Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

33
3
Medium Cost
mugoherick12-boop icon

skillz

by mugoherick12-boop

Sec9

Serves structured 'skills' and their associated resources via the MCP protocol, enabling AI clients (especially non-Claude ones) to interact with and utilize Anthropic-style functionalities.

Setup Requirements

  • ⚠️Requires Python 3.12 or later.
  • ⚠️Skills must be formatted as directories containing a `SKILL.md` file or as `.zip` or `.skill` archive files containing a `SKILL.md` (potentially within a single top-level directory).
  • ⚠️The default skill root directory is `~/.skillz`; skills must be placed here or a custom path specified via command-line arguments.
Verified SafeView Analysis
The server exposes a `fetch_resource` tool that allows clients to retrieve files associated with skills. It includes explicit and robust path traversal checks (`'..' in rel_path_str` and `rel_path_str.startswith('/')`) to prevent unauthorized file access outside of skill directories. Content is correctly handled, either decoded as UTF-8 text or base64-encoded for binary data. No `eval` or code obfuscation patterns were identified. The primary risk would stem from malicious content within the loaded skill files themselves, which the server serves; however, the server's role is primarily to deliver this content securely.
Updated: 2026-01-19GitHub
33
2
High Cost
Aykahshi icon

copilot-mcp-tool

by Aykahshi

Sec5

Integrate GitHub Copilot CLI with Model Context Protocol (MCP) clients to provide AI-powered coding assistance and session management.

Setup Requirements

  • ⚠️Requires an active GitHub Copilot subscription (paid).
  • ⚠️Requires GitHub Copilot CLI to be installed globally and authenticated (`npm install -g @github/copilot` and `copilot /login`).
  • ⚠️Requires Node.js version >= 22.0.0.
Review RequiredView Analysis
The `executeCopilotCommand` function uses `child_process.spawn` with `shell: true`. While the direct arguments passed to the `copilot` command are largely controlled (enums for models, internal session IDs), the use of `shell: true` introduces a potential command injection vulnerability if any unvalidated or malicious user input were to be passed into arguments that are then interpreted by the shell. Although the current implementations appear careful, this flag should ideally be avoided for better security posture when interacting with external executables.
Updated: 2026-01-19GitHub
33
2
High Cost
Rose22 icon
Sec2

An MCP server that empowers an LLM to act as a comprehensive, multi-platform AI assistant capable of managing files, system processes, web browsing, personal organization, and media control on a local device.

Setup Requirements

  • ⚠️Requires Python 3.x and dependencies from an unprovided `requirements.txt`.
  • ⚠️Full functionality depends on OS-specific utilities (e.g., `playerctl`, `nmcli` for Linux, `wmic` for Windows, `osascript` for macOS).
  • ⚠️Default transport is `stdio`, requiring manual uncommenting in `main.py` for `http`, `sse`, or `streamable-http` transports.
Review RequiredView Analysis
This server is designed to provide extensive control over the local system, including file modification, directory management, process control, and network settings. Many critical tools directly utilize `utils.sh_exec`, which executes shell commands without a sandbox or robust input validation against arbitrary command injection. While a `sh_exec_sandbox` function exists, it is explicitly *not* registered as a tool by default, leaving most shell interactions vulnerable. An unconstrained LLM could easily exploit these capabilities to delete files, exfiltrate data, install malicious software (via package managers), or cause system instability. The project's stated goal is to provide deep system control, which inherently comes with high security risks when driven by an AI.
Updated: 2025-11-30GitHub
33
1
Medium Cost
Ahmzyjazzy icon

hireflow

by Ahmzyjazzy

Sec8

Automating new-hire onboarding processes using a multi-agent LLM system to streamline HR, IT, and department-specific tasks.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires Google Gemini API Key (paid service, requires Google account and API key setup)
  • ⚠️Notion API Key is optional but required for Notion integration. Requires Node.js/npm for 'npx' command to run Notion MCP server.
Verified SafeView Analysis
The project uses environment variables for `GOOGLE_API_KEY` and `NOTION_API_KEY`, which is good practice. The custom MCP server (`hireflow_agent.mcp_server.server`) uses mock data, limiting direct database interaction risk within the provided code. The `employee_lookup` tool has a basic domain check but lacks robust authentication, which the README notes would be handled by an external staff portal in a real-life scenario. The Notion MCP server is run via `npx @notionhq/notion-mcp-server`, which, while executing an official package, introduces a dependency on the integrity of that external package and requires Node.js/npm to be present on the system. No direct 'eval' or obvious command injection vulnerabilities were found in the provided Python code.
Updated: 2025-11-27GitHub
33
3
Low Cost
whichguy icon

gas_mcp

by whichguy

Sec7

Manages Google Apps Script (GAS) projects, enabling comprehensive operations like file management, code execution, deployment, authentication, Git integration, and search through a unified interface. It acts as a local intermediary for GAS development workflows.

