Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

35
6
Medium Cost
kubestellar icon

a2a

by kubestellar

Sec7

AI agent for multi-cluster Kubernetes management, enabling workload distribution and operational tasks across KubeStellar environments.

Setup Requirements

  • ⚠️Requires API keys for an LLM provider (e.g., OpenAI, Google Gemini) which are typically paid services.
  • ⚠️Requires `kubectl` and `helm` CLI tools installed and configured.
  • ⚠️Requires a valid `kubeconfig` to interact with Kubernetes clusters.
  • ⚠️Requires Python 3.11+.
  • ⚠️Relies on the `mcp` SDK for server functionality.
Verified SafeView Analysis
The server primarily interacts with `kubectl` and `helm` via `asyncio.create_subprocess_exec`, which is generally safer than `shell=True`. However, as an LLM agent, it's inherently susceptible to prompt injection, where a malicious user could instruct the LLM to construct and execute harmful Kubernetes manifests (via `policy_yaml` in `binding_policy_management`) or fetch manifests from untrusted sources (`fetch_manifest` with `insecure_skip_tls_verify`). API keys are handled securely via environment variables or a permissions-restricted file. No obvious `eval` or code obfuscation was found.
Updated: 2026-01-19GitHub
35
5
Medium Cost
nnennandukwe icon
Sec8

Implements an MCP server with a keyword search tool for AI agents to analyze codebases and provide insights.

Setup Requirements

  • ⚠️Requires Python 3.11+ to run.
  • ⚠️Requires Poetry for dependency management and server execution.
  • ⚠️Qodo Command is optional but necessary to interact with the AI agent as demonstrated.
Verified SafeView Analysis
The server communicates over stdin/stdout, limiting direct network exposure. Input validation is present for arguments like 'keyword' and 'root_paths'. The 'keyword_search' tool is designed to search local file systems based on provided 'root_paths'. While paths are resolved and checked to be directories, an AI agent could theoretically request searches in any directory the server process has read access to. This is an inherent capability of the tool and not a vulnerability in its implementation, but implies trust in the agent and the server's execution environment.
Updated: 2026-01-18GitHub
35
4
Low Cost
365knoten icon

MCPJira

by 365knoten

Sec7

Demonstrates building an MCP (Model-Controller-Proxy) server for Jira integration using .NET Core.

Setup Requirements

  • ⚠️Requires access to a Jira instance.
  • ⚠️Requires configuration of 'JiraBaseUrl' and 'JiraProjectKey'.
  • ⚠️Explicitly stated as 'not production-ready code', implying it's for demonstration only and lacks hardening for real-world deployment.
Verified SafeView Analysis
The README explicitly states, 'This is not production-ready code.' While the provided snippets use placeholders for sensitive configurations (JiraBaseUrl, JiraProjectKey) and define an API key for authentication to the MCP server (X-API-KEY), which are good practices, the 'not production-ready' disclaimer indicates potential hidden vulnerabilities or missing best practices not visible in the truncated source. AllowedHosts: '*' is permissive but common in dev.
Updated: 2025-11-24GitHub
35
4
Medium Cost
adhocteam icon
Sec9

This MCP server enables LLMs like Claude to discover and learn about recreation opportunities by integrating National Park Service, Recreation.gov, and OpenWeatherMap APIs, providing tools to search for parks, campgrounds, weather, and activities.

Setup Requirements

  • ⚠️Requires free API keys from National Park Service, Recreation.gov, and OpenWeatherMap, each requiring separate registration.
  • ⚠️Requires either Docker and Docker Compose (recommended) or Go 1.24+ installed locally.
  • ⚠️Designed for seamless integration with Claude Desktop, requiring manual configuration of `claude_desktop_config.json` with the absolute path to the repository.
Verified SafeView Analysis
The project demonstrates strong security practices for a development/demo environment, including multi-stage Docker builds, running as a non-root user (UID 1000), a read-only filesystem, and minimal container dependencies. API keys are managed via environment variables and explicitly stated not to be hardcoded or logged in responses. Network communication to external APIs is exclusively over HTTPS. No 'eval' or malicious patterns were identified. For production deployments, dedicated secrets management is recommended over .env files, and a more robust logging setup that strictly redacts all query parameters from URLs if they contain sensitive data should be confirmed.
Updated: 2026-01-16GitHub
35
6
Medium Cost
sotayamashita icon

openapi-mcp-server

by sotayamashita

Sec7

Converts OpenAPI specifications into Model Context Protocol (MCP) tools, enabling AI assistants to interact with APIs.

