Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
2
Medium Cost
tellahq icon

plain-mcp

by tellahq

Sec9

This MCP server provides a comprehensive interface for managing customer support operations, help center content, and customer data within the Plain.com platform.

Setup Requirements

  • ⚠️Requires a Plain.com API key with full API permissions.
  • ⚠️Requires the Bun runtime to be installed.
  • ⚠️Requires specific configuration in Claude Code's ~/.claude.json file.
Verified SafeView Analysis
The server correctly handles API keys via environment variables, avoiding hardcoding. It uses Zod for input validation, which is a strong practice against injection vulnerabilities. All external communication is routed through the official Plain.com TypeScript SDK. No 'eval' or other highly dangerous functions are present. The code follows standard secure coding practices for an API wrapper.
Updated: 2026-01-16GitHub
33
2
Medium Cost
guerinjeanmarc icon

mcp-neo4j-graphrag

by guerinjeanmarc

Sec8

Extends Neo4j with vector search, fulltext search, and search-augmented Cypher queries to build powerful GraphRAG applications.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance.
  • ⚠️Requires the Neo4j APOC plugin for schema discovery (`get_neo4j_schema_and_indexes` tool).
  • ⚠️Requires an API key for the chosen embedding model (e.g., OPENAI_API_KEY) if using a remote/paid provider.
  • ⚠️Default Neo4j connection details (URI, username, password) are insecure and must be overridden for production environments.
Verified SafeView Analysis
The server uses parameterized queries for values in most cases, mitigating standard injection risks. It explicitly checks for and prevents write Cypher queries. It includes robust output sanitization and token-aware truncation to prevent information overload or data leakage. However, the `return_properties` parameter in `vector_search` and `fulltext_search` is directly interpolated into the Cypher query, which is a minor theoretical risk if an LLM generates malicious property names, though property names are generally static schema elements. Additionally, `search_cypher_query` executes raw Cypher (read-only) provided by the LLM, relying on the LLM's adherence to safe patterns, which is a common but inherent risk in LLM agent design. Insecure default Neo4j credentials are a warning, requiring proper environment configuration for production use.
Updated: 2026-01-13GitHub
33
2
Low Cost
airmcp-com icon

mcp-standards

by airmcp-com

Sec9

A self-learning AI standards system that optimizes context, extracts patterns, and manages Claude's memory and preferences through a cost-efficient model routing architecture.

Setup Requirements

  • ⚠️Requires Node.js and npm to install and run the AgentDB vector store, which is a core component.
  • ⚠️Assumes integration with the Claude Code SDK/environment as it uses `mcp.server` components.
  • ⚠️Utilizes different AI models (Gemini, DeepSeek, Claude) with varying costs, requiring API keys for non-Claude models (e.g., GEMINI_API_KEY) for full cost optimization.
Verified SafeView Analysis
The system demonstrates strong security practices, including explicit path whitelisting for 'CLAUDE.md' file updates and the consistent use of parameterized queries for SQLite interactions, effectively mitigating common vulnerabilities like SQL injection and arbitrary file writes. Reliance on the 'npx agentdb' command, while standard for integrating Node.js CLI tools, introduces a dependency on the supply chain security of the 'agentdb' npm package.
Updated: 2025-11-30GitHub
33
3
Medium Cost
flor3z-github icon

redmine-mcp-server

by flor3z-github

Sec9

Enables AI assistants to interact with Redmine project management systems for issue, project, time, user, and wiki management.

