Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
2
High Cost
gautamgc17 icon

Agentic-AI-Projects

by gautamgc17

Sec7

Exposes a CrewAI-based Sports RAG Agent to IBM Agent Connect Framework, enabling it to answer sports questions using a vector database (Milvus) and web search (Tavily), with support for streaming and conversation memory.

Setup Requirements

  • ⚠️Requires IBM WatsonX account and API Key (paid service)
  • ⚠️Requires Tavily API Key (potentially paid service)
  • ⚠️Docker required for running Milvus vector database
  • ⚠️Must run 'setup-milvus.ipynb' to load initial sports data
Verified SafeView Analysis
The server uses `verify=False` for `ibm_watsonx_ai.Credentials`, disabling SSL certificate verification, which is a security risk for production environments. Broad CORS is enabled (`allow_origins=["*"]`), which might expose clients to XSS vulnerabilities if not carefully managed in production. No hardcoded secrets or obvious malicious patterns were found; sensitive keys are read from environment variables.
Updated: 2025-11-27GitHub
32
2
High Cost
doublemover icon

PairOfCleats

by doublemover

Sec6

Codebase analysis and intelligence server, providing indexing, search, risk analysis, and vulnerability triage capabilities.

Setup Requirements

  • ⚠️Requires Python 3.x executable on PATH for Python AST parsing and Pyright LSP.
  • ⚠️Requires native build tools (e.g., C++ compiler, Node-Gyp) for various dependencies like `onnxruntime-node`, `hnswlib-node`, and `better-sqlite3`.
  • ⚠️Requires external LSP servers/tools (e.g., `clangd`, `pyright`, `semgrep`, `ast-grep`, `comby`) to be installed and available on PATH for advanced analysis features.
Review RequiredView Analysis
The server has network-exposed APIs (HTTP/MCP) and extensively uses child_process.spawn to interact with external tools and system commands. While there are explicit configuration options for CORS, authentication tokens (PAIROFCLEATS_API_TOKEN), and repository access restrictions, critical security vulnerabilities have been identified in the roadmap, specifically 'risk rules regex compilation is currently mis-wired' and 'risk analysis can crash indexing on long lines'. Although these are actively being addressed (Phase 23 P0 items), the presence of such P0 issues is a concern. The use of ReDoS-safe regex engines (re2/re2js) is a strong positive. Direct execution of user-supplied commands should be carefully audited.
Updated: 2026-01-18GitHub
32
2
Low Cost
semilattice-research icon

mcp

by semilattice-research

Sec10

Semilattice allows LLM agents to predict how specific audiences will answer questions, enabling content testing, personalization, and A/B testing decisions.

Setup Requirements

  • ⚠️Requires a paid subscription for most listed client platforms (e.g., ChatGPT, Claude, Cursor).
  • ⚠️Requires OAuth authentication via a Google email for setup across all supported clients.
  • ⚠️Manual, client-specific configuration steps are necessary for integration with each platform (e.g., ChatGPT, Claude, VS Code).
Verified SafeView Analysis
The provided source code consists solely of a README and a configuration file (`server.json`) describing how to connect to a remote MCP server. These files themselves contain no executable code, 'eval' statements, obfuscation, network risks, or hardcoded secrets, making them inherently safe to analyze and use for client-side configuration. The actual server logic and its security aspects are hosted remotely at 'https://mcp.semilattice.ai' and are not included in the provided source for audit. Connection to any remote service, including this one, requires trusting the remote provider.
Updated: 2025-11-19GitHub
32
2
Low Cost
jermeyyy icon

mcp-explorer

by jermeyyy

Sec6

A powerful TUI application for discovering, exploring, and proxying local Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️Relies on existing MCP server configurations (e.g., Claude Code, GitHub Copilot IntelliJ, or custom `mcp.json` files) to discover servers.
  • ⚠️Local MCP servers must be running (for HTTP/SSE types) or correctly configured to be launched (for STDIO types).
Verified SafeView Analysis
The application is designed to execute commands and connect to URLs specified in user-provided configuration files (e.g., `mcp.json`). If these configuration files are untrusted or compromised, the application will execute arbitrary commands (`stdio` server type) or connect to malicious network services. The `StdioTransport` directly uses `subprocess.Popen` with commands and arguments from config. There are no obvious code injection vulnerabilities from typical user input within the TUI (e.g., parameter values for tools). Users must ensure the integrity and trustworthiness of all MCP configuration files.
Updated: 2025-11-29GitHub
32
2
High Cost
amienbou121 icon

crawl4ai-mcp-server

by amienbou121

Sec9

A lightweight server providing web scraping and crawling tools, designed for integration with AI frameworks like OpenAI Agents SDK, Cursor, and Claude Code.

