Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
2
Low Cost
talkops-ai icon

talkops-mcp

by talkops-ai

Sec9

A Model Context Protocol (MCP) server for AI assistants to manage Kubernetes applications via ArgoCD using GitOps principles, enabling secure, production-grade operations.

Setup Requirements

  • ⚠️Requires a running ArgoCD Server (v2.x) instance.
  • ⚠️The `ARGOCD_AUTH_TOKEN` environment variable is required for authentication with ArgoCD.
  • ⚠️The server defaults to read-only mode (`MCP_ALLOW_WRITE=false`); explicit setting to `true` is required to enable write operations.
  • ⚠️Git credentials (e.g., `GIT_PASSWORD` for HTTPS or `SSH_PRIVATE_KEY_PATH` for SSH) are required for repository onboarding functionality.
Verified SafeView Analysis
The ArgoCD MCP server implements robust security. It defaults to a read-only mode (`MCP_ALLOW_WRITE=false`), preventing all mutating operations unless explicitly enabled. Sensitive credentials (ArgoCD API tokens, Git passwords/SSH keys) are read from environment variables or secure file paths, ensuring they are never exposed to LLM models. It supports TLS verification for secure connections to ArgoCD. The codebase appears to follow good practices for input validation and avoids dangerous patterns like `eval` for command execution, leveraging explicit whitelisting and validation mechanisms. Network security is good by design (HTTP/SSE endpoint with configurable host/port).
Updated: 2026-01-19GitHub
32
1
Low Cost
jaysongiroux icon

whoisthere

by jaysongiroux

Sec8

An MCP server enabling LLMs to check domain name availability and discover available Top-Level Domains (TLDs).

Setup Requirements

  • ⚠️Requires Go 1.23+ to build/run locally without Docker.
  • ⚠️Relies on external WHOIS services which may be slow or rate-limited.
Verified SafeView Analysis
The server primarily relies on external WHOIS services (likexian/whois) which inherently involve network requests. Input validation (`CleanAndValidateDomain`) is present before making WHOIS queries. The `http.ListenAndServe` call in `main.go` lacks explicit timeouts, which is flagged by `gosec` (G114) for potential resource exhaustion in production environments, though for an internal MCP server, this might be acceptable. No clear hardcoded secrets, 'eval' usage, or malicious patterns were identified.
Updated: 2025-12-01GitHub
32
2
Medium Cost
canstralian icon

OSINT-MCP-Server

by canstralian

Sec9

A comprehensive Open Source Intelligence (OSINT) Model Context Protocol (MCP) server for gathering publicly available information while respecting privacy, legal boundaries, and ethical standards.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️ABUSEIPDB_API_KEY is required for the IP reputation check tool to function with AbuseIPDB.
  • ⚠️Configuring OSINT_RATE_LIMIT and OSINT_USER_AGENT environment variables is highly recommended for ethical operation and transparency, though defaults exist.
Verified SafeView Analysis
The server demonstrates a strong commitment to ethical and secure practices. It implements explicit timeouts for all external HTTP/DNS requests, sets a transparent User-Agent, and enforces `robots.txt` compliance for web operations. Robust input validation and sanitization (`validators.py`) are applied to all parameters. A token bucket rate limiter is built-in and actively used across tools to prevent abuse. API keys for external services are loaded from environment variables (e.g., `ABUSEIPDB_API_KEY`) and are not hardcoded. Comprehensive error handling is in place to provide structured feedback and prevent crashes. The code clearly distinguishes between publicly available information and private data access, adhering strictly to ethical OSINT principles. No `eval` or similar dangerous functions are used without justification, and there are no signs of obfuscation or malicious patterns.
Updated: 2026-01-19GitHub
32
1
Medium Cost
LeonAchata icon

Bedrock-Gateway

by LeonAchata

Sec8

Provides a centralized gateway for AI agents to access multiple AWS Bedrock LLM models via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires AWS Bedrock access and credentials (Paid Service).
  • ⚠️Default CORS (`allow_origins=["*"]`) is insecure for production and should be restricted.
  • ⚠️Requires `mcp` Python SDK for agent clients to interact with the gateway.
Verified SafeView Analysis
The project correctly uses environment variables for AWS credentials, reducing hardcoded secret risks. It includes an example of a minimal IAM policy. However, the default FastAPI CORS configuration (`allow_origins=["*"]`) is overly permissive and poses a security risk if deployed to production without restriction. Logging output is directed to stderr, which is good for MCP stdio mode, but requires proper log aggregation for monitoring.
Updated: 2025-11-24GitHub
32
2
High Cost
comcpwork icon

mcp

by comcpwork

Sec5

Execute MySQL, Redis, ClickHouse, SQLite, and Prometheus database commands and queries through a natural language AI assistant, including support for SSH tunneling.

