Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Medium Cost
stackrox icon

stackrox-mcp

by stackrox

Sec9

Provides AI assistants with programmatic access to StackRox for security and vulnerability insights via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires an existing StackRox Central instance to connect to (URL must be configured).
  • ⚠️At least one tool (Vulnerability Management or Configuration Management) must be explicitly enabled in the configuration.
  • ⚠️For `stdio` server transport, `central.auth_type` must be `static` (requiring `central.api_token`), which is incompatible with `passthrough` authentication.
Verified SafeView Analysis
The server demonstrates a high security posture, especially in its Kubernetes deployment via Helm charts. It enforces `runAsNonRoot: true`, `readOnlyRootFilesystem: true`, `allowPrivilegeEscalation: false`, and drops all capabilities by default. Sensitive configurations like `central.api_token` are redacted in logs. The primary configurable risk is the `insecure_skip_tls_verify` option for connecting to StackRox Central, which is explicitly warned as 'for testing only'. Input validation is performed for tool parameters.
Updated: 2026-01-16GitHub
30
1
Medium Cost
gaddobenedetti icon

mcp_email

by gaddobenedetti

Sec8

Adds email functionality (POP3 and SMTP) to an AI agent for sending and receiving emails.

Setup Requirements

  • ⚠️Requires an existing email account with POP3 and SMTP access.
  • ⚠️Requires POP3 and SMTP server addresses and ports.
  • ⚠️Python 3.13 or newer is required as per `pyproject.toml`.
  • ⚠️Requires the absolute path to the server directory in the MCP configuration.
Verified SafeView Analysis
Credentials are securely loaded from environment variables. However, the manual construction of email headers in the `sendEmail` helper function (using string concatenation for `fromAddress`, `toAddresses`, and `subject`) could potentially be vulnerable to header injection if the AI agent provides malformed inputs containing newline characters. Relying on standard email libraries' `MIMEMultipart` or `MIMEText` structures instead of raw string concatenation would improve robustness against such crafted inputs.
Updated: 2025-11-27GitHub
30
1
Medium Cost
mpress001 icon
Sec9

Enables Claude Desktop to access and interact with Hacker News content, including fetching stories and comments.

Setup Requirements

  • ⚠️Requires Node.js installed locally.
  • ⚠️Requires TypeScript compilation (`npm run build`) before running the server if not using the 'start' script which relies on built files.
  • ⚠️Requires Claude Desktop to be running and configured to communicate with this MCP server via standard I/O.
Verified SafeView Analysis
The server uses standard `axios` for HTTP requests to the public Hacker News API. Input parameters are parsed for numerical IDs and filtered/sanitized (e.g., `cleanText` for HTML stripping) before processing or display, reducing common web vulnerabilities like XSS. No 'eval' or similar dangerous functions are used. Communication with Claude Desktop is via `StdioServerTransport`, which is generally secure as it operates over standard I/O rather than opening network ports directly, thus minimizing network attack surface for the MCP server itself. No hardcoded credentials were found.
Updated: 2026-01-19GitHub
30
1
Low Cost
syou6162 icon

termfeed

by syou6162

Sec8

A Model Context Protocol (MCP) server that exposes RSS feed data and article details from a terminal-based RSS reader to LLM agents.

Setup Requirements

  • ⚠️Requires Node.js runtime environment to run.
  • ⚠️Database is SQLite, defaulting to `~/.local/share/termfeed/termfeed.db` or specified by `TERMFEED_DB` environment variable.
  • ⚠️An LLM agent capable of interacting with Model Context Protocol (MCP) is required to utilize this server's exposed capabilities.
Verified SafeView Analysis
The server uses `child_process.spawn` to open URLs in a browser, which is a common potential attack vector. While the implementation includes URL validation (`validateUrl`) and uses standard, relatively safe commands (`open -g`, `cmd /c start /min`, `xdg-open`) with `stdio: 'ignore', detached: true` options to prevent direct shell injection, a highly crafted malicious URL could potentially exploit vulnerabilities in the target browser or OS's URL handler. No direct `eval` or obvious hardcoded secrets were found. User input to tools is schema-validated (`zod`).
Updated: 2026-01-17GitHub
30
1
Medium Cost
AojdevStudio icon

microsoft-mcp

by AojdevStudio

Sec9

A comprehensive AI assistant toolkit for managing Microsoft 365 services including Outlook emails, Calendar events, OneDrive files, and Contacts.

