Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
1
Medium Cost
guru111244 icon

claude-team-mcp

by guru111244

Sec8

A multi-agent MCP server designed for AI development teams to facilitate collaboration between various AI models (like GPT, Claude, Gemini) on complex coding and development tasks.

Setup Requirements

  • ⚠️Requires API keys for at least one large language model provider (e.g., OpenAI, Anthropic, Gemini, or a custom proxy service), which typically involve usage costs.
  • ⚠️Requires Node.js version 18 or higher to run the server.
  • ⚠️Designed for integration with specific IDEs (Claude Code, Windsurf, Cursor) via Model Context Protocol (MCP) configuration, necessitating initial setup in the IDE's configuration file.
Verified SafeView Analysis
The server is designed to interact with external AI APIs (requiring API keys) and has capabilities to interact with the local filesystem (e.g., reading project files, analyzing structure, and generating code files). API keys are handled via environment variables or a configuration file, which is good practice. Network communication with AI providers is expected to use HTTPS. The primary security considerations involve securely managing API keys and carefully reviewing AI-generated code before execution, given the server's access to local project files. No 'eval', code obfuscation, or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-19GitHub
32
1
Low Cost
jqlts1 icon
Sec3

Integrates TheBrain knowledge graph with AI assistants by providing a Model Context Protocol (MCP) server, a RESTful API, and a Spaced Repetition System (SRS) for efficient knowledge recall.

Setup Requirements

  • ⚠️Requires 'THEBRAIN_API_KEY' and 'THEBRAIN_BRAIN_ID' from a paid TheBrain account.
  • ⚠️Python 3.10 is specified for local development setup (via Conda).
  • ⚠️Default weak password '123456' is active for API access if 'WEB_PASSWORD' environment variable is not explicitly configured, making it unsafe by default.
Review RequiredView Analysis
The server includes a hardcoded default password ('123456') for API authentication if the 'WEB_PASSWORD' environment variable is not explicitly set. This is a critical security vulnerability that could lead to unauthorized access. Additionally, the FastAPI CORS is configured to 'allow_origins=['*']', which permits cross-origin requests from any domain, posing a risk in production environments if not restricted. While API keys are read from environment variables, the default password significantly lowers the security posture.
Updated: 2026-01-19GitHub
32
3
Medium Cost
broisnischal icon

vite-mcp

by broisnischal

Sec7

Provides a Model Context Protocol (MCP) server within a Vite development environment, enabling AI agents and other MCP clients to interact with and observe the browser's state and APIs in real-time.

Setup Requirements

  • ⚠️Requires Vite dev server to be running (operates only in 'development' mode).
  • ⚠️Requires a browser page to be open at the Vite dev server URL for the browser bridge and adapters to function.
  • ⚠️For dynamically generated HTML (e.g., React Router, Remix), `import "virtual:mcp";` must be manually added at the very top of the app's entry file, along with `tsconfig.json` updates for TypeScript support.
  • ⚠️The `zod` library is a mandatory peer dependency.
Verified SafeView Analysis
The plugin is designed for development environments, which influences its security posture. The MCP server endpoint `/__mcp` has `Access-Control-Allow-Origin: *`, which is typical for development servers but could be a risk if the server is accidentally exposed publicly without proper network restrictions or authentication. Adapters execute code within the browser context, which is the intended functionality. Input/output validation is enforced using Zod schemas, which is a strong positive. The serialization of adapter `handler` functions using `toString()` and subsequent (re)evaluation in the browser bridge, while used internally and for developer-provided functions, could be brittle or a vector for injection if not handled carefully, though no direct exploitable flaw is immediately apparent given the typical use case where the developer controls the plugin configuration.
Updated: 2026-01-07GitHub
32
2
Medium Cost
Sinhan88 icon
Sec3

Provides long-term memory and context storage/retrieval for Large Language Models (LLMs) via an API, adhering to the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python and pip installed
Review RequiredView Analysis
The actual Python source code (e.g., `app.py`, `requirements.txt`) for the server logic was not provided for analysis. Therefore, a comprehensive security audit for vulnerabilities like `eval` usage, obfuscation, insecure network practices, lack of input validation, or hardcoded secrets could not be performed. The score reflects the unknown security posture due to lack of code visibility rather than identified flaws.
Updated: 2025-12-15GitHub
32
2
Medium Cost
verygoodplugins icon

mcp-evernote

by verygoodplugins

Sec9

Seamless integration with Evernote for note management, organization, and knowledge capture via Model Context Protocol.

