Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

34
3
High Cost
SerpstatGlobal icon

serpstat-mcp-server-js

by SerpstatGlobal

Sec9

Integrates Serpstat SEO API with Anthropic's Model Context Protocol (MCP) to provide AI assistants with comprehensive SEO data and analysis tools.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires a valid Serpstat API token (Serpstat is a paid service).
  • ⚠️Requires a compatible AI assistant client (e.g., Claude Desktop, Gemini CLI).
Verified SafeView Analysis
The server uses Zod schemas for robust input validation, mitigating common vulnerabilities. Serpstat API token is correctly handled via environment variables, avoiding hardcoded secrets. It employs `axios` with interceptors for network requests and `winston` for logging, all standard and secure practices. No 'eval' or obvious obfuscation found. Network requests to Serpstat API are retried for transient errors. Overall, follows good security hygiene for an integration server.
Updated: 2025-11-27GitHub
34
4
Low Cost
Agent-Hellboy icon

mcp-runtime

by Agent-Hellboy

Sec9

A self-hosted platform for deploying and managing specialized Model Context Protocol (MCP) servers, primarily for large language models within organizations, offering an internal registry and Kubernetes-native deployment.

Setup Requirements

  • ⚠️Requires Go 1.24+, Make, kubectl, and Docker to be installed on the development/operator machine.
  • ⚠️Enabling HTTPS/TLS requires manual installation of `cert-manager` and creation of a CA secret (`mcp-runtime-ca`) in the Kubernetes cluster prior to platform setup.
  • ⚠️Requires a Kubernetes cluster that the CLI can access with sufficient RBAC permissions to deploy cluster-wide resources (CRDs, ClusterRole, ClusterRoleBinding) and namespace-scoped resources (Deployments, Services, Ingresses, Secrets).
Verified SafeView Analysis
The project demonstrates strong security awareness, particularly in its CLI component which uses robust validators (`AllowlistBins`, `NoShellMeta`, `NoControlChars`, `PathUnder`) to mitigate command injection risks when executing external binaries like `kubectl` and `docker`. Sensitive information like registry credentials are handled securely via Kubernetes Secrets (both generic and `dockerconfigjson`), with measures to prevent exposure in shell history or temporary files. Temporary files are created using `os.CreateTemp` and properly removed. The Kubernetes operator's ClusterRole grants broad permissions (create, delete, update, patch, get, list, watch for deployments, services, ingresses, secrets, etc.), which is standard for an operator but necessitates careful review in a production environment due to the blast radius if compromised. The registry deployment's `initContainer` runs as `root` for file ownership (common for persistent volumes) but the main registry container runs as `non-root` with `allowPrivilegeEscalation: false`. User-provided `IngressAnnotations` are merged, which could theoretically allow injection of malicious ingress configurations, though standard ingress controllers often sanitize or restrict such inputs. The `zz_generated.deepcopy.go` file contains a copyright year of 2025, which is likely a minor oversight.
Updated: 2026-01-10GitHub
34
1
Low Cost
PierrunoYT icon

fal-reve-mcp-server

by PierrunoYT

Sec8

Provides a Model Context Protocol (MCP) server for generating high-quality text-to-image outputs using the FAL AI Reve model.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher.
  • ⚠️Requires a FAL AI API key, which incurs costs for image generation.
  • ⚠️If installing locally, requires `npm install` and `npm run build` after cloning.
Verified SafeView Analysis
The server handles API keys robustly by checking for `FAL_KEY` environment variable and providing an error message if missing, rather than crashing. Local file writing for generated images is protected by sanitizing filenames and creating directories safely, mitigating path traversal. The `downloadImage` function fetches images from URLs provided by the FAL AI API. While the URLs are not directly user-controlled in this flow, a theoretical (though unlikely) risk of Server-Side Request Forgery (SSRF) could exist if the FAL AI service itself were compromised to return malicious internal network URLs. No 'eval' or other highly dangerous dynamic code execution patterns are observed. The `cost_class` and `avg_tokens_per_call` refer to the textual input/output between the MCP client and this server, not the underlying (and potentially higher) cost of the FAL AI image generation itself.
Updated: 2025-11-24GitHub
34
5
Low Cost
rohitsoni007 icon

