Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
2
Low Cost
WebMCP-org icon

mcp-ui-webmcp

by WebMCP-org

Sec9

Facilitates bidirectional AI interaction with embedded web applications, enabling dynamic tool registration and rich UI display within AI assistants.

Setup Requirements

  • ⚠️Requires Node.js 24.3.0+ and pnpm 10.14.0+.
  • ⚠️Deployment requires a Cloudflare account.
  • ⚠️The chat-ui (which acts as the AI client) requires an external AI provider API key (e.g., Anthropic, potentially paid).
  • ⚠️E2E tests must be run locally before PR submission, as they don't run in CI due to network restrictions.
Verified SafeView Analysis
Development configurations (CORS: '*', allowedOrigins: ['*']) are explicitly identified as needing to be tightened for production in `ARCHITECTURE.md` and `README.md`. No hardcoded secrets were found in the provided code; sensitive information is expected to be managed via Cloudflare secrets or gitignored `.vars.local` files. The `remoteDom` UI resource type allows execution of JavaScript provided by the server within the client iframe, which is a powerful feature requiring careful server-side control over content. `rawHtml` is mentioned as 'sandboxed for security', implying sanitization handled by the underlying MCP UI client library.
Updated: 2025-11-23GitHub
33
1
Medium Cost
lennyzeltser icon
Sec9

Turn a static website into an AI-accessible knowledge base for search and content retrieval via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a Cloudflare account and manual creation of an R2 bucket.
  • ⚠️A separate build-time adapter (e.g., for Hugo, Astro, or generic Markdown) is required to generate the `search-index.json` file.
  • ⚠️The generated `search-index.json` must be manually uploaded to the Cloudflare R2 bucket after each content update.
Verified SafeView Analysis
The server is explicitly designed for public content only and implements no authentication, making all indexed content publicly accessible via MCP tools. The R2 bucket is private but its contents are served directly. No 'eval', obfuscation, hardcoded secrets, or obvious malicious patterns were found in the server's source code. Security depends on appropriate use (i.e., not for private/sensitive content).
Updated: 2026-01-19GitHub
33
3
High Cost
yigitkonur icon
Sec8

Augments AI coding assistants with advanced research capabilities including batch web search, Reddit analysis, intelligent web scraping, and AI-powered deep research and synthesis.

Setup Requirements

  • ⚠️Requires multiple external API keys (Serper, Scrape.do, OpenRouter, Reddit) which may have free tiers but can incur costs with heavy usage, especially OpenRouter (pay-as-you-go) and Scrape.do (credits).
  • ⚠️Setting up Reddit API credentials (Client ID and Secret) requires creating a 'script' type app on Reddit's platform.
  • ⚠️Requires Node.js version 20.0.0 or higher.
Verified SafeView Analysis
The server uses standard environment variables for all API keys, preventing hardcoded secrets. It communicates via standard I/O (`StdioServerTransport`), which significantly limits the external attack surface compared to a network-exposed server. The `deep_research` tool's file attachment feature allows reading local files based on user-provided absolute paths. While this is a core functionality for a coding agent to provide context (e.g., code snippets for debugging), it presents a potential risk if the calling LLM or user provides malicious paths, potentially exposing local file content. However, the server's implementation processes these files for informational context (e.g., in a code block), not execution, and includes `existsSync` checks. No `eval` or obvious obfuscation was found. Overall, the server appears reasonably secure for its intended use within an LLM agent context.
Updated: 2026-01-18GitHub
33
3
Low Cost
ezhuk icon

bacnet-mcp

by ezhuk

Sec7

A Model Context Protocol (MCP) server that enables LLM agents to monitor and control BACnet-compatible Building Automation and Industrial Control Systems.

Setup Requirements

  • ⚠️Requires Python 3.13 or newer.
  • ⚠️Requires an OpenAI API Key (paid) if using the provided LLM agent examples.
  • ⚠️Requires access to a functional BACnet device or emulator for practical use.
Verified SafeView Analysis
The server's core functionality involves reading from and writing to physical BACnet devices. While the code itself does not contain obvious vulnerabilities like 'eval' or hardcoded secrets, and offers an optional AuthKit provider for authentication, deploying this server without proper network segmentation, robust authentication/authorization, and LLM agent guardrails could lead to significant physical security and operational risks. Unauthorized access or uncontrolled LLM actions could result in unintended changes to building systems.
Updated: 2026-01-17GitHub
33
2
Medium Cost
hyperpolymath icon

poly-cloud-mcp

by hyperpolymath

Sec7

Provides a unified Model Context Protocol (MCP) server for managing cloud resources across AWS, Google Cloud, Azure, and DigitalOcean, primarily enabling AI assistants to interact with these providers via their CLI tools.