Setup Requirements

  • ⚠️Requires MICROSOFT_MCP_CLIENT_ID environment variable set to an Azure App Registration ID.
  • ⚠️Requires Azure App Registration with specific delegated permissions (Mail.ReadWrite, Mail.Send, Calendars.ReadWrite, Files.ReadWrite, Contacts.Read, People.Read, User.Read).
  • ⚠️Initial authentication involves a multi-step device flow requiring user interaction to visit a URL and enter a code.
  • ⚠️Requires Python with `uv` for dependency management and execution.
Verified SafeView Analysis
The server uses `os.getenv` for sensitive IDs (MICROSOFT_MCP_CLIENT_ID), stores tokens securely in a local cache (`~/.microsoft_mcp_token_cache.json`) via MSAL, and handles authentication via device flow. Input validation is implemented using Pydantic and custom validators (`email_params.py`, `validators.py`). HTML content is escaped using `html.escape` to prevent XSS. CSS inlining uses `xml.etree.ElementTree` and regex, not `eval` or `exec`. `ast.literal_eval` is used for internal flow cache from MSAL, which is generally safer than direct `eval` and is used on controlled data. Overall, the codebase demonstrates good security practices for an application interacting with a third-party API.
Updated: 2025-12-05GitHub
30
1
High Cost
iteam1 icon
Sec4

This server provides tools to interact with a Weaviate vector database, enabling semantic, keyword, and hybrid search functionalities for Q&A and information retrieval within an agentic application context.

Setup Requirements

  • ⚠️Requires a running Weaviate database instance (Docker is recommended via `docker-compose.yml`).
  • ⚠️Requires an OpenAI API Key for embedding and potentially generative features within Weaviate, which is a paid service.
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Requires `uv` package manager.
  • ⚠️Requires manual initialization of the Weaviate database with data (e.g., using `misc/load_and_embed_data.py`).
Review RequiredView Analysis
The provided `docker-compose.yml` explicitly sets `AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'true'` for the Weaviate instance. This is a critical security vulnerability as it allows unauthenticated access to the database, potentially leading to data exposure and unauthorized modifications if deployed in a non-isolated environment. While convenient for local development, it poses a significant risk for production use without changes. OpenAI API keys are handled via environment variables, which is a good practice.
Updated: 2025-12-01GitHub
30
1
Low Cost
hyperpolymath icon

poly-mcps

by hyperpolymath

Sec8

Provides a unified interface for managing various developer tools and infrastructure services across multiple domains through a single Model Context Protocol (MCP) server ecosystem.

Setup Requirements

  • ⚠️Requires Deno runtime to be installed for local agent mode.
  • ⚠️Many MCPs rely on locally installed and configured CLI tools (e.g., `kubectl`, `aws`, `docker`, `gh`) which must be present and authenticated.
  • ⚠️Requires local credentials or tokens for integrated services (databases, cloud providers, Git forges), which are then used by the MCPs.
Verified SafeView Analysis
The project demonstrates a strong commitment to security through its comprehensive `SECURITY.md` file. It outlines a clear vulnerability reporting process (preferring GitHub Security Advisories or encrypted email), detailed response timelines, a coordinated disclosure policy, and a 'safe harbor' for good-faith researchers. The policy clearly defines what is in-scope and out-of-scope, and lists qualifying and non-qualifying vulnerabilities. It also provides explicit security best practices for contributors and users. Critically, the README explicitly warns about 'CLI-wrapping MCPs' (e.g., poly-k8s, poly-cloud, poly-git, poly-container) executing commands with the user's local credentials, stating that the MCP client can perform any action the user can perform with those tools. This is an inherent design characteristic, not a vulnerability, but it places a significant operational security burden on the user. Recommendations are provided to mitigate this risk (minimal-permission credentials, separate config profiles, reviewing tool calls). Without access to the specific source code of each sub-project (e.g., `poly-db-mcp`, `poly-k8s-mcp`), a deep code-level audit for patterns like 'eval', obfuscation, hardcoded secrets, or malicious patterns cannot be performed. However, the project's robust security policy and transparent disclosure of design-level security considerations are highly commendable, justifying a strong score for its overall security posture and transparency.
Updated: 2026-01-17GitHub
30
1
Medium Cost
Dhi13man icon

oorep-mcp

by Dhi13man

Sec9

Provides AI assistants access to a comprehensive homeopathic repertory and materia medica database, enabling structured symptom analysis and remedy information retrieval.

Setup Requirements

  • ⚠️Requires network access to the OOREP API (default: https://www.oorep.com).
  • ⚠️Requires integration with a compatible AI assistant or SDK (e.g., Claude Desktop, OpenAI, Vercel AI SDK, LangChain, Google Gemini) to utilize its functionality.
Verified SafeView Analysis
Input arguments are strictly validated using Zod schemas and additional custom validators (e.g., for symptom length, invalid characters). Error messages are sanitized to prevent internal server details from leaking to the client. Network requests include a 'User-Agent' and optionally an 'X-Remote-User' header for identification, assuming proper backend security on the OOREP API itself. No usage of `eval` or other highly dangerous patterns was found.
Updated: 2026-01-19GitHub
30
1
Medium Cost
rockfordlhotka icon

calendar-mcp

by rockfordlhotka

Sec6

A unified Model Context Protocol (MCP) server that enables AI assistants to access multiple email and calendar accounts simultaneously across Microsoft 365, Outlook.com, and Google Workspace.

