Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

89
24
Medium Cost
h7lu icon
Sec9

A local RAG (Retrieval-Augmented Generation) server providing semantic and lexical search, and graph-based navigation for RimWorld game source code and XML definitions to AI assistants.

Setup Requirements

  • ⚠️Requires manual export and placement of RimWorld game data (C# source, XML Defs) into a specified directory.
  • ⚠️Requires both .NET 8.0 SDK and Python 3.9+ runtime environments to be installed.
  • ⚠️Requires downloading a large embedding model (e.g., e5-base-v2, multiple GBs) from HuggingFace, which may require git lfs.
  • ⚠️Requires running two separate server processes concurrently (a Python embedding server and a .NET MCP server) for full functionality.
Verified SafeView Analysis
The Python embedding server runs on localhost by default (127.0.0.1:5000), limiting network exposure. API keys for remote embedding services are handled via environment variables or command-line arguments, preventing hardcoding. Input payloads for embedding are structured, reducing injection risks. No 'eval' or obvious malicious patterns were found in the provided Python source code. Assumes the C# component itself is securely written.
Updated: 2025-12-01GitHub
89
29
Low Cost
inceptyon-labs icon

TARS

by inceptyon-labs

Sec8

TARS is a cross-platform desktop application designed to provide a visual interface for discovering, creating, editing, and managing Claude Code configurations, including skills, agents, commands, hooks, and MCP servers, across multiple projects with profile-based sharing.

Setup Requirements

  • ⚠️Requires Claude Code CLI to be installed and configured for full functionality, as TARS manages its resources and invokes its commands.
  • ⚠️Building from source requires Rust 1.75+ and Bun.
  • ⚠️Requires appropriate file system permissions to manage Claude Code configuration files in user (`~/.claude/`) and project (`.claude/`, `.mcp.json`) directories.
Verified SafeView Analysis
TARS is a desktop application that manages configurations for the Claude Code CLI, not an MCP server itself. The application handles file system operations and command execution (via Claude CLI calls) with apparent care, including path validation using `safe_join` and `reject_symlink`, and `forbid(unsafe_code)` in Rust. Users can configure powerful MCP servers and hooks that allow for external command execution; TARS provides the interface for this configuration, but does not execute these arbitrary commands directly within its own process. No obvious 'eval' or hardcoded secrets were found. The primary security consideration is user-driven, regarding the power granted to the Claude Code CLI via configurations created within TARS.
Updated: 2026-01-17GitHub
89
30
High Cost
andrewmoshu icon

diagram-mcp-server

by andrewmoshu

Sec3

Generates infrastructure diagrams from Python code or Infrastructure-as-Code (IaC) files across various cloud providers and on-premises environments.

Setup Requirements

  • ⚠️Requires GraphViz (with development headers) installed locally for diagram generation and .drawio export.
  • ⚠️Requires specific environment variables (CFLAGS/LDFLAGS on macOS/Linux, INCLUDE/LIB on Windows) to build pygraphviz during installation.
  • ⚠️Python 3.12+ is required.
  • ⚠️Requires `uv` installed for recommended setup.
  • ⚠️Helm CLI is optionally required for full Helm chart parsing; without it, a fallback mode with limited template support is used.
Review RequiredView Analysis
The server uses `exec()` to run user-provided Python code in the `generate_diagram` function. While a code scanner (`bandit` and custom checks for dangerous functions like `exec`, `eval`, `os.system`, `subprocess`) is implemented to detect and reject potentially malicious code, relying on a detection mechanism for arbitrary code execution is inherently risky. A sophisticated bypass could lead to remote code execution. Additionally, `urllib.request.urlretrieve` can fetch content from arbitrary URLs if allowed by the code, posing potential supply chain or SSRF risks.
Updated: 2026-01-17GitHub
88
22
Low Cost
clumsynonono icon

ethereum-mcp

by clumsynonono

Sec9

Ethereum data analytics for Research Incentive Group (RIG) research, covering Blob, DEX, Staking, MEV, BuilderNet, and L2 MEV metrics.

