Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

94
638
Medium Cost
laravel icon

mcp

by laravel

Sec7

Facilitates rapid development of Model Context Protocol (MCP) servers for AI client interaction within Laravel applications.

Setup Requirements

  • ⚠️Requires careful configuration of `mcp.redirect_domains` (e.g., `MCP_REDIRECT_DOMAINS` environment variable) if using OAuth. Leaving the default `*` in production is a significant security risk.
  • ⚠️Relies on Laravel Passport for OAuth functionality. If OAuth is desired, Laravel Passport must be installed and configured in the Laravel application.
  • ⚠️The `mcp:inspector` command (for debugging) requires Node.js and npm/npx to be installed on the system.
Verified SafeView Analysis
The framework uses `eval()` strictly within test files for mocking, posing no runtime risk. The primary security concern lies in the default `mcp.redirect_domains` configuration (`*`) in `config/mcp.php`, which, if left unrestricted in production, allows any domain to register as an OAuth client. This could lead to open redirect vulnerabilities and unauthorized access. Developers must explicitly define allowed domains.
Updated: 2026-01-06GitHub
94
173
Low Cost
portofcontext icon

pctx

by portofcontext

Sec9

Facilitates AI agent interaction with tools and MCP servers by providing a sandboxed TypeScript code execution environment, reducing token usage and simplifying API integration.

Setup Requirements

  • ⚠️The `pctx` server binary must be installed and running separately (`brew install pctx` or `curl ... | sh`).
  • ⚠️Python client requires `pctx-client` package and optional extras (e.g., `pip install pctx-client[langchain]`).
  • ⚠️LLM API keys (e.g., OPENROUTER_API_KEY) are often required for agent integration examples and actual LLM interaction.
  • ⚠️External `npm` or `node` environment may be required for `stdio` MCP server configurations (e.g., `@modelcontextprotocol/server-memory` used in examples).
Verified SafeView Analysis
The server executes LLM-generated TypeScript code within an isolated Deno sandbox, strictly limiting filesystem, environment, and network access to only explicitly allowed hosts. It performs static type-checking before execution to prevent common errors. Authentication credentials for upstream MCP servers are managed securely via environment variables, system keychain, or external commands, keeping them hidden from the LLM and the Deno runtime. This design significantly mitigates common code execution and credential exposure risks.
Updated: 2026-01-15GitHub
94
703
Medium Cost
apify icon
Sec8

Enables AI agents (LLMs) to interact with the Apify platform, allowing for web scraping, data extraction, and task automation via Apify Actors, data storage, and documentation search.

Setup Requirements

  • ⚠️Requires an Apify API Token (`APIFY_TOKEN`) for authentication and API calls, which needs to be set as an environment variable or in `~/.apify/auth.json`.
  • ⚠️If 'Skyfire mode' is enabled, the `skyfire-pay-id` input property becomes mandatory for `call-actor` and `get-actor-output` tools, adding a payment setup layer.
  • ⚠️For full integration testing, specific Apify Actors (`apify/rag-web-browser`, `apify/instagram-scraper`, `apify/python-example`) are expected to exist on the target Apify platform.
Verified SafeView Analysis
The server's design inherently grants powerful capabilities (running arbitrary Apify Actors) when provided with an API token. While the Apify platform provides sandboxing for Actors, misuse by a malicious LLM or user with a broadly permissioned token could lead to unintended actions. The server code itself does not show direct signs of 'eval' of untrusted input, obfuscation, or hardcoded sensitive API keys (Segment write keys are present, but less critical). It correctly handles API tokens via environment variables or a secure local file.
Updated: 2026-01-19GitHub
94
151
Medium Cost
six2dez icon

burp-mcp-agents

by six2dez

Sec9

Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.

Setup Requirements

  • ⚠️Requires Burp Suite MCP Server extension to be installed and enabled.
  • ⚠️Requires Caddy reverse proxy to normalize traffic headers for stable SSE connectivity.
  • ⚠️Requires a specific AI backend (Codex, Gemini, Ollama, or LM Studio) to be installed and configured, often with local models downloaded or cloud accounts authenticated.
Verified SafeView Analysis
The system is explicitly designed for local, trusted use and warns against exposing the Caddy proxy (listening on 127.0.0.1:19876) externally. All direct agent-to-Burp/LLM communication components bind to localhost by default. Cloud backends (Codex, Gemini) will transmit prompts and tool call details to their respective external APIs, but the raw Burp traffic is processed locally by the agents before being summarized for the LLM. The LM Studio default API key 'lm-studio' is a placeholder for a local server and not a sensitive secret. No 'eval' or obvious obfuscation detected.
Updated: 2026-01-19GitHub
94
419
Low Cost
whillhill icon

mcpstore

by whillhill

Sec2

Orchestrate Microservice Context Protocol (MCP) services and adapt them for integration with various AI frameworks like LangChain, managing tools and their lifecycle.