Setup Requirements

  • ⚠️Every operation in the OpenAPI specification must have a unique `operationId`.
  • ⚠️Requires the Bun runtime to be installed.
  • ⚠️The `BASE_URL` environment variable is mandatory.
Verified SafeView Analysis
The server uses `JSON.parse` on the `HEADERS` environment variable. While typically controlled by the user running the server, this could be a deserialization vulnerability if the environment variable can be maliciously manipulated remotely. The `operationId` from the OpenAPI spec is dynamically used to call `apiClientInstance[operationId]`; a maliciously crafted OpenAPI spec could potentially exploit this if `openapi-client-axios` has unknown vulnerabilities related to dynamic method invocation. No `eval` or direct command injection patterns were found. The use of well-known libraries (`@scalar/openapi-parser`, `openapi-client-axios`, `zod`) generally contributes to security.
Updated: 2026-01-16GitHub
35
13
Low Cost
Jordiag icon
Sec9

Exposes Azure DevOps operations as tools for AI assistants, enabling AI agents to automate tasks like creating work items, managing pull requests, and queuing builds.

Setup Requirements

  • ⚠️Requires .NET 10 SDK.
  • ⚠️Requires an Azure DevOps Personal Access Token (PAT) with appropriate permissions.
  • ⚠️Project is in pre-release stage; API surface and overall structure may change substantially with potential breaking changes.
Verified SafeView Analysis
The project uses environment variables for sensitive credentials (AZURE_DEVOPS_PAT), which is a good practice. No 'eval' or malicious patterns were found in the provided code. 'AllowedHosts: *' in appsettings.Production.json is a standard ASP.NET Core default but should be reviewed and potentially restricted to specific hosts if the server is exposed publicly, though less critical for an internal agent tool. OpenTelemetry and Application Insights are enabled in production for monitoring.
Updated: 2025-11-19GitHub
35
5
High Cost
7ossamfarid icon

mcp-mindmesh

by 7ossamfarid

Sec9

Orchestrates multiple Claude 3.7 Sonnet instances in a quantum-inspired swarm to achieve enhanced field coherence and produce optimally coherent responses for complex queries through specialized agents.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (paid service) for the Claude 3.7 Sonnet instances.
  • ⚠️Requires a Voyage AI API Key (paid service) for generating high-quality embeddings; a fallback is provided if not set, but performance may be reduced.
  • ⚠️The README states 'Python 3.8 or higher' and 'python main.py' which is misleading. The server is implemented in TypeScript and runs with Node.js via `npm start` or `npm dev`.
Verified SafeView Analysis
The server primarily relies on environment variables for sensitive API keys (Anthropic, VoyageAI), which is a good practice. There is no usage of `eval` or apparent code obfuscation. The server exposes an HTTP/SSE endpoint, which is standard for an API server, but requires careful deployment and potentially additional rate limiting/authentication depending on its public exposure. The MCP SDK likely handles some security aspects for the API itself. Database (PGlite) is embedded and used for internal state, reducing external database security concerns. No immediate malicious patterns were identified.
Updated: 2026-01-19GitHub
35
2
Low Cost
Shashank-0018 icon

MCP-Council

by Shashank-0018

Sec3

Automates the conversion of REST APIs into AI-powered MCP (Model Context Protocol) servers, enabling seamless integration of APIs with AI assistants.

Setup Requirements

  • ⚠️Requires a Supabase project setup for authentication, ideally with Google OAuth enabled, involving configuration in Supabase and Google Cloud Console.
  • ⚠️The full MCP server functionality (the backend component generated by this platform) requires two separate Node.js processes running concurrently: an HTTP API server (e.g., via `npm start`) and an MCP Protocol Wrapper (e.g., via `npx --yes my-api-mcp-server@latest`) that communicates over stdio. The `npx` command alone only launches the MCP wrapper, which will warn if the HTTP server is not accessible.
Review RequiredView Analysis
The platform's code generation logic, as demonstrated in `ToolGeneratorForm.tsx` (frontend) and `Framework.md` (backend architecture), allows user-provided API endpoint URLs to be directly incorporated into generated backend HTTP requests (e.g., `axios.get(apiUrl)`). If the resulting backend MCP server code is deployed without rigorous server-side validation or domain allow-listing for the `apiEndpoint` input, this creates a severe Server-Side Request Forgery (SSRF) vulnerability. This flaw could enable a malicious user to craft API definitions that trigger unauthorized requests to arbitrary internal or external network resources from the deployed MCP server.
Updated: 2025-12-07GitHub
35
5
Medium Cost
DecisionsDev icon
Sec8

The MCP server acts as an adapter, allowing AI assistants (like Claude, watsonx Orchestrate) to discover and execute automated decisions from IBM Decision Intelligence or IBM Automation Decision Services.

