Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
8
Medium Cost
hherb icon

biomedmcp

by hherb

Sec8

A biomedical research Model Context Protocol (MCP) server and an autonomous research agent that uses local LLMs to search PubMed and the web for medical questions, providing evidence-based answers with citations.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires Ollama to be installed and running locally with a compatible LLM (default: phi4:latest)
  • ⚠️Optional: NCBI API key (set as NCBI_API_KEY environment variable) for higher PubMed API rate limits.
Verified SafeView Analysis
The server uses environment variables for API keys (NCBI_API_KEY) and standard, well-vetted Python libraries (requests, BeautifulSoup, Flask). No 'eval' statements or obvious hardcoded secrets were found. Subprocess execution in local client mode targets a known project script, reducing arbitrary command injection risks. XML parsing for PubMed abstracts uses `xml.etree.ElementTree`, which is generally safe but less robust against deliberately malformed XML (e.g., XXE attacks) than specialized libraries if the source were untrusted; however, PubMed is a trusted source.
Updated: 2025-11-22GitHub
35
6
Medium Cost
aj-geddes icon

terry-form-mcp

by aj-geddes

Sec9

Enables AI assistants to securely execute Terraform commands and leverage LSP-driven code intelligence for infrastructure-as-code management.

Setup Requirements

  • ⚠️Docker is required for the recommended and most secure deployment method.
  • ⚠️Full GitHub integration requires a complex, multi-step GitHub App setup including private keys and installation IDs.
  • ⚠️Users must separately configure cloud provider credentials on the host (e.g., AWS environment variables) for Terraform to interact with actual cloud infrastructure.
Verified SafeView Analysis
The server implements strong security measures including input validation, path traversal protection, command injection prevention, and action whitelisting (blocking 'apply', 'destroy'). Sensitive information is handled via environment variables. Subprocess execution uses `shell=False`. Rate limiting and authentication are implemented. Docker containerization enhances isolation, though explicit network isolation settings for the Docker container itself would further harden the 'no outbound network connectivity' claim.
Updated: 2025-12-04GitHub
35
6
Medium Cost
abhirockzz icon

mcp_cosmosdb_go

by abhirockzz

Sec6

Provides an MCP server for interacting with Azure Cosmos DB databases, containers, and items, primarily intended as a learning and experimental tool for AI tooling.

Setup Requirements

  • ⚠️Requires an active Azure subscription and an Azure Cosmos DB account.
  • ⚠️Authentication with Azure is required, typically via Azure CLI login (`az login`), environment variables (e.g., AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET), or Managed Identity.
  • ⚠️The authenticated identity must have appropriate 'control plane' and 'data plane' permissions on the Azure Cosmos DB account.
Verified SafeView Analysis
The server uses DefaultAzureCredential for robust Azure authentication and does not contain hardcoded production secrets or malicious patterns. However, the README explicitly warns that when deployed as a remote HTTP(s) endpoint, the server lacks client authentication and authorization, making it critically vulnerable if exposed publicly. For local or securely managed deployments (e.g., behind an authenticated API Gateway), the risk is mitigated, but this crucial limitation must be addressed for any public-facing remote use.
Updated: 2026-01-19GitHub
35
5
Medium Cost
RomanEmreis icon

neva

by RomanEmreis

Sec8

Provides a blazingly fast and easily configurable Model Context Protocol (MCP) server and client SDK for Rust, primarily for integrating LLMs with external tools and resources.

Setup Requirements

  • ⚠️Requires `rustc 1.90+` for compilation.
  • ⚠️The project is currently in 'preview' status, meaning breaking changes can be introduced without prior notice, impacting long-term stability and compatibility.
  • ⚠️Requires the `JWT_SECRET` environment variable to be set for authentication, which must be at least 256 bits long for secure operation.
Verified SafeView Analysis
The server implements bearer token authentication and role-based access control (RBAC) for tools, resources, and prompts, as configured via `AuthConfig` in `http/server/auth_config.rs`. Input validation for structured data, specifically for elicitation requests, is handled explicitly. The framework's use of Rust's proc-macros for defining handlers means that developer-provided literal strings and expressions are embedded directly into generated Rust code at compile time. While this shifts potential injection risks to the compile phase (requiring developers to ensure macro inputs are safe), it mitigates runtime dynamic code execution vulnerabilities from unvetted external input. No 'eval'-like runtime execution from untrusted sources is apparent.
Updated: 2025-12-14GitHub
35
5
Medium Cost
mytechnotalent icon

Local_MCP_Client

by mytechnotalent

Sec6

The client acts as a cross-platform web and API interface for natural language interaction with configurable MCP servers, facilitating structured tool execution and dynamic agent behavior using local LLMs.

