Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

34
4
Low Cost
dev-proxy-tools icon

mcp

by dev-proxy-tools

Sec7

Enables AI assistants to interact with Dev Proxy capabilities, allowing natural language for configuring Dev Proxy, accessing contextual help, and discovering features.

Setup Requirements

  • ⚠️Requires Node.js LTS to be installed.
  • ⚠️Requires Dev Proxy to be installed globally.
Verified SafeView Analysis
The server uses `child_process.exec` to run the `devproxy` command. While the command string (`devproxy --version`) is fixed and does not incorporate direct user input, it relies on a globally installed external executable. A compromised `devproxy` binary or manipulation of the system's PATH could pose a risk. Additionally, `fetch` calls are made to external endpoints (`https://devproxy-wama.azurewebsites.net/api/search` and `https://aka.ms/devproxy/best-practices`) for documentation and best practices, introducing a dependency on the security and availability of those external services.
Updated: 2026-01-17GitHub
34
19
Low Cost
zuplo icon

mcp

by zuplo

Sec3

An MCP server providing a set of mathematical tools (calculator functions) for remote execution via the Model Context Protocol.

Setup Requirements

  • ⚠️The default HTTPStreamableTransport configuration (`isValidOrigin` always returning true) is a critical security vulnerability and should be customized with allowed origins for public deployments.
Review RequiredView Analysis
The `HTTPStreamableTransport`'s `isValidOrigin` method currently returns `true` unconditionally, which is explicitly called out in the source code as a DNS rebinding vulnerability: 'Servers MUST validate the Origin header on all incoming connections to prevent DNS rebinding attacks'. This default behavior makes the server highly unsafe for public deployment without explicit origin validation configuration by the user. There's also a TODO to check request size, which could be a DoS vector for large JSON payloads. Otherwise, input validation for tools relies on Zod or custom validators, and tool handlers themselves seem to include basic error checks (e.g., division by zero, factorial limits), which is good.
Updated: 2026-01-05GitHub
34
3
Medium Cost
polarbase-team icon

polarbase

by polarbase-team

Sec9

Extensible open-source data backend for PostgreSQL with a multi-view UI (spreadsheet), AI agent integration via MCP, and real-time capabilities.

Setup Requirements

  • ⚠️Requires PostgreSQL database (version 14.0 or higher).
  • ⚠️Requires Bun runtime (version 1.0 or higher).
  • ⚠️AI features (agent, MCP) require an API key for Google Gemini or OpenAI (typically paid services).
  • ⚠️Initial login requires a `SUPER_ADMIN_KEY` set as an environment variable.
Verified SafeView Analysis
The project uses API key-based authentication, rate-limiting, and comprehensive input validation (Elysia's t.Object, t.String patterns, t.Numeric min/max, t.Files limits) to mitigate common web vulnerabilities. Database interactions are primarily handled by Knex, which generally protects against SQL injection. File uploads are sanitized, and the super admin key is environment variable-driven, not hardcoded. Limited use of `pg.raw` is observed, but in contexts that appear to be for DDL or fixed expressions rather than user input, reducing direct injection risk.
Updated: 2026-01-19GitHub
34
1
Low Cost
PierrunoYT icon
Sec7

This MCP server provides an interface for AI applications to access the Reve Edit image editing model from Replicate, enabling natural language-based transformation of images while preserving their spatial relationships and structure.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher to run.
  • ⚠️Requires a Replicate API token, which is a paid service and incurs costs per image editing operation.
  • ⚠️For local installation, `npm install` and `npm run build` are required to compile the TypeScript source.
Verified SafeView Analysis
The server handles `REPLICATE_API_TOKEN` via environment variables, which is good practice. It explicitly warns and does not crash if the token is missing. There are no obvious `eval` or obfuscation patterns. However, the `downloadImage` function, which fetches images from external URLs, presents a potential Server-Side Request Forgery (SSRF) risk if the input `image` URL is not validated sufficiently, allowing the server to probe internal networks or local file systems. Given typical MCP usage, this risk is mitigated by assuming trusted clients and valid image URLs.
Updated: 2025-11-24GitHub
34
5
Medium Cost
musabbozkurt icon
Sec9

An OAuth2 Authorization Server managing user authentication, user data, PostgreSQL to Oracle database migration/scripting, AI chat with various models, file storage, and Excel processing.

