Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
2
Low Cost
amkisko icon

rubygems_mcp.rb

by amkisko

Sec9

Provides a Model Context Protocol (MCP) server and Ruby client for accessing RubyGems and Ruby version information, integrating with IDEs and AI clients.

Setup Requirements

  • ⚠️Requires Ruby 3.1 or higher.
  • ⚠️Potential OpenSSL certificate configuration issues on some systems, leading to SSL verification failures.
  • ⚠️When using Ruby version managers (e.g., mise, rbenv) with MCP clients, ensure `RUBY_VERSION` environment variable is set to match the desired Ruby version for `gem exec rubygems_mcp`.
Verified SafeView Analysis
The source code demonstrates strong security practices including explicit SSL certificate verification, robust input validation for gem names and versions, and defensive parsing of both JSON and HTML responses. It implements a maximum response size limit (5MB) and actively checks for crawler protection pages and malformed/unexpected content types (e.g., HTML instead of JSON). No hardcoded secrets or 'eval' statements are found. The primary attack surface would be vulnerabilities in upstream APIs (RubyGems, ruby-lang.org, GitHub) or the `net/http` and `nokogiri` libraries, which are external dependencies.
Updated: 2026-01-19GitHub
32
2
Low Cost
RavenQueen03 icon
Sec3

This server acts as a proxy for SAP BTP OData services, specifically designed to bridge OData requests from a client (potentially a Minecraft Proxy, MCP) to an upstream OData endpoint, handling authentication and data forwarding.

Setup Requirements

  • ⚠️Requires Node.js installed to run the server.
  • ⚠️The ODATA_SERVICE_URL environment variable must be set, pointing to the upstream OData service.
  • ⚠️Requires 'npm install' to install dependencies like express, body-parser, axios.
Review RequiredView Analysis
The server directly accepts user credentials ('user', 'password') in the request body from the client and uses them for upstream OData service authentication. This is a severe security vulnerability as it exposes credentials to the proxy server and, without HTTPS, transmits them in plaintext. It is highly recommended to implement a more secure authentication mechanism (e.g., token-based authentication) and ensure the proxy itself is served over HTTPS to protect sensitive data in transit.
Updated: 2026-01-19GitHub
32
2
Medium Cost
hubertusgbecker icon

mcp-browser-use-server

by hubertusgbecker

Sec4

An MCP server that enables AI agents to control web browsers using the browser-use library, supporting various transports and persistent sessions.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) for LLM functionality.
  • ⚠️Requires Playwright browsers to be installed via `uv run playwright install --with-deps chromium`.
  • ⚠️The `uv` (Astral) package manager is strictly required for all Python operations, replacing traditional `pip` commands.
  • ⚠️Docker with docker-compose is highly recommended for containerized deployment and VNC visualization.
Review RequiredView Analysis
The server includes a 'direct summarizer' feature that fetches content from a user-provided URL using `requests.get()`. This `url_text` parameter is taken directly from the AI agent's input without explicit domain validation or sanitization within this direct path. This creates a potential Server-Side Request Forgery (SSRF) vulnerability, allowing a malicious AI agent to potentially make the server request resources from internal networks or other arbitrary endpoints not intended for public access. Although the `browser-use` agent itself might have `allowed_domains` as a parameter, this direct summarizer bypasses the agent's full execution flow and its associated security controls. Other components, such as `subprocess.Popen` for `mcp-proxy`, execute trusted binaries with arguments controlled by the server's CLI rather than direct AI agent input, which is less of a concern.
Updated: 2026-01-09GitHub
32
5
Low Cost
crunchloop icon

mcp-devcontainers

by crunchloop

Sec8

Provides a Model Context Protocol (MCP) server for integrating with and managing devcontainer environments via the devcontainers CLI.

Setup Requirements

  • ⚠️Docker must be installed and running on your system.
Verified SafeView Analysis
The server primarily acts as a wrapper for the `devcontainers cli`, exposing its functionality. It correctly uses `child_process.spawn` with an array of arguments, which is robust against shell injection for the arguments passed to the devcontainer CLI. The `devcontainer_exec` tool is designed to execute arbitrary shell commands *within the devcontainer*, which is an intended powerful capability. The `outputFilePath` parameter allows writing command output to a specified file. While this could theoretically be misused to overwrite sensitive files if an untrusted client provides a malicious path, for its intended use as a development agent tool, this is considered a minor risk as the client is expected to be trusted.
Updated: 2026-01-07GitHub
32
2
Medium Cost
Knuckles-Team icon

repository-manager

by Knuckles-Team

Sec3

Manages Git repositories (cloning, pulling, status, configuration) and serves as an Agentic AI tool for interacting with codebases, enabling semantic search and Python script execution.

