Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
5
High Cost
SeanPedersen icon

youtube-transcript-mcp

by SeanPedersen

Sec9

Enables LLM chat applications to summarize or analyze content from YouTube videos by providing their transcripts.

Setup Requirements

  • ⚠️Requires Claude Desktop to be installed and running.
  • ⚠️Requires `uv` for dependency and environment management.
  • ⚠️Manual path `$INSERT_PATH` replacement is required in the MCP JSON configuration.
Verified SafeView Analysis
The server's core functionality relies on the `youtube-transcript-api` library, which is widely used and generally trusted. The provided code does not introduce new security vulnerabilities. URL parsing is done with a specific regex pattern, mitigating some input risks. No 'eval' or similar dangerous patterns are used.
Updated: 2025-11-27GitHub
35
6
Medium Cost
scenic-contrib icon

scenic_mcp_experimental

by scenic-contrib

Sec4

Enable AI assistants to interact with Scenic GUI applications for automated testing, AI-driven development workflows, and accessibility.

Setup Requirements

  • ⚠️Requires both an Elixir/Erlang runtime (v1.14+/OTP 24+) and Node.js (>=18.0.0) environment.
  • ⚠️The `scenic_mcp` library must be added as a local dependency (`{:scenic_mcp, "../scenic_mcp"}`) in the Scenic application's `mix.exs` as it is not yet published to Hex.
  • ⚠️The target Scenic application requires specific configuration, including named viewport (`:main_viewport` by default) and driver (`:scenic_driver` by default) processes.
  • ⚠️TypeScript dependencies must be installed and built (`npm install && npm run build`) from the `scenic_mcp` directory before use.
Verified SafeView Analysis
The server explicitly states that it binds to `localhost` only, which limits external network exposure. However, it operates with **no authentication, no authorization, and no encryption** over TCP. This means any local process or malicious local user can fully control the target Scenic application without credentials. It is explicitly designed for 'development and testing environments only' and not recommended for production use. The code itself does not appear to contain malicious patterns or `eval` of arbitrary user input, relying on structured JSON commands.
Updated: 2025-11-29GitHub
35
6
Medium Cost
grafana icon
Sec8

This server provides AI assistants with comprehensive access to Grafana UI components, documentation, stories, design system tokens, and dependency analysis to aid in building observability interfaces, dashboards, and data visualization components.

Setup Requirements

  • ⚠️Requires Node.js version >=18.0.0.
  • ⚠️GitHub API rate limits apply (60 requests/hour) without a personal access token; a token (GITHUB_PERSONAL_ACCESS_TOKEN or GITHUB_TOKEN) is highly recommended for higher limits (5000 requests/hour).
  • ⚠️Can optionally be configured to use a local clone of the Grafana repository, which requires manual cloning and path specification (GRAFANA_REPO_PATH environment variable or --grafana-repo-path CLI option).
Verified SafeView Analysis
The server primarily reads public GitHub repository content or a user-specified local file path. It uses `axios` for external network requests to trusted GitHub domains and `fs` for local file system access. Input paths (component names, repository path) are expected from user arguments and are validated with Zod, mitigating simple path traversal, but careful usage of user-provided paths is always a consideration. No direct 'eval' or malicious patterns were identified. GitHub API tokens are handled via environment variables or CLI arguments, not hardcoded.
Updated: 2026-01-13GitHub
35
3
High Cost
boldare icon

mcp-farmer

by boldare

Sec8

CLI tool for managing, analyzing, and scaffolding Model Context Protocol (MCP) servers, with AI-assisted features for tool generation and probing.

Setup Requirements

  • ⚠️Node.js >= 20 required
  • ⚠️Requires a supported ACP agent (e.g., OpenCode, Claude Code, Gemini CLI, GitHub Copilot CLI) for 'grow' and 'probe' commands
  • ⚠️Internet connection required for remote server interactions, API spec fetching, and package installations
Verified SafeView Analysis
The project uses standard Node.js practices for network requests (fetch) and child process management (spawn, exec). No 'eval' calls were found within the codebase for dynamic code execution. No obvious hardcoded secrets. The tool's design allows users to specify arbitrary URLs or local commands (via `--`) to interact with external MCP servers or local processes, which introduces inherent risk if the user targets untrusted sources. However, this functionality is documented and central to interacting with stdio-based MCP servers. The 'vet' command includes checks for 'dangerous tools' and 'PII handling' within the *target* MCP server's capabilities, indicating a security-conscious design for the overall ecosystem.
Updated: 2026-01-19GitHub
35
3
High Cost
mnthe icon
Sec9