Setup Requirements

  • ⚠️Requires access to an IBM Decision Intelligence or IBM Automation Decision Services runtime instance (URL and authentication credentials are mandatory).
  • ⚠️Requires a Node.js environment to run using npm or npx.
  • ⚠️Performance could be impacted by the number and complexity of decision services and their OpenAPI schemas during initial loading and periodic polling for changes.
Verified SafeView Analysis
The server's architecture is sound, focusing on API proxying and tool registration. Input validation is performed using Zod schemas generated from OpenAPI specifications, which is a robust approach. Credentials (API keys, usernames, passwords) are handled through environment variables or CLI arguments and used for authenticated calls to the external decision runtime. It explicitly uses `encodeURIComponent` for URL paths to prevent injection issues. There are no obvious signs of `eval` usage, uncontrolled `child_process` execution, or hardcoded sensitive information. The primary security assumption is the trustworthiness and security of the IBM Decision Intelligence/ADS runtime it connects to.
Updated: 2026-01-16GitHub
35
5
Medium Cost
DecisionsDev icon
Sec8

This Model Context Protocol (MCP) server integrates IBM Decision Intelligence or IBM Automation Decision Services decisions with AI assistants, enabling them to discover and execute automated decision services.

Setup Requirements

  • ⚠️Requires access to IBM Decision Intelligence or IBM Automation Decision Services, which are paid cloud services.
  • ⚠️Requires obtaining and securely providing API keys (DI or Zen) or basic authentication credentials for the IBM Decision Runtime.
  • ⚠️Requires a Node.js runtime environment (version 20 or higher is indicated by package dependencies).
Verified SafeView Analysis
The server correctly handles sensitive information by requiring API keys or basic authentication credentials via command-line arguments or environment variables. Communication with IBM Decision Runtime is performed over HTTPS. The code does not exhibit clear signs of 'eval' or malicious obfuscation. A notable point is that DNS rebinding protection for the HTTP transport is disabled by default in the SDK, which could be a concern in certain deployment scenarios, though it's typically used with trusted AI clients.
Updated: 2026-01-16GitHub
35
3
Low Cost
creis-ai icon
Sec8

Provides AI assistants with professional real estate valuation capabilities for community rating, community evaluation, and individual property valuation.

Setup Requirements

  • ⚠️Requires obtaining a `MCP-INDUSTRY-APPID` by contacting `creiskefu@fang.com` or applying online.
  • ⚠️Requires Node.js version >= 18.0.0.
  • ⚠️Requires an MCP client (e.g., Claude Desktop, MCP IDE) to interact with the server.
Verified SafeView Analysis
The core server logic (`index.cjs`) is not provided, limiting a full security audit. Based on available files, it uses standard practices for authentication via `MCP-INDUSTRY-APPID` (environment variable/header, marked as secret). No direct `eval`, code obfuscation, or hardcoded sensitive credentials are apparent. The service acts as an adapter to an external real estate valuation API, and the security of that upstream service is not assessed here.
Updated: 2025-12-05GitHub
35
5
Medium Cost
SamMorrowDrums icon

mcp-typescript-starter

by SamMorrowDrums

Sec8

A feature-complete Model Context Protocol (MCP) server template in TypeScript demonstrating all major MCP features for AI assistant interaction.

Setup Requirements

  • ⚠️Requires Node.js 20+
  • ⚠️Requires npm or pnpm
Verified SafeView Analysis
The server uses Express for HTTP transport and handles session IDs from request headers, which requires standard web application security practices. Input validation is handled by Zod schemas for tools and prompts, which helps mitigate common injection vulnerabilities. The 'ask_llm' tool delegates LLM interaction to the client, so its security relies on the client's configuration. No direct 'eval' or unvalidated file system operations are evident. Overall, the starter template follows good practices for a server interacting with AI clients, but deployment in production would require further security hardening typical for any web application.
Updated: 2026-01-18GitHub
PreviousPage 138 of 713Next