Setup Requirements

  • ⚠️Requires Ollama to be installed and 'ollama serve' running locally.
  • ⚠️Requires a local LLM model (e.g., llama3:8b) pulled via Ollama.
  • ⚠️Requires cloning specific MCP server repositories (e.g., MalwareBazaar_MCP, binja-lattice-mcp) to the user's `~/Documents` directory.
  • ⚠️A Binary Ninja API token (BNJLAT) is required for the `binja-lattice-mcp` server, which should be set as an environment variable.
Review RequiredView Analysis
The primary security risk lies in the client's design to execute external commands as defined in `mcp_config.json`. If `mcp_config.json` is untrusted or modified, this could lead to arbitrary code execution on the host system. Additionally, the example `mcp_config.json` hardcodes a placeholder `BNJLAT` (Binary Ninja API token) in the `env` section for one of the MCP servers. While this is an example, it could inadvertently expose sensitive credentials if users copy the example without replacing it with their actual token from an environment variable as recommended by the `README`. The client's own source code does not contain `eval` or obvious obfuscation, but its core function of executing external tools requires careful setup and trust in the configuration and linked MCP servers.
Updated: 2025-11-26GitHub
35
6
Low Cost
SamMorrowDrums icon

mcp-go-starter

by SamMorrowDrums

Sec9

A feature-complete Model Context Protocol (MCP) server template in Go demonstrating tools, resources, and prompts for AI agent interaction.

Setup Requirements

  • ⚠️Requires Go 1.22+
Verified SafeView Analysis
The server is built using standard Go libraries and the official MCP SDK. It supports both stdio and HTTP transports, with the HTTP server binding to localhost by default. There are no hardcoded secrets or 'eval' patterns identified. Dynamic tool loading is used to demonstrate adding functionality at runtime, but the 'bonus_calculator' tool is defined internally, not loaded from an untrusted external source. Elicitation features (form and URL) are part of the MCP protocol and are clearly annotated, providing clients with information about potential external interactions (e.g., opening a feedback URL).
Updated: 2026-01-19GitHub
35
1
Low Cost
jesselumarie icon

mcp-icon-test-server

by jesselumarie

Sec7

This server is designed to test icon support for various Model Context Protocol (MCP) entities (server, tools, resources, prompts) within the MCP Inspector.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires `npm install` and `npm run build` to be executed before running the server.
Verified SafeView Analysis
The server uses `cors` with `origin: '*'`, which means it accepts requests from any domain. While acceptable for a test server, in a production environment, this would be a significant security risk allowing Cross-Origin Resource Sharing from any source. No obvious hardcoded secrets or malicious patterns like 'eval' were found. Session IDs are generated using `randomUUID()`, providing reasonable isolation for a test setup.
Updated: 2025-11-25GitHub
35
1
Low Cost
dseditor icon

Comfy-MCP

by dseditor

Sec7

Automates text-to-image generation using ComfyUI workflows, enabling seamless integration with MCP-compatible AI agents like Claude and Gemini.

Setup Requirements

  • ⚠️Requires an existing ComfyUI installation with Python embedded environment.
  • ⚠️Needs a pre-configured Text-to-Image (T2I) workflow JSON file for ComfyUI (e.g., `image_z_image_turbo.json`) with specified prompt and output node IDs.
  • ⚠️Auto-update features for Claude Code, Claude Desktop, or Gemini CLI require these respective clients to be pre-installed on the system.
Verified SafeView Analysis
The server uses `subprocess.run` to install Python packages and to interact with external AI CLI tools (e.g., `claude mcp add-json`). It also directly modifies configuration files for other AI applications (Claude Desktop, Gemini CLI) in user directories. While these actions are intended for integration and setup, they involve broad system interaction and modifying external application settings, which could be a concern if the source is not fully trusted or its implications are not understood. The `shell=True` for Claude CLI commands on Windows adds a minor, but controlled, risk.
Updated: 2025-12-14GitHub
35
1
Low Cost
Sec8

Provides contextual guidelines and templates to the Codex AI assistant to ensure adherence to project conventions, reduce hallucinations, and enforce architectural patterns for Flutter development.