mcp-gearbox-cli

by rohitsoni007

Sec9

A command-line interface (CLI) tool for setting up Model Context Protocol (MCP) servers for various AI agents, handling download, configuration, and removal of server settings.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️The `uv` package manager is recommended for installation and dependency management.
  • ⚠️Some underlying MCP servers, if installed via this tool, might require `Node.js`/`npm` (`npx`) or `uv` (`uvx`).
Verified SafeView Analysis
The tool uses `subprocess.run` to check for installed CLI agents, with hardcoded commands, mitigating the risk of arbitrary code execution. Network requests (`httpx`) are made to trusted GitHub and MCP API endpoints for downloading server configurations. File operations are scoped to user/project configuration directories and temporary files. No explicit hardcoded secrets are present; GitHub tokens are read from environment variables if provided, but are not actively used for current core functionality (downloading public server lists). `truststore` is used for SSL context.
Updated: 2025-11-20GitHub
34
5
High Cost
AutodeskFusion360 icon

FusionMCPSample

by AutodeskFusion360

Sec2

Provides an HTTP API for Fusion 360, enabling AI assistants to programmatically interact with CAD models, execute scripts, retrieve design information, and capture screenshots.

Setup Requirements

  • ⚠️Requires Fusion 360 to be installed and running.
  • ⚠️The server binds to `localhost:9100`; this port must be available.
  • ⚠️Requires specific client-side configuration (e.g., Cursor, Claude with `mcp-remote` and Node.js) to connect to the local MCP server.
Review RequiredView Analysis
The `execute_api_script` tool allows arbitrary Python code execution within the Fusion 360 environment via `app.executeTextCommand('Python.Run "{temp_file}"')`. This means any client capable of calling this endpoint (e.g., an AI assistant) can execute any code, including file system access, network requests, and manipulation of the Fusion 360 application. While this is an intentional feature for the add-in's purpose of AI control, it represents a significant security risk from a general software perspective. The server binds to `localhost:9100`, limiting direct external network exposure, but a compromised local process or misuse by the AI could still lead to system compromise or data loss. No hardcoded secrets or obvious obfuscation found.
Updated: 2026-01-06GitHub
34
2
Low Cost
onamfc icon
Sec9

This package provides a GitHub API client for integration with an MCP (Model Context Protocol) server, enabling automation of GitHub tasks.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) for authentication, which must be set as an environment variable (GITHUB_TOKEN).
  • ⚠️The PAT needs specific scopes depending on the operations performed (e.g., 'repo' for repository management, 'workflow' for GitHub Actions, 'admin:repo_hook' for webhooks, 'admin:org' for organization operations).
  • ⚠️This project is a library providing the MCPServer class, not a standalone executable server. There is no direct 'run server' command; it's designed to be integrated into another application that calls its `handleRequest` method.
Verified SafeView Analysis
The code itself follows good security practices by recommending environment variables for tokens and using a reputable API client library (@octokit/rest). Method dispatching is explicit, preventing arbitrary code execution. The main security considerations are external to the code: users must securely manage their GitHub Personal Access Token and grant only the minimal required scopes, as explicitly warned in the documentation.
Updated: 2025-11-20GitHub
34
3
High Cost
northernvariables icon

