Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
2
Low Cost
AerionDyseti icon

vector-memory-mcp

by AerionDyseti

Sec8

Provides semantic memory storage for AI assistants to recall past information across sessions.

Setup Requirements

  • ⚠️Requires Bun 1.0+ runtime for execution.
  • ⚠️Downloads ~90MB of ML models (e.g., Xenova/all-MiniLM-L6-v2) on first install or warmup, which may take time.
  • ⚠️Native dependencies (`onnxruntime-node`, `sharp`) might encounter installation issues on specific platforms/environments.
Verified SafeView Analysis
The server runs locally by default (127.0.0.1:3271) and does not rely on external APIs for embeddings, enhancing privacy. No 'eval' or obvious malicious patterns were found. Hardcoded credentials are absent. The primary security considerations involve potential manipulation of the `VECTOR_MEMORY_DB_PATH` or `VECTOR_MEMORY_URL` environment variables if an attacker already has local access to the execution environment, which could lead to arbitrary file writes or unintended network requests. CORS is enabled for local development, which should be considered if the server is configured to listen on public interfaces (not default). Dependencies are well-known, and native modules are explicitly handled.
Updated: 2026-01-15GitHub
32
2
Medium Cost
uddhav icon
Sec9

A Cloudflare Workers-based MCP server providing 28 advanced lateral thinking techniques, AI-powered idea enhancement, and deep path-dependent analysis for creative problem-solving.

Setup Requirements

  • ⚠️Requires a Cloudflare account and the Wrangler CLI for deployment.
  • ⚠️Manual setup of Cloudflare KV namespaces ('sessions', 'oauth') and subsequent update of 'wrangler.toml' with their IDs is required.
  • ⚠️Mandatory Cloudflare secrets for production: AUTH_USERNAME, AUTH_API_KEY, OAUTH_CLIENT_SECRET, and DEBUG_TOKEN.
  • ⚠️Requires Node.js 18+ to run locally or for deployment preparation.
Verified SafeView Analysis
Authentication is robust, supporting OAuth 2.0 and API keys. Deployment on Cloudflare Workers provides inherent isolation. The system implements rate limiting, input validation, and security middleware. Explicit warnings against hardcoding production secrets are present in the README. No instances of 'eval' or obvious malicious patterns were detected in the provided source code.
Updated: 2025-12-06GitHub
32
2
High Cost
stefanogebara icon

restaurant-ai-mcp

by stefanogebara

Sec4

AI-powered restaurant management platform for no-show prevention, reservation handling, and operational analytics.

Setup Requirements

  • ⚠️Requires manual creation and configuration of several Airtable tables (Service Records, Subscriptions, ML fields).
  • ⚠️Requires API keys and configuration for multiple third-party services: Airtable, Supabase, Stripe, Twilio, ElevenLabs, and potentially Google Cloud (Vertex AI/Gemini) or Cartesia.
  • ⚠️The ML prediction system has critical field name mismatches between setup scripts and production code, requiring manual correction in Airtable.
  • ⚠️ElevenLabs AI Agent setup requires a specific Agent ID and relies on custom tool definitions.
  • ⚠️Production deployment is noted as lacking API authentication and rate limiting, making it insecure without further implementation.
  • ⚠️Python environment and XGBoost model files are required for ML prediction service.
Review RequiredView Analysis
The system utilizes extensive environment variables for API keys (Airtable, Stripe, Twilio, ElevenLabs, Supabase), relying heavily on secure environment setup. Production-readiness notes explicitly highlight missing authentication (JWT/session-based) and rate limiting on API endpoints, making it vulnerable if deployed without these critical additions. `subprocess.spawn` is used for external Python ML scripts and internal testing, which can be a risk if inputs are not strictly validated. Extensive reliance on third-party APIs (Stripe, Twilio, ElevenLabs, Vercel) introduces external attack surfaces. Input validation and CORS handling are present, but the lack of a default authentication layer is a significant concern.
Updated: 2026-01-19GitHub
32
2
Medium Cost
mostlyharmless-ai icon

watercooler-cloud

by mostlyharmless-ai

Sec7

Facilitates asynchronous collaboration and knowledge management for AI agents by managing markdown-based discussion threads and syncing them via Git, with advanced features for branch parity and knowledge graph generation.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Heavy reliance on Git with specific environment configuration (SSH keys or GitHub tokens for remote repos). Automated provisioning for missing remote repos uses `subprocess.run(shell=True)` which requires careful configuration of `WATERCOOLER_THREADS_CREATE_CMD` by the deployer.
  • ⚠️Memory graph features require an external LeanRAG repository (`LEANRAG_DIR` env var) and can optionally utilize `llama-cpp-python` and `huggingface_hub` for local LLM inference, requiring separate server processes.
Verified SafeView Analysis
The `provisioning.py` module uses `subprocess.run(command, shell=True)` for `WATERCOOLER_THREADS_CREATE_CMD`. This is an opt-in feature where `command` is formatted from an environment variable. If `WATERCOOLER_THREADS_CREATE_CMD` is not securely configured by the deployer, it can lead to command injection. Other Git operations primarily use GitPython or direct `subprocess` calls with specific environment settings (`GIT_ASKPASS`, `GIT_SSH_COMMAND`) that attempt to mitigate interactive prompts and potential credential exposure, and `shlex.quote` is used where appropriate. Sensitive information is redacted from logs by `_redact_sensitive` function. Overall, careful environment configuration is crucial for security.
Updated: 2025-12-14GitHub
32
2
Medium Cost
micronaut-projects icon