Setup Requirements

  • ⚠️Requires a Dune Analytics API Key (`DUNE_API_KEY`) to be set in the `.env` file.
  • ⚠️Most data tools require manual configuration of Dune Query IDs in `src/utils/queryConfig.ts` before they can fetch data.
  • ⚠️Requires `npm install` and `npm run build` to be executed once after cloning and after modifying `src/utils/queryConfig.ts`.
  • ⚠️Requires restarting the Claude Desktop application for configuration changes to take effect.
Verified SafeView Analysis
The server acts as a wrapper around the Dune Analytics API, making HTTP requests to `api.dune.com` using an API key. There are no 'eval' or arbitrary code execution vulnerabilities identified within the provided source. Input parameters for Dune queries (`query_id`, `limit`, etc.) are passed to the Dune API, not executed locally. The `DUNE_API_KEY` is loaded from an environment variable, which is good practice. The explicit `execute_query` tool requires user confirmation, mitigating accidental credit consumption.
Updated: 2025-11-27GitHub
88
22
Low Cost
clumsynonono icon

ethereum-dune-mcp

by clumsynonono

Sec9

Ethereum blockchain data analytics and research for RIG (Research Incentive Group), providing metrics on Blob, DEX, Staking, MEV, and L2 activities via Dune Analytics.

Setup Requirements

  • ⚠️Requires a Dune API Key (free registration, but API calls can consume credits).
  • ⚠️Many tools require manual configuration of Dune Query IDs in `src/utils/queryConfig.ts` after finding them on Dune Analytics.
  • ⚠️Requires configuration within `claude_desktop_config.json` with the absolute path to the compiled `index.js` file.
Verified SafeView Analysis
The server loads the Dune API key from environment variables (`.env`), preventing hardcoding of secrets. Most data retrieval uses cached results, which are free. The `execute_query` tool, which can consume Dune API credits, explicitly requires a `confirm: true` argument, adding a layer of protection against unintended API usage and associated costs. No `eval` or other highly dangerous dynamic code execution patterns were found.
Updated: 2025-11-27GitHub
88
386
Low Cost
agentic-community icon

mcp-gateway-registry

by agentic-community

Sec8

Provides a programmatic interface to interact with the main MCP Gateway Registry API, enabling tasks like registering/toggling services, managing groups/users, and intelligently discovering tools across registered services using semantic search and access control.

Setup Requirements

  • ⚠️Requires `SECRET_KEY` environment variable to be persistently set for stable session management; otherwise, a new one is generated on restart, invalidating existing sessions.
  • ⚠️Authentication to the internal Registry API requires `REGISTRY_USERNAME` and `REGISTRY_PASSWORD` environment variables, which must be securely configured.
  • ⚠️Semantic search functionality relies on a pre-built FAISS index (`service_index.faiss`, `service_index_metadata.json`) and an embedding model (e.g., `sentence-transformers`), which need to be available or downloaded.
  • ⚠️Relies on a correctly configured `scopes.yml` file (typically mounted from the host to the `auth_server`) for fine-grained access control, misconfiguration of which can lead to authorization issues.
  • ⚠️Requires the `AUTH_SERVER_URL` and `REGISTRY_BASE_URL` to be correctly configured for inter-service communication.
Verified SafeView Analysis
The server implements robust security features, including JWT token validation, session management, rate limiting for token generation, and fine-grained access control (FGAC) based on user scopes and server/tool definitions. It employs logging with IP anonymization and header masking for GDPR/SOX compliance. It relies heavily on environment variables for sensitive configurations like API keys and passwords; these must be managed securely (e.g., via secrets management). The `SECRET_KEY` for session cookies is crucial and needs to be persistent across restarts in production.
Updated: 2026-01-19GitHub
88
639
Medium Cost
featureform icon

