Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
3
High Cost
lukacf icon

mcp-the-force

by lukacf

Sec5

A protocol-based AI server for integrating multiple AI providers and tools, enabling multi-model collaboration, advanced context management, and end-to-end user workflows from a CLI client.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires API keys for external AI providers (e.g., OpenAI, Anthropic, xAI, Google), which are paid services.
  • ⚠️Docker is recommended for running VictoriaLogs (logging backend) and is used for E2E testing.
  • ⚠️Requires Git for project history features.
  • ⚠️If using local LLMs, an Ollama server must be running and accessible.
Review RequiredView Analysis
The system explicitly disables path traversal protection in file system utilities for 'MCP server usage' as noted in unit tests, significantly increasing the risk of arbitrary file access if not run in a highly controlled, isolated environment with trusted clients. It relies on user-provided API keys stored in 'secrets.yaml', requiring the user to manage local file security. Robust SSRF protection is implemented for image loading from URLs. Sensitive data is redacted from logs and conversation history.
Updated: 2026-01-19GitHub
33
2
Medium Cost
felipeerias icon

clangd-mcp-server

by felipeerias

Sec8

Model Context Protocol server that bridges Claude Code with clangd LSP for enhanced C++ code intelligence and navigation in large codebases.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 to be installed.
  • ⚠️Requires 'clangd' binary to be installed and accessible in the system PATH or via 'CLANGD_PATH' environment variable.
  • ⚠️Requires a C++ project with a 'compile_commands.json' file for proper code intelligence, which often needs to be generated by the build system (e.g., CMake, GN).
Verified SafeView Analysis
The server operates via standard I/O (stdio) for communication with the MCP client, limiting direct external network exposure. It spawns a local 'clangd' subprocess. Argument parsing for 'CLANGD_ARGS' (from environment variables) uses a custom 'parseShellArgs' function which, if not perfectly robust, could potentially lead to unexpected clangd behavior if malicious input is provided, though it passes arguments as an array to 'spawn' which mitigates shell injection. No 'eval' or obvious hardcoded secrets are found. File content is read from the local file system (via `fs/promises.readFile`) and passed to `clangd`.
Updated: 2025-12-03GitHub
33
3
Medium Cost
honey-guard icon

anchor-mcp

by honey-guard

Sec4

Provides a Model Context Protocol (MCP) server for LLM applications to perform security analysis on Anchor Solana programs and files using solana-fender.

Setup Requirements

  • ⚠️Requires Rust toolchain to build and run.
  • ⚠️Targeted specifically for Anchor Solana programs and files.
  • ⚠️Intended for integration with MCP-compatible LLM applications (e.g., Claude Desktop) requiring specific configuration.
  • ⚠️Requires file system access to the specified program/file paths.
Review RequiredView Analysis
The server directly uses user-provided 'program_path' and 'file_path' arguments from MCP client requests (e.g., 'security_check_program', 'security_check_file') without any validation or sanitization. These paths are then passed to the 'solana_fender' library for file system operations. This is a critical security risk as it could allow for path traversal attacks, arbitrary file reads (if solana_fender allows reading outside intended directories), or denial-of-service by pointing to large/malformed files or devices.
Updated: 2025-12-14GitHub
33
3
Medium Cost
edicarloslds icon

businessmap-mcp

by edicarloslds

Sec9

Provides a Model Context Protocol interface for integrating with BusinessMap (Kanbanize) for comprehensive project, board, and card management.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires a valid BusinessMap/Kanbanize API Token and API URL set as environment variables.
  • ⚠️For remote usage (HTTP/SSE), `TRANSPORT` and `PORT` environment variables must be configured, and the server exposed via HTTP.
Verified SafeView Analysis
The server uses Zod for robust input validation, mitigating common injection vulnerabilities. It enforces a read-only mode configurable via environment variables, adding a layer of safety for sensitive operations. Logging is correctly directed to STDERR, preventing protocol corruption. Sensitive API credentials (token, URL) are expected to be provided via environment variables, which is a standard practice, but their secure management in the deployment environment is critical to prevent unauthorized access. There is no evident use of 'eval' or direct arbitrary command execution from user input.
Updated: 2025-11-29GitHub
33
6
High Cost
semantic-developer icon

SemanticDeveloper

by semantic-developer

Sec8

A cross-platform desktop UI for driving the Codex CLI app server, enabling AI-assisted coding, file browsing, session management, and Git operations.