Setup Requirements

  • ⚠️Requires Deno Runtime (v2.0+)
  • ⚠️Requires installation and configuration of AWS CLI, gcloud CLI, Azure CLI, and/or DigitalOcean CLI for respective provider tools to function.
  • ⚠️Needs explicit `--allow-run` permission for Deno, enabling external command execution.
Verified SafeView Analysis
This MCP server explicitly requires Deno's `--allow-run` permission to execute external cloud CLI commands (aws, gcloud, az, doctl). This grants the server (and any client controlling it) the ability to run arbitrary commands on the host system. The security boundary is therefore the host's configured cloud CLI credentials. The project transparently warns about this and recommends using minimal IAM permissions, separate credentials, avoiding admin access, and reviewing tool calls. No direct hardcoded secrets or 'eval' are observed in the provided code, but the inherent nature of wrapping powerful CLIs with `--allow-run` demands extreme caution.
Updated: 2026-01-17GitHub
33
1
Low Cost
trek-boldly-go icon

actual-budget-mcp-server

by trek-boldly-go

Sec8

A Model Context Protocol (MCP) HTTP server that exposes Actual Budget API functionality as streamable tools and resources for AI agents.

Setup Requirements

  • ⚠️Requires Actual Budget credentials: ACTUAL_SERVER_URL, ACTUAL_PASSWORD, ACTUAL_SYNC_ID are mandatory for connecting to an Actual Budget instance.
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Authentication (MCP_AUTH_MODE) defaults to 'bearer' (requiring MCP_BEARER_TOKEN) or can be configured for 'oauth' (requiring multiple MCP_OAUTH_*-prefixed environment variables) or 'none' (insecure for production).
Verified SafeView Analysis
The server correctly uses environment variables for sensitive credentials (e.g., Actual API details, OAuth client secrets, bearer tokens). OAuth token introspection is implemented using standard methods. A `MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL` flag exists to permit HTTP OAuth issuers, but it's explicitly marked for dev-only use and logs a warning. The primary security risks stem from misconfiguration (e.g., weak bearer tokens, disabling authentication, or using insecure OAuth settings in production) rather than inherent vulnerabilities in the provided source code. No 'eval' or obfuscation found. External dependencies (Actual server, Keycloak) security is critical but outside this scope.
Updated: 2025-12-14GitHub
33
3
High Cost
jpmorgan-payments icon

pdp-mcp

by jpmorgan-payments

Sec9

Provides an AI agent with tools to search, read, and find related documentation for JPMorgan Chase Payments Developer Portal APIs.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Requires `uv` or `pip` for package management, and `git` for cloning.
  • ⚠️May require `HTTP_PROXY` or `HTTPS_PROXY` environment variables to be configured if operating behind a corporate network proxy.
Verified SafeView Analysis
The MCP server codebase (Python files) generally follows good security practices: URL validation is enforced for `read_documentation` and `related` tools to prevent Server-Side Request Forgery (SSRF) by ensuring URLs are from the expected JPMC domain. `httpx` is used for network requests, and environment variables are used for proxy configuration. HTML parsing utilizes `BeautifulSoup`, which is robust against malformed HTML. No direct use of `eval`, `os.system`, or `subprocess.run(shell=True)` was found in the server's Python code. No hardcoded secrets were identified. The `metrics/merge.sh` script, while present in the repository, is located in a separate `metrics` directory and is not part of the core MCP server's runtime logic, hence its file handling operations are not assessed as a security risk for the server itself.
Updated: 2026-01-19GitHub
33
3
Medium Cost
cloudy-sfu icon
Sec5

Collects data (posts, search results, post details) from the Xiaohongshu social media platform.

Setup Requirements

  • ⚠️Requires a Xiaohongshu account and manual cookie extraction using a browser extension (J2TEAM Cookies or alternative).
  • ⚠️Requires Python 3.13.
  • ⚠️Requires Cherry Studio ≥ 1.7.8 running on Windows ≥ 10.
Verified SafeView Analysis
The server requires the user to manually extract and provide their Xiaohongshu login cookies, which contain sensitive session and authentication data. These cookies are stored locally in `raw/cookies.csv`. If the system running this MCP server is compromised, the user's Xiaohongshu account session could be exposed and misused. While the code itself does not contain explicit 'eval' or malicious patterns, the reliance on storing user session cookies locally represents a significant security risk to the user's account if the local environment is not adequately secured.
Updated: 2026-01-17GitHub
33
2
High Cost
tobs-code icon

a-mem-mcp-server

by tobs-code

Sec8

An agentic memory system for LLM agents that stores, links, evolves, and retrieves information based on the Zettelkasten principle, enhanced with autonomous maintenance enzymes and deep web research capabilities.