enrichmcp

by featureform

Sec8

Exposes structured data models as a semantic, discoverable API for AI agents.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️LLM-enabled examples require an OpenAI API Key (OPENAI_API_KEY environment variable) or a locally running Ollama server with a model like 'llama3.2' (OLLAMA_MODEL environment variable).
  • ⚠️Optional SQLAlchemy integration requires `pip install enrichmcp[sqlalchemy]`.
Verified SafeView Analysis
The code uses `exec` in `src/enrichmcp/sqlalchemy/auto.py` to dynamically generate resolver functions. While the generated code string appears to be constructed from controlled internal logic (not directly from untrusted user input), `exec` is a powerful primitive that, in general, requires careful scrutiny due to potential for arbitrary code execution if inputs or context are not perfectly contained. No other critical security risks like hardcoded production secrets, obfuscation, or arbitrary command execution are apparent.
Updated: 2026-01-01GitHub
88
516
Medium Cost
ktnyt icon

cclsp

by ktnyt

Sec8

Integrate LLM-based coding agents with Language Server Protocol (LSP) servers to enable robust code navigation, symbol resolution, and refactoring across various programming languages.

Setup Requirements

  • ⚠️Requires Node.js 18+ or Bun runtime.
  • ⚠️Language servers for your target languages (e.g., TypeScript, Python, Go) must be installed separately.
  • ⚠️A configuration file (cclsp.json) specifying LSP server details and file extensions is required, often passed via the CCLSP_CONFIG_PATH environment variable.
Verified SafeView Analysis
The server spawns external LSP server processes based on user configuration. While the tool itself does not exhibit direct malicious patterns or obvious vulnerabilities, its security relies heavily on the user trusting and properly configuring the LSP servers it integrates with. The `SECURITY.md` clearly outlines these user responsibilities. File operations for renaming are designed with atomic changes and rollback capabilities.
Updated: 2026-01-02GitHub
87
4323
High Cost
u14app icon

deep-research

by u14app

Sec5

Generate comprehensive, AI-powered deep research reports, leveraging various LLMs and web search engines, with local knowledge base integration and report artifact editing.

Setup Requirements

  • ⚠️Requires API keys for at least one AI provider (e.g., Google Gemini, OpenAI, Anthropic, Deepseek, Grok, Mistral, Azure, OpenRouter, Ollama) and potentially for a search provider (e.g., Tavily, Firecrawl, Exa, Bocha, Searxng). Many of these are paid services.
  • ⚠️The `ACCESS_PASSWORD` environment variable is mandatory for authentication, especially when running in proxy or MCP mode.
  • ⚠️Choosing Ollama or Searxng as a provider might imply a local Docker setup for these services (e.g., `http://0.0.0.0:11434` for Ollama, `http://0.0.0.0:8080` for Searxng).
Review RequiredView Analysis
The project uses Zod for input validation, which is a good practice. API keys are managed via environment variables and a multi-key polling mechanism, and proxy endpoints are protected by signature verification (`ACCESS_PASSWORD`). However, the `/api/crawler` endpoint, when authenticated, allows the server to fetch an arbitrary URL provided in the request body, which poses a Server-Side Request Forgery (SSRF) risk if the `ACCESS_PASSWORD` is compromised. Additionally, processing user-uploaded files (Office, PDF) introduces potential attack surface for parsing vulnerabilities. Interactions with LLMs are susceptible to prompt injection attacks, a general risk in AI applications. The security of the application heavily relies on the secrecy of `ACCESS_PASSWORD` and the robustness of third-party libraries used for file parsing and AI SDKs.
Updated: 2025-12-29GitHub
87
259
Medium Cost
cookjohn icon

zotero-mcp

by cookjohn

Sec8

Seamlessly integrates AI assistants with Zotero for enhanced research assistance, literature reviews, and citation management by enabling AI to interact with the local Zotero library.