Setup Requirements

  • ⚠️Requires Codex CLI v0.77.0 or newer installed and on PATH.
  • ⚠️Users must manually manage '~/.codex/config.toml' for custom model profiles and MCP server definitions.
  • ⚠️Automatically approves `exec_approval_request` and `apply_patch_approval_request` without user intervention, which can execute system commands or modify files.
Verified SafeView Analysis
The application itself does not contain obvious malicious patterns or hardcoded secrets. It explicitly pipes API keys for authentication and uses LibGit2Sharp for Git operations, reducing reliance on system commands for Git. However, a critical design aspect is its automatic approval of `exec_approval_request` and `apply_patch_approval_request` from the Codex CLI without user confirmation. While this is a feature for seamless agentic operation, it means that if a user configures or enables a malicious MCP server or uses an untrusted model, the application will automatically execute code and apply patches based on the AI's output. Network access for MCP tools is also explicitly allowed if configured. Users must exercise caution with external configurations and agents.
Updated: 2026-01-07GitHub
33
1
High Cost
kelexine icon

kiro-extension

by kelexine

Sec3

Manages a spec-driven development workflow within the Gemini CLI, guiding feature development from requirements to design, task generation, and execution with state machine enforcement.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0
  • ⚠️Requires Gemini CLI v0.4.0+
  • ⚠️Requires Git installed
Review RequiredView Analysis
The `kiroScaffold` function, which creates files and directories based on the `file-structure` block in `design.md`, is vulnerable to path traversal. The `cleanPath` variable, derived from user-controlled content in `design.md`, is joined with `process.cwd()` without sufficient sanitization (e.g., removing '..' segments). This allows a malicious user or a compromised AI to craft paths like `../../../../evil.txt`, potentially writing files outside the intended project directory to arbitrary locations on the file system. While the server communicates over stdio (not directly exposed network ports), this file system write vulnerability is critical.
Updated: 2025-12-06GitHub
33
6
Low Cost
henriquemoody icon

charlie

by henriquemoody

Sec4

A universal command-line interface (CLI) and Python library that generates agent-specific configurations (commands, rules, MCP servers) for various AI agents from a single YAML or Markdown specification, supporting configuration inheritance and variable templating.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Requires Git CLI installed for the 'extends' configuration inheritance feature.
  • ⚠️External Git repository URLs specified in 'extends' fields must be explicitly trusted, as they are cloned and merged without further security validation, posing a supply chain risk if untrusted sources are used.
Review RequiredView Analysis
The `repository_fetcher.py` module clones arbitrary Git repositories specified in the `extends` field of the configuration without additional security validation of the source. This is explicitly noted in the source code as a risk, meaning a malicious 'extends' URL could introduce harmful code or configurations into the project. The tool uses `subprocess.run` to execute git commands, which is a common vector for command injection if inputs are not properly sanitized; while inputs appear controlled in Charlie's internal logic, the origin of these inputs from external configurations (e.g., repository URLs) requires trust. There are no obvious signs of 'eval' or other direct code execution vulnerabilities within Charlie itself, and `yaml.safe_load` is used for parsing.
Updated: 2026-01-07GitHub
33
3
Low Cost
agigante80 icon

actual-mcp-server

by agigante80

Sec8

A production-ready Model Context Protocol (MCP) server that bridges AI assistants with Actual Budget, enabling natural language financial management through 51 specialized tools for personal finance.

Setup Requirements

  • ⚠️Requires an existing Actual Budget server (local or hosted) with specified credentials and a budget Sync ID.
  • ⚠️Critical: This project MUST use Zod 3.x (specifically 3.25.76). Upgrading to Zod 4.x breaks LibreChat tool validation, making all tools invisible. Includes package.json overrides and Dockerfile safeguards.
  • ⚠️Docker is required for running End-to-End tests and for most production deployment scenarios.
  • ⚠️For Docker-to-Docker communication (e.g., with LibreChat), use internal Docker hostnames (e.g., `http://actual-mcp-server-backend:3600/http`) instead of host IPs.
Verified SafeView Analysis
Authentication to the MCP server via Bearer token is highly recommended by setting `MCP_SSE_AUTHORIZATION`. If this variable is not set, the server runs unauthenticated. `execSync` is used for internal versioning information, which is generally safe. Sensitive credentials for Actual Budget are pulled from environment variables. No other malicious patterns, `eval`, or obfuscation found.
Updated: 2026-01-13GitHub
33
3
Medium Cost
terramate-io icon

terramate-mcp-server

by terramate-io

Sec9

Integrates Terramate Cloud with AI assistants to enable natural language interaction for managing Infrastructure as Code (IaC) workflows.