Setup Requirements

  • ⚠️Requires Evernote API Consumer Key and Consumer Secret, which must be obtained from Evernote Developers (dev.evernote.com).
  • ⚠️For Claude Desktop users, a local server is run on port 3000 (default) for the OAuth callback, which must be available.
  • ⚠️Requires Node.js version 18.0.0 or higher.
Verified SafeView Analysis
The server securely handles Evernote OAuth tokens, storing them locally or using environment variables, with explicit warnings against committing secrets. The `auth-standalone.ts` script runs a local Express server on `localhost` for the OAuth callback, which is a standard and safe practice for local authentication flows. The server supports user-configured webhooks for change notifications (`EVERNOTE_WEBHOOK_URL`). While this involves making outbound network requests to a user-defined URL, the functionality is documented and the responsibility for ensuring the webhook endpoint's trustworthiness lies with the user. The data sent to webhooks is specific Evernote change data (GUIDs, titles, timestamps), not broader sensitive system information. No `eval` or code obfuscation was found, and the codebase appears clean.
Updated: 2026-01-19GitHub
32
1
Medium Cost
ondata icon
Sec8

Enables AI agents to interact with CKAN-based open data portals for searching, exploring, and querying datasets, organizations, and tabular data.

Setup Requirements

  • ⚠️Requires Node.js v18.0.0 or higher.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, HTTP client) to interact with it.
  • ⚠️To run as an HTTP server, the `TRANSPORT=http` environment variable must be set (default is `stdio`).
  • ⚠️Deploying to Cloudflare Workers requires the `wrangler` CLI and a Cloudflare account.
Verified SafeView Analysis
The server is designed for read-only access to public CKAN APIs. It makes HTTP GET requests to user-provided `server_url`s, which could potentially be abused for Server-Side Request Forgery (SSRF) if the runtime environment allows access to internal networks. However, interaction is restricted to known CKAN API v3 endpoints, and robust input validation with Zod schemas is used. No direct remote code execution (RCE) vectors or hardcoded secrets are evident. Dependency `@modelcontextprotocol/sdk` has been updated to fix a critical ReDoS vulnerability.
Updated: 2026-01-19GitHub
32
1
Low Cost
lukaszzychal icon

mcp-doc-generator

by lukaszzychal

Sec9

Generates technical documentation and various diagrams (architecture, UML, sequence, flowchart, Gantt, dependency, cloud) from code or natural language prompts, supporting Polish, and exports to PDF/DOCX. Includes optional AI image generation.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for full functionality (recommended setup).
  • ⚠️OpenAI API Key (OPENAI_API_KEY environment variable) is required for AI image generation tools (generate_image_openai, generate_icon_openai, generate_illustration_openai). These tools incur a cost (e.g., $0.04 per standard 1024x1024 image) and are not token-based.
  • ⚠️External network access is used by default for Mermaid (via mermaid.ink API) and OpenAI tools. Local Mermaid CLI execution is a fallback option.
Verified SafeView Analysis
The server uses subprocess execution for Graphviz, Pandoc, and Mermaid CLI, but input content is generally written to temporary files and output paths are carefully constructed with absolute paths within a dedicated output volume, mitigating direct command injection risks. OpenAI and Mermaid.ink API calls are made via `aiohttp`, reducing direct shell interaction. Environment variables are used for API keys. Designed to run in Docker, providing isolation. The `_enhance_prompt_for_no_text` function handles user prompts before passing to DALL-E, but the parsing in `mcp_client.py` (client-side) could lead to unexpected arguments if not handled carefully, though server-side tools have input validation.
Updated: 2025-12-03GitHub
32
2
Low Cost
scalekit-inc icon

scalekit-mcp-server

by scalekit-inc

Sec8

This server enables AI agents to interact with Scalekit's identity platform through the Model Context Protocol (MCP) for natural language identity management.

Setup Requirements

  • ⚠️Requires a Scalekit account and configured API credentials (SK_CLIENT_ID, SK_CLIENT_SECRET, etc.) to interact with the Scalekit platform.
  • ⚠️Requires Node.js version 18 or greater, as indicated by various dependency `engines` fields in `package-lock.json` and ES module usage.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials (API keys, secrets), which is good practice. Input validation is performed using Zod schemas and custom functions for email/URL formats. Authentication is handled by `@scalekit-sdk/node` for token validation, including scope checks for tool calls. Error handling is present with appropriate logging and responses. CORS is configured to allow all origins, which is broad but might be necessary for diverse MCP client environments. The server relies on external Scalekit APIs, so its security is also dependent on the robustness of those services. No 'eval' or obvious malicious patterns were detected.
Updated: 2026-01-19GitHub
32
5
High Cost
jgardner04 icon

Ghost-MCP-Server

by jgardner04

Sec9

Manages a Ghost CMS instance programmatically by exposing its Admin API as an MCP Server, allowing AI agents or other systems to create, update, delete, and retrieve content (posts, pages, tags, members, newsletters, tiers) and upload images.

