Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
5
High Cost
VictoriaMetrics-Community icon

mcp-victoriatraces

by VictoriaMetrics-Community

Sec9

Provides a Model Context Protocol (MCP) server for VictoriaTraces, enabling AI clients to query trace data, list services and operations, and search embedded documentation.

Setup Requirements

  • ⚠️Requires a running VictoriaTraces instance (single-node or cluster).
  • ⚠️Authentication to VictoriaTraces via `VT_INSTANCE_BEARER_TOKEN` or `VT_INSTANCE_HEADERS` may be required.
  • ⚠️Requires Go 1.25+ to build from source, or Docker to run pre-built images.
Verified SafeView Analysis
The server follows good security practices by relying on environment variables for sensitive configuration (like `VT_INSTANCE_BEARER_TOKEN`), which can be managed via Kubernetes secrets. Input validation is present for tool parameters, helping prevent common injection vulnerabilities. The build process includes vulnerability (govulncheck) and license (wwhrd) checks. No explicit `eval` or code obfuscation was found. Network exposures are standard for a server (HTTP/SSE/gRPC) and endpoints like `/metrics` can be protected with auth keys. The security of the backend VictoriaTraces instance is crucial as this server acts as a proxy.
Updated: 2026-01-14GitHub
35
4
Medium Cost
faxenoff icon
Sec7

An expert developer tool for comprehensive code analysis, semantic search, refactoring, code modification, and automated documentation. It leverages AI and specialized runtime environments (Node.js/Bun) for high performance, featuring deep Git integration for branch-aware indexing and merge conflict resolution across multiple programming languages.

Setup Requirements

  • ⚠️Platform-Specific Native Binaries: Requires specific builds or pre-compiled binaries for FAISS, CUDA/Metal (for GPU acceleration), OpenVINO Model Server (OVMS), and Llama.cpp. These are OS/architecture/Node.js version dependent and can be complex to build manually.
  • ⚠️LLM/Embedding Server Dependencies: Full semantic and AutoDoc functionality requires external LLM/embedding providers (e.g., Ollama, TEI, vLLM, OVMS, Llama.cpp), often running as Docker containers or separate local server processes, sometimes requiring specific GPU drivers or hardware.
  • ⚠️Language Toolchains: Python 3+, Java JDK, Go compiler, Rust toolchain, C/C++ compilers (Clang) are needed for native parsers and type analysis (e.g., Pyright, JavaParser, Go AST tools).
  • ⚠️Network Access for Model Downloads: Initial setup may download large AI models from Hugging Face or or other repositories.
Verified SafeView Analysis
The server heavily relies on spawning external processes (Git, Python, Java, Kotlin, Go compilers/tools, Clang, Ollama, OVMS, Llama.cpp, ESLint, Pylint, etc.) for parsing, analysis, embedding generation, and language-specific operations. While inputs to these tools are generally validated (e.g., via Zod schemas for tool arguments), the extensive volume and complexity of external process interactions present an increased attack surface. Direct environment variable access (e.g., HF_TOKEN, OPENAI_API_KEY) is used for API keys, which is standard practice but requires secure environment setup. No obvious direct 'eval' or unsanitized user input execution for critical operations was found. The use of native binaries for performance (FAISS, CUDA/Metal) introduces platform-specific dependencies that need to be securely built or provided.
Updated: 2026-01-19GitHub
35
156
Low Cost
loonghao icon
Sec1

Controls Adobe Photoshop programmatically via Model Context Protocol (MCP) for AI assistants.

Setup Requirements

  • ⚠️🔴 WINDOWS OS ONLY: The server relies on Windows-specific COM interfaces and is not supported on macOS or Linux.
  • ⚠️Adobe Photoshop must be installed locally (tested with CC2017-2024 versions).
  • ⚠️Python 3.10 or higher is required.
Review RequiredView Analysis
The server's `execute_javascript` function, utilized by `create_solid_color_layer`, allows direct execution of arbitrary JavaScript code within Photoshop. This presents a critical security vulnerability, as a malicious actor or a compromised AI assistant could inject arbitrary code to perform unauthorized operations within Photoshop, manipulate local files, or potentially execute system commands on the host Windows machine, depending on Photoshop's scripting capabilities and system configurations. This is a form of remote code execution on the local machine.
Updated: 2025-12-19GitHub
35
5
Low Cost
ExpertVagabond icon

raycast-mcp-server

by ExpertVagabond

Sec3

Facilitates advanced Raycast workflow automation and integration with AI assistants on macOS by exposing Raycast and system functionalities as tools.

