Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
2
Medium Cost
Cosmostima icon

MUSTer_MCP

by Cosmostima

Sec8

Automate interactions with M.U.S.T. (Macau University of Science and Technology) campus systems like Moodle and Wemust for tasks such as retrieving class schedules, listing courses, checking assignments and deadlines, downloading course materials, and opening authenticated web pages.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires a locally available Chrome browser and its corresponding Chromedriver for Selenium to function.
  • ⚠️Requires `MUSTER_USERNAME` and `MUSTER_PASSWORD` to be set as environment variables.
Verified SafeView Analysis
No 'eval' or code obfuscation found. Credentials (`MUSTER_USERNAME`, `MUSTER_PASSWORD`) are properly handled via environment variables. The `open_URL_with_authorization` tool opens a headed browser window, which inherently exposes the user to content from the provided URL. The `download_resource` tool downloads files to the local filesystem. These are inherent features of the tool's functionality and carry typical web interaction and file download risks.
Updated: 2025-12-13GitHub
35
6
Medium Cost
openshift-assisted icon

assisted-service-mcp

by openshift-assisted

Sec9

Serves as an MCP (Model Context Protocol) intermediary, providing tools to interact with and manage OpenShift clusters via the Red Hat Assisted Installer API.

Setup Requirements

  • ⚠️Requires Python 3.13 or later.
  • ⚠️Requires 'uv' for dependency management and execution.
  • ⚠️Requires a Red Hat OpenShift Cluster Manager (OCM) offline token for authentication, which must be obtained from cloud.redhat.com/openshift/token and provided via environment variable or request header.
Verified SafeView Analysis
The server explicitly implements a `SensitiveFormatter` to redact sensitive information (pull secrets, SSH keys, vSphere credentials) from logs, which is a strong security practice. API endpoints are configurable via environment variables, and authentication relies on external OCM offline tokens. No 'eval' or other obviously malicious patterns were found. The primary risk involves proper handling and provisioning of the OCM offline token outside the server's control.
Updated: 2026-01-17GitHub
35
5
Medium Cost
bobmatnyc icon

mcp-ticketer

by bobmatnyc

Sec7

MCP Ticketer is a universal ticket management interface for AI agents, enabling them to perform CRUD operations, manage hierarchy, conduct analysis, and integrate with various project management platforms (Linear, GitHub, Jira, Asana, AITrackdown). It aims to streamline workflows and maintain project health for AI-driven development.

Setup Requirements

  • ⚠️Requires environment variables (e.g., LINEAR_API_KEY, GITHUB_TOKEN, JIRA_ACCESS_TOKEN, JIRA_ACCESS_USER) for specific adapter configurations.
  • ⚠️Full analysis features (e.g., `ticket_analyze` actions) require additional dependencies: `scikit-learn`, `rapidfuzz`, `numpy` (`pip install mcp-ticketer[analysis]`).
  • ⚠️Requires Python 3.11+ due to use of `tomllib`.
  • ⚠️Some comprehensive operations, like `ticket_analyze(action='cleanup_report', summary_only=False)`, can generate very large responses (40,000+ tokens) which may exceed model context limits, despite internal token estimation and warnings.
Verified SafeView Analysis
The system is generally robust, employing Pydantic for input validation, environment variables for sensitive credentials (which are also masked in logs), and parameterized SQL queries to prevent injection. However, specific operations warrant caution: - **Path Traversal**: The `ticket_hierarchy` and `attachment` tools accept `file_path` or `project_path` arguments directly. If an AI agent's input for these paths is unsanitized and controlled by a malicious actor, it could lead to arbitrary local file access, reading, or overwriting on the host system where the MCP server is running (e.g., via `file_path='/etc/passwd'`). Similarly, `os.chdir(project_path)` in the server's main entry point, if `project_path` is untrusted, could set the working directory to a malicious location. - **Information Disclosure**: While credentials are handled via environment variables and configuration files (like `.env.local`), and masked in logs, a user misconfiguring by committing `.env.local` to a public repository would expose secrets.
Updated: 2026-01-17GitHub
35
5
Medium Cost
saidsef icon
Sec9

Enables LLMs to interact with GitHub for automated Pull Request analysis, issue management, and release tracking, along with public IP information retrieval.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires a GitHub Personal Access Token with `repo` scope.
  • ⚠️Requires `uv` (or `uvx`) for execution.
Verified SafeView Analysis
The server retrieves the GitHub Personal Access Token from environment variables, which is a good practice. It uses the `requests` library with defined timeouts, and error handling logs exceptions. No dangerous functions like `eval` or obfuscation are present. The primary security consideration is the broad `repo` scope required for the GitHub token, granting extensive repository access. Users must understand these permissions. Exposing the server via HTTP (`MCP_ENABLE_REMOTE=true`) to public networks without additional security layers (e.g., HTTPS, firewall rules, API key for the MCP server) would be a significant risk, which is a deployment concern rather than a code vulnerability.
Updated: 2026-01-19GitHub
35
1
Medium Cost
vsh00t icon
Sec7