Setup Requirements

  • ⚠️Requires Python 3.9+.
  • ⚠️Optional Redis instance required if `external_db` is configured, along with `pip install mcpstore[redis]`.
  • ⚠️Local services configured via `command` require the specified executables (e.g., `npx`) to be available in the server's environment.
Review RequiredView Analysis
The API endpoint `/for_store/add_service` (and similarly for agents) allows adding services by providing a `command` and `args` field. This enables direct remote code execution (RCE) on the host system if the API is exposed to untrusted clients. The default CORS setting `allow_origins=['*']` further widens the attack surface. There is no explicit sandboxing for these local command executions in the provided source code.
Updated: 2026-01-12GitHub
94
229
Low Cost
aws icon
Sec8

Facilitates secure communication between Model Context Protocol (MCP) clients and AWS-hosted MCP servers by handling AWS IAM (SigV4) authentication.

Setup Requirements

  • ⚠️Requires pre-configured AWS credentials (CLI, environment variables, or IAM roles) for SigV4 authentication to function.
  • ⚠️Requires Python 3.10+ and the `uv` package manager for execution.
  • ⚠️An existing, accessible Model Context Protocol (MCP) server, preferably secured with AWS IAM, is necessary as an upstream endpoint.
Verified SafeView Analysis
The project leverages standard AWS SDKs (boto3, botocore) for secure SigV4 authentication, reducing common credential-handling risks. It includes a `ToolFilteringMiddleware` to disable tools requiring write permissions, enhancing security. Input validation is performed for CLI arguments. A monkey patch to `fastmcp` exists to fix a specific error propagation issue, which is a controlled modification for protocol correctness. No direct `eval` or `exec` usage was found. Potential network risks could arise if configured with an untrusted upstream MCP endpoint that exploits `httpx`'s default `follow_redirects` or sends excessively large/malformed error responses, though these are standard HTTP client behaviors. Overall, security is well-considered, but proper AWS IAM configuration and trusted upstream services are critical.
Updated: 2026-01-19GitHub
94
158
Low Cost
gleanwork icon

remote-mcp-server

by gleanwork

Sec9

This repository provides metadata for registering the Glean Remote MCP Server with the Model Context Protocol (MCP) registry, enabling AI assistants and developer tools to securely access enterprise knowledge.

Setup Requirements

  • ⚠️The actual Glean MCP Server functionality is proprietary and hosted by Glean; this repository only contains metadata for its registry entry.
  • ⚠️To publish updates to the MCP registry from this repository, the 'mcp-publisher' CLI tool must be installed, and a hex-encoded Glean domain private key is required for authentication.
  • ⚠️Using the Glean MCP Server requires an organization-specific Glean instance URL and OAuth 2.0 authentication, configured via Glean's external documentation.
Verified SafeView Analysis
The repository explicitly states it is 'metadata-only' and does not contain the actual MCP server functionality, which is hosted by Glean and not open source. Therefore, a security audit of the actual server's runtime code (e.g., checking for 'eval', obfuscation, network risks) cannot be performed from this repository's source. The repository itself primarily contains JSON configuration and documentation. It details a secure publishing process for metadata to the MCP registry, including strong warnings against committing private keys to version control and requiring DNS-based authentication. Given this context, the repository itself demonstrates good security practices for its stated purpose as a metadata and release configuration repository.
Updated: 2026-01-19GitHub
94
167
High Cost
Mng-dev-ai icon

claudex

by Mng-dev-ai

Sec5

Self-hosted Claude AI chat interface with sandboxed code execution, offering a full IDE experience and support for multiple AI providers and extensible agents/skills.

Setup Requirements

  • ⚠️Requires Docker for local sandbox execution and all core services.
  • ⚠️Requires API keys for paid AI model providers (e.g., Anthropic, OpenRouter, Z.AI) to enable AI functionality.
  • ⚠️Requires significant system resources (minimum 4GB RAM/2 CPU/40GB Storage, recommended 8GB+ RAM/4+ CPU/80GB+ Storage) for stable operation, especially with Docker sandboxes.
Review RequiredView Analysis
The core functionality of Claudex relies on executing user-provided code in sandboxed environments, which inherently carries risks. For the Docker sandbox provider, the `api` and `celery-worker` services run with `privileged: true` and mount `/var/run/docker.sock` from the host. This grants these containers root access to the host's Docker daemon, a critical security vulnerability if the application or a component within the sandbox is compromised. While necessary for the sandbox to create isolated containers, it effectively means that a successful exploit of the application could lead to root access on the host machine. The `SECRET_KEY` has a default value for development only, and the documentation correctly warns about using a strong, unique key in production. Marketplace plugins involve downloading and potentially executing external code, which requires trust in the plugin source and vigilance against supply chain attacks. Overall, the direct Docker daemon access is the most significant concern, making it suitable only for trusted, isolated deployment environments.
Updated: 2026-01-19GitHub
93
4167
Low Cost
wgpsec icon

