Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
vargaseous icon

sec_mcptest

by vargaseous

Sec9

Demonstrates an MCP (Model Context Protocol) server to enable LLM clients (like Claude Desktop and LM Studio) to control a Streamlit dashboard that explores Singapore health facilities data.

Setup Requirements

  • ⚠️Requires Redis server to be installed and running (locally or via Docker for Windows).
  • ⚠️Requires manually starting three separate services (FastAPI, Streamlit, and the MCP server) in distinct terminal windows for full functionality.
  • ⚠️Relies on the 'uv' package manager for dependency installation and running services, which must be installed separately.
Verified SafeView Analysis
The system primarily operates on localhost, with communication between components (Streamlit, FastAPI, Redis, MCP server) occurring locally. Input validation is implemented using Pydantic for API endpoints and explicit checks in MCP tools for facility classes. No 'eval' or similar dangerous functions are used. No hardcoded sensitive secrets are present. The primary security consideration for a non-demonstration setup would be securing the Redis instance, as it lacks authentication in this configuration, but for a local demo, this is acceptable.
Updated: 2026-01-17GitHub
30
1
Low Cost
my-mcp-hub icon

computer-mcp-server

by my-mcp-hub

Sec1

Provides tools for local computer interaction, including data retrieval, macOS application management, and simple text processing for Model Context Protocol (MCP) compatible applications.

Setup Requirements

  • ⚠️Requires Node.js and npm/npx to run.
  • ⚠️macOS-specific tools (`MacOs Open App`, `Find In App`, `Input Message`) are only functional on macOS.
  • ⚠️Requires integration with an MCP-compatible desktop application using the provided JSON configuration.
Review RequiredView Analysis
The `registerMacOs` tool in `src/tools/registerMacOs.ts` uses `child_process.exec` to run `osascript` commands. Crucially, user-provided inputs like `appName`, `appPath`, `keyword`, and `message` are directly interpolated into the shell commands without proper sanitization. This creates a critical command injection vulnerability, allowing a malicious client to execute arbitrary commands on the host system with the privileges of the user running the MCP server.
Updated: 2026-01-19GitHub
30
1
Medium Cost
jch1887 icon
Sec7

Execute and manage Artillery load tests and performance regression detection via an MCP-compatible client.

Setup Requirements

  • ⚠️Requires Node.js 18+ runtime.
  • ⚠️Requires Artillery CLI to be installed and available in system PATH (or specified via `ARTILLERY_BIN`).
Verified SafeView Analysis
The server implements strong path sanitization for test files and config names, preventing directory traversal and malicious filenames. Input validation for tool arguments is robust using Zod schemas. However, the `ARTILLERY_BIN` environment variable, if set, directly specifies the Artillery executable path without specific validation that it's the official Artillery CLI, potentially allowing a compromised client to execute an arbitrary binary. All file I/O operations are contained within the `ARTILLERY_WORKDIR` to limit impact.
Updated: 2025-12-10GitHub
30
1
Low Cost
Knuckles-Team icon

container-manager-mcp

by Knuckles-Team

Sec4

Provides a universal API and AI agent interface for managing Docker and Podman containers, networks, volumes, and Docker Swarm services remotely.

Setup Requirements

  • ⚠️Requires Docker or Podman to be installed and running on the host.
  • ⚠️Default authentication type ('none') is highly insecure for remote or production deployments; requires careful configuration of JWT, OAuth, or OIDC.
  • ⚠️Running the server with Docker Compose (as per example) involves mounting '/var/run/docker.sock', granting the container root-level access to the host's Docker daemon, which is a significant security implication.
  • ⚠️If using the A2A agent, an LLM provider (e.g., OpenAI, Ollama) must be configured, potentially requiring API keys or a locally running LLM server.
Review RequiredView Analysis
The server binds to '0.0.0.0' by default, and 'AUTH_TYPE=none' is the default authentication, making it publicly accessible and highly vulnerable if deployed without proper configuration. Direct access to Docker/Podman daemon sockets ('/var/run/docker.sock') grants root-level control over the host's container runtime. While various authentication methods (JWT, OAuth, OIDC) are available, they require careful configuration. The 'static' auth type contains hardcoded test tokens that should never be used in production. OIDC token delegation, if misconfigured, could lead to privilege escalation. The 'container-manager-agent' communicates with the MCP server via HTTP, which is unencrypted unless an external proxy is used.
Updated: 2026-01-19GitHub
30
1
Medium Cost
cembryonix icon

cbx-mcp-server-k8s

by cembryonix

Sec9

An MCP server enabling AI agents to interact with Kubernetes clusters and related cloud services via CLI tools like kubectl, helm, and argocd, with integrated security guardrails and session management.