An MCP server for Frida that leverages the native Frida CLI to provide full Java/ObjC API access for mobile application security analysis and reverse engineering, bypassing limitations of Frida's Python/Node.js bindings.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires Frida CLI tools installed (`pip install frida-tools`)
  • ⚠️Requires `frida-server` running on the target device
Verified SafeView Analysis
The core functionality of this server involves executing arbitrary JavaScript code and commands on a target device via `subprocess` calls to the Frida CLI. Inputs like `target` (process name/PID) and `script` are passed directly to `frida` CLI arguments (`-n`, `-p`, `-e`). While this is the intended purpose of the tool for security analysis and reverse engineering, it represents a significant security risk if the MCP server itself is exposed to untrusted input. An attacker gaining control of the input parameters could execute arbitrary code on the target device. However, given that MCP servers are typically deployed in trusted, local environments by security experts, this is considered a feature rather than a flaw in its intended use. There are no obvious hardcoded credentials or malicious patterns in the Python code itself, beyond its powerful capabilities.
Updated: 2025-11-26GitHub
35
5
Medium Cost
blakeox icon
Sec9

This server provides type-safe, performant access to legal data from CourtListener for advanced legal research and case analysis applications.

Setup Requirements

  • ⚠️CourtListener API Access: This server acts as a proxy for the CourtListener API. Access to the underlying CourtListener API (which provides the legal data) requires specific credentials or an API key, configured via environment variables.
  • ⚠️LLM Integration Required for Smart Search: The 'smart_search' tool, an advanced feature, leverages an external Large Language Model (LLM) that must be provided by the connecting MCP client. Without client-side LLM integration, this tool cannot function.
  • ⚠️Extensive Environment Variable Configuration: The server's advanced features (e.g., authentication, rate limiting, audit logging, circuit breakers) are highly configurable via a wide array of environment variables, requiring careful setup for full functionality.
Verified SafeView Analysis
The server implements comprehensive security features including input sanitization (protecting against XSS, SQL injection, code execution), API key and OIDC authentication, per-client rate limiting, and detailed audit logging. Sensitive fields are redacted in logs. The codebase is well-structured TypeScript with no visible obfuscation. Default CORS is set to '*', but the configuration schema indicates this is configurable for production hardening. Test files explicitly include checks for various injection attacks.
Updated: 2026-01-14GitHub
35
6
Medium Cost
Montimage icon

mitre-mcp

by Montimage

Sec9

A production-ready Model Context Protocol (MCP) server that exposes the MITRE ATT&CK® framework to LLMs, AI assistants, and automation workflows.

Setup Requirements

  • ⚠️Python 3.10+ required
  • ⚠️mitre-mcp server must be running (`mitre-mcp --http`)
  • ⚠️Initial MITRE ATT&CK data download (can be large, requiring up to 200MB disk space by default)
Verified SafeView Analysis
The project exhibits a strong focus on security: robust input validation is implemented (regex for technique IDs, length limits, character checks, domain validation) to prevent common vulnerabilities. Automated security tools (Bandit, Safety, CodeQL) are integrated into the CI/CD pipeline for continuous scanning. Best practices, such as discouraging hardcoded API keys and using HTTPS for external requests, are documented. The HTTP server defaults to binding on `localhost:8000`, with explicit warnings against public exposure without a proper reverse proxy and authentication. CORS settings are configurable. No obvious malicious patterns like `eval` or uncontrolled code execution were found.
Updated: 2025-11-26GitHub
35
5
Low Cost
conda-incubator icon

conda-meta-mcp

by conda-incubator

Sec8

Provides authoritative, read-only Conda ecosystem metadata for AI agents to answer packaging questions.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires 'pixi' for local development and running the server, which manages its dependencies.
  • ⚠️The 'package_insights' tool accepts arbitrary URLs; agents should be mindful of the source to avoid downloading excessively large or unexpected files.
Verified SafeView Analysis
The server's core function involves making network requests to Conda ecosystem endpoints (conda.anaconda.org, cforge.quansight.dev) and arbitrary URLs for package tarballs via the `package_insights` tool. While no direct code execution from arbitrary URLs is apparent, this could pose a risk for resource exhaustion or parsing vulnerabilities. The `cli_help` tool's `grep` parameter uses regular expressions, which could potentially be exploited for ReDoS (Regular Expression Denial of Service) if a malicious regex is provided. However, the project adheres to a 'read-only, zero-side-effect' contract and uses established libraries.
Updated: 2026-01-17GitHub
35
5
Medium Cost
ansible icon

aap-mcp-server

by ansible

Sec8

A Model Context Protocol (MCP) service providing an OpenAPI-based interface for AI agents to interact with Ansible Automation Platform (AAP) APIs.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires access to an Ansible Automation Platform instance or a mock server.
  • ⚠️Requires a valid AAP authentication token for API access.
Verified SafeView Analysis
The server offers an 'ignore-certificate-errors' option that disables HTTPS certificate validation (via NODE_TLS_REJECT_UNAUTHORIZED='0'). While explicitly noted for development/testing, it's a critical risk in production. The 'ALLOW_WRITE_OPERATIONS' flag controls access to potentially sensitive API methods (POST, PUT, PATCH, DELETE). The bundled mock AAP server is intentionally insecure (no token validation) and strictly for testing, with clear warnings. Telemetry generates a deterministic, anonymous user ID from the user token and a process-specific salt, which is a good practice.
Updated: 2026-01-19GitHub
35
6
Medium Cost
ZephyrDeng icon

mcp-server-gitlab

by ZephyrDeng

Sec9

A GitLab integration server built on the fastmcp framework, providing various GitLab RESTful API tools for interacting with GitLab instances, supporting AI agents and platforms like Claude and Smithery.

