Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

34
4
Low Cost
webrix-ai icon

mcp-s-oauth

by webrix-ai

Sec3

Universal OAuth middleware for MCP (Model Context Protocol) servers, enabling authentication with various OAuth providers.

Setup Requirements

  • ⚠️Requires manual setup of OAuth applications with external providers (e.g., GitHub, Google) to obtain Client ID, Client Secret, and configure callback URLs.
  • ⚠️Relies on environment variables (e.g., `BASE_URL`, `GITHUB_CLIENT_ID`, `GITHUB_CLIENT_SECRET`) for configuration, which must be correctly set.
  • ⚠️Uses a local SQLite database (`mcp.sqlite`) for storing client information and credentials, which may require specific management or different backend for production scalability and high availability.
Review RequiredView Analysis
Critical Open Redirect Vulnerability: In `src/services/mcp-auth-provider.ts`, the `redirectUri` provided by the client in the `/auth/authorize` request is stored in the OAuth `state` parameter and later used directly for `res.redirect()` in the `/oauth/callback` without validation. An attacker can craft a malicious `redirectUri` to redirect users to their own site after successful external OAuth authentication, potentially intercepting the internal MCP authorization code. Additionally, `skipLocalPkceValidation: true` means the internal MCP authorization code flow does not enforce PKCE, making it vulnerable to authorization code interception attacks. Sensitive OAuth and internal MCP tokens are stored in a local SQLite database, which requires careful management (permissions, encryption at rest) in production.
Updated: 2025-11-23GitHub
34
11
Low Cost
r3-yamauchi icon

kintone-mcp-server

by r3-yamauchi

Sec9

An unofficial local Model Context Protocol (MCP) server that enables desktop AI applications (like Claude Desktop) to interact with and manage kintone data, including reading, creating, updating records, and configuring kintone apps.

Setup Requirements

  • ⚠️Requires Node.js 20 or later.
  • ⚠️Requires a kintone tenant domain, username, and password for API access.
  • ⚠️Manual configuration of the Claude Desktop application's `claude_desktop_config.json` file is necessary to point to this server.
  • ⚠️This is an unofficial server and is not developed or maintained by Cybozu (kintone's provider), meaning self-support is required.
Verified SafeView Analysis
The server uses environment variables for kintone credentials, which is good practice. Kintone query language parsing uses regex, which is generally safer than direct `eval` or `child_process.exec`. Input validation is performed before executing Kintone API calls. No obvious hardcoded secrets, obfuscation, or malicious patterns were found in the truncated source code. File download has a known limitation for files over 1MB, but this is a functional limitation, not a direct security flaw.
Updated: 2026-01-07GitHub
34
10
Medium Cost
aashari icon
Sec4

Connects AI assistants to AWS accounts via IAM Identity Center (AWS SSO) enabling natural language interaction, secure AWS CLI command execution, and EC2 instance management.

Setup Requirements

  • ⚠️Requires AWS IAM Identity Center (AWS SSO) setup and configuration.
  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Requires AWS CLI v2 installed for 'aws_sso_exec_command' tool.
  • ⚠️EC2 instances need SSM Agent installed and an IAM role with 'AmazonSSMManagedInstanceCore' policy for 'aws_sso_ec2_exec_command' tool.
  • ⚠️Requires environment variables AWS_SSO_START_URL and AWS_REGION (or AWS_SSO_REGION) to be set.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary AWS CLI commands and shell commands on EC2 instances (via SSM) based on AI input. While the codebase does not contain obvious malicious patterns, hardcoded secrets, or direct 'eval' on arbitrary external input, the 'child_process.exec' is used to run commands directly. This design gives AI agents powerful, high-privilege access to AWS resources. The primary security risk arises from the potential for a large language model (LLM) to generate and execute unintended or destructive commands if not constrained by robust AI safety guardrails, strict input validation, and human oversight. Implementers must ensure that AI interactions are carefully managed and reviewed before command execution. Credentials are managed via standard AWS SSO mechanisms and caching practices.
Updated: 2026-01-07GitHub
34
3
Medium Cost
ankimcp icon
Sec9

An Anki addon that exposes the collection to AI assistants via the Model Context Protocol (MCP) for AI-powered study sessions, card creation, and collection management.