Setup Requirements

  • ⚠️Requires Git to be installed on the host system where operations are performed.
  • ⚠️Requires an LLM provider (e.g., OpenAI, Anthropic, Google, HuggingFace) with appropriate API keys or a local LLM server (defaults suggest localhost:1234/v1 for OpenAI compatible APIs).
  • ⚠️Python 3.10 or higher is required.
  • ⚠️The A2A Agent requires connection to an MCP Server (either local or remote), which can be the `repository-manager-mcp` itself or other configured MCP servers for additional functionalities like Smart Coding or Python Sandbox.
Review RequiredView Analysis
The server's 'git_action', 'run_command', and 'text_editor' tools utilize 'subprocess.run(command, shell=True)', which is highly vulnerable to command injection if input commands are not meticulously sanitized. This allows arbitrary code execution on the host system. While the server supports various authentication methods (JWT, OAuth, OIDC), using 'AUTH_TYPE=none' or misconfiguring authentication leaves it exposed. The 'text_editor' tool can read, create, and modify arbitrary files on the local filesystem, posing a significant risk if an attacker gains access or injects malicious commands. Default LLM API keys/base URLs are for local models and not production secrets, but misconfiguration could lead to unintended exposure.
Updated: 2026-01-19GitHub
32
1
High Cost
sh1nj1 icon
Sec2

A Rails engine for building and managing LLM tools, unifying Sorbet-typed service classes into both RubyLLM and FastMCP tool definitions.

Setup Requirements

  • ⚠️Requires Ruby 3.4.4.
  • ⚠️Requires API keys for OpenAI, Google/Gemini, and/or Anthropic for LLM functionality (these are paid services).
  • ⚠️Claude Desktop MCP configuration requires an absolute path to the `test_app` directory, which can be a common setup friction.
  • ⚠️Using the remote SSE client with Claude Desktop requires `npx` (Node.js package runner) to be installed.
  • ⚠️The playground feature allows executing arbitrary Ruby code, posing a significant security risk if used with untrusted input or in a production environment.
Review RequiredView Analysis
CRITICAL: The application uses `Object.class_eval` to execute arbitrary Ruby code provided by the user in the playground (e.g., for registering new tools dynamically). This is explicitly noted in the README as a feature for trusted sources, but it presents a severe code execution vulnerability if exposed to untrusted input. Additionally, the FastMCP server is configured with `localhost_only: false`, allowing remote connections to the MCP endpoint, which could expose the `eval`-capable tools to network access.
Updated: 2025-12-04GitHub
32
1
Low Cost
nicholasjconn icon

agent-layer

by nicholasjconn

Sec9

Agent Layer ensures consistency in AI-assisted development by generating client-specific configurations from a single, repo-local source of truth.

Setup Requirements

  • ⚠️Requires 'curl' for initial installation.
  • ⚠️Requires target AI client (e.g., Gemini CLI, Claude Code CLI, Codex CLI, VS Code) to be installed and on your PATH.
  • ⚠️Development setup (`./scripts/setup.sh`) requires Go 1.25.6+, Git, and Make.
Verified SafeView Analysis
The installation script fetches a binary from GitHub releases and verifies its SHA256SUM, which is standard practice but relies on the integrity of GitHub. Configuration explicitly guides users to place secrets in gitignored `.agent-layer/.env` files, preventing accidental exposure. The core functionality involves launching external CLI tools (e.g., Gemini, Claude, Codex) and an internal MCP server via stdio. An approval system (`commands.allow`, `approvals.mode`) is implemented to control auto-approved shell commands and MCP tool calls, which is a strong security feature. No 'eval' or obvious obfuscation patterns were found.
Updated: 2026-01-19GitHub
32
2
High Cost
Hyperkorn icon
Sec9

A unified Model Context Protocol (MCP) server for agentic RAG, combining vector search, knowledge graphs, and web intelligence for AI assistant interactions.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for local development setup of Qdrant, Neo4j, and Redis databases.
  • ⚠️Requires an OpenAI API Key for GraphRAG functionalities (knowledge extraction, memory consolidation) and potentially for LLM-powered web extraction strategies, which can incur significant costs.
  • ⚠️The project explicitly uses 'uv' for dependency management, requiring users to install this specific package manager.
Verified SafeView Analysis
The server implements robust JWT-based authentication, API key validation with timing attack prevention (hmac.compare_digest), and role-based access control. Sensitive configurations are handled via Pydantic's `SecretStr`, and security headers (OWASP-compliant) are applied via middleware. Rate limiting and comprehensive logging are also in place. Development secrets are clearly marked in `docker-compose.yml` and platform secrets are used in cloud deployment configs. No direct 'eval' or obvious malicious patterns found.
Updated: 2026-01-19GitHub
32
2
Low Cost
chrishayuk icon
Sec9