CanadaGPT

by northernvariables

Sec4

Provides an LLM-powered conversational interface and knowledge graph for Canadian federal parliamentary and legal information, including MPs, bills, votes, debates, lobbying, and financial data.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance (local or cloud) with a specific schema deployed (17 constraints, 23 indexes).
  • ⚠️Requires a PostgreSQL database for the OpenParliament data dump (1.3GB download and load via `scripts/setup_openparliament_db.sh`).
  • ⚠️Requires a Supabase project for user authentication, chat history, billing, and API key management, involving significant database setup and migrations.
  • ⚠️Requires API keys for external services like Anthropic, OpenAI, and CanLII (optional for legal data).
Review RequiredView Analysis
The project demonstrates strong intentions for security, including DoS prevention, robust API key management (SHA-256 hashing, tiered permissions), rate limiting, error sanitization, and mandatory GCP Secret Manager integration for production. However, several critical security tasks are explicitly listed as 'REMAINING TASKS' in the 'SECURITY_IMPLEMENTATION.md', such as full authentication integration into the GraphQL server, IP whitelisting for GraphiQL, and Neo4jGraphQL authorization. Furthermore, placeholder passwords like 'REDACTED_NEO4J_PASSWORD' are present as default values in environment variable lookups and Docker configurations, posing a significant risk if not overridden, particularly in non-production environments.
Updated: 2026-01-19GitHub
34
4
High Cost
bhf icon
Sec7

A high-performance, clustered key-value store with various interfaces (HTTP, WS, SSE) and a UI, designed to function as an MCP server for Agentic AI and LLM workflows.

Setup Requirements

  • ⚠️Requires Docker for local development and deployment.
  • ⚠️Requires Kubernetes (Minikube/Helm) for clustered deployments.
  • ⚠️Multiple environment variables must be correctly configured for inter-service communication and observability tools.
  • ⚠️For local Kubernetes environments like Minikube, Docker images need to be pre-loaded into the cluster's image registry due to `imagePullPolicy: Never` for some deployments.
Verified SafeView Analysis
Environment variables are used for service endpoints (e.g., AERON_CACHE_API, JAEGER, PROMETHEUS, AERON_CACHE_WS_API, AERON_CACHE_SSE_API), which is a good practice to avoid hardcoding sensitive information. Basic input validation for `cacheId` is present in the UI. However, the `cache-ui/nextjs/next.config.ts` explicitly sets `eslint: { ignoreDuringBuilds: true, }`, which is a significant code quality and potential security risk as it can suppress important warnings that might indicate vulnerabilities or bad practices. The `cache-mcp` component relies on a third-party Docker image (`ghcr.io/brizzai/auto-mcp:latest`), requiring trust in its security and maintenance. No direct `eval` or similar dangerous patterns were observed in the provided snippets.
Updated: 2026-01-17GitHub
34
3
Medium Cost
trevorsandy icon

ai-suite

by trevorsandy

Sec7

An end-to-end suite for self-hosting AI agents, LLMs, and automation workflows locally or in the cloud.

Setup Requirements

  • ⚠️Requires extensive manual generation and configuration of numerous secure secrets and passwords in the `.env` file.
  • ⚠️Complex Docker/GPU setup with different profiles (Nvidia, AMD, CPU) and host vs. containerized Ollama configurations, requiring specific command-line flags.
  • ⚠️Post-installation configuration required within n8n (webhook URLs, API keys, credentials for Ollama, Qdrant, Postgres, Google Drive) and Open WebUI (copying Python function code, setting webhook/API URLs).
Verified SafeView Analysis
The project uses Docker Compose to isolate services, and `docker-compose.override.private.yml` binds ports to localhost (127.0.0.1) for local deployments, enhancing security. However, for 'public' deployments, the `README.md` explicitly warns that `ufw` does not shield Docker-published ports, requiring careful network configuration (e.g., all traffic through Caddy on 443). The `suite_services.py` attempts to generate a `searxng` secret key, but if this fails, a default 'ultrasecretkey' is used. The `n8n_Pipeline.py` uses `aiohttp.ClientSession(trust_env=True)` which could be a risk if the host environment variables are compromised. The project provides comprehensive instructions for securing credentials, but the sheer number of required secrets increases the potential for misconfiguration by the user.
Updated: 2026-01-19GitHub
34
1
Medium Cost
everruns icon

fetchkit

by everruns

Sec9

AI-friendly web content fetching and HTML conversion, designed for consumption by Large Language Models.