ENScan_GO

by wgpsec

Sec4

An OSINT (Open Source Intelligence) tool for gathering comprehensive corporate information from various public data sources, primarily for security assessments (HW/SRC scenarios).

Setup Requirements

  • ⚠️Requires manual configuration of API cookies for various data sources (e.g., Aiqicha, Tianyancha, KuaiCha) in `config.yaml`.
  • ⚠️Use of the program may lead to account anomalies or bans on target platforms.
  • ⚠️Go version >= 1.22.1 is required for building.
  • ⚠️All HTTPS requests are vulnerable to Man-in-the-Middle attacks due to disabled certificate verification.
Review RequiredView Analysis
The tool explicitly disables TLS certificate verification (`InsecureSkipVerify: true`) for all HTTPS connections. This is a critical vulnerability that makes all network communications susceptible to Man-in-the-Middle (MiTM) attacks, compromising data integrity and confidentiality. While the tool's intended use is OSINT, this fundamental flaw severely undermines the security of its operations. Configuration values for sensitive items like API cookies are read from a YAML file, `config.yaml`, which should be secured.
Updated: 2026-01-05GitHub
93
524
Low Cost
TensorBlock icon

awesome-mcp-servers

by TensorBlock

Sec10

A comprehensive collection of Model Context Protocol (MCP) servers, standardizing AI application context provision.

Verified SafeView Analysis
This repository is a static collection of markdown files listing Model Context Protocol (MCP) servers. It does not contain executable server code that runs within this repository itself. Therefore, there are no inherent security risks from the repository's content. Security concerns would arise from interacting with the *listed* third-party MCP servers, which is outside the scope of analyzing this specific repository.
Updated: 2026-01-19GitHub
93
489
Medium Cost
jonigl icon
Sec7

An interactive terminal client for connecting local Ollama LLMs to Model Context Protocol (MCP) servers, enabling advanced tool use and workflow automation for local LLMs.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Ollama to be running locally.
  • ⚠️Requires the 'uv' package manager for installation from source or using 'uvx'.
  • ⚠️Auto-discovery of servers from Claude's configuration is macOS-specific.
Verified SafeView Analysis
The client allows executing external MCP server scripts (Python or JavaScript) and connecting to arbitrary HTTP/SSE server URLs. While the client's own code appears robust, the core functionality involves launching external processes (`subprocess.run` in dev scripts, `os.system` for console clearing is benign) or connecting to user-defined network endpoints. The primary security risk stems from configuring or connecting to untrusted MCP servers or server configurations, as these can execute arbitrary commands or interact with external services. The Human-in-the-Loop (HIL) feature provides a crucial mitigation by allowing users to review and approve tool executions before they run, but this does not cover the initial launch of potentially malicious server scripts.
Updated: 2026-01-18GitHub
93
779
Medium Cost
erwinkramer icon

bank-api

by erwinkramer

Sec9

A design reference project for building a compliant and modern bank API, exposed via Model Context Protocol.

Setup Requirements

  • ⚠️.NET 10 SDK is required.
  • ⚠️Docker runtime must be running to utilize Aspire orchestration and its dashboard.
  • ⚠️Relies on Aspire for development bootstrapping and orchestration, requiring familiarity with Aspire concepts.
  • ⚠️Integrating with Claude requires specific `claude_desktop_config.json` configuration for the `mcp-remote` client.
Verified SafeView Analysis
The project demonstrates a strong commitment to API security and compliance by adhering to OWASP API Security Top 10, OpenAPI Specification, and data protection regulations (GDPR, CCPA). It implements JSON Web Signature (JWS) for response signing and JSON Web Key Sets (JWKS) for validation. Multiple authentication methods (API Key, JWT, OpenID Connect, OAuth2) are supported. Configuration values for Entra ID are present in appsettings.json, which are public IDs, but for a production setup, secret management would be ideal for sensitive identifiers. No 'eval', obfuscation, or malicious patterns were identified.
Updated: 2026-01-18GitHub
PreviousPage 14 of 713Next