Setup Requirements

  • ⚠️Requires `kubectl` and `helm` CLI tools to be installed and configured for basic functionality; `argocd` is optional.
  • ⚠️For production deployments, a Redis instance is highly recommended for session persistence and event store resumability to support multi-pod deployments and client reconnection.
  • ⚠️Proper Kubernetes cluster access configuration (kubeconfig, argocd config) must be provided, typically via mounted volumes or secrets.
Verified SafeView Analysis
The server features a robust, multi-layered security validation system (`CommandValidator`) that parses commands, checks against dangerous patterns, enforces safe overrides, and applies regex rules. It defaults to 'strict' mode, blocking potentially destructive operations (e.g., '--all-namespaces' with delete, operations in 'kube-system'). Command execution uses `subprocess.create_subprocess_exec` with `shlex.split`, which is safer than direct shell execution for arbitrary input. Minor concern: direct `kubectl` calls for read-only resource introspection (`k8s://cluster/context`, `k8s://cluster/namespaces`, etc.) bypass the main `CommandRunner`'s validation, but these operations are hardcoded and inherently low-risk. No 'eval' or malicious obfuscation found. Hardcoded secrets are avoided; configuration relies on environment variables or mounted Kubernetes secrets.
Updated: 2026-01-11GitHub
30
1
Low Cost
chirag127 icon
Sec9

Provides an AI-enabled Model Context Protocol (MCP) API for delivering precise, locale-aware date and time data across timezones to AI agents.

Setup Requirements

  • ⚠️Requires Node.js 18+ with ES module (ESM) support.
  • ⚠️Relies on the Model Context Protocol (MCP) SDK for integration, implying a need for an MCP-compatible runtime environment.
Verified SafeView Analysis
The server implements robust input validation using Zod and Luxon for date/time operations. It utilizes a StdioServerTransport for communication, which processes inputs via standard I/O streams, inherently reducing direct network attack surface from this specific service. No instances of `eval`, code obfuscation, or hardcoded secrets were identified in the provided source code.
Updated: 2026-01-18GitHub
30
1
Low Cost
ry-ops icon
Sec8

The server enables AI assistants to programmatically manage Talos Linux clusters for autonomous infrastructure operations.

Setup Requirements

  • ⚠️Python 3.11 or higher is required.
  • ⚠️The `uv` package manager is required for dependency management and running the server, though a setup script attempts to install it.
  • ⚠️The `talos_client.py` currently uses mock data for all Talos API interactions, meaning it simulates responses rather than communicating with an actual Talos Linux cluster.
Verified SafeView Analysis
The `talos_client.py` implementation currently uses mock data for all Talos API calls (e.g., `get_version`, `list_containers`, `get_system_stats`, `reboot_node`, etc.). It does not make actual gRPC calls to a Talos Linux cluster. This is a critical functional limitation and a misrepresentation of the 'Full Talos API Integration' feature advertised, as the server cannot genuinely interact with a Talos cluster as provided. However, the design and configuration handling (e.g., parsing base64 certificates for TLS, requiring `talosconfig`) follow good security practices for when real API calls are implemented. No malicious patterns like `eval` or direct hardcoded secrets were found.
Updated: 2025-12-10GitHub
30
1
Medium Cost
EcuaByte-lat icon

Cortex

by EcuaByte-lat

Sec9

Provides a persistent, privacy-first context layer for AI coding agents to store, retrieve, and intelligently route project-specific memories and knowledge across sessions and tools.

Setup Requirements

  • ⚠️Requires Bun runtime (version >= 1.0) to be installed.
  • ⚠️AI-powered features (semantic search, intelligent scanning) require API keys for external providers (e.g., OpenAI, Gemini, Anthropic, Mistral, DeepSeek) or a local Ollama instance running.
  • ⚠️Initial setup may require running `bunx @ecuabyte/cortex-cli setup` or `bunx @ecuabyte/cortex-mcp-server generate-config` for editor-specific integrations (e.g., Cursor, Claude Desktop, JetBrains).
Verified SafeView Analysis
The project demonstrates strong security practices with explicit `ContextGuard` primitive for sensitive data filtering, use of environment variables for API keys (`process.env`), and a defined `SECURITY.md` policy for vulnerability reporting. It also includes cryptographic functions for encryption/decryption of stored data. Network calls are made to external AI providers (Gemini, OpenAI, Anthropic, Ollama, etc.) via HTTPS, which is standard practice. The MCP server primarily uses `stdio` for communication with AI clients, reducing typical network exposure risks.
Updated: 2026-01-14GitHub
30
1
Medium Cost
ghatdev icon

agentide

by ghatdev

Sec9

Provides deep workspace intelligence, RAG, indexing, and workflow management to AI coding agents, enhancing AI-assisted development.