micronaut-fun

by micronaut-projects

Sec8

Provides a search engine for Micronaut documentation and guides, exposing this functionality and other resources via an MCP server for AI agents.

Setup Requirements

  • ⚠️Requires Docker to run an OpenSearch instance for full functionality.
  • ⚠️Requires manual modification of `src/main/resources/application-dev.properties` to enable OpenSearch in local development by removing `micronaut.opensearch.enabled=false`.
Verified SafeView Analysis
The application makes HTTP requests to external documentation sources, which introduces typical risks of external dependencies. The local development OpenSearch setup (via Docker instructions in README) uses a dummy password and disables security, which is unsafe for production but explicitly for local use. The `RequestLoggingFilter` logs authorization headers at TRACE level for POST requests, which is a potential information disclosure risk if trace logging is enabled in a production environment with sensitive data.
Updated: 2026-01-17GitHub
32
3
Low Cost
mcncl icon
Sec9

Integrate Buildkite CI/CD with the Zed editor for viewing and interacting with pipelines, builds, jobs, and artifacts.

Setup Requirements

  • ⚠️Requires a Buildkite API Token configured in Zed's settings.
Verified SafeView Analysis
The server securely downloads its binary from the 'buildkite/buildkite-mcp-server' GitHub release, ensuring platform-specific binaries are used. The Buildkite API token is passed to the server via an environment variable, preventing it from appearing in process arguments. No 'eval' or direct shell injection vulnerabilities were identified. The primary security consideration relies on the integrity of the downloaded binary from the specified GitHub repository.
Updated: 2025-11-22GitHub
32
2
Medium Cost
Attanon icon

freelo-mcp

by Attanon

Sec9

Provides an MCP server to enable AI agents to interact with the Freelo.io project management API for tasks and file downloads.

Setup Requirements

  • ⚠️Requires a Freelo.io account with API access and a valid API key (FREELO_EMAIL, FREELO_API_KEY environment variables).
  • ⚠️Requires Node.js (version >=18.0.0 based on package.json) and npm for setup (`npm install`, `npm run build`).
  • ⚠️Only `freelo_get_task` and `freelo_download_file` tools are enabled by default in the current source code, despite the README listing many more 'Available Tools'. Users expecting full functionality will need to uncomment additional tools in `src/tools/*.ts` and `src/index.ts`.
Verified SafeView Analysis
The server uses environment variables for sensitive API keys (FREELO_EMAIL, FREELO_API_KEY), preventing hardcoding. Input validation is rigorously enforced using Zod schemas for all tool arguments, significantly mitigating injection risks. Rate limiting is implemented to prevent API abuse. File downloads are directed to the system's temporary directory, reducing path traversal vulnerabilities. No 'eval' or other directly dangerous patterns were found. The use of Axios for HTTP requests is standard and secure.
Updated: 2025-12-11GitHub
32
4
Medium Cost
popstas icon
Sec3

The server integrates with Planfix CRM via the Model Context Protocol (MCP) to manage leads, contacts, tasks, and reports, exposing these functionalities as tools for client applications like AI agents.

Setup Requirements

  • ⚠️Requires a Planfix account and API token to be configured (e.g., `PLANFIX_ACCOUNT`, `PLANFIX_TOKEN`).
  • ⚠️Requires specific Planfix custom field IDs to be set as environment variables or in `config.yml` for tools to function correctly (e.g., `PLANFIX_FIELD_ID_EMAIL`, `PLANFIX_FIELD_ID_CLIENT`).
  • ⚠️Relies on a Node.js runtime environment and the `better-sqlite3` dependency might require native build tools on some systems.
Review RequiredView Analysis
The `zapier-amocrm-webhook-lead.js` script (part of the provided source code, intended for Zapier integration) contains a critical Server-Side Request Forgery (SSRF) vulnerability. It constructs an amoCRM `baseUrl` directly from the incoming webhook body (`body["account[_links][self]"]`) and uses it for subsequent API calls. If an attacker can control or forge the incoming webhook, they can force the server to make requests to arbitrary internal or external network resources. Additionally, the `planfix_request` tool exposes raw Planfix API access, meaning any trusted MCP client with access to this tool can make arbitrary API calls to the configured Planfix account.
Updated: 2026-01-08GitHub
32
66
Medium Cost
acryldata icon

mcp-server-datahub

by acryldata

Sec8

Enables AI agents to interact with DataHub for comprehensive data discovery, governance, lineage exploration, and SQL query generation across an organization's data ecosystem.