Setup Requirements

  • ⚠️Requires Go 1.21 or higher
  • ⚠️Requires an MCP Client (e.g., Claude Code, Cursor, Cline)
  • ⚠️SQLite SSH mode requires the `sqlite3` command-line tool to be installed on the remote server
  • ⚠️SSH host key verification is disabled by default, posing a security risk
Review RequiredView Analysis
The SSH implementation uses `ssh.InsecureIgnoreHostKey()` which bypasses host key verification, making it vulnerable to Man-in-the-Middle attacks. While the SQLite remote execution includes escaping for SQL queries, executing arbitrary commands over SSH still carries inherent risks. Sensitive DSNs containing credentials should be handled with extreme care and not exposed in logs or shared environments, as advised in the documentation.
Updated: 2026-01-17GitHub
32
2
Medium Cost
PDBeurope icon

PDBe-MCP-Servers

by PDBeurope

Sec9

Provides Model Context Protocol (MCP) servers to integrate PDBe's structural biology data (API, Graph, Search) into AI-powered applications like Claude Desktop.

Setup Requirements

  • ⚠️Requires Python 3.10+ and 'uv' package manager for installation and execution.
  • ⚠️Primarily designed for integration with Claude Desktop, requiring manual modification of the 'claude_desktop_config.json' file for each desired server type.
  • ⚠️For local development installation, the Claude Desktop configuration requires specifying the absolute path to your cloned repository.
Verified SafeView Analysis
The server acts as an adapter making HTTP requests to well-known PDBe APIs. The HTTPClient includes retry logic and handles common request exceptions. No explicit use of 'eval', 'exec', or direct unsanitized system command execution was found within the provided source. Configuration URLs for PDBe services are public. Dependency management with 'uv' enhances project security. User input via MCP tools is processed internally and not directly executed as system commands, mitigating common injection risks. Assumes the underlying PDBe APIs are secure.
Updated: 2025-12-04GitHub
32
1
High Cost
vrerv icon
Sec1

A Rails engine for defining, generating, and running AI/LLM tools, integrated with Model Context Protocol (MCP) clients and a web playground/chat interface.

Setup Requirements

  • ⚠️Requires Ruby 3.4.4 and Bundler.
  • ⚠️Requires API keys (e.g., OPENAI_API_KEY, GEMINI_API_KEY, ANTHROPIC_API_KEY) for LLM integration, which are typically paid services.
  • ⚠️Remote/SSE connection for Claude Desktop requires Node.js and `npx`.
  • ⚠️MCP server configuration for Claude Desktop requires an absolute path for `cwd`.
Review RequiredView Analysis
The server explicitly allows dynamic execution of arbitrary Ruby code (via `class_eval`) provided by users through its web-based playground interface. This constitutes a severe Remote Code Execution (RCE) vulnerability if the application is exposed to untrusted users or if developers paste malicious code. The README warns about this risk, stating 'only run trusted tool source', but the capability itself is fundamentally insecure for general deployment.
Updated: 2025-12-04GitHub
32
2
Medium Cost
pachipalabharath icon

bb-applescript-mcp-server

by pachipalabharath

Sec7

Enables LLM clients to automate macOS applications using AppleScript, providing predefined tools for Finder and BBEdit, and supporting custom plugin development.

Setup Requirements

  • ⚠️Requires macOS 10.14 or higher.
  • ⚠️Requires Deno 2.5.0+ to be installed.
  • ⚠️Operations require granting macOS Automation permissions to the Deno process (e.g., Terminal, Claude Desktop) to control other applications (e.g., Finder, Mail, BBEdit).
Verified SafeView Analysis
The server includes a `run_script` tool that allows executing arbitrary AppleScript code, which is a significant security risk. However, this tool is disabled by default, and the documentation provides clear warnings about its dangers and instructions for enabling it. Input validation for other tools is implemented using Zod schemas, and AppleScript string interpolation includes escaping to prevent injection. The server relies on macOS's native automation permissions, requiring user consent for application control. If `ENABLE_ARBITRARY_SCRIPTS` is kept `false` (default), the server is reasonably secure for its intended purpose.
Updated: 2026-01-19GitHub
32
2
Low Cost
win8428 icon
Sec7

This server acts as a Model Context Protocol (MCP) interface for SmartLead's cold email marketing automation platform, enabling AI coding tools to manage campaigns, leads, and analytics.