Setup Requirements

  • ⚠️Docker is highly recommended for easy setup, otherwise manual Python 3.11+ environment configuration is required.
  • ⚠️Requires Playwright browsers to be installed (e.g., `python -m playwright install chromium`) within the environment where it runs.
  • ⚠️Potential high token cost if scrape/crawl tools return full page content (when `output_dir` is not specified), especially for multi-page crawls.
Verified SafeView Analysis
The server explicitly implements safety measures in `crawler_agent/safety.py` to block non-public HTTP(S) URLs, including localhost, private IPs, and certain internal domains. It also mentions respecting `robots.txt` and enforcing domain policies. No direct 'eval' or obvious malicious patterns were found. The use of external web requests always carries inherent risk, but the codebase shows a good effort in mitigating common network-related vulnerabilities.
Updated: 2026-01-19GitHub
32
2
Medium Cost
likifyu icon

mcp-servers

by likifyu

Sec5

A collection of 18 backend servers designed for various functionalities including data storage, network requests, automation, and file processing.

Setup Requirements

  • ⚠️Requires specific runtime environments (e.g., Node.js, Python, Java) for each server as per their implementation, which is not specified.
  • ⚠️Likely requires database setup and configuration for data storage features, dependent on individual server designs.
Review RequiredView Analysis
CRITICAL: No actual source code was provided for analysis, only the README.md content. Therefore, a thorough security audit for 'eval', obfuscation, hardcoded secrets, or malicious patterns could not be performed. The score is a neutral placeholder indicating unverified status.
Updated: 2025-12-03GitHub
32
2
Low Cost
pedrohenrique316 icon

Cursor-history-MCP

by pedrohenrique316

Sec8

This server allows users to search their local Cursor IDE chat history using semantic search powered by Ollama embeddings and LanceDB.

Setup Requirements

  • ⚠️Requires Docker to be installed and running for server deployment.
  • ⚠️Requires Ollama to be installed and running locally (or accessible via the configured OLLAMA_HOST) with the 'nomic-embed-text:latest' model downloaded.
  • ⚠️Requires existing Cursor IDE chat history data (stored in 'state.vscdb' files within the user's 'workspaceStorage' directory).
Verified SafeView Analysis
The server uses FastAPI's CORSMiddleware with `allow_origins=["*"]`, which allows requests from any origin. While common for local/development environments, this is a security risk if the application were exposed publicly without further restrictions. The application primarily processes user's local data and user-provided search queries via Ollama embeddings, which is generally safe from code execution vulnerabilities. No usage of `eval`, `exec`, or other obvious malicious patterns or hardcoded secrets were found.
Updated: 2026-01-19GitHub
32
2
High Cost
mhaibaraai icon

movk-nuxt-docs

by mhaibaraai

Sec8

Provides a modern Nuxt 4 documentation theme with integrated AI chat assistant, Model Context Protocol (MCP) server support, and automated documentation generation.

Setup Requirements

  • ⚠️Requires AI API keys (AI_GATEWAY_API_KEY or OPENROUTER_API_KEY) for AI Chat functionality, which may incur costs.
  • ⚠️Requires a GitHub Personal Access Token (NUXT_GITHUB_TOKEN) for Git integration features like commit history.
  • ⚠️The 'better-sqlite3' peer dependency (a native module) needs to be manually installed for Nuxt Content's database backend when used as a layer.
Verified SafeView Analysis
External AI API keys and GitHub token are managed via environment variables. Relies on trusted Nuxt Content for document access, mitigating direct path traversal risks. Prettier worker dynamically loads scripts from a trusted CDN (jsdelivr.net), which is generally safe within a worker context. Ensure all environment variables are kept confidential.
Updated: 2026-01-19GitHub
32
2
High Cost
Sarks0 icon

binary-mcp

by Sarks0

Sec9

Provides AI assistants with binary analysis capabilities via Ghidra, ILSpyCmd, and x64dbg for security research and reverse engineering.