Setup Requirements

  • ⚠️Requires Node.js >= 20.0.0.
  • ⚠️Requires a Redmine instance with REST API access enabled.
  • ⚠️Authentication requires either a Redmine API key or a username and password.
  • ⚠️SSL/TLS configuration (e.g., for self-signed certificates or corporate proxies) may require additional environment variables like REDMINE_SSL_VERIFY or REDMINE_CA_CERT.
Verified SafeView Analysis
The server uses `zod` for robust input validation on all tool arguments, significantly reducing the risk of injection attacks. Sensitive API keys and credentials are handled via environment variables and are not hardcoded. SSL certificate verification and custom CA certificates are supported, enhancing secure communication. The `fs.readFileSync` for `REDMINE_CA_CERT` reads a local file path, which could theoretically be abused if an attacker could control the environment variable; however, this is a standard configuration pattern and not a direct vulnerability in the code itself. Debug logging can expose tool arguments, but this is a configurable log level for development purposes.
Updated: 2025-12-04GitHub
33
3
Medium Cost
CoMfUcIoS icon

obsidian-mcp-sb

by CoMfUcIoS

Sec9

Provides secure, intelligent, read-only access to an Obsidian vault for Large Language Models (LLMs), enabling semantic search, metadata filtering, and summarization.

Setup Requirements

  • ⚠️Requires Node.js version 22.12 or higher to run.
  • ⚠️A '--vault-path' CLI argument pointing to the Obsidian vault's absolute location is mandatory for server operation.
  • ⚠️For full search and filtering functionality, Obsidian notes should adhere to a specific YAML frontmatter structure, including 'tags', 'type', 'status', 'category', 'created', and 'modified' fields. Missing or invalid frontmatter fields will be defaulted.
Verified SafeView Analysis
The server is intentionally designed as read-only, preventing any modifications to the user's Obsidian vault. It communicates via standard I/O (stdio), which limits direct network attack surface. Robust path traversal protection is implemented to ensure file access is restricted to the designated vault directory. File indexing is subject to a configurable maximum file size (default 10MB) to prevent resource exhaustion. All incoming API parameters (e.g., note types, statuses, categories, dates) undergo strict validation to prevent injection or unexpected behavior. No 'eval' or suspicious obfuscation was identified, nor were any hardcoded secrets. SQLite with WAL mode is used for efficient and concurrent database operations.
Updated: 2026-01-19GitHub
33
2
Low Cost
rhobs icon

obs-mcp

by rhobs

Sec3

An MCP (Model Context Protocol) server enabling LLMs to interact with a Prometheus monitoring instance for querying metrics.

Setup Requirements

  • ⚠️Requires a running Prometheus instance (can be local or in-cluster).
  • ⚠️Requires `uv` for evaluation setup (Python package manager).
  • ⚠️Running with `--auth-mode header` (as seen in Kubernetes deployment manifest) effectively disables authentication to Prometheus via the MCP server.
  • ⚠️Development requires Go 1.24+, Docker/Podman, Kind, and kubectl for E2E tests.
Review RequiredView Analysis
The Kubernetes deployment manifest (manifests/kubernetes/03_deployment.yaml) explicitly sets `--auth-mode header` and `--insecure`. Crucially, the source code (pkg/mcp/auth.go:getTokenFromCtx) indicates that user authentication is intentionally disabled in 'header' mode (`return ""`). This means that any client able to reach the MCP server in 'header' mode can execute arbitrary PromQL queries against the configured Prometheus instance without any authentication. This is a severe security vulnerability if the server is exposed. Additionally, the `--insecure` flag disables TLS certificate verification, posing a man-in-the-middle risk. The OpenShift deployment (manifests/openshift/02_deployment.yaml) uses `serviceaccount` mode, which has broader permissions (create/update on `prometheuses/api`) than strictly necessary for a read-only metrics tool, though mitigated by in-cluster RBAC.
Updated: 2026-01-19GitHub
33
3
Low Cost
patkub icon
Sec9

An MCP server that provides an LLM with authenticated access to a mold inventory management API, allowing it to retrieve mold data on behalf of a user.