Setup Requirements

  • ⚠️Requires Node.js (version 18+) installed on the system.
  • ⚠️Requires Zotero (version 7.0 or higher) installed.
  • ⚠️Semantic search functionality relies on an external Embedding API (e.g., OpenAI, which incurs costs, or a locally running Ollama instance configured for OpenAI compatibility, requiring local setup).
Verified SafeView Analysis
The server component runs as an integrated Zotero plugin, enhancing its security posture by operating within Zotero's sandbox. By default, it is configured to listen only on 127.0.0.1 (localhost), preventing external access unless explicitly allowed by the user. No direct `eval()` calls or hardcoded secrets are evident in the provided source code. API keys for external embedding services are stored securely within Zotero's preferences rather than being hardcoded or exposed as environment variables on the server side. Potential risks include vulnerabilities in Zotero's internal APIs (outside this project's scope) or in the client-side `mcp-remote` dependency (which is a client-side tool, not the server itself).
Updated: 2026-01-18GitHub
87
12
Low Cost
LNS2905 icon
Sec4

Multi-agent task coordination, issue tracking, and file locking to prevent conflicts between AI agents working on a shared codebase.

Setup Requirements

  • ⚠️Requires 'beads' CLI to be installed (pip install beads).
  • ⚠️Requires Node.js 16+ for `npx` command.
  • ⚠️Requires Python 3.8+.
  • ⚠️Optional 'bv' binary (from GitHub releases or Go install) needed for advanced graph analysis features (bv_insights, bv_plan, bv_priority, bv_diff).
  • ⚠️Python 'textual' library is required for the built-in dashboard (pip install textual).
  • ⚠️On Windows, 'pywin32' might be required for daemon named pipe support (pip install pywin32), otherwise it falls back to CLI.
Review RequiredView Analysis
The server's `tool_init` function accepts a `ws` (workspace) argument, which is then passed to `os.path.abspath()` and subsequently used as the `cwd` for `subprocess.run()` calls (e.g., `bd init`). If an untrusted agent can control this `ws` argument, it could potentially direct the server to execute `bd` commands in an arbitrary malicious directory. This poses a supply chain risk if a malicious `bd` binary or other executables were placed there, or an execution context risk if an attacker could control the environment of the `bd` calls. While `normalize_path` is used for file reservations to prevent path traversal within those specific calls, the broader `cwd` context for `bd` commands is vulnerable to manipulation. The server also downloads the optional `bv` binary from GitHub releases via `urllib.request`, relying on the security of the source and network.
Updated: 2025-12-11GitHub
87
477
Medium Cost
maquina-app icon

rails-mcp-server

by maquina-app

Sec9

Enables Large Language Models (LLMs) to interact with Rails projects for code analysis, exploration, and development assistance using the Model Context Protocol.

Setup Requirements

  • ⚠️Users of Ruby version managers (e.g., rbenv, RVM) might need to configure the MCP client to use the Ruby shim path (e.g., ~/.rbenv/shims/ruby) instead of a system default Ruby.
  • ⚠️A Rails project is required; the server will auto-detect one in the current directory, use the RAILS_MCP_PROJECT_PATH environment variable, or load from projects.yml. If no project is found, the server exits with an error.
  • ⚠️For 'analyze_models' and 'analyze_controller_views' to perform 'static' analysis, the Rails project being analyzed must have the 'prism' gem installed in its Gemfile.
  • ⚠️Documentation guides (Rails, Turbo, Stimulus, Kamal) must be downloaded separately using `rails-mcp-server-download-resources <library>` or imported via `rails-mcp-config` before they can be loaded by the `load_guide` tool.
Verified SafeView Analysis
The server implements robust security measures including a strong sandboxing mechanism for `execute_ruby` with static code analysis (forbidden patterns) and runtime method overrides (blocking file writes, system calls, network access). Path validation prevents directory traversal, and sensitive file patterns (e.g., .env, master.key, SSH keys) are explicitly blocked. Input validation using strict regex for model/table names helps prevent injection attacks. The `RunProcess` uses `Shellwords.escape` for paths and constructs internal commands carefully to mitigate shell injection.
Updated: 2026-01-12GitHub
PreviousPage 17 of 713Next