Setup Requirements

  • ⚠️Requires macOS operating system as it relies on AppleScript (`osascript`) and macOS-specific commands (`open -a Raycast`, `pmset`, `pbcopy`).
  • ⚠️Requires Raycast application to be installed and configured on the host system for core functionality.
  • ⚠️Requires various API keys/tokens (e.g., RAYCAST_API_KEY, GITHUB_TOKEN, NOTION_TOKEN) to be set as environment variables for full authentication and integration capabilities.
Review RequiredView Analysis
The server has critical security vulnerabilities. It directly executes shell commands (`execAsync`) with user-provided input in several tools (`raycast_extensions publish`, `raycast_search`, `raycast_clipboard copy`, `raycast_shortcut`). This exposes the server to: 1. Path traversal for arbitrary file reading (`raycast_extensions publish`) if `publish_path` is manipulated. 2. AppleScript/shell injection if inputs like `query`, `text`, or `custom_key` contain malicious characters that can break out of quoted strings within the `osascript` or `echo` commands. These vulnerabilities could allow an attacker (or a misbehaving AI) to execute arbitrary commands or read sensitive files on the host system. It is NOT safe to run without significant security fixes, including robust input sanitization and validation, or using safer execution methods that don't directly concatenate user input into shell commands.
Updated: 2026-01-13GitHub
35
6
Medium Cost
Shen-Ming-Hong icon

singular-blockly

by Shen-Ming-Hong

Sec7

An MCP (Model Context Protocol) server for the Singular Blockly VSCode extension, providing tools for querying Blockly block definitions, platform configurations (Arduino/ESP32), workspace states, and facilitating code generation and embedded device programming in an educational context.

Setup Requirements

  • ⚠️Requires PlatformIO CLI to be installed for Arduino projects.
  • ⚠️Requires a Python environment and `mpremote` installed (or will attempt to install it via pip) for MicroPython projects.
  • ⚠️This is a component of a VSCode extension and is not designed to run standalone; it expects to be launched by a VSCode host and interact within a VSCode workspace context.
Verified SafeView Analysis
The server uses `child_process.exec` and `child_process.spawn` to interact with external tools like PlatformIO CLI, Python, and mpremote for compiling code and uploading to microcontrollers. It also uses `new Function()` to parse internal JavaScript localization files. While these are privileged operations and can introduce risks if not carefully handled, they appear to be justified by the extension's core functionality and used with arguments derived from internal configurations or validated user inputs. File system access is scoped to the user's workspace and extension directories. No hardcoded secrets or obvious arbitrary code execution vulnerabilities from external inputs were identified in the MCP tool definitions.
Updated: 2026-01-19GitHub
35
5
Medium Cost
ProjectAtlantis-dev icon

atlantis-mcp-server

by ProjectAtlantis-dev

Sec7

An MCP (Model Context Protocol) server for hosting and managing dynamic Python functions and third-party MCP tools, enabling AI agents to discover and utilize shared capabilities across a network.

Setup Requirements

  • ⚠️Requires Python 3.12+ (3.13 noted as 'iffy')
  • ⚠️Requires Node.js and npx for the MCP client bridge (`atlantis-mcp`)
  • ⚠️Requires uv/uvx for installing and running third-party MCP servers
  • ⚠️Requires an account with `www.projectatlantis.ai` and associated email/API key for cloud connection
  • ⚠️User must NOT hardcode API keys or sensitive data in dynamic function files, as `_function_get` can expose entire file contents.
Verified SafeView Analysis
The server binds to localhost (127.0.0.1) by default, minimizing direct external attack surface. External access occurs via an outbound Socket.IO connection to a trusted Atlantis cloud server. Internal functions (`_function*`, `_server*`, `_admin*`) are restricted to the owner. Localhost connections are treated as the owner for convenience, granting them full privileges. CRITICAL RISK: The `_function_get` tool can return the *entire source file* of a dynamic function, not just the function itself. This exposes all code, imports, comments, and potentially hardcoded sensitive data (e.g., API keys, credentials) within that file. The `@copy` decorator allows non-owners to retrieve source code based on visibility rules (`@public` or `@protected`). The `README_SECURITY.md` explicitly warns against hardcoding secrets, recommending environment variables instead. Users must diligently follow this best practice to prevent credential exposure. The `_admin_pip_install` tool allows the owner to install arbitrary Python packages, posing a risk if the owner account is compromised. The security model relies heavily on the trust of the host machine and the Atlantis cloud server, assuming they are not compromised or spoofing parameters. Overall, while network-level defenses are strong, the dynamic code execution and source code retrieval mechanisms introduce significant risks if best practices for secrets management are not strictly followed by the user.
Updated: 2026-01-18GitHub
35
5
High Cost
zapier icon