Setup Requirements

  • ⚠️Requires a valid SmartLead API Key (can be obtained from SmartLead account settings).
  • ⚠️Requires Node.js (v20.0.0 or higher) to run `npx` or `npm` commands.
  • ⚠️Requires configuration within a supported AI coding tool (e.g., Claude Desktop, Cursor, Windsurf, Continue.dev, VS Code, Zed) to connect to the MCP server, which the installer attempts to automate.
Verified SafeView Analysis
The server retrieves the API key from environment variables, which is good practice. It implements `zod` for input validation and comprehensive error handling. However, the `apiKey` is sent as a URL query parameter (`api_key`) in `axios` requests, which can lead to exposure in server logs or browser history if not handled carefully, though for a backend server this risk is mitigated. No `eval` or obvious obfuscation found. The installer writes the API key to local configuration files, which is better than hardcoding but still places a secret on the filesystem.
Updated: 2026-01-19GitHub
32
2
Medium Cost
Arya711139 icon

appdog

by Arya711139

Sec6

AppDog generates asynchronous API clients and Model Context Protocol (MCP) servers directly from OpenAPI specifications.

Setup Requirements

  • ⚠️Python 3.10 or higher required.
  • ⚠️Requires network access to fetch remote OpenAPI specifications.
  • ⚠️Requires trust in user-provided OpenAPI specifications, as the system generates and dynamically loads Python code based on these specifications.
Review RequiredView Analysis
The server's core functionality involves generating Python code and dynamically importing it based on user-provided OpenAPI specifications. While `datamodel-code-generator` and Pydantic validation (e.g., for app names to prevent path traversal via `StoreData`) are used, a meticulously crafted malicious OpenAPI specification could potentially exploit vulnerabilities in these tools or the code generation templates. Network fetching of specifications via `httpx` and the `mcp_cli.install` command (allowing arbitrary package installation) also present supply chain and remote code execution risks if untrusted inputs are used. No direct use of `eval` or `exec` was found in the provided code, which is a positive.
Updated: 2025-12-15GitHub
32
1
Low Cost
openocean-finance icon

openocean-mcp

by openocean-finance

Sec9

An MCP server for executing token swaps and fetching blockchain data across multiple decentralized exchanges using OpenOcean's aggregation API.

Setup Requirements

  • ⚠️Requires Node.js (v18 or newer recommended).
  • ⚠️Requires pnpm for installation and recommended `dlx` execution.
Verified SafeView Analysis
The server demonstrates good input validation using `zod` and `viem/utils` for addresses, hashes, and amounts, which mitigates common injection vulnerabilities. It interacts with OpenOcean APIs over HTTPS, relying on standard secure communication. Critically, the `SWAP` tool only builds transaction data; it does not handle private keys or directly sign/execute transactions on-chain, delegating that responsibility to the client, which is a strong security practice. No `eval` or `child_process` usage was found. A hardcoded `referrer` address is present in the `SwapService` but this is not a security vulnerability. The server does not appear to expose any API keys or sensitive credentials through environment variables in the provided code, as the OpenOcean API URLs are hardcoded. If OpenOcean APIs eventually require authentication, this setup would need to be updated to securely handle API keys.
Updated: 2025-12-08GitHub
32
2
Medium Cost
Econyx-ai icon

0g-mcp-server

by Econyx-ai

Sec9

Provides an AI agent with comprehensive documentation and real-time interaction capabilities for the 0G.AI ecosystem, including storage, key-value, and compute network operations.

Setup Requirements

  • ⚠️Requires Bun runtime for installation, building, and execution.
  • ⚠️Requires Git and initial setup of documentation via `git submodule update --init --recursive` followed by `bun run prepare-docs` before documentation tools are fully functional.
  • ⚠️Write operations to the 0G Storage or KV store (`0gStorageUpload`, `0gKvSet`) require an EVM-compatible private key, which must be provided via the `OG_PRIVATE_KEY` environment variable or as a tool parameter.
Verified SafeView Analysis
The server's code does not contain 'eval' or malicious obfuscation. Path traversal protection is implemented for documentation access (`src/tools/docs.ts`). It correctly handles sensitive information like private keys by requiring them through environment variables (`OG_PRIVATE_KEY`) or explicit tool parameters, rather than hardcoding. This is standard practice for blockchain interaction but means users must securely manage their private keys externally. All network calls are to legitimate 0G.AI infrastructure. Error logging writes to a designated cache directory in the user's home.
Updated: 2025-12-10GitHub
PreviousPage 180 of 713Next