Setup Requirements

  • ⚠️Requires Node.js and npm to install dependencies.
  • ⚠️Manual replacement of `$PATH_TO_REPO` in `~/.codex/config.toml` is required for local setup.
  • ⚠️If using `npx` from GitHub Packages, `npm auth` with a `GITHUB_TOKEN` (read:packages permission) is required to access private packages.
Verified SafeView Analysis
The server's entry point (`flutter-codex-guard.mjs`) is not provided, limiting a full security audit. However, the existing code and README suggest it serves static markdown files and built-in templates. The core `@modelcontextprotocol/sdk` dependency handles the server aspects. There are no obvious signs of 'eval', malicious network patterns, or hardcoded secrets in the visible code. The configuration explicitly uses 'node' or 'npx' commands, which are standard for running Node.js applications. A potential risk could exist if the '.mjs' file processes arbitrary user input without sanitization or exposes unintended file system access, but this cannot be verified from the truncated source.
Updated: 2025-11-25GitHub
35
7
High Cost
NullNet-ai icon

wallguard

by NullNet-ai

Sec2

WallGuard is a centralized management system designed to monitor system state, network activity, and provide secure remote access for agents deployed on firewalls and other network-facing devices.

Setup Requirements

  • ⚠️Requires a separate 'datastore' service (https://github.com/NullNet-ai/datastore) to be installed and running.
  • ⚠️Requires Rust (latest stable edition) and specific development packages (libpcap-dev, protobuf-compiler, libprotobuf-dev) to build.
  • ⚠️The agent component of WallGuard must be run with root/Administrator privileges.
Review RequiredView Analysis
CRITICAL VULNERABILITY: The `execute_cli_command` function in `control_channel/commands/execute_cli_command.rs` directly executes commands and arguments received from connected agents. Since the WallGuard agent runs with root/Administrator privileges, a compromised agent or malicious client could achieve arbitrary command execution, leading to full system compromise. CRITICAL VULNERABILITY: The `AcceptAllVerifier` in `http_proxy/proxy/request.rs` disables TLS certificate validation for the HTTP proxy, making it vulnerable to Man-in-the-Middle (MITM) attacks for UI remote access. The `@TODO` comment acknowledges this, but it remains an active risk. SECURITY RISK: The `generate_keypair` function in `utilities/ssh.rs` creates temporary files for SSH private keys in `/tmp`. While it attempts to delete them, there is a window of opportunity for local attackers to access these keys. PRIVACY RISK: The `TODO.md` mentions capturing and sending clipboard data during Remote Desktop sessions. Without explicit user consent and robust safeguards, this poses a significant privacy risk.
Updated: 2026-01-16GitHub
35
4
Low Cost
crypto-ninja icon

github-mcp-server

by crypto-ninja

Sec9

Comprehensive GitHub workflow automation for AI-powered development teams, including actions monitoring, PR management, intelligent code search, and complete file management.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Deno to be installed and accessible on the system's PATH for code execution features.
  • ⚠️Some notification-related tools (e.g., `github_list_notifications`) explicitly require a GitHub User Access Token (UAT), and will not work with GitHub App installation tokens.
  • ⚠️The `github_create_release` tool may fall back to requiring a Personal Access Token (PAT) if a GitHub App token does not have sufficient permissions for release creation and Git tag operations.
Verified SafeView Analysis
The server implements robust security measures, especially for its Deno-based code execution sandbox. It explicitly blocks dangerous APIs (e.g., `eval`, `Deno.run`, file write operations), prevents prototype pollution, and restricts dynamic global object access. Local file operations enforce workspace root constraints and prevent path traversal. Authentication is handled via environment variables (GITHUB_TOKEN) or GitHub App configuration, and specific write operations like `github_str_replace` and `github_delete_file` require unique matches and SHAs respectively for safety. No obvious hardcoded secrets were found.
Updated: 2026-01-09GitHub
35
5
Medium Cost
tomschell icon

personal-kg-mcp

by tomschell

Sec8

A personal knowledge graph system for developers to automatically capture decisions, progress, insights, and questions within multi-agent workflows, preserving context and reasoning.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) if high-quality semantic embeddings are desired; otherwise, it falls back to local bag-of-words.
  • ⚠️Requires a GitHub Personal Access Token for GitHub integration features.
  • ⚠️Requires Git and GitHub CLI tools to be installed and authenticated for GitHub integration features.
  • ⚠️Requires restarting the MCP client (e.g., Cursor, Claude Desktop) after configuration changes for tools to become available.
Verified SafeView Analysis
The server uses `execSync` for Git and GitHub CLI commands, which, while justified and validated with internal arguments, presents an elevated risk compared to in-process logic. Reliance on external CLI tools and API keys for GitHub/OpenAI means their security is a dependency. File I/O operations are confined to a configured base directory, and `zod` is extensively used for input validation, mitigating common file system and input-related vulnerabilities. No direct `eval` of user input or hardcoded secrets were found; sensitive data like API keys are loaded from environment variables.
Updated: 2026-01-19GitHub
PreviousPage 133 of 713Next