Setup Requirements

  • ⚠️Requires manual download and an Oracle account to set up Oracle Database 19c/23ai (specifically for Linux ARM aarch64) for the migration tool.
  • ⚠️Requires Docker for running Oracle, PostgreSQL, Redis, Minio, and Ollama containers, which are dependencies for various features.
  • ⚠️AI features (Gemma3, DeepSeek, Ollama) depend on local Ollama models being pulled (e.g., 'mxbai-embed-large', 'mistral', 'gemma3:4B-Q4_K_M', 'deepseek-r1:7b') or external API keys (e.g., DEEP_SEEK_API_KEY) being configured.
  • ⚠️Redis is a mandatory dependency for session management (`EnableRedisIndexedHttpSession`).
  • ⚠️A PostgreSQL database is required as the source for the Oracle migration and script generation tools.
Verified SafeView Analysis
The server employs robust Spring Security features including JWT authentication, custom authentication providers, and session management with Redis. XSS prevention is implemented via `XssRequestWrapper` and `XssSanitizerUtils`, and HTTP security headers (X-XSS-Protection, Content-Security-Policy) are configured. Sensitive configurations like database credentials, API keys, and LDAP settings are externalized through environment variables, with safe defaults for development. RSA keys for JWT are loaded or generated on startup and stored locally, which is generally secure if the `jwt.key.path` is adequately protected. No direct hardcoded production secrets or `eval`-like dangerous patterns were found. The `logout` endpoint's redirect behavior, while standard for Spring Security, relies on the `referer` header which should ideally be validated further, though XSS filters provide some mitigation.
Updated: 2026-01-13GitHub
34
4
Low Cost
chrisribe icon

simple-memory-mcp

by chrisribe

Sec8

A Model Context Protocol (MCP) server for persistent memory storage, providing intelligent tagging and full-text search for AI assistants to remember context across conversations.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Starting the web server (`web-server.js`) requires an existing database; it will not auto-create one. Run the main MCP server first to initialize the database.
  • ⚠️Storing the database directly in cloud storage (OneDrive/Dropbox) is strongly discouraged due to potential corruption and slower performance (2-10x slower). If unavoidable, `MEMORY_CLOUD_SAFE=true` must be set, which further reduces performance.
Verified SafeView Analysis
The server uses `better-sqlite3` with prepared statements, mitigating SQL injection risks. File system operations are confined to expected database and backup paths. The HTTP transport uses wide-open CORS (`Access-Control-Allow-Origin: *`), but the README explicitly warns against exposing it externally without additional security measures. No `eval`, obfuscation, or hardcoded secrets were identified.
Updated: 2025-12-07GitHub
34
10
Medium Cost
MKutka icon
Sec8

Provides a comprehensive interface to manage Cisco Meraki network devices and configurations by exposing all Meraki SDK methods as tools, optimized for use with Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher (as per pyproject.toml).
  • ⚠️Requires Meraki Dashboard API Key for authentication (a Meraki account is necessary for useful interaction).
  • ⚠️Designed for Claude Desktop, requiring specific configuration of `claude_desktop_config.json` with absolute paths, including platform-specific adjustments for Windows (forward slashes, .exe extension).
Verified SafeView Analysis
The server uses environment variables for sensitive API keys, avoiding hardcoding. Dynamic method invocation (`getattr`, `**params`) is employed to expose all Meraki SDK endpoints. While powerful, this is constrained by checking against valid SDK sections and methods, mitigating arbitrary code execution outside the Meraki SDK. A 'READ_ONLY_MODE' can be enabled for safer exploration, preventing accidental destructive operations. Large API responses are cached locally to files; ensure the local environment is secure. No direct use of `eval` or `exec` was found.
Updated: 2025-11-20GitHub
34
4
Medium Cost
louagej icon
Sec9

Provides a Model Context Protocol (MCP) server for searching AL-Go documentation and accessing AL-Go GitHub workflow examples, integrating with development environments like VS Code.

Setup Requirements

  • ⚠️A GitHub token (GITHUB_TOKEN) or GitHub App credentials are highly recommended for higher API rate limits when fetching documentation and workflows from the `microsoft/AL-Go` repository, especially for initial indexing or frequent cache refreshes.
  • ⚠️Designed primarily for integration with the VS Code MCP Extension, requiring specific configuration within VS Code settings.
  • ⚠️Requires Node.js 18 or higher for development and optimal runtime, as specified in `CONTRIBUTING.md`.
Verified SafeView Analysis
The server uses environment variables (e.g., GITHUB_TOKEN, GITHUB_APP_ID) for GitHub authentication, adhering to best practices for secret management and explicitly warning against hardcoding credentials in its `SECURITY.md`. All external network interactions are with the official GitHub API. Dependencies are from reputable sources (Octokit, Zod, dotenv, MCP SDK). A clear security policy, contribution guidelines, and use of dependency auditing tools (Dependabot, npm audit) are in place. No `eval`, obfuscation, or malicious patterns were detected in the provided source code. Documentation content is fetched and then cached locally, reducing repeated external calls.
Updated: 2026-01-19GitHub
34
4
Low Cost
sgharlow icon
Sec4

AI-powered development workflow management and prompt optimization, enforcing disciplined software development practices for AI coding agents.