Setup Requirements

  • ⚠️Requires Rust 1.70+ to build.
  • ⚠️Requires `protobuf-compiler` to be installed at build time (e.g., `apt install protobuf-compiler` on Debian/Ubuntu, `brew install protobuf` on macOS).
  • ⚠️External LSP servers (e.g., `rust-analyzer`, `pyright`) are not bundled and must be separately installed and configured for full code intelligence features.
Verified SafeView Analysis
The project is written in Rust, which offers strong memory safety guarantees. It follows a local-first design, with the server binding to `127.0.0.1` by default, minimizing external network exposure. It uses local databases (`SQLite`, `LanceDB`) and a local embedding model (`FastEmbed`). Extensive file system interaction is inherent to its IDE nature, and an AI agent's actions are governed by the permissions granted to the AgentIDE process. There are no obvious hardcoded critical secrets or malicious patterns in the provided source code. `GITHUB_TOKEN` and `HF_TOKEN` can be configured for external services like grammar downloads or HuggingFace models, as is standard practice for secure configuration. The proposed architectural shift to a global single server in the `RECONCILIATION_PLAN.md` could further centralize management and potentially simplify security for multi-repository setups.
Updated: 2025-12-05GitHub
30
1
Medium Cost
simplifier-ag icon

simplifier-mcp

by simplifier-ag

Sec9

Enables AI assistants to interact with the Simplifier Low Code Platform for creating, managing, and executing Connectors, Business Objects, Data Types, Login Methods, and SAP Systems, as well as accessing platform resources.

Setup Requirements

  • ⚠️Requires either SIMPLIFIER_TOKEN (valid session token) or SIMPLIFIER_CREDENTIALS_FILE (JSON with user/pass) to be set, but not both. SIMPLIFIER_TOKEN typically requires daily refresh due to its session-like nature.
  • ⚠️Network connectivity to the configured Simplifier instance is critical; connection failures will halt the MCP server and open a browser-based error page.
Verified SafeView Analysis
The server handles sensitive information (SimplifierToken, credentials file) via environment variables, which is a standard secure practice. It sanitizes SimplifierToken from HTTP request logs. No direct 'eval' or execution of arbitrary user-provided code is apparent. The local error server opening a browser is limited to localhost, mitigating external risks. Authentication tokens require daily refresh, which is a usability concern but not a direct server vulnerability.
Updated: 2026-01-19GitHub
30
1
High Cost
chaorenex1 icon

aduib-mcp-server

by chaorenex1

Sec2

An MCP (Model Context Protocol) server designed to act as an AI agent backend, integrating various tools for web crawling, GitHub data retrieval, and RAG (Retrieval-Augmented Generation) from knowledge bases, exposing these capabilities via APIs.

Setup Requirements

  • ⚠️Playwright Chromium browser and its dependencies must be installed (or system must allow `playwright install` to run).
  • ⚠️Database migrations (`alembic`) need to be run manually on first setup.
  • ⚠️External services like Redis, Nacos, and LLM providers require proper configuration and access (e.g., API keys, network access).
  • ⚠️Playwright's browser cache requires persistent storage (e.g., a volume mount in Docker) to avoid repeated downloads.
Review RequiredView Analysis
A critical security flaw exists where `CRAWLER_API_KEY` is hardcoded as a bcrypt hash in `configs/crawl4ai/__init__.py`. This same hardcoded bcrypt hash is then directly used as an `api_token` for external LLM calls in `configs/crawl4ai/crawl_rule.py` (e.g., in `LLMConfig` and `AdaptiveConfig`). A bcrypt hash is not a valid API token for external services, indicating a severe misconfiguration or direct exposure of sensitive information. This will likely cause LLM authentication to fail, or if somehow misinterpreted by an LLM provider, could lead to a compromise. The system also relies on Playwright for web crawling, which involves downloading and running browser binaries, increasing the supply chain risk and attack surface. While other security measures like API key validation and resource limits are present, this specific misconfiguration is critical.
Updated: 2026-01-14GitHub
30
1
Low Cost
shaowenchen icon

ops-mcp-server

by shaowenchen

Sec6

This server unifies an observability stack (Kubernetes events, Prometheus metrics, Elasticsearch logs, Jaeger traces, SOPS operations) into a single Model Context Protocol (MCP) interface for AI assistants to query and interact with operational data.

Setup Requirements

  • ⚠️Requires external observability stack components: Kubernetes API (for events), Prometheus, Elasticsearch, Jaeger, and a custom 'Ops Server' (for SOPS). None of these are included or simulated.
  • ⚠️Extensive backend configuration is required, typically via environment variables or a 'config.yaml' file, including sensitive API endpoints and authentication tokens/credentials for each enabled module.
  • ⚠️Server-level authentication is disabled by default and must be explicitly configured via 'SERVER_TOKEN' for secure operation.
Review RequiredView Analysis
The MCP server's internal authentication (for '/mcp/sse', '/mcp/message', and '/mcp' endpoints) is disabled by default. It must be explicitly enabled by setting the 'SERVER_TOKEN' environment variable or in the configuration file for production use. Backend service integrations (Prometheus, Elasticsearch, Jaeger, Ops Server) support various authentication methods, but their security posture is dependent on the configured credentials and the security of those external systems. The SOPS module relies on an external 'Ops Server' for procedure execution, shifting command execution risks to that external system. The module code itself does not contain obvious 'eval' or arbitrary code execution vulnerabilities, but the power of the exposed query tools (e.g., arbitrary ES|QL queries) necessitates careful privilege management for backend credentials. The Docker deployment uses 'runAsNonRoot' and specific user/group IDs, which are good security practices for containers.
Updated: 2026-01-18GitHub
PreviousPage 196 of 713Next