Setup Requirements

  • ⚠️Requires Rust toolchain (cargo) for building/installation.
  • ⚠️The provided LangChain example requires OPENAI_API_KEY (paid service).
Verified SafeView Analysis
The server appears well-structured with no immediate signs of 'eval', obfuscation, or hardcoded secrets. It implements URL filtering, which is a good security practice. Custom HTML parsing and base64 decoding are potential, though minor, attack surfaces if bugs were present; however, they are designed for content processing rather than arbitrary code execution. Network risks are inherent to web fetching but seem handled by strict timeouts and error handling.
Updated: 2026-01-18GitHub
34
3
Medium Cost
LogicStamp icon

logicstamp-mcp

by LogicStamp

Sec9

Provides AI assistants with structured access to React/TypeScript codebases through LogicStamp Context's analysis engine, enabling safe analysis, modification, and verification of code.

Setup Requirements

  • ⚠️Requires LogicStamp Context CLI to be installed globally (`npm install -g logicstamp-context`).
  • ⚠️Requires Node.js >= 18.18.0 (Node 20+ recommended).
  • ⚠️The `projectPath` parameter is CRITICAL and REQUIRED for `logicstamp_refresh_snapshot` and `logicstamp_compare_snapshot` tools; omitting it can cause hangs.
Verified SafeView Analysis
The server is designed as a 'thin read-only wrapper' and communicates via stdio, meaning no network ports are opened. It relies on the `stamp context` CLI for core analysis, which includes 'Automatic Secret Protection' (replacing secrets with 'PRIVATE_DATA' in generated context, not modifying source files). Commands executed via `child_process.exec` are carefully constructed with predefined flags and use `projectPath` as the working directory, mitigating direct command injection. Path resolution via `path.resolve` helps prevent path traversal within the specified `projectPath`. The server's operations are confined to the provided project directory.
Updated: 2026-01-17GitHub
34
5
High Cost
chrisleekr icon
Sec7

A multi-agent LLM orchestration platform for IT incident investigation and customer support, integrating various LLM providers, external services (New Relic, Sentry, AWS ECS, AWS RDS, MCP tools), and RAG capabilities via Fastify API or Slack bot.

Setup Requirements

  • ⚠️Requires AWS credentials configured with appropriate permissions for Bedrock, ECS, RDS, CloudWatch, Performance Insights, and OpenSearch.
  • ⚠️Requires at least one LLM provider (e.g., AWS Bedrock, OpenAI, Groq, or local Ollama) configured and accessible.
  • ⚠️Requires external services like Redis (for chat history), Qdrant (vector database), Unstructured API (for document loading), and various Model Context Protocol (MCP) servers (Brave Search, Context7, Kubernetes) to be running and configured for full functionality.
  • ⚠️For multi-agent features, API keys/tokens for New Relic, Sentry, and GitHub are necessary for their respective expert agents to operate.
Review RequiredView Analysis
The server employs structured output parsing (Zod) for LLM responses, which significantly mitigates arbitrary code execution via prompt injection. Fastify security plugins (helmet, cors, rate-limit) are in place, and secrets are managed via configuration files/environment variables. However, the multi-agent system's primary '/investigate' endpoint accepts freeform user queries. If an LLM is jailbroken, it could potentially generate malicious New Relic Query Language (NRQL) or CloudWatch Logs Insights queries, even if the SELECT clauses are fixed. These queries, if crafted maliciously, could lead to information disclosure from connected observability platforms or AWS resources. The system actively interacts with sensitive external APIs (AWS, New Relic, Sentry, GitHub), requiring robust authentication and least-privilege configurations for all external services.
Updated: 2026-01-17GitHub
PreviousPage 142 of 713Next