Setup Requirements

  • ⚠️Requires Node.js 18+ and TypeScript 5.0+.
  • ⚠️Requires core 'ai-framework' markdown files (orchestration.md, tasks.md, etc.) to be present in the project directory, or to use the 'setup' prompt (for non-Kiro environments).
  • ⚠️Relies on 'git' for scope and contract integrity checks.
  • ⚠️Requires 'npm' or 'yarn' for test execution in DRS calculation.
Review RequiredView Analysis
The server frequently uses 'execSync' to run shell commands, often interpolating user-provided inputs (e.g., feature names, issue descriptions, project names) directly into these commands. This pattern is highly vulnerable to command injection if inputs are not meticulously sanitized. While some script generation uses heredocs which offer slight protection, direct command execution with untrusted inputs poses a significant risk. The 'emergency' prompt, explicitly designed for critical contract changes, involves direct modification of files and Git operations, which amplifies this risk if not used in a highly controlled, human-supervised environment with robust input validation.
Updated: 2026-01-19GitHub
34
4
Medium Cost
rshade icon
Sec9

This MCP server standardizes development tool patterns and provides AI-powered integrations to enable Claude Code to generate code more efficiently, reduce errors, and improve autocorrection for various programming languages and workflows.

Setup Requirements

  • ⚠️Requires multiple language-specific CLIs (Go, Python, Node.js) to be installed and available in PATH (e.g., 'go', 'npm', 'python3', 'jq', 'actionlint', 'pytest', 'eslint').
  • ⚠️Some Python tools require 'pip install <tool>' (e.g., 'ruff', 'pyright', 'bandit', 'vermin', 'py-spy', 'memray').
  • ⚠️Git-related tools require the project to be a configured Git repository.
Verified SafeView Analysis
The server demonstrates strong security practices for a tool executing external commands. It uses 'execa' to safely run shell commands, implements argument sanitization and whitelisting, explicitly validates file paths to prevent traversal and injection, and includes mechanisms for detecting potential secrets in code changes. Resource limits are applied to prevent denial-of-service via large inputs. Sensitive environment variables are masked by default when read by the 'dotenv_environment' tool. Plugins operate within the same hardened 'ShellExecutor' environment.
Updated: 2026-01-19GitHub
34
5
Low Cost
Knuckles-Team icon

media-downloader

by Knuckles-Team

Sec3

The primary use case is to download videos and audio from various online sources, and it functions as an MCP server and an A2A agent for integration into agentic frameworks.

Setup Requirements

  • ⚠️Docker is the recommended deployment method, encapsulating necessary dependencies like a JavaScript runtime for yt-dlp.
  • ⚠️For the A2A Agent, an external or local Large Language Model (LLM) is required, configurable for providers like OpenAI, Anthropic, Google, or local solutions like Ollama.
Review RequiredView Analysis
The server exposes highly dangerous tools (`run_command` and `text_editor`) that allow arbitrary shell command execution (`subprocess.run(..., shell=True)`) and file system manipulation via AI-generated input. While the MCP server supports various authentication and authorization mechanisms (JWT, OAuth, OIDC, Eunomia), these tools, if callable by an agent or user with sufficient permissions, present a critical Remote Code Execution (RCE) and data manipulation vulnerability. Even with strong authentication, if an attacker or a misaligned AI can make calls to these tools, the host system is at severe risk. Hardcoded static tokens are present for the 'static' auth type, intended for testing, which should never be used in production.
Updated: 2026-01-19GitHub
34
4
High Cost
toolkit-ai icon

magnet-mcp-server

by toolkit-ai

Sec9

Integrates AI agent clients (like Claude, Cursor) with the Magnet task/issue management platform, enabling AI agents to read, create, update, and search issues and pages, and upload chat sessions.

Setup Requirements

  • ⚠️Currently macOS only (Windows and Linux support are noted as coming soon).
  • ⚠️Requires a Magnet.run account and a generated API key for your Workspace (Organization).
  • ⚠️Requires Node.js version 22.2.0 or higher.
Verified SafeView Analysis
The server uses environment variables (MAGNET_API_KEY) for authentication, which is good practice. Input validation is handled robustly using Zod schemas for all tool inputs, reducing risks of malformed requests or injection. API calls include explicit error handling for common HTTP status codes (400, 401, 403, 404). No 'eval' or other directly dangerous functions are apparent in the provided source code. Network communication is via HTTPS to the Magnet API.
Updated: 2026-01-12GitHub
PreviousPage 150 of 713Next