Setup Requirements

  • ⚠️Requires Ghidra (manual installation or interactive installer).
  • ⚠️Requires Java 21+ and .NET 6.0+ SDK for full functionality.
  • ⚠️Dynamic analysis using x64dbg is Windows-only.
  • ⚠️VirusTotal integration requires a VT_API_KEY (potentially paid for full features).
Verified SafeView Analysis
The server demonstrates strong security awareness, especially regarding path traversal and command injection. It uses `sanitize_binary_path` and `sanitize_output_path` extensively, and `subprocess.run` calls are configured with `shell=False`. The x64dbg bridge communicates via localhost by default and uses a secure token. Inputs are validated (e.g., `validate_dotnet_type_name`, `safe_regex_compile`). Running external binaries and processing untrusted inputs inherently carries risks, but this project takes substantial measures to mitigate them. Default output directories are within the user's home directory.
Updated: 2026-01-19GitHub
32
2
Low Cost
AerionDyseti icon

mcp-memory-server

by AerionDyseti

Sec6

Provides semantic memory storage for AI assistants, enabling them to store and retrieve decisions, patterns, and context across sessions using vector embeddings.

Setup Requirements

  • ⚠️Requires Bun 1.0+ runtime to be installed.
  • ⚠️Initial installation triggers a one-time download of a ~90MB ML model for embeddings, which can take a minute.
  • ⚠️Relies on native Node.js dependencies (`onnxruntime-node`, `sharp`) which can occasionally lead to platform-specific installation issues.
  • ⚠️Requires manual configuration in the MCP client's settings (e.g., `~/.claude/settings.json`).
Verified SafeView Analysis
The server operates locally by default (127.0.0.1:3271) reducing external network exposure. It uses `randomUUID` for internal ID generation, which is good. However, several database queries in `src/db/memory.repository.ts` construct `where` clauses using direct string interpolation for user-provided IDs (e.g., `id = '${id}'`). While IDs are typically UUIDs generated by trusted clients or internally, a malicious MCP client could send specially crafted strings (e.g., containing single quotes) as part of tool call arguments (`ids` in `delete_memories`, `get_memories`, `update_memories`), potentially leading to a form of SQL injection in the LanceDB queries. This is mitigated by its local-first, client-controlled nature, but remains a vulnerability pattern.
Updated: 2026-01-15GitHub
32
2
Medium Cost
botextractai icon
Sec9

Builds a local MCP server with stock market tools for a LangChain AI agent to fetch financial data.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid)
  • ⚠️Requires local `mcp_server.py` to be running in conjunction with the client
  • ⚠️Python dependencies need to be installed via pip
Verified SafeView Analysis
The server uses `stdio` for local communication, reducing network risks in this example. It relies on the security of `yfinance` and `fastmcp` libraries. `OPENAI_API_KEY` is loaded from `.env` file, which is good practice. No `eval` or direct shell command injection points from unsanitized user input were found. The regex for extracting tool messages is applied to internal `ToolMessage` string representation, not user input directly.
Updated: 2026-01-19GitHub
32
2
Low Cost
Knuckles-Team icon

systems-manager

by Knuckles-Team

Sec1

This project provides a multi-OS system management CLI and an MCP server for automating system maintenance, application management, and configuration via AI or automation systems.

Setup Requirements

  • ⚠️Default Insecurity: The MCP server runs without authentication by default (AUTH_TYPE=none), which is a critical security risk. Users must explicitly configure authentication for secure operation.
  • ⚠️Operating System Specificity: Functionality relies on native package managers (apt, dnf, winget, etc.), requiring specific OS compatibility and underlying system tools.
  • ⚠️Elevated Privileges: Many core functionalities, including installation, updates, and feature management, require root or administrator permissions on the host system.
  • ⚠️Python 3.10+ and Specific Dependencies: Running natively requires Python 3.10+ and manual installation of packages like fastmcp, psutil, distro, requests and potentially eunomia-mcp if authorization is enabled.
Review RequiredView Analysis
The server exposes highly privileged 'run_command' and 'text_editor' tools. The 'run_command' tool can execute arbitrary commands on the host system, potentially with elevated (root/administrator) privileges and with 'shell=True', making it vulnerable to command injection if input is not carefully controlled, or allowing a malicious actor to run any command. The 'text_editor' tool allows arbitrary file creation, viewing, and modification, which can lead to system compromise or data loss. The default authentication type for the MCP server ('AUTH_TYPE=none' in docker-compose and CLI args) is highly insecure, allowing any client to invoke these powerful and destructive tools without authentication. While advanced authentication (JWT, OIDC) and authorization (Eunomia) are supported, they are not enabled by default, making initial deployments extremely risky.
Updated: 2026-01-19GitHub
PreviousPage 169 of 713Next