Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

92
194
Low Cost
dorcha-inc icon

orla

by dorcha-inc

Sec6

Orla acts as a runtime for Model Context Protocol (MCP) servers, enabling the execution of lightweight open-source AI agents and command-line tools locally.

Setup Requirements

  • ⚠️Requires Go 1.25+ to build from source.
  • ⚠️Requires Ollama for local LLM inference (installed by default, but can be skipped for remote Ollama setup).
  • ⚠️Requires Git for installing tools from the official registry.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary user-defined tools from the filesystem. While `os.OpenRoot` is used to prevent path traversal when loading manifests and parsing shebangs within tool directories, there is no built-in sandboxing for the tools themselves. This means a malicious or improperly configured tool could potentially perform actions outside its intended scope on the host machine. The `SECURITY.md` explicitly states: 'orla executes tools from the filesystem. Ensure tools are from trusted sources.' When running in HTTP mode, there is no built-in authentication, requiring users to manage network-level access and firewall rules if exposed. No hardcoded secrets were identified.
Updated: 2026-01-07GitHub
92
88
High Cost
Shelpuk-AI-Technology-Consulting icon

kindly-web-search-mcp-server

by Shelpuk-AI-Technology-Consulting

Sec7

Provides web search with robust, LLM-optimized content retrieval from various sources (StackExchange, GitHub, Wikipedia, arXiv, and general webpages) for AI coding assistants.

Setup Requirements

  • ⚠️Requires at least one search provider API key: `SERPER_API_KEY`, `TAVILY_API_KEY`, or `SEARXNG_BASE_URL`.
  • ⚠️A Chromium-based browser (Chrome/Chromium/Edge/Brave) must be installed locally for universal HTML content retrieval; `KINDLY_BROWSER_EXECUTABLE_PATH` may be needed.
  • ⚠️Python 3.13+ is required (Python 3.14 is supported, but advanced PDF features may be disabled due to `onnxruntime` availability).
Verified SafeView Analysis
The server uses `subprocess.create_subprocess_exec` to run a headless Chromium browser for universal HTML scraping, which is standard for browser automation but introduces a larger attack surface. The `--no-sandbox` option for Chromium can be enabled via environment variable, reducing browser isolation. Sensitive API keys are loaded from environment variables, which is standard but requires secure environment management. Input parsing for `SEARXNG_HEADERS_JSON` includes JSON validation to prevent arbitrary code execution. Efforts are made to ensure proxy settings do not interfere with local connections and to clean up temporary directories.
Updated: 2026-01-18GitHub
92
148
Medium Cost
traceloop icon
Sec9

Enables AI assistants to query and analyze OpenTelemetry traces from LLM applications for debugging, performance, and cost optimization.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires 'pipx' or 'uv' for easy installation and execution.
  • ⚠️Traceloop backend requires an API key (BACKEND_API_KEY environment variable or --api-key CLI argument).
  • ⚠️Jaeger backend requires the 'service_name' parameter for 'search_traces' and 'search_spans' operations.
Verified SafeView Analysis
The server uses environment variables for sensitive configurations like API keys, which is a good practice. No direct use of `eval` or easily exploitable shell commands were found. Data validation is performed using Pydantic. A hardcoded API key is present in the `start_locally.sh` script for demonstration purposes, but the configuration system prioritizes environment variables or CLI overrides for actual deployment.
Updated: 2026-01-19GitHub
92
76
High Cost
postrv icon

narsil-mcp

by postrv

Sec9

AI-powered code analysis and understanding for developers and coding agents, providing semantic search, call graphs, security audits, and architectural insights.

Setup Requirements

  • ⚠️Requires 'git' command-line tool to be installed and available in PATH.
  • ⚠️Requires API keys (e.g., VOYAGE_API_KEY, OPENAI_API_KEY) for neural embeddings backend; these are typically paid services.
  • ⚠️Advanced graph features (CCG, SPARQL) require building with '--features graph' and local persistence, increasing resource usage.
Verified SafeView Analysis
The project demonstrates a strong focus on security, with explicit modules for secret redaction, robust input validation (e.g., git arguments, regex patterns for ReDoS prevention, path traversal checks), and a default 'read_only' mode. It also includes comprehensive security scanning capabilities as core features, such as taint analysis, OWASP Top10, and CWE Top25 checks. No obvious critical vulnerabilities or malicious patterns were found in the provided source code snippets.
Updated: 2026-01-18GitHub
92
512
Medium Cost
line icon
Sec8

Integrates AI agents with LINE Messaging API for automated communication and management of LINE Official Accounts.