Setup Requirements

  • ⚠️Requires interactive OAuth 2.0 authentication via a web browser for initial setup (`auth(mode="start")`).
  • ⚠️Full functionality depends on a local Git installation and configuration for source control integration.
  • ⚠️Creates a persistent `.auth` directory in the user's home directory (`~/.auth/mcp-gas/`) for OAuth tokens and lock files, requiring appropriate filesystem permissions.
Verified SafeView Analysis
The server includes an `exec` tool that uses `eval` to execute arbitrary JavaScript on the Google Apps Script runtime. While this is an intentional feature for dynamic code execution and is documented, it grants significant power and introduces a risk if malicious commands are provided by an external agent (e.g., an LLM). OAuth scopes requested are broad, giving extensive control over user's Google account and resources. However, path traversal is actively mitigated, robust authentication (PKCE, auto-refresh, revocation) is implemented, and rate limiting protects against API abuse.
Updated: 2026-01-18GitHub
33
1
Medium Cost
smith-horn icon

skillsmith

by smith-horn

Sec9

Skillsmith is a skill discovery, recommendation, and learning system for Claude Code users, enabling them to find, evaluate, install, and manage AI skills for their projects. It includes tools for code analysis, subagent generation, and registry synchronization.

Setup Requirements

  • ⚠️Requires Docker Desktop for local development to ensure glibc compatibility for native Node.js modules like better-sqlite3 and onnxruntime-node.
  • ⚠️Requires Node.js version >=22.0.0.
  • ⚠️Full functionality depends on a Supabase backend (PostgreSQL, Edge Functions, Auth, Storage) and requires configuration of SUPABASE_URL, SUPABASE_ANON_KEY, and SUPABASE_SERVICE_ROLE_KEY.
  • ⚠️Specific features (e.g., email notifications, Stripe billing, GitHub indexing, Redis rate limiting) require additional API keys and environment variables like RESEND_API_KEY, STRIPE_SECRET_KEY, GITHUB_TOKEN (or GitHub App credentials), UPSTASH_REDIS_REST_URL, and UPSTASH_REDIS_REST_TOKEN.
  • ⚠️The project is licensed under the Elastic License 2.0, which is source-available but not open source, imposing restrictions on offering it as a managed service or circumventing license key enforcement features.
Verified SafeView Analysis
The server demonstrates a strong security posture with comprehensive input validation and sanitization (including protection against SSRF, path traversal, and SQL injection). Secrets are managed via environment variables and Varlock, with pre-push checks for hardcoded secrets. It employs robust rate limiting via Upstash Redis. Critically, it features a dedicated SkillSandbox and SecurityScanner for safe execution and analysis of potentially untrusted skill code, with explicit checks for malicious patterns and data exfiltration. Stripe webhooks are secured with signature verification. The Elastic License 2.0 is a source-available license with commercial-grade restrictions on managed services and license key circumvention.
Updated: 2026-01-19GitHub
33
3
Medium Cost
Gulhidayat icon
Sec4

Facilitate debugging of Node.js applications by exposing Chrome DevTools Protocol capabilities via an MCP server.

Setup Requirements

  • ⚠️Requires a Node.js runtime environment (for both the server and the debugged application).
  • ⚠️The 'start_node_debug' tool requires a valid path to a Node.js script to initiate a debug session.
Review RequiredView Analysis
This server is designed to act as a powerful debugging agent, inherently involving high-privilege operations. The 'evaluate_expression' tool allows arbitrary JavaScript code execution within the debugged Node.js process. The 'start_node_debug' tool allows spawning arbitrary Node.js scripts by path. While these are core features of a debugger, they pose significant security risks if the server receives untrusted input or if the agent interacting with it is compromised, as it can lead to arbitrary code execution on the host system. No hardcoded secrets or obfuscation were found. The server primarily communicates via stdio, but the debugged Node.js process itself may make network calls.
Updated: 2026-01-19GitHub
33
1
Medium Cost
ulasbilgen icon

mcp-skills-plugins

by ulasbilgen

Sec8

Automate Chrome browser tasks for web testing, scraping, performance analysis, and debugging web applications.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0
  • ⚠️Requires Chrome/Chromium browser installed
  • ⚠️mcp2rest must be installed and running
Verified SafeView Analysis
The plugin scripts primarily act as client wrappers for a local 'mcp2rest' server, making HTTP requests to it. The 'evaluate_script' tool allows execution of arbitrary JavaScript within the browser, which is an intended feature for automation but poses a risk if malicious scripts are provided by the user or agent. No direct 'eval' or system calls were found in the client scripts, and the 'mcp2rest' endpoint is local and configurable. Overall security depends on the trusted local environment and the underlying 'chrome-devtools-mcp' server.
Updated: 2025-11-24GitHub
33
2
Low Cost
angrysky56 icon