Setup Requirements

  • ⚠️Requires 'uv' package manager to be installed.
  • ⚠️Requires a live DataHub instance with proper authentication (DATAHUB_GMS_URL and DATAHUB_GMS_TOKEN environment variables).
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server demonstrates good security practices by explicitly using bounded regular expressions to prevent ReDoS attacks during HTML/Markdown sanitization. It relies on DataHub's GraphQL API, which is generally more structured and less prone to arbitrary code injection than raw SQL, with input query syntax (`/q`) and filters being processed and compiled. Authentication is managed through environment variables or a configuration file, avoiding hardcoded secrets. Telemetry gathers tool call metadata but does not appear to transmit sensitive data content.
Updated: 2025-12-26GitHub
32
1
Low Cost
marcusquinn icon

quickfile-mcp

by marcusquinn

Sec8

This MCP server integrates AI assistants with QuickFile UK accounting software, providing full access to invoicing, client management, purchases, banking, and financial reporting.

Setup Requirements

  • ⚠️Requires QuickFile API credentials (Account Number, API Key, Application ID) which must be obtained from the QuickFile UK portal.
  • ⚠️Requires Node.js version 18 or higher to run.
  • ⚠️Integration with OpenCode requires manual configuration in `~/.config/opencode/opencode.json`, or the `jq` utility for automated setup script execution.
Verified SafeView Analysis
The server uses MD5 hashing for QuickFile API authentication, which is cryptographically weak, but this is explicitly noted as a requirement of the external QuickFile API and not an internal design choice. The API key itself is never directly transmitted. Credentials are stored in `~/.config/.quickfile-mcp/credentials.json` with strict `chmod 600` permissions (owner read/write only) enforced by the setup script, which is good practice. Sensitive authentication data is redacted in debug logs if `QUICKFILE_DEBUG` is enabled. The project also utilizes `secretlint` in its pre-commit hooks to prevent accidental secret exposure, demonstrating a proactive security posture. Overall, the internal security practices are robust given the constraints of the external API.
Updated: 2025-12-12GitHub
32
1
High Cost
hydro13 icon

kanbu

by hydro13

Sec8

A self-hosted project management system with enterprise-grade ACL, real-time collaboration, and an AI agent (Claude Code) capable of planning, implementing, and tracking development tasks directly within the platform, complemented by a knowledge graph and bidirectional GitHub synchronization.

Setup Requirements

  • ⚠️Requires Docker Compose for PostgreSQL and Redis (with FalkorDB Graph module).
  • ⚠️Requires an OpenAI API Key (or compatible service like Ollama/LM Studio) for AI features, incurring potential costs or local setup complexity.
  • ⚠️Requires Node.js 22+ and pnpm 9+ for the main application, and Python for the Graphiti service.
Verified SafeView Analysis
Input validation is extensively used via Zod (TypeScript) and Pydantic (Python) for API endpoints and MCP tools, reducing common injection risks. Secrets are primarily managed through environment variables. The `mcp-server` uses authenticated calls to the main Kanbu API. A default `JWT_SECRET` is provided, which must be changed in production. The `Graphiti` service's CORS is set to `*` during development, which should be restricted for production deployments. Client-side tools (`git-hooks`, `cli`) use `execSync`, which is acceptable as they are user-invoked and not exposed server-side.
Updated: 2026-01-19GitHub
32
1
Low Cost
azerzeki icon

mcp-reticle

by azerzeki

Sec9

Reticle intercepts, visualizes, and profiles JSON-RPC traffic between LLM clients and Model Context Protocol (MCP) servers in real-time for debugging and observability.

Setup Requirements

  • ⚠️Full source build requires Rust toolchain (version 1.70+), Node.js (for frontend build), and 'just' command runner.
  • ⚠️Running example MCP servers or many real-world MCP servers requires Python 3.8+ or Node.js to be installed on the system.
  • ⚠️CLI-GUI integration via Unix sockets is not supported on Windows (a stub implementation is used instead).
Verified SafeView Analysis
The application implements strong security measures for a local debugging tool. It binds HTTP proxies to localhost (127.0.0.1) only, preventing external network access. It enforces a configurable command allowlist ('npx', 'node', 'python', 'deno', 'bun', etc.) for executed MCP server processes, mitigating arbitrary command execution risks. CORS is restricted to localhost origins. Session IDs are cryptographically secure. Minor points are deducted for current usage of `eprintln!` which the project's own `SECURITY.md` notes as a future improvement for structured logging, though this is not a critical vulnerability for a local debugging tool. The `avg_tokens_per_call` is 0 because Reticle itself is a debugger/profiler, not an agent that makes LLM calls; it *estimates* token usage of other services.
Updated: 2026-01-19GitHub
PreviousPage 167 of 713Next