Provides a highly configurable, high-performance server for a wide range of mathematical computations via the Mathematical Computation Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.11+.
  • ⚠️For local Claude Desktop integration, absolute paths must be used in the configuration, not relative or `~` paths.
Verified SafeView Analysis
The server's core functionality involves exposing a controlled set of mathematical functions from the `chuk-mcp-math` library, which limits the risk of arbitrary code execution. Configuration is managed via Pydantic models, offering type-safe validation. The default host binding of '0.0.0.0' is noted with `nosec B104` (Bandit warning) but is a common and often necessary default for containerized services; it's explicitly documented. Default `enable_cors: true` is permissive but typical for an API. `rate_limit_enabled` defaults to `false`, which could be a concern in production without external rate limiting. There is no usage of `eval()` or similar dangerous functions on arbitrary user input. The dynamic tool registration is based on trusted function references, not arbitrary strings. Overall, the design prioritizes safety by filtering and exposing well-defined operations.
Updated: 2025-12-07GitHub
32
4
High Cost
timescale icon
Sec4

This server emulates Anthropic's skill format, enabling LLMs to utilize specialized knowledge and tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (`GITHUB_TOKEN`) with `repo`, `read:org`, `read:user`, `user:email` scopes to fetch GitHub-hosted skills.
  • ⚠️Access to external LLM APIs (e.g., Anthropic, OpenAI) is required, configured via environment variables (`LOW_TASK_MODEL`, `MEDIUM_TASK_MODEL`, `HIGH_TASK_MODEL`).
  • ⚠️Subagent functionality requires a `mcp.yaml` configuration file to specify additional external tools, which must be carefully vetted for security.
Review RequiredView Analysis
The server's architecture allows for loading skills from arbitrary GitHub repositories and integrating tools from external MCP servers via configuration files (e.g., `skills.yaml`, `mcp.yaml`). This design introduces a significant supply chain security risk: if configured to use untrusted skill sources or external MCPs, a malicious skill or external server could expose tools that enable arbitrary code execution or data exfiltration by the consuming agent. While no direct 'eval' or hardcoded secrets are present in the provided source, the system's security heavily relies on the operator's vigilance in vetting all configured external resources.
Updated: 2026-01-07GitHub
32
2
High Cost
scrapfly icon

scrapfly-mcp

by scrapfly

Sec8

Connects AI assistants to live web data, enabling real-time web scraping, structured data extraction, anti-bot bypass, and screenshots from any website.

Setup Requirements

  • ⚠️Requires a Scrapfly API Key (a paid service) for core functionality like scraping and extraction.
  • ⚠️Requires a Go runtime or Docker for local/self-hosted deployment.
  • ⚠️If running the HTTP server without providing an API key via command-line (`-apikey`) or environment variable (`SCRAPFLY_API_KEY`), the API key must be supplied with each HTTP request (e.g., via `Authorization` header or `apiKey` query parameter).
Verified SafeView Analysis
The server securely proxies requests to the Scrapfly API, requiring an API key for authentication. It avoids hardcoded secrets for its own operation, relying on environment variables or request parameters for the API key. The `pkg/authenticableClient` package enforces API key validation for incoming HTTP requests to the MCP server endpoint, ensuring that only authenticated users can access the tools. The use of `unsafe` operations in `pkg/mcpex` and `internal/patcher` is noted but common in Go SDKs for interacting with external library internals (specifically, `modelcontextprotocol/go-sdk`), and does not present an immediate vulnerability in this context. User-provided JavaScript (`js`, `js_scenario` parameters) is explicitly designed to be executed on the *remote target website* via the Scrapfly service, not on the MCP server itself, thus mitigating direct server-side code injection risks from these inputs. The `npx mcp-remote` command mentioned in the README is a *client-side utility* to connect to a remote Scrapfly MCP server (or a local instance configured to use `stdio`), not a command to run *this* Go server application.
Updated: 2026-01-13GitHub
32
2
Medium Cost
pingidentity icon

pingone-mcp-server

by pingidentity

Sec9

Enables AI assistants to review and manage PingOne tenants by integrating the PingOne management API into AI assistant conversations.

Setup Requirements

  • ⚠️Requires a licensed or trial PingOne cloud subscription.
  • ⚠️Requires an MCP-compatible client (e.g., VS Code Copilot Chat, Claude Desktop).
  • ⚠️Requires manual setup of a 'worker application' in your PingOne tenant with specific OAuth 2.0 configurations (e.g., Redirect URI, Grant Type, Roles).
Verified SafeView Analysis
The server uses secure OAuth 2.0 flows (PKCE, Device Code) and stores tokens in OS keychains (local) or ephemerally (Docker). It operates over stdin/stdout, minimizing network attack surface. Explicit 'Read Only' mode and 'Production Environment Write Protection' are implemented safeguards. No hardcoded secrets were found; sensitive configurations are sourced from environment variables. The project README provides comprehensive security notices and warnings regarding preview software and use with untrusted AI clients, demonstrating strong security awareness.
Updated: 2026-01-19GitHub
PreviousPage 178 of 713Next