A Multi-AI debate platform that enables structured discussions between different AI models (Claude, ChatGPT, Gemini, Perplexity) through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires API keys for at least one AI provider (Anthropic, OpenAI, Google, Perplexity), which are typically paid services.
  • ⚠️Uses `pnpm` as the recommended package manager, requiring it to be installed locally.
  • ⚠️Requires `npx` (from npm) for the recommended quick start command.
Verified SafeView Analysis
The server uses `process.env` for API keys, which is a standard and secure practice for handling secrets. `jsonrepair` is used for robustness against malformed JSON from AI models, which is generally safe. Network calls are made to external AI providers via their SDKs, which is core functionality. No direct `eval` of untrusted input or hardcoded sensitive data found. Primary risks relate to securing the `.env` file and managing API usage.
Updated: 2026-01-17GitHub
35
4
Medium Cost
Pantheon-Security icon

medusa

by Pantheon-Security

Sec1

This is a Model Context Protocol (MCP) server intentionally designed as a security fixture to demonstrate various critical vulnerabilities, such as command injection, SQL injection, and sensitive data exposure, for testing security scanners like Medusa.

Setup Requirements

  • ⚠️Requires Node.js and npm to run.
  • ⚠️Assumes a local 'database' module is available and configured, but it is not provided in the source.
  • ⚠️Requires broad filesystem access permissions for /home/user/.ssh/id_rsa, /home/user/.aws/credentials, and .env files to demonstrate data exposure.
Review RequiredView Analysis
The server is deliberately engineered with numerous critical vulnerabilities. These include multiple OS command injections (via `exec` and `execSync`), SQL injection, arbitrary file read, and direct exposure of sensitive system files and credentials (SSH private key, AWS credentials, database configuration, .env file). Additionally, it contains hardcoded API keys, passwords, and GitHub tokens, and a function for simulating data exfiltration. This makes it a highly insecure application.
Updated: 2026-01-15GitHub
35
5
High Cost
benhaotang icon

mcp-http-agent-md

by benhaotang

Sec4

This server acts as a central hub for AI agents, managing project knowledge (AGENTS.md), structured tasks, version history, and ephemeral scratchpads, with capabilities to spawn context-isolated subagents for focused tasks.

Setup Requirements

  • ⚠️Requires an OpenAI, Google, Groq, or OpenAI-compatible API key if subagents (external AI) are enabled.
  • ⚠️PDF OCR processing (if enabled via `USE_LOCAL_AI_FOR_DOC_UNDERSTANDING`) requires `pdftoppm` (from poppler-utils) to be installed on the host system.
  • ⚠️Requires `MAIN_API_KEY` for administrative functions and initial user creation.
Review RequiredView Analysis
The server uses SQLite with prepared statements, which generally prevents SQL injection. Input validation is in place for various fields like project names and task IDs. File uploads are constrained by size and type. However, the `StdioClientTransport` in `src/ext_ai/aisdkmcp.js` allows arbitrary `command` and `args` to be specified in `subagent_config.json`. If an AI agent, through a configured tool (e.g., a filesystem write tool), gains the ability to modify `subagent_config.json`, it could lead to arbitrary code execution on the host server. The example `subagent_config.json` includes a 'filesystem' server which, if exposed with broad permissions, could be a critical vector for this. The 'USE_EXTERNAL_AI' flag is crucial for controlling this risk. Running with `cors` set to `*` is also very broad, although common for API services.
Updated: 2026-01-15GitHub
35
1
Low Cost
alDuncanson icon

gcal-mcp

by alDuncanson

Sec8

Serves as a Model Context Protocol (MCP) server for Google Calendar to query upcoming, date-specific, and searchable events.

