  • ⚠️A CUDA-capable GPU is strongly recommended for vLLM to function efficiently.
  • ⚠️A Hugging Face Hub token (set as `HUGGING_FACE_HUB_TOKEN`) is required for accessing gated LLM models.
  • ⚠️Requires a running MongoDB instance for persistent configuration and logging by default; otherwise, data is lost on server restart. Persistence can be enforced with `--require-persistence`.
  • ⚠️Careful management of ports is necessary to avoid conflicts when running multiple MCP servers or LLM models simultaneously.
Verified SafeView Analysis
The server includes robust validation against command injection (e.g., whitelisting commands, stripping dangerous shell patterns in arguments) and MongoDB injection (sanitizing input). It supports configurable bearer token authentication for its management API and explicit warnings for insecure CORS settings. While running external processes inherently carries some risk, the implemented input validation and whitelisting significantly mitigate common vulnerabilities.
Updated: 2026-01-19GitHub
35
3
High Cost
mkmeral icon
Sec4

Hosts isolated Strands AI agents in Docker containers, managing their lifecycle, persistence, and tool access.

Setup Requirements

  • ⚠️Requires Docker to be running for agent isolation and execution.
  • ⚠️Requires AWS credentials configured with access to Amazon Bedrock (Claude models) for default LLM functionality.
  • ⚠️Requires Python 3.11+.
Review RequiredView Analysis
The system design grants autonomous AI agents extensive capabilities including direct `shell` command execution and `python_repl` code execution, with `BYPASS_TOOL_CONSENT` explicitly enabled. This means agents can perform arbitrary actions within their mounted Docker volumes and interact with specified external services (like GitHub) without human confirmation. While intentional for agent autonomy, this presents a significant security risk if an agent misbehaves, is compromised, or misinterprets a task, potentially leading to unintended modifications to its workspace or data leakage via configured tools. Users must exercise extreme caution and ensure high trust in the AI's prompts and capabilities.
Updated: 2026-01-13GitHub
35
4
Medium Cost
PancrePal-xiaoyibao icon

get-biji-dev-by-gemini3pro

by PancrePal-xiaoyibao

Sec8

Integrates the Get Notes API with a Model Context Protocol (MCP) server to provide AI-powered knowledge search and recall from multiple knowledge bases.

Setup Requirements

  • ⚠️Requires a valid API key for the 'Get Notes' service (a paid service).
  • ⚠️Requires Node.js (version 18+ is recommended).
  • ⚠️Complex configuration for multiple knowledge bases, either via a 'knowledge_bases.json' file or a large JSON string environment variable.
Verified SafeView Analysis
Configuration via the GET_KNOWLEDGE_BASES environment variable relies on JSON.parse, which could theoretically be a vector for injection if the environment is not controlled by a trusted administrator. API keys are loaded from environment variables or local files and are appropriately masked when listing knowledge bases. Robust rate limiting and retry mechanisms are implemented.
Updated: 2026-01-14GitHub
35
11
Medium Cost
trailofbits icon

slither-mcp

by trailofbits

Sec8

Provides static analysis for Solidity smart contracts using Slither via the Model Context Protocol (MCP), making contract metadata, inheritance, function calls, and security vulnerabilities accessible to LLMs and other tools.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires a Solidity development environment (e.g., Foundry 'forge' or Hardhat 'npx') to be installed and discoverable in the system's PATH for static analysis.
  • ⚠️For specific LLM client integrations (e.g., Claude, Cursor), 'uvx' might be required and configured in the system's PATH.
Verified SafeView Analysis
The server's core functionality relies on executing external tools (Forge, Slither) on user-provided Solidity project paths. While this is inherent to its purpose, it introduces a reliance on the integrity of the project path and the binaries being executed. Input validation is performed for tool parameters, and there are no direct code injection vulnerabilities like 'eval' or arbitrary command execution through tool requests. Opt-out metrics are implemented with explicit privacy filtering, and opt-in enhanced error reporting is clearly documented to transmit sensitive data. The primary risk lies in a user supplying a malicious Solidity project that could exploit local environment vulnerabilities, rather than a flaw in the server's request handling.
Updated: 2025-11-19GitHub
35
3
High Cost
UAEpro icon
Sec9

An intelligent FastMCP 2 server that converts natural language questions into SQL queries or API requests for any SQL database or OpenAPI-defined API using AI.

Setup Requirements

  • ⚠️Requires an LLM API Key (e.g., OpenAI, OpenWebUI) which might be a paid service.
  • ⚠️Requires specific database drivers (e.g., psycopg2-binary for PostgreSQL, pymysql for MySQL) if not using the default SQLite.
  • ⚠️Requires manual execution of `python generate_schema.py` to create initial database/API context.
Verified SafeView Analysis
The system implements robust multi-layered security: read-only by default, a comprehensive keyword blacklist (e.g., DROP, DELETE, INSERT), explicit SELECT-only enforcement for SQL, checks for multiple statements to prevent SQL injection, and a ResponseSanitizer that hides database internals (SQL queries, table/column names, detailed errors) from end-users in production mode. API mode includes an `unsafe_mode` flag for allowing non-GET requests, making it a conscious configuration choice rather than an oversight. Secrets are managed via environment variables.
Updated: 2025-12-05GitHub
35
1
Medium Cost
burnham icon
Sec9

This server acts as a Model Context Protocol (MCP) intermediary, enabling AI assistants like Antigravity to interact with and manage n8n automation workflows via its REST API.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Requires an active n8n instance with a generated API Key and its corresponding URL.
  • ⚠️Specific configuration for Antigravity involves editing `mcp_config.json` with absolute paths, which can be error-prone across different operating systems.
Verified SafeView Analysis
The server loads API credentials (N8N_API_URL, N8N_API_KEY) from environment variables, explicitly checking for their presence. The `.env` file is correctly listed in `.gitignore` to prevent accidental commits of sensitive data. The client uses `encodeURIComponent` for IDs to prevent injection. There are no direct usages of `eval` or obvious malicious patterns. The main security consideration is ensuring the N8N_API_KEY is kept secure in the deployment environment.
Updated: 2025-11-25GitHub
PreviousPage 132 of 713Next