Setup Requirements

  • ⚠️Requires Azure AD App Registrations for Microsoft accounts (M365/Outlook.com).
  • ⚠️Requires Google Cloud Project setup with OAuth 2.0 Credentials for Google accounts.
  • ⚠️Requires a local Ollama instance running if using the default local LLM for smart routing.
  • ⚠️Google account client secrets are stored in plaintext in the `appsettings.json` file if not overridden by environment variables, posing a security risk if the file is compromised.
Verified SafeView Analysis
The project is open source and auditable. No 'eval' or obfuscation is present. Authentication for Microsoft accounts (M365, Outlook.com) uses MSAL with OS-level encrypted token storage (DPAPI on Windows, Keychain on macOS). However, Google account tokens are stored in plaintext JSON files locally, although restricted by file permissions, which is explicitly noted as a known limitation and a future enhancement for encryption. Google client secrets are explicitly shown in `appsettings.json` examples and are requested via the CLI, despite documentation strongly recommending against storing secrets in configuration files and advising the use of environment variables instead. This creates a potential for user error if `appsettings.json` is not adequately secured or accidentally committed to source control (though `.gitignore` should prevent this for development files). No obvious malicious network risks or patterns were found.
Updated: 2026-01-14GitHub
30
1
Medium Cost
dougborg icon
Sec8

Provides a Model Context Protocol (MCP) server for AI assistants to interact with the Katana Manufacturing ERP API, offering resilient and type-safe access to ERP data and operations.

Setup Requirements

  • ⚠️Requires `uv` package manager for dependency management.
  • ⚠️Requires Python 3.11+ for the MCP server.
  • ⚠️Requires `KATANA_API_KEY` environment variable, likely from a paid Katana ERP subscription.
  • ⚠️Redocly validation (part of client regeneration script) requires Node.js and npx.
Verified SafeView Analysis
The project appears to prioritize security by handling API keys via environment variables or .netrc and includes a `filter_sensitive_data` processor for logging. Dynamic code patching is used internally within `fastmcp` for advanced functionality, which is not inherently malicious but requires careful review. Documentation generation scripts fetch and parse external HTML, which could be a vector for supply chain attacks if the external source is compromised, but this is a development-time risk, not a runtime risk for the server. No 'eval' or blatant malicious patterns were found in the provided code snippets for the server's runtime.
Updated: 2026-01-16GitHub
30
1
High Cost
ChrisGVE icon
Sec9

A semantic workspace platform that provides project-scoped vector database operations through a Model Context Protocol (MCP) server, backed by a high-performance Rust daemon for file watching, processing, and ingestion. It enables LLM agents to naturally interact with project knowledge through conversational memory and hybrid semantic search.

Setup Requirements

  • ⚠️Requires a running Qdrant vector database instance.
  • ⚠️Docker is highly recommended for easy setup and management of the Qdrant instance.
  • ⚠️A Rust toolchain is required for building and compiling the high-performance daemon component.
  • ⚠️Python 3.8+ is needed for the Python-based server and CLI, managed by 'uv'.
  • ⚠️Git is integral for project detection, branch-aware indexing, and contextual metadata enrichment.
Verified SafeView Analysis
The system demonstrates strong architectural security principles, notably 'Daemon-Only Writes' to Qdrant (First Principle 10), which centralizes data modification through a trusted Rust component and prevents direct writes from potentially less secure LLM agents or the Python MCP server. Sensitive data handling includes log sanitization (e.g., API keys, passwords) and binary validation for CLI-managed executables. TLS for gRPC communication is 'infrastructure ready' but not explicitly marked as deployed, posing a potential risk in untrusted network environments if not otherwise secured. Configuration is managed using environment variables, avoiding hardcoded secrets.
Updated: 2026-01-19GitHub
30
1
Medium Cost
jsboige icon
Sec9

Manage and monitor GitHub Projects, Repositories, Issues, and GitHub Actions workflows programmatically, providing an interface for automation and integration with tools like VSCode Roo.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) with `repo` and `project` scopes, which must be correctly configured in the `.env` file or `mcp_settings.json` (incorrect setup can lead to API rate limit errors).
  • ⚠️Requires Node.js (version 14 or higher) to be installed.
  • ⚠️Multiple ways to configure GitHub accounts (indexed, JSON string, single token) which, while flexible, can be a point of friction if misunderstood.
Verified SafeView Analysis
The server uses environment variables (e.g., GITHUB_PAT, GITHUB_TOKEN) for authentication, which is a good practice. It explicitly implements read-only mode (GITHUB_PROJECTS_READ_ONLY) and repository access control (GITHUB_PROJECTS_ALLOWED_REPOS), enhancing security. Direct GitHub API calls are made using official Octokit SDKs. There is no direct `eval` or shell execution without proper sanitization visible. Potential for complex regex in input parsing, while low risk for typical usage, means meticulous input validation is crucial.
Updated: 2026-01-18GitHub
PreviousPage 195 of 713Next