Setup Requirements

  • ⚠️Requires extensive manual Auth0 tenant configuration, including creating applications, defining resource servers, and setting up actions via `auth0-deploy-cli`.
  • ⚠️Specific Auth0 Action secrets (DOMAIN, CLIENT_ID, CLIENT_SECRET) must be configured directly within the Auth0 dashboard for the `MoldInventoryPostUserRegistration` action.
  • ⚠️Requires a Cloudflare KV namespace (`OAUTH_KV`) to be created and its ID configured in `wrangler.jsonc`.
Verified SafeView Analysis
The server implements OAuth 2.0 with PKCE using `oauth4webapi` and `Cloudflare Workers OAuth Provider`, handling authentication and token exchange securely. Sensitive configurations (Auth0 credentials, API base URL) are correctly managed via environment variables and Auth0 Action secrets, avoiding hardcoding. CSRF protection is used for the consent screen, and cookies are handled with `httpOnly` and `secure` flags (conditionally for development). The system relies on a well-configured Auth0 tenant and securely managed environment variables for its security posture. No direct 'eval' or obfuscation found.
Updated: 2025-12-04GitHub
33
2
Medium Cost
DosiBridge icon

agent-tool

by DosiBridge

Sec6

A full-stack AI agent platform offering conversational AI with RAG, multi-LLM support, and extensible tooling via Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires API keys for major LLM providers (e.g., OpenAI, DeepSeek, Google Gemini, Groq, Firecrawl) for full functionality, which may incur costs.
  • ⚠️A PostgreSQL database (version 15+) is required.
  • ⚠️Initial database setup requires running `docker exec -it agent-backend python init_db.py` after the services are up.
  • ⚠️Hardcoded default security keys in `docker-compose.yml` MUST be changed for any production or public-facing deployment.
Review RequiredView Analysis
The `docker-compose.yml` file contains hardcoded default passwords for PostgreSQL (`POSTGRES_PASSWORD: 1234`) and a default JWT secret (`JWT_SECRET_KEY: "your-secret-key-change-in-production-use-strong-random-key"`). While the project explicitly states these should be changed for production and provides a script (`generate_keys.py`) to do so, their presence as defaults is a critical security vulnerability for easy deployment. The system also allows users to configure and connect to external MCP servers, introducing a potential attack surface for SSRF or other network-based attacks if malicious URLs are provided, though `httpx` with timeouts is used for connection testing. The `eval` function is used for mathematical expression evaluation within restricted namespaces, which is a justified and controlled use.
Updated: 2025-12-12GitHub
33
1
Medium Cost
davidwarshawsky icon

mcp-server-jupyter

by davidwarshawsky

Sec9

Transforms Jupyter notebooks into a reliable, stateful, and secure backend API for AI agents, facilitating data analysis, scientific computing, and visualization through controlled execution and inspection.

Setup Requirements

  • ⚠️Requires Python 3.10, 3.11, or 3.12.
  • ⚠️Docker is recommended for sandboxed kernel execution in production environments.
  • ⚠️Python dependencies such as `jupyter_client`, `nbformat`, `ipykernel`, `mcp_sdk`, and `psutil` must be installed in the server's environment.
  • ⚠️A session token (MCP_SESSION_TOKEN) is automatically generated and printed to stderr on server startup for secure client connections; this must be passed by clients.
  • ⚠️For static rendering of Plotly and Bokeh visualizations, `kaleido` and `matplotlib` (Agg backend) respectively should be installed in the kernel environment.
  • ⚠️Disk space for the 'assets' directory is proactively managed, but excessive large outputs can still consume significant storage.
Verified SafeView Analysis
The server implements comprehensive security measures including Pydantic-validated input, robust Docker sandboxing (seccomp, capability dropping, read-only rootfs, network isolation), entropy-based secret redaction, structured audit logging, atomic notebook writes, and backpressure for DoS prevention. It also features UUID-based zombie kernel reaping and explicitly removed insecure checkpointing mechanisms. Token-based authentication (MCP_SESSION_TOKEN generated at runtime) is enforced, and a configurable package allowlist (MCP_PACKAGE_ALLOWLIST) prevents supply chain attacks. Path traversal is strictly prevented for both notebook and asset access. While highly hardened, the 'auto_analyst' prompt example, if executed literally by an agent, might bypass the server's package allowlist by directly using `subprocess.check_call` for `pip install`, though the dedicated `install_package` tool is secure.
Updated: 2026-01-19GitHub
33
2
Medium Cost
hyperpolymath icon

poly-git-mcp

by hyperpolymath

Sec6

Provides Model Context Protocol (MCP) tools for AI assistants to manage Git repositories, issues, pull requests, and CI/CD across GitHub, GitLab, Gitea, and Bitbucket platforms.