zapier-mcp

by zapier

Sec1

This repository provides plugins, skills, and commands for AI agents, specifically Claude, to enable sophisticated workflow automation and integration with 8,000+ apps via Zapier's Model Context Protocol (MCP) for engineering tasks like Jira management, git operations, and code reviews.

Setup Requirements

  • ⚠️Requires `jq` and `make` to build plugins locally.
  • ⚠️Requires a Claude Pro/Team account with Skills enabled.
  • ⚠️Requires Zapier MCP connected to Claude, along with appropriate app connections (e.g., Jira) configured within Zapier.
Review RequiredView Analysis
CRITICAL: The `code-review` skill's `allowed-tools` explicitly lists `Bash(rm -rf:*)`. This grants the AI agent the capability to execute `rm -rf` with arbitrary arguments. While the skill's documented intent is to use `git worktree remove` for cleanup (a safer, more controlled command), the direct `rm -rf` capability presents a severe security risk. An AI agent could potentially be prompted or misinterpret a situation, leading to unintended and destructive file system operations on the host machine. This is an extremely dangerous permission for an AI to possess. No hardcoded secrets were found, and network calls are to a known Zapier endpoint, but the `rm -rf` capability overrides other safety measures.
Updated: 2025-12-12GitHub
35
4
Medium Cost
abdebek icon

MCPify

by abdebek

Sec7

Exposes ASP.NET Core endpoints and OpenAPI specifications as Model Context Protocol (MCP) tools for AI assistants.

Setup Requirements

  • ⚠️Requires .NET 8.0, 9.0, or 10.0 SDK.
  • ⚠️When using Stdio transport, `dotnet run` is not recommended due to build logs corrupting the MCP protocol; `dotnet publish` and running the executable DLL directly is preferred.
  • ⚠️The default `Demo:StateSecret` (a placeholder) must be changed to a secure, unique value for any production or shared environment.
Verified SafeView Analysis
The server provides a robust framework for integrating existing APIs with MCP, including a fully functional OAuth 2.0 Authorization Server powered by OpenIddict. It implements key security features like RFC 8707 resource parameters, JWT token validation, and scope enforcement. However, the default `Demo:StateSecret` in `appsettings.json` is a hardcoded placeholder (`CHANGE_THIS_TO_A_SECURE_SECRET_IN_PRODUCTION_12345`) which poses a significant security risk if not changed in production environments. While `AllowedHosts: "*"` is present, it's often acceptable for internal services if other network controls are in place. No `eval` or obvious malicious patterns were found in the truncated source code.
Updated: 2026-01-18GitHub
35
5
Medium Cost
balldontlie-api icon

mcp

by balldontlie-api

Sec8

Provides a Model Context Protocol (MCP) server for accessing comprehensive sports data and analytics from the BALLDONTLIE API across 18 major sports and leagues.

Setup Requirements

  • ⚠️Requires a BALLDONTLIE API Key for authentication, obtained by signing up on their platform.
  • ⚠️Requires Node.js runtime version 18.0.0 or higher.
Verified SafeView Analysis
The server acts as a proxy, forwarding the client's API key (received via Authorization header) to the backend BALLDONTLIE API. This is a standard pattern for MCP servers integrating with external APIs. While `inputSchema` definitions are present, runtime validation against these schemas does not appear to be explicitly performed within the tool handlers before calling the backend API, which could lead to unnecessary backend calls or less precise error reporting. One specific tool (`nba_get_leaders`) implements pagination client-side by fetching the entire dataset from the upstream API for each call, then slicing it. This can lead to increased network usage and memory consumption on the MCP server and the backend API, especially with large datasets or frequent requests with small `per_page` values, potentially causing operational inefficiencies or hitting rate limits faster than expected. No direct hardcoded secrets, obfuscation, or malicious patterns were found in the provided code.
Updated: 2026-01-19GitHub
35
4
Low Cost
gazzadownunder icon