Setup Requirements

  • ⚠️Requires Anki 25.x or later (Python 3.13).
  • ⚠️On first run, the addon downloads `pydantic_core` (~2MB) from PyPI, requiring internet access.
  • ⚠️Requires manual configuration in the MCP client (e.g., Claude Desktop) to connect to the local server URL.
Verified SafeView Analysis
The server runs locally on `127.0.0.1` by default. All Anki operations are safely bridged to the main Qt thread, preventing direct access from the background server. Input validation is implemented for most tools, and destructive actions (e.g., deleting notes, media files) require explicit confirmation and include path traversal prevention. Disabling DNS rebinding protection is noted as a design choice to allow tunneling, but users exposing the server publicly should ensure trusted tunnel configurations.
Updated: 2026-01-11GitHub
34
4
Medium Cost
Magic-Pod icon
Sec9

An MCP server that integrates AI agents with the MagicPod test automation platform to perform actions like creating test cases, managing test settings, and accessing help articles.

Setup Requirements

  • ⚠️Requires a MagicPod API token, which must be provided via the `--api-token` command-line option.
  • ⚠️File upload operations (`upload-file-create`, `upload-data-patterns`) require local file paths to be absolute paths on the server's machine.
  • ⚠️Autopilot task creation/editing functionality is disabled by default via a feature flag (`enableAutopilotTasks: false`) and needs to be explicitly enabled in the source code if desired.
Verified SafeView Analysis
The server uses `zod` for robust input validation, preventing common injection vulnerabilities. API tokens are passed at runtime and not hardcoded. The use of `eval` in `openapi/parser.ts` is commented out, indicating it's not actively used. File upload tools require absolute local paths and perform basic extension and (for ZIP files) content validation, but rely on `fs.existsSync` which could be prone to path traversal if the input path isn't sufficiently sanitized or constrained. However, files are uploaded to a remote service, limiting local execution risk. Network requests use `axios` with proxy support.
Updated: 2026-01-14GitHub
34
1
Low Cost
florinel-chis icon

shopify-liquid-mcp

by florinel-chis

Sec9

Provides instant, offline-first access to comprehensive Shopify Liquid documentation for AI assistants and MCP-compatible tools to aid theme development.

Setup Requirements

  • ⚠️Requires Python 3.10+ or Docker environment.
  • ⚠️Initial run performs documentation indexing (can be slow depending on I/O) or requires manual force reindex with `python -m shopify_liquid_mcp.ingest --force` after custom documentation changes.
  • ⚠️Requires an MCP-compatible AI assistant or IDE (e.g., VS Code with MCP extension, Claude Desktop, Cursor) to interact with the server's tools.
Verified SafeView Analysis
The server uses SQLite with FTS5 for local documentation storage and search. SQL queries for user-provided input (like tag names, filter names, search queries) correctly use parameterized queries (`?`), mitigating SQL injection risks. Table names are hardcoded constants, not user-controlled, further enhancing safety. It is offline-first, removing network risks associated with fetching documentation. No explicit `eval` or similar dangerous dynamic code execution is observed. Docker configuration includes data persistence and read-only mounts for custom documentation, contributing to security. There are no hardcoded secrets identified.
Updated: 2025-11-24GitHub
34
3
Low Cost
standardbeagle icon

agnt

by standardbeagle

Sec9

Provides development tooling capabilities to AI coding agents, including project detection, process management, reverse proxy with frontend diagnostics, and visual debugging.

Setup Requirements

  • ⚠️Requires Node.js 18+ or Go 1.24+ runtime environment.
  • ⚠️Requires an MCP-compatible AI assistant (e.g., Claude Code, Cursor).
  • ⚠️Windows users require Windows 10 1809+ for ConPTY support.
Verified SafeView Analysis
The server's core functionality involves granting AI agents significant control over local processes and browser environments (e.g., arbitrary JavaScript execution via `proxy exec`). This is a powerful feature by design, requiring trust in the AI agent. The system implements robust internal safeguards such as resilient injected JavaScript (never throwing exceptions, validating inputs), Unix socket/named pipe IPC with restricted permissions (0600 owner only), and explicit warnings like `--dangerously-skip-permissions`. No hardcoded secrets or obvious malicious patterns are present. Network risks are mitigated by restricting proxy URL detection to localhost-like addresses and using secure tunneling providers.
Updated: 2026-01-10GitHub
34
3
Medium Cost
john-walkoe icon
Sec10

Provides structured access to USPTO enriched citation data, enabling detailed patent research and analysis, particularly for prior art and examiner behavior, through an LLM-integrated MCP server.