Setup Requirements

  • ⚠️Requires an initial interactive OAuth 2.0 flow via a local server, which opens a browser window for user authentication.
  • ⚠️Requires Python 3.11 or higher to run.
  • ⚠️Requires a Google account with calendar access for functionality.
Verified SafeView Analysis
The application includes hardcoded default OAuth client credentials (client_id and client_secret) in its source code. While the `InstalledAppFlow` with PKCE is designed to be relatively secure even with a 'public' client secret for desktop applications, this practice generally introduces a dependency on specific credentials which could be revoked or abused, breaking the default setup. Users are advised to use their own credentials via the `--credentials` flag. No use of `eval`, `exec`, or other direct execution vulnerabilities were found, and the application relies on secure OAuth 2.0 with PKCE for authentication.
Updated: 2026-01-18GitHub
35
90
Low Cost
MCPCat icon
Sec9

This SDK integrates analytics and telemetry capabilities into existing Model Context Protocol (MCP) servers, capturing user intentions, tool usage, and error patterns.

Setup Requirements

  • ⚠️Requires an existing Model Context Protocol (MCP) server for integration (peer dependency: `@modelcontextprotocol/sdk >=1.11`).
  • ⚠️Requires a MCPcat Project ID for full analytics features, or configured exporters for telemetry-only mode.
  • ⚠️Data is logged to `~/mcpcat.log` by default, which might interfere with STDIO-based MCP server logging if not configured otherwise.
Verified SafeView Analysis
The SDK handles dynamic module loading (e.g., 'fs' module) within try-catch blocks for compatibility across different JavaScript environments, which is a justified pattern. Network requests are made to configurable telemetry endpoints (Datadog, Sentry) or the MCPcat API, and do not show signs of hardcoded secrets or malicious activity. User-provided `redactSensitiveInformation` functions are available for data privacy.
Updated: 2025-12-24GitHub
35
5
High Cost
leMaur icon
Sec9

This MCP server provides AI assistants with structured access to Livewire Flux component, layout, and icon documentation through web scraping.

Setup Requirements

  • ⚠️Requires Node.js and npm (or npx) to be installed locally.
Verified SafeView Analysis
The server performs web scraping from external websites (fluxui.dev, github.com). While it uses robust parsing libraries (cheerio) and does not directly execute user-provided code, there's an inherent, low risk of issues if scraped content is malformed or unexpectedly large. No hardcoded secrets or 'eval' usage were found in the provided source code. The server runs locally via 'stdio', not opening network ports itself, which limits its external attack surface.
Updated: 2026-01-14GitHub
35
1
High Cost
microsoft icon
Sec6

The server powers LLMs and AI agents by providing Speech-to-text and Text-to-speech capabilities via Azure Speech services.

Setup Requirements

  • ⚠️Requires an Azure account and an Azure Speech service subscription (paid service).
Review RequiredView Analysis
The provided source code is limited to markdown files (README.md, SECURITY.md). No functional code (e.g., JavaScript, Python, C#) was provided for a comprehensive security audit. Therefore, checks for 'eval', obfuscation, hardcoded secrets, network risks, or malicious patterns could not be performed. The presence of a `SECURITY.md` file indicates a project aware of security best practices for vulnerability reporting.
Updated: 2025-11-24GitHub
35
5
Medium Cost
jeweis icon
Sec3

Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.

Setup Requirements

  • ⚠️Requires Python 3.8+.
  • ⚠️Requires access and credentials for a Microsoft SQL Server instance.
  • ⚠️The `pyodbc` database driver and an appropriate SQL Server client driver (e.g., ODBC Driver for SQL Server) must be installed on the operating system.
  • ⚠️Database connection details (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME, DB_PORT) must be set as environment variables.
Review RequiredView Analysis
CRITICAL SQL Injection Vulnerability: The `get_table_info` and `list_show_tables` functions construct SQL queries by directly inserting `table_name` and `schema` using f-strings. This allows for SQL injection if malicious input is provided for these parameters. While `execute_query` attempts to filter dangerous keywords, this is a blacklist approach and is insufficient, and critically, it does not protect the `get_table_info` and `list_show_tables` tools. Additionally, the default database password is an empty string in `app_config.py`, and the connection string specifies `encrypt=no` and `trusted_connection=no`, which are weaker security configurations.
Updated: 2026-01-19GitHub
PreviousPage 137 of 713Next