MCP-OAuth-Compliance

by gazzadownunder

Sec9

A web-based tool for testing MCP server OAuth compliance with various RFCs (9728, 8414, 7591, 9068, 7519, 7515), OAuth 2.1, and the MCP 2025-11-25 specification.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Requires manual browser interaction for interactive OAuth flow tests.
  • ⚠️The tool allows HTTP connections to non-localhost MCP servers only if 'Allow HTTP MCP Connection' is explicitly enabled in settings.
Verified SafeView Analysis
The project is a compliance tester, which inherently requires some flexibility regarding security checks (e.g., allowing self-signed certificates by default for testing). This behavior is well-documented, generates warnings, and can be overridden for strict enforcement. There are no indications of 'eval', obfuscation, hardcoded secrets (user-provided secrets are expected for the systems being tested), or other malicious patterns. Network risks related to HTTP connections to non-localhost servers are mitigated by requiring an explicit configuration option ('allowHttpMcpConnection'). Overall, it appears safe for its intended purpose of testing compliance.
Updated: 2026-01-13GitHub
35
1
Medium Cost
mattwilkerson1121 icon

ga-ai-mcp-server

by mattwilkerson1121

Sec8

This server allows AI agents to query Google Analytics 4 data (reports, traffic sources, demographics, etc.) via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Google Analytics 4 property with API access enabled.
  • ⚠️Requires a Google Cloud service account with Analytics Data API enabled and 'Viewer' (or higher) access to the GA4 property.
  • ⚠️Service account JSON key file (`credentials.json` or `asidatakpiskey.json`) must be securely generated and its absolute path configured via `GOOGLE_APPLICATION_CREDENTIALS` environment variable (or within `claude-config.json`).
  • ⚠️When using with Claude Desktop, absolute paths for Node.js executable, `src/index.js`, and `credentials.json` must be correctly updated in `claude-config.json`.
Verified SafeView Analysis
The server uses Google's official client libraries for GA4, which are generally secure. Credential handling relies on a service account JSON key file. While `src/index.js` has a default local path (`asidatakpiskey.json`), the recommended and documented approach through `.env` or `claude-config.json` is to use the `GOOGLE_APPLICATION_CREDENTIALS` environment variable pointing to the absolute path of the key file. This allows for secure storage of credentials outside the project directory. No `eval` or obvious malicious patterns were found. Network exposure is limited as it's an MCP server over stdio, not an HTTP server.
Updated: 2025-11-26GitHub
35
4
Medium Cost
trsdn icon
Sec9

A Model Context Protocol (MCP) server for converting 29+ file formats (e.g., PDF, Office, images, audio) to clean, structured Markdown, designed for integration with AI workflows and MCP clients like Claude Desktop.

Setup Requirements

  • ⚠️Requires numerous external Python dependencies (e.g., for PDF, Excel, Audio) beyond base installation, often requiring multi-step `pipx inject` commands for full functionality.
  • ⚠️Explicitly states no OCR support for images despite `pytesseract` dependency being listed in installation scripts, meaning image-based text will not be extracted.
  • ⚠️Known limitations from the upstream `MarkItDown` library include `UnicodeDecodeError` for some Markdown files and `BadZipFile` for corrupted Office documents, which the server cannot fully mitigate.
Verified SafeView Analysis
The server demonstrates robust security measures, including comprehensive input validation (path traversal, dangerous XML/JSON/CSV patterns), base64 content validation with size limits, explicit output sanitization (Unicode, output size limits), `hmac.compare_digest` for timing attack prevention, `threading`-based timeouts, and `sys.setrecursionlimit` to prevent recursion bombs. It enforces 'safe working directories' to restrict file system access. Error messages are sanitized to prevent information disclosure. While highly secure, no system is perfectly impenetrable, and reliance on an external MarkItDown library for core conversion means some vulnerabilities might theoretically exist within that dependency.
Updated: 2025-12-08GitHub
PreviousPage 136 of 713Next