Setup Requirements

  • ⚠️Requires Deno runtime (v2.0+) to be installed.
  • ⚠️Requires GitHub CLI (gh), GitLab CLI (glab), and Gitea CLI (tea) to be installed and properly authenticated for their respective functionalities.
  • ⚠️Bitbucket API tools require setting `BITBUCKET_USERNAME` and `BITBUCKET_APP_PASSWORD` environment variables, recommending a dedicated app password with limited scope.
Verified SafeView Analysis
The server executes external CLI commands (gh, glab, tea) and makes API calls (Bitbucket) using Deno's --allow-run and --allow-net permissions. It constructs command arguments by concatenating user-provided inputs, which, while passed as an array (mitigating shell injection in Deno), means the server delegates powerful actions based on client input. The security boundary relies heavily on the user's local Git forge authentication (e.g., GITHUB_TOKEN, GitLab/Gitea CLI logins, Bitbucket app passwords). Users must ensure tokens have minimal necessary scopes, carefully review tool calls from MCP clients, and understand that the MCP client can perform any action allowed by the provided credentials. No hardcoded secrets were found, and the code does not use `eval` or obfuscation.
Updated: 2026-01-19GitHub
33
3
Medium Cost
VladislavAntonyuk icon

AICalendar

by VladislavAntonyuk

Sec8

Provides an AI-powered cross-platform calendar application for intelligent scheduling and event management.

Setup Requirements

  • ⚠️Requires Azure Active Directory (B2C) setup for authentication.
  • ⚠️Requires an AI service API key and endpoint (e.g., Azure OpenAI, OpenAI) for the AI Scheduling Assistant.
  • ⚠️Requires .NET 8 SDK and optionally Azure Developer CLI (azd) for streamlined deployment to Azure.
Verified SafeView Analysis
The client-side `appsettings.json` contains hardcoded Azure AD B2C ClientId and Authority, which is a minor security concern for a public repository, although common for client development defaults. Server-side `appsettings.json` files correctly use empty placeholders for sensitive AI and Azure AD credentials, expecting them to be provided via environment variables or secure configuration during deployment. Local development uses HTTP endpoints, which is acceptable for a dev environment. The project uses Azure Developer CLI (`azd`) which encourages secure cloud deployment practices.
Updated: 2026-01-16GitHub
33
2
Medium Cost
surajfale icon

git-mcp-server

by surajfale

Sec7

Automates conventional Git commits, changelog updates, and optional pushes, primarily for AI assistants to generate commit messages based on code changes.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service) if AI generation is enabled (default).
  • ⚠️Requires Git to be installed and configured (user name, email) on the host machine.
  • ⚠️If cloning remote repositories via SSH, an SSH key must be configured (`GIT_SSH_KEY_PATH` environment variable) or an SSH agent must be running. Host key checking is disabled by default.
Verified SafeView Analysis
The server's Git operations disable SSH host key checking (`StrictHostKeyChecking=no`, `UserKnownHostsFile=/dev/null`), which makes it vulnerable to Man-in-the-Middle (MITM) attacks if the remote Git server is compromised or spoofed. Sensitive credentials like `OPENAI_API_KEY` and Git authentication details are loaded from environment variables, which is a good practice, but still requires secure management by the user. The `RepositoryManager` creates temporary workspaces for cloning remote repositories and performs file system operations (`shutil.rmtree`) within its designated `workspace_dir`.
Updated: 2025-11-23GitHub
PreviousPage 160 of 713Next