mcp_coordinator

by angrysky56

Sec4

A meta-MCP server that transforms other MCP servers into importable Python libraries, enabling token-efficient, self-improving AI agent workflows through sandboxed code execution and skill accumulation.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires Docker to be installed and running for the default/recommended execution mode. User must have permissions to run Docker commands.
  • ⚠️Requires an API key for a supported LLM (e.g., OPENROUTER_API_KEY, OPENAI_API_KEY) and a specified model for internal agents, which are often paid services (Ollama local models are free but require separate setup).
Review RequiredView Analysis
Core functionality involves executing arbitrary Python code. While it uses Docker for sandboxing, the `network_mode: host` setting on containers severely compromises network isolation, allowing executed code to access the host's network interfaces directly. The `MCP_ADDITIONAL_MOUNTS` environment variable allows mounting arbitrary host directories, which is a major filesystem risk if not carefully controlled. The agent can dynamically save, load, and execute its own Python skills from the host filesystem. The `bootstrap_environment` skill also allows the agent to build new Docker images.
Updated: 2025-12-15GitHub
33
3
Low Cost
sinagilassi icon

mozichem-hub

by sinagilassi

Sec7

A modular Python toolkit providing standardized APIs for chemical engineering and chemistry computations, enabling seamless integration with AI agents and LLM workflows to deliver reliable, validated results in domain-specific applications.

Setup Requirements

  • ⚠️Requires installation of Python dependencies (e.g., pyThermoDB, pyThermoModels, pyThermoFlash, FastMCP, uvicorn, uv) using pip.
  • ⚠️MCP server configurations for client integration (e.g., Claude Desktop, VS Code) must use absolute file paths for scripts.
  • ⚠️Relies on Python versions 3.8 to 3.12.
Verified SafeView Analysis
The server's core functionality relies on external dependencies like `pyThermoDB` for parsing and executing mathematical expressions (e.g., vapor pressure equations defined as strings). While the direct source code provided for MoziChem-Hub does not show explicit unsafe use of `eval()` or similar functions on arbitrary user input through its APIs, the security of this crucial aspect is delegated to `pyThermoDB`. `yaml.safe_load` is used for reference configuration, which is good practice. No hardcoded secrets or direct shell injection vulnerabilities were identified in the provided truncated source code. Configuration of MCP servers in clients (like Claude Desktop or VS Code) requires absolute paths for script execution, which is a common security consideration for client-side configuration rather than a vulnerability in the server itself.
Updated: 2025-12-14GitHub
33
3
Medium Cost
canyonlabz icon

mcp-perf-suite

by canyonlabz

Sec8

The JMeter MCP Server automates the generation of JMeter test scripts, execution of tests, and aggregation of results, primarily using Playwright-captured network traffic for web and API performance testing.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires JMeter to be installed and its paths configured in `config.yaml`.
  • ⚠️Requires customization of `config.yaml` and `jmeter_config.yaml` for environment and script generation settings.
  • ⚠️Relies on an external Playwright MCP (or similar mechanism) for capturing network traffic data for script generation.
Verified SafeView Analysis
The server uses `subprocess.Popen` for executing JMeter, which is a controlled and necessary operation for its function. It relies on environment variables for sensitive data (API keys, etc.) via `.env` files, which is good practice. Configuration files are loaded using `yaml.safe_load`. A potential, indirect risk lies in the `JSR223 PreProcessor` generation capability within the JMX scripts, which can execute arbitrary Groovy code on the JMeter runner machine. However, this is a feature of JMeter itself and not a direct vulnerability in the MCP server's runtime, assuming the input network traffic data is from a trusted source or properly filtered.
Updated: 2026-01-19GitHub
33
2
Low Cost
nunner322 icon

mcp-arr

by nunner322

Sec9

Manages media content across *arr applications (Sonarr, Radarr, Lidarr, Readarr, Prowlarr) and integrates with TRaSH Guides for configuration best practices.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires at least one *arr media management application (Sonarr, Radarr, Lidarr, Readarr, Prowlarr) to be running and configured.
  • ⚠️Requires *arr URLs and API Keys to be provided as environment variables for each configured service.
Verified SafeView Analysis
The server correctly uses environment variables for API keys, which are marked as secrets in the MCP configuration. Network requests are made to user-defined *arr instances and to the official TRaSH Guides GitHub repository for configuration data. There are no obvious signs of 'eval' usage, code obfuscation, or other critical malicious patterns. Reliance on external JSON from a public GitHub repository is a minor point, but generally acceptable for configuration data.
Updated: 2026-01-19GitHub
PreviousPage 163 of 713Next