Setup Requirements

  • ⚠️Requires `GHOST_ADMIN_API_URL` and `GHOST_ADMIN_API_KEY` environment variables.
  • ⚠️The image upload tool (`ghost_upload_image`) can only download images from a whitelist of domains (imgur.com, github.com, unsplash.com, cloudinary.com, amazonaws.com) for security reasons. Other image sources will be blocked.
  • ⚠️Large list operations (e.g., `get_posts` with `limit=100`) can generate very large JSON outputs, potentially incurring high token costs for AI models.
Verified SafeView Analysis
The server implements robust security measures including comprehensive input validation (Zod schemas), NQL injection prevention, HTML sanitization (XSS prevention) for content and notes, and a tightly controlled URL validator (SSRF protection) for image downloads. API keys are loaded from environment variables and handled securely. Rate limiting and graceful shutdown are also implemented. The image URL validator whitelist is very restrictive (only a few popular image hosting domains), which is a strong security choice but could be a functional 'gotcha' for users.
Updated: 2026-01-07GitHub
32
1
Low Cost
ryar001 icon

finance_mcp

by ryar001

Sec8

Provides structured financial statements (Income Statement, Balance Sheet, Cash Flow) from public companies for consumption by LLMs via an MCP server.

Setup Requirements

  • ⚠️Relies on `yfinance` for data, which scrapes Yahoo Finance; respect Yahoo Finance's terms of service to avoid potential IP bans or service interruptions.
  • ⚠️Requires `uv` package manager (or `uvx`) for the recommended quick installation and execution method.
  • ⚠️While documentation mentions `GEMINI_API_KEY`, the current implementation directly uses `yfinance` and does not incur LLM token costs for data retrieval, but this might change in future iterations based on project history.
Verified SafeView Analysis
The server primarily uses the `yfinance` library to scrape data from Yahoo Finance, which carries a note in the README about respecting Yahoo Finance's terms of service. There are no explicit `eval` or direct code injection vulnerabilities observed. The logging configuration includes async handlers which is good. Firestore integration is present but not actively used for core data retrieval by the MCP tools. While `GEMINI_API_KEY` is referenced in documentation, the current implementation bypasses LLM for data fetching, thus reducing direct exposure to potential LLM-related prompt injection risks from this component. The server runs as a local process and communicates via standard I/O for MCP, which generally limits direct network exposure.
Updated: 2025-12-10GitHub
32
2
High Cost
ardaaltinors icon

MemCP

by ardaaltinors

Sec4

MemCP provides a memory management system for AI assistants, enabling persistent context, knowledge graphs, and user profile synthesis across conversations and various AI platforms.

Setup Requirements

  • ⚠️Requires paid API keys for OpenAI or Google Gemini (for embeddings and LLM inference).
  • ⚠️Requires Docker and Docker Compose for the full infrastructure setup (PostgreSQL, Qdrant, RabbitMQ, Redis).
  • ⚠️Requires Python 3.11+ and the 'uv' package manager for local development setup.
  • ⚠️Multiple external services (PostgreSQL, Qdrant, RabbitMQ, Redis) must be running and accessible.
Review RequiredView Analysis
The application demonstrates several good security practices, including strong password hashing (bcrypt), extensive use of environment variables for secrets, and redaction of sensitive information (like API keys, passwords, tokens) in logs. Database queries appear to be parameterized, mitigating SQL injection risks. However, a **critical XSS vulnerability** exists in `src/middlewares/mcp_oauth_redirect_middleware.py`. The `redirect_url` from user-controlled query parameters is directly embedded into a JavaScript `window.location.href` assignment without proper sanitization. This allows malicious `javascript:` URIs to execute arbitrary code in the user's browser context. Path-based API keys (`/mcp/{api_key}`) are also generally less secure than header-only authentication, though header-based API keys are also supported.
Updated: 2025-11-25GitHub
32
1
Low Cost
DIMANANDEZ icon

refrag

by DIMANANDEZ

Sec8

A Python library for Retrieval Augmented Generation (RAG) that uses micro-chunking, fast direct embedding, and query-time heuristic compression to reduce context size and improve retrieval efficiency, with optional LLM-based reranking for precision.

Setup Requirements

  • ⚠️Requires OpenAI or Anthropic API Key (Paid, only if using the optional REFRAGReranker component)
  • ⚠️Requires `sentence-transformers` models (downloaded on first use, can be large depending on model)
  • ⚠️The official documentation (README, How-It-Works) describes a system that uses LLMs for generating representations during indexing, but the provided source code explicitly implements 'Fast direct encoding (no LLM during indexing)' and heuristic compression, making the core functionality LLM-free and contradicting the documentation's core innovation description.
Verified SafeView Analysis
The core implementation (embedder, compressor) does not use LLMs, which reduces immediate security risks associated with prompt injection or external API calls for core processing. The `REFRAGReranker` component, however, makes external API calls to OpenAI or Anthropic, which introduces standard risks of data privacy, reliance on external services, and potential cost accumulation. API keys are appropriately sourced from environment variables. The use of regex in `ChunkCompressor` for keyword extraction could, in theory, be susceptible to ReDoS attacks with crafted inputs, though the patterns used are relatively simple. An example in the documentation shows `pickle` usage for index saving/loading; loading pickled data from untrusted sources is a deserialization vulnerability, but this is an example for user implementation rather than a core library function.
Updated: 2026-01-19GitHub
PreviousPage 176 of 713Next