Setup Requirements

  • ⚠️Requires either a local Ollama server running with 'qwen3:4b' and 'nomic-embed-text:latest' models, or an OpenRouter API key (paid service).
  • ⚠️The Researcher Agent (if enabled) may require additional setup: Google Search API Key and Search Engine ID, a local Docker-based Jina Reader instance, or an Unstructured PDF extraction API endpoint (or local library with heavy dependencies).
  • ⚠️The 'falkordb' graph backend, especially on Windows, requires an external Redis server running with the FalkorDB module and additional Python package installations.
Verified SafeView Analysis
The system externalizes API keys and configurations via .env files. It implements input validation for MCP tool parameters, reducing common injection risks. The optional HTTP server for graph visualization is read-only. External network calls (Ollama, OpenRouter, Google Search, Jina Reader, Unstructured) are handled using the 'requests' library, relying on standard API security. However, the Researcher Agent's web content fetching and processing of external data sources introduces potential attack surfaces (e.g., if URLs are not perfectly sanitized before fetching, or if fetched content could lead to processing vulnerabilities, though current implementations use robust libraries like Jina Reader and Unstructured). Local file I/O for data storage (graph, chroma, events) requires the host system to have appropriate file permissions.
Updated: 2026-01-10GitHub
33
3
Medium Cost
hu-qi icon

starReport

by hu-qi

Sec9

starReport is a Node.js tool for automatically generating and managing GitHub repository activity reports (stars, commits, issues), supporting MCP protocol, integrating large model AI analysis, and pushing reports to Feishu groups.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (`GITHUB_TOKEN`) with appropriate repository read permissions.
  • ⚠️Requires a Feishu group bot Webhook URL (`FEISHU_WEBHOOK`) for notifications.
  • ⚠️Requires an API Key (`API_KEY` or `OPENAI_API_KEY`) for a compatible Large Language Model (e.g., OpenAI, Zhipu AI), which may incur usage costs.
  • ⚠️The list of GitHub repositories to monitor (`REPORT_REPOS`) must be explicitly configured.
Verified SafeView Analysis
The server loads sensitive credentials (GitHub Token, Feishu Webhook, AI API Key) from environment variables, which is a good practice. Data is stored locally in a configurable `DATA_FILE`, with a fallback to `/tmp` if the primary path is read-only; ensure `DATA_FILE` points to a secure, writable location to prevent data loss and unauthorized access. User input from Feishu webhooks is passed to the LLM for analysis; while structured prompts aim to mitigate risks, the security relies on the robustness of the integrated LLM against potential prompt injection scenarios. No 'eval' or obvious obfuscation found.
Updated: 2026-01-19GitHub
33
1
Medium Cost
julienkalamon icon

ign-apicarto-mcp-server

by julienkalamon

Sec9

This server provides access to French geographical data from the IGN API Carto, enabling natural language queries for cadastral, agricultural, environmental, urban planning, and administrative information through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 16+ and npm to be installed.
  • ⚠️An IGN API Key (free to obtain) is required for the 'ign_get_aoc_viticoles' tool and is recommended for full functionality, to be set in a '.env.local' file or as an environment variable.
  • ⚠️Client configuration (e.g., Claude Desktop) typically requires the absolute path to the 'dist/index.js' file.
Verified SafeView Analysis
The server uses Zod for input validation, which helps prevent malformed inputs and potential injection. It interacts with external IGN APIs via standard HTTP requests and does not use 'eval' or other direct code execution methods. The IGN_API_KEY is handled as an environment variable or parameter and is not hardcoded. Responses are truncated by a character limit, mitigating large data exfiltration or resource exhaustion through the proxy itself. Security largely relies on the underlying IGN API's robustness.
Updated: 2025-12-02GitHub
33
3
Low Cost
konflux-ci icon

konflux-devlake-mcp

by konflux-ci

Sec9

The Konflux DevLake MCP Server provides a natural language interface for AI assistants to query Konflux DevLake databases, enabling intuitive data analysis and reporting without needing to write SQL.

Setup Requirements

  • ⚠️Requires an existing MySQL database instance (DevLake compatible schema expected)
  • ⚠️Requires Python 3.11+
  • ⚠️An external LLM (e.g., Gemini, OpenAI) API Key is needed for natural language querying functionality (though not for the server itself to run).
Verified SafeView Analysis
The server demonstrates a strong focus on security, particularly against SQL injection, with multiple layers of validation (regex, keyword blacklisting, balanced parentheses check, SELECT-only policy) and explicit warnings for the `execute_query` tool. Sensitive data masking is implemented. Hardcoded secrets are present only in development/test `docker-compose.yml` and are explicitly excluded from Kubernetes deployment via secrets. Connection timeouts are also configured for robustness. The use of a 'raw SQL query tool', even with extensive safeguards, is an inherent risk that requires careful AI orchestration.
Updated: 2026-01-18GitHub
PreviousPage 161 of 713Next