Setup Requirements

  • ⚠️Requires a LINE Official Account with Messaging API enabled and a Channel Access Token (requires LINE platform registration and API setup).
  • ⚠️Requires Node.js v20+ (if not using Docker).
  • ⚠️The `create_rich_menu` tool depends on Puppeteer, which may involve a significant download size for its Chromium browser on first use or require specific executable path configuration in constrained environments.
Verified SafeView Analysis
Sensitive API keys (CHANNEL_ACCESS_TOKEN) and user IDs (DESTINATION_USER_ID) are managed via environment variables, which is appropriate. The `create_rich_menu` tool uses Puppeteer, and the Docker setup explicitly includes `--no-sandbox`, which reduces isolation and could be a minor security concern in some contexts. Error responses may include stack traces or internal details which could potentially leak information.
Updated: 2026-01-19GitHub
92
92
Low Cost
tercumantanumut icon

seline

by tercumantanumut

Sec4

A backend API server for managing and executing ComfyUI workflows, capable of dynamically generating API endpoints for workflows, building Docker containers for custom nodes and models, and providing an execution queue. It integrates with the Model Context Protocol (MCP) to expose its capabilities to client applications.

Setup Requirements

  • ⚠️Requires Docker to be installed and running, as it dynamically builds and manages ComfyUI Docker containers.
  • ⚠️The ComfyUI instances orchestrated by this server typically require an NVIDIA GPU with substantial VRAM (e.g., 12GB+ for models like Flux2 Klein) for effective image/video generation.
  • ⚠️The server application itself requires Python 3.10 or higher.
  • ⚠️Requires proper network and firewall configuration due to exposed APIs and dynamic Docker operations.
Verified SafeView Analysis
The server's core functionality involves building and running Docker containers for custom ComfyUI workflows, which can include downloading external code and models from arbitrary URLs. This represents a significant supply chain risk and grants high system privileges, especially during Docker build processes. The exposed API, if not properly secured and isolated (e.g., via firewall, VPN), could be vulnerable. Although the `executeCommand` tool from the main `seline` application is not directly part of this MCP server, the dynamic execution of external code and models within Docker containers poses similar risks. Therefore, it is critical to only run this server in a trusted, isolated development environment with vetted workflows and dependencies.
Updated: 2026-01-18GitHub
92
353
Medium Cost
fcakyon icon
Sec9

A comprehensive toolkit and configuration for developing Claude Code plugins, integrating various external services and APIs, and enhancing AI-assisted coding workflows.

Setup Requirements

  • ⚠️Requires installation of multiple command-line tools (jq, gh, ruff, prettier) and Node.js/npm for specific components, despite Claude Code's native installation.
  • ⚠️Many MCP integrations necessitate separate API keys or OAuth authentication flows (e.g., az login, gcloud auth) and configuration via environment variables.
  • ⚠️The 'paper-search-tools' plugin specifically requires Docker to be installed and running.
  • ⚠️A manual post-installation symlink (ln -s CLAUDE.md AGENTS.md) is required for cross-tool compatibility.
Verified SafeView Analysis
The repository demonstrates a high level of security awareness, particularly in plugin hooks designed to prevent dangerous shell commands (e.g., 'rm -rf', 'sudo'), path traversal, and writes to sensitive files (e.g., '.env'). It strongly advocates for using environment variables over hardcoding secrets and emphasizes HTTPS/WSS for network communication. A dedicated hook linter further checks scripts for common security pitfalls like unquoted variables. While the overall system relies on proper user configuration of API keys and permissions, the provided tools are designed with strong safeguards.
Updated: 2026-01-14GitHub
92
70
Low Cost
Hmbown icon

aleph

by Hmbown

Sec8

Aleph is an MCP server that provides LLMs programmatic access to gigabytes of local data without consuming context, implementing the Recursive Language Model (RLM) architecture.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires the `mcp` Python package, installed via `pip install "aleph-rlm[mcp]"`.
  • ⚠️Using the API backend for `sub_query` (or for the main LLM loop) requires API keys (e.g., `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`) and a specified model (`ALEPH_SUB_QUERY_MODEL`), incurring costs.
Verified SafeView Analysis
The project explicitly implements a 'best-effort' sandboxed Python REPL (`exec_python`) which blocks common dangerous operations (filesystem, network, subprocess, dunder access, eval/exec/compile). Action tools (`run_command`, `read_file`, `write_file`) that interact with the filesystem or execute shell commands are gated by an `--enable-actions` flag, workspace scoping (`--workspace-mode`), and optional `--require-confirmation`. Sub-query functionality can launch CLI tools (e.g., `claude`, `codex`) or make external API calls, which are inherently external interactions. No hardcoded secrets were identified. The security design is transparent and offers control to the user, but the inherent nature of running arbitrary code or commands necessitates user vigilance and stronger external isolation for untrusted inputs.
Updated: 2026-01-19GitHub
91
1918
High Cost
bytebase icon

dbhub

by bytebase

Sec8

A database gateway that exposes SQL data sources via a RESTful API and the Model Context Protocol (MCP), enabling structured interaction with multiple database types.