Setup Requirements

  • ⚠️Requires Go 1.25.0+ to build from source.
  • ⚠️Requires a Terramate Cloud account.
  • ⚠️Requires `terramate` CLI for JWT authentication (recommended method).
  • ⚠️API key authentication requires organization admin privileges.
Verified SafeView Analysis
The server demonstrates good security practices including enforcing 0600 permissions for JWT credential files (on Unix), using mutexes for thread-safe credential access, and actively sanitizing error messages to prevent token leakage. Authentication methods (JWT with auto-refresh and file watching, or API key) are well-defined. A public Firebase Auth API key is used, which is not a secret but an identifier, as documented.
Updated: 2025-12-10GitHub
33
2
Medium Cost
plasticbeachllc icon

dolphin-mcp

by plasticbeachllc

Sec9

Acts as an MCP (Model Context Protocol) bridge for the Dolphin semantic code search API, providing tools for querying code and documentation, fetching code snippets, and integrating with AI clients.

Setup Requirements

  • ⚠️Requires Bun (>= 1.0.0) runtime for execution.
  • ⚠️Requires the Dolphin API (kb-api) server to be running on the configured endpoint (default: http://127.0.0.1:7777).
  • ⚠️The primary way to run it is via `bunx`, not `npm` or global installation by default.
Verified SafeView Analysis
The server demonstrates strong security practices, especially concerning local filesystem access and network communication. It utilizes `zod` for robust input validation on all tools. For file I/O operations (`file_write`, `read_files`), explicit checks are implemented to prevent path traversal attacks by ensuring all resolved paths remain within the `process.cwd()` (workspace root). The `file_write` tool also uses atomic operations (temp file + rename) for data integrity. Network requests (`src/rest/client.ts`) default to `http://127.0.0.1:7777` for the Dolphin API endpoint, explicitly restricting outbound connections to localhost unless configured otherwise, and includes `X-Client: mcp` header. URL parameters for fetching (`open_in_editor`, `restGetChunk`) are correctly encoded. No obvious `eval` usage, obfuscation, or hardcoded secrets were identified.
Updated: 2025-11-25GitHub
33
3
Medium Cost
peteretelej icon

md-server

by peteretelej

Sec9

Converts various documents, webpages, and media files into markdown format, serving as an HTTP API or an MCP server for AI assistants to read and process content.

Setup Requirements

  • ⚠️JavaScript rendering for dynamic web pages requires Playwright browsers, which need to be installed separately (e.g., `uvx playwright install --with-deps chromium`).
  • ⚠️Audio transcription (MP3, WAV) requires the `ffmpeg` library to be available on the system.
  • ⚠️Optional enhanced features, such as OpenAI for image descriptions or Azure Document Intelligence for advanced PDF processing, require additional API keys and configuration.
Verified SafeView Analysis
The server implements robust Server-Side Request Forgery (SSRF) protection by default, blocking access to private IP ranges, localhost (configurable), and cloud metadata endpoints. API key authentication is supported via a Bearer token, which is a good security practice for the HTTP API. Input validation (file size, URL schemes, MIME types) is in place. Reliance on external conversion libraries (MarkItDown, Crawl4AI) introduces inherent risks associated with complex file/web parsing, but the server applies timeouts and input validation to mitigate these.
Updated: 2026-01-17GitHub
33
3
Medium Cost
habibhassansehani icon

openai-sdk-knowledge-org

by habibhassansehani

Sec6

The server provides an AI-powered knowledge base for OpenAI API usage and SDKs, integrating Retrieval-Augmented Generation (RAG) and Model Context Protocol (MCP) capabilities.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (Paid).
  • ⚠️Requires a Cloudflare account for deployment, utilizing Cloudflare Workers, D1 database, Vectorize, and Queues.
  • ⚠️Google OAuth setup is required for user authentication and admin features (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REDIRECT_URI must be configured).
Review RequiredView Analysis
The application uses environment variables for sensitive credentials like OPENAI_API_KEY, GITHUB_TOKEN, and Google OAuth secrets, which is good practice. However, a hardcoded `DEFAULT_JWT_SECRET` is present in `src/server/middleware/auth.ts` as a fallback. If the `GOOGLE_JWT_SECRET` environment variable is not explicitly overridden, this weak default will be used, posing a significant security risk for authentication tokens. Local development explicitly allows disabling admin authentication, which is acceptable for development but must be secured in production. No 'eval' or direct malicious patterns were observed.
Updated: 2026-01-19GitHub
PreviousPage 154 of 713Next