Setup Requirements

  • ⚠️Requires a free USPTO API Key for access to the Enriched Citation API.
  • ⚠️Citation data is limited to office actions mailed from October 1, 2017, to 30 days prior to the current date.
  • ⚠️The MCP provides citation metadata only; actual office action documents must be retrieved separately using the PFW MCP for full context.
Verified SafeView Analysis
The server demonstrates an exceptionally strong security posture, employing defense-in-depth measures. Key aspects include comprehensive Lucene query validation to prevent injection and DoS attacks (e.g., input length, malicious patterns, wildcard limits, field whitelisting), robust error sanitization to prevent information disclosure, secure API key management using Windows DPAPI or restrictive file permissions, and a dedicated security logging system for audit trails. Resilience features like circuit breakers, rate limiting (token bucket), and exponential backoff retry logic further enhance stability and protection against API abuse. There are no detectable uses of 'eval' or obfuscation, and sensitive data is handled with care.
Updated: 2026-01-19GitHub
34
3
High Cost
tayyabakmal1 icon
Sec5

A comprehensive Playwright-based Model Context Protocol (MCP) server designed for AI assistants to perform web testing, browser automation, and quality assurance tasks through natural language commands.

Setup Requirements

  • ⚠️Requires manual configuration of `claude_desktop_config.json` including an absolute path to the cloned repository for integration.
  • ⚠️Playwright browsers (Chromium, Firefox, WebKit) need to be installed on the host system (e.g., `npx playwright install`).
  • ⚠️Certain tools, like `playwright_evaluate` and API calls, expose powerful capabilities that require careful prompt engineering and understanding of their security implications when used by an AI agent, as direct script injection is possible in the browser context.
Review RequiredView Analysis
The server allows execution of arbitrary JavaScript via the `playwright_evaluate` tool through `page.evaluate()`, which directly interpolates the `script` parameter. If an AI agent is compromised or instructed to execute malicious scripts, this could lead to Cross-Site Scripting (XSS) on the target website or other browser-level vulnerabilities. Additionally, API tools allow flexible custom headers and body data, which could be misused for injection if not handled carefully. File system access is extensive but appears to be for legitimate purposes (e.g., screenshots, PDFs, code generation, session persistence). No obvious hardcoded secrets or malicious obfuscation were found in the provided code.
Updated: 2026-01-09GitHub
34
1
Medium Cost
PierrunoYT icon
Sec9

Facilitates text-to-image generation and image editing using the FAL AI Reve model via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher to run.
  • ⚠️Requires a FAL AI API key, which is for a paid service.
  • ⚠️Local installation requires 'npm install' and 'npm run build' before starting, though 'npx' method handles this automatically.
Verified SafeView Analysis
The server correctly uses environment variables for the FAL_KEY, preventing hardcoded secrets. It downloads images to a local 'images' directory after generation/editing, with basic error handling for the download process. Image URLs for editing are passed to the FAL AI API, offloading potential SSRF risks. Filename generation sanitizes user prompts for local storage. No 'eval' or other highly dangerous patterns were observed. Overall, good security practices for its stated purpose.
Updated: 2025-11-24GitHub
34
4
High Cost
Rathesh2727 icon

devcontext

by Rathesh2727

Sec9

This server provides continuous, project-centric context awareness to enhance development by learning from patterns and delivering relevant codebase insights to AI agents.

Setup Requirements

  • ⚠️Requires a Turso (libSQL) database account and configuration for persistent storage.
  • ⚠️Requires `TURSO_DATABASE_URL` and `TURSO_AUTH_TOKEN` environment variables to be set for database connectivity.
Verified SafeView Analysis
No direct 'eval' or hardcoded secrets were found in the provided code. Database interactions use prepared statements, mitigating SQL injection risks. Environment variables are loaded securely using `process.env`. The `stdout`/`stderr` interception logic in `main.js` is a design choice for MCP protocol compliance and does not introduce a security vulnerability.
Updated: 2025-12-15GitHub
34
3
Low Cost
nanassound icon

midi_ctrl

by nanassound

Sec9

Enables AI assistants to control an Arturia MicroFreak synthesizer via MIDI using natural language commands.

Setup Requirements

  • ⚠️Requires Elixir 1.19+ and Erlang/OTP for source installation (or macOS Apple Silicon for pre-built release).
  • ⚠️Requires an Arturia MicroFreak synthesizer connected via USB.
  • ⚠️Requires an MCP-compatible AI client (e.g., Claude Desktop) and specific configuration of its 'mcpServers' JSON file.
Verified SafeView Analysis
The server runs locally (localhost:3000) and interfaces with local MIDI devices, limiting the network attack surface. It relies on the `midiex` Elixir library, which uses Rust Native Implemented Functions (NIFs). While NIFs can introduce complexity and potential vulnerability if the underlying native code is untrusted, `midiex` is a known open-source library. No explicit 'eval' or malicious patterns are observed in the provided code snippets. Hardcoded secrets are not evident.
Updated: 2025-11-20GitHub
PreviousPage 148 of 713Next