Setup Requirements

  • ⚠️Requires GitLab API URL and Token (can be provided via environment variables or HTTP headers).
  • ⚠️Requires Bun runtime for direct execution or Docker for deployment.
  • ⚠️When deploying with Docker in HTTP Stream mode, ensure MCP_HOST is configured to '0.0.0.0' for external access (though this is the default for httpStream mode).
Verified SafeView Analysis
The server employs dynamic authentication via HTTP headers for GitLab tokens and API URLs in HTTP stream mode, enhancing security by avoiding hardcoded credentials. It also includes explicit sensitive content masking, replacing identifiable data with '***' or 'prefix***suffix', while preserving legitimate GitLab URLs. The 'Gitlab Raw API Tool' offers broad access to GitLab APIs, which is powerful but requires callers to be trusted and properly authorized by the server's authentication layer. Basic validation for token length and URL format is implemented.
Updated: 2026-01-19GitHub
35
6
High Cost
zoho icon
Sec7

A Node.js implementation of the Zoho Analytics Model Context Protocol (MCP) Server that provides seamless integration between Zoho Analytics and MCP Hosts such as VS Code, Claude Desktop, Cursor, and more, enabling direct access to Zoho Analytics data.

Setup Requirements

  • ⚠️Requires Zoho Account OAuth credentials (Client ID, Client Secret, Refresh Token, Organization ID).
  • ⚠️Requires Node.js (LTS version recommended) for the NPX installation, or Docker for containerized deployment.
  • ⚠️Requires an MCP Host Application (e.g., VS Code, Claude Desktop, Cursor) for interaction.
  • ⚠️The `query_data` tool executes user-provided SQL queries, posing a potential SQL injection risk if the AI agent is not strictly controlled.
  • ⚠️The `download_file` tool can download arbitrary files from URLs to local storage, which could be exploited for malicious purposes (e.g., malware download, disk exhaustion).
  • ⚠️For the remote (Python) hosted version, additional environment variables related to the OAuth proxy and persistence (e.g., `MCP_SERVER_PUBLIC_URL`, `SESSION_SECRET_KEY`, `REDIS_HOST`, `CATALYST_PROJECT_ID`) are required for full functionality.
Verified SafeView Analysis
The server correctly loads sensitive OAuth credentials (client ID, client secret, refresh token) from environment variables, which is good practice. However, several tools expose functionality that carries inherent risks when driven by an AI agent: - **`query_data` tool**: Executes arbitrary SQL queries provided as a string input. If the AI agent is compromised or poorly constrained, this could lead to SQL injection vulnerabilities if the underlying Zoho Analytics API does not perform sufficient sanitization for all possible malicious SQL constructs. - **`download_file` tool**: Allows downloading files from any specified URL to a local temporary directory. This poses a risk for downloading malicious executables or excessively large files, potentially leading to denial-of-service (DoS) via disk space exhaustion. - **OAuth Proxy (Python version)**: The Python implementation includes a dynamic client registration (DCR) mimicry layer. While designed to bridge a provider limitation (static client registration only), this adds a layer of complexity to the authentication flow, increasing the potential attack surface if not perfectly secured. It utilizes persistence (in-memory, Redis, or Catalyst) for authorization transactions and codes, which should be properly secured in production environments. Overall, while the server itself does not contain obvious malicious code or hardcoded secrets, the power of its exposed tools requires careful management of the AI agent's inputs and environment sandboxing.
Updated: 2026-01-14GitHub
35
4
Medium Cost
vladzima icon

workflowy-mcp

by vladzima

Sec9

Integrates WorkFlowy's outline and task management capabilities as tools for LLM applications via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a WorkFlowy account with API access and a generated API key.
  • ⚠️The WorkFlowy API has significant discovery limitations (no direct search by name/content, hierarchical navigation only, incompatible web IDs) which impacts LLM usability for finding existing nodes.
  • ⚠️Requires manual configuration in an MCP-compatible client's JSON configuration file (e.g., Claude Desktop).
Verified SafeView Analysis
The server follows good security practices, including requiring API keys via environment variables (WORKFLOWY_API_KEY), using Pydantic's SecretStr for API keys to prevent accidental logging, enforcing HTTPS for the API base URL, and redacting sensitive information like API keys from logs. Robust error handling for various HTTP statuses (401, 404, 429, 5xx) is implemented. There is no evidence of 'eval' or other directly dangerous patterns in the provided source code.
Updated: 2025-12-13GitHub
PreviousPage 134 of 713Next