Setup Requirements

  • ⚠️Requires database configuration via DSN environment variable, --dsn flag, or a dbhub.toml file. No default database is configured without --demo mode.
  • ⚠️SSH tunneling requires --ssh-host and --ssh-user (and either --ssh-password or --ssh-key) CLI arguments or environment variables, necessitating proper SSH setup and key management.
  • ⚠️The HTTP transport operates in a stateless mode where the entire MCP server and its tools are re-initialized for every incoming /mcp request. This incurs significant overhead and impacts efficiency, especially for deployments with many configured sources and tools.
Verified SafeView Analysis
The server employs several good security practices, including explicit redaction of sensitive credentials (passwords, SSH keys) from API responses and the use of parameterized queries in database connectors to mitigate SQL injection risks. It also includes SDK-level read-only mode enforcement for PostgreSQL and SQLite. CORS is configured to allow requests only from localhost origins. Potential areas for further tightening include a more explicit whitelist for CORS origins beyond simple localhost checks. The server relies on user-provided DSNs and SSH configurations, requiring careful handling of these inputs by the deployment environment.
Updated: 2026-01-02GitHub
91
62
Medium Cost
yogthos icon

Matryoshka

by yogthos

Sec5

Processes large documents beyond LLM context windows using a Recursive Language Model (RLM) that executes symbolic commands for iterative document analysis.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to be installed.
  • ⚠️Requires a configured LLM provider; supports Ollama (needs local server running) or DeepSeek (requires API key).
  • ⚠️If using DeepSeek, requires `DEEPSEEK_API_KEY` to be set in environment variables.
  • ⚠️Analyzing code files may require additional `tree-sitter` npm packages to be installed dynamically.
Review RequiredView Analysis
The server's core functionality involves executing LLM-generated code, albeit within a constrained symbolic language (Nucleus) that is interpreted by a logic engine (Lattice) or compiled to JavaScript and run in a Node.js `vm.Context` sandbox. The `vm.Context` is explicitly noted in the source code (`src/sandbox.ts`) as providing 'contextual isolation but NOT security isolation.' Additionally, `new Function()` is used for dynamic code evaluation in `src/constraints/verifier.ts`, `src/persistence/predicate-compiler.ts`, `src/synthesis/relational/interpreter.ts`, and `src/synthesis/sandbox-tools.ts`. While there are attempts at validation (e.g., `isSafeInvariant`, `PredicateCompiler` blacklisting), running untrusted or maliciously crafted LLM outputs could still pose significant risks, as the sandbox is not designed for full security isolation. External network calls are made to LLM providers.
Updated: 2026-01-18GitHub
91
62
Medium Cost
knowns-dev icon

knowns

by knowns-dev

Sec8

A CLI-first knowledge layer and task/documentation management tool that provides AI agents with persistent project context.

Setup Requirements

  • ⚠️Requires Node.js or Bun runtime environment.
  • ⚠️Anthropic Claude CLI is required for full AI agent integration via MCP (Model Context Protocol).
  • ⚠️Web UI runs on localhost:6420 by default; ensure port is free or configure a different one.
Verified SafeView Analysis
The project is designed as 'local-first' and uses 'files as database', which inherently limits external attack surfaces. The Web UI is explicitly 'localhost-only' and lacks authentication by design, relying on local machine security. File system operations are generally handled using `path.join` and basic input sanitization. The MCP server integrates with `claude` CLI and uses Zod for input validation, which is a good security practice. No instances of 'eval' or direct arbitrary command execution from unsanitized user input were found. Potential minor risks could involve advanced path traversal if inputs are not fully sanitized in all file operations, or if the local machine's file permissions are weak. The planned 'self-hosted sync' feature will introduce new security considerations requiring authentication.
Updated: 2026-01-19GitHub
91
64
Low Cost
leancodepl icon

marionette_mcp

by leancodepl

Sec8

Enables AI agents to inspect and interact with running Flutter applications for automated testing and runtime interaction.

Setup Requirements

  • ⚠️Your Flutter application must integrate the `marionette_flutter` package and initialize `MarionetteBinding`.
  • ⚠️The Flutter application must be running in debug or profile mode to expose the VM service.
  • ⚠️The `dart:logging` package must be used in the Flutter app for the `get_logs` tool to function.
  • ⚠️The VM Service URI typically needs to be manually provided to the AI agent for connection.
Verified SafeView Analysis
The server acts as a bridge to the Flutter VM service, which is a powerful debug interface. While the server itself does not exhibit direct vulnerabilities like 'eval' or command injection in the truncated source, its purpose is to grant AI agents programmatic control over a debug-mode Flutter application. This means an AI agent could manipulate the connected app in various ways (tap, enter text, scroll, hot reload, access logs). It is crucial to use this server only with Flutter applications running in debug mode within controlled development environments, as it offers extensive access to the application's runtime.
Updated: 2026-01-19GitHub
PreviousPage 15 of 713Next