Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
amandio-vaz icon

start

by amandio-vaz

Sec10

Building intelligent applications with autonomous AI agents utilizing Model Context Protocol (MCP) servers, integrating modern infrastructure, observability, and AI/ML technologies.

Setup Requirements

  • ⚠️While no direct MCP Server code is provided, the architectural descriptions suggest complex deployments. Expected requirements for a system utilizing an MCP Server include: Docker/Kubernetes for containerization and orchestration, multiple backend services (e.g., Redis, MongoDB, PostgreSQL, TimescaleDB, ClickHouse, Vector Databases like Milvus/Qdrant), and API keys for various Large Language Models (LLMs) such as OpenAI, Gemini, Anthropic, or Mistral for AI agent functionalities.
  • ⚠️Requires significant expertise in modern infrastructure, DevOps, and AI engineering practices to set up and maintain the described ecosystem.
  • ⚠️Potential high operational costs due to extensive use of LLMs, vector databases, and advanced observability stacks.
Verified SafeView Analysis
The provided 'SOURCE CODE' consists solely of README files describing a technical library and the author's expertise. It does not contain executable code for an MCP Server, thus direct code-level security analysis (e.g., 'eval', obfuscation, hardcoded secrets) cannot be performed on the server itself. The descriptions imply complex systems involving LLMs and various backend services, which would require robust security practices for API key management, data privacy, and secure communication channels in a real deployment.
Updated: 2025-12-10GitHub
30
1
Low Cost
ry-ops icon
Sec9

Provides AI assistants with programmatic access to Talos Linux clusters for autonomous infrastructure management.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires 'uv' package manager for dependency management and execution.
  • ⚠️Requires a valid 'talosconfig' file with access to a Talos Linux cluster.
Verified SafeView Analysis
The server correctly handles Talos configuration, including secure loading of base64-encoded certificates and keys for gRPC TLS communication. Credentials are not logged or cached to disk. Communication with the AI assistant occurs over standard I/O (stdio), avoiding direct network exposure. A potential vulnerability exists if client certificates are not provided, as it falls back to an insecure gRPC channel with a warning, but this is intended for development/testing.
Updated: 2025-12-10GitHub
30
1
Medium Cost
dragonejt icon

iceberg-mcp-server

by dragonejt

Sec6

Provides an MCP (Model-Client Protocol) server for Apache Iceberg, enabling agents to programmatically read, query, and manipulate data within Iceberg catalogs using Python and SQL.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires Apache Iceberg catalog configuration (via .pyiceberg.yaml or environment variables) to connect to a data catalog.
  • ⚠️Optimal installation and execution leverage the `uv` package manager.
Verified SafeView Analysis
The server's `sql_query` tool directly executes user-provided SQL queries via DuckDB. While marked with `destructiveHint=True` for agent awareness, this capability inherently carries SQL injection risks if the agent's input is not thoroughly sanitized or if the server is exposed to untrusted sources. Credentials for connecting to Iceberg catalogs (e.g., tokens, access keys) are sourced from environment variables or configuration files, which is standard but requires secure management in deployment. No hardcoded secrets or arbitrary code execution mechanisms (like `eval` or `exec` on unvalidated strings) were found outside of the intended SQL execution.
Updated: 2026-01-19GitHub
30
1
Medium Cost
MP-Tool icon
Sec9

A Model Context Protocol (MCP) server designed to interface AI clients (like Claude Desktop) with Komodo for managing Docker containers, deployments, and application stacks.

Setup Requirements

  • ⚠️Requires Docker Compose for self-hosting.
  • ⚠️Requires an existing Komodo server instance (KOMODO_URL).
  • ⚠️Requires Komodo authentication credentials (either API Key & Secret or Username & Password).
  • ⚠️For Claude Desktop, the server must be run in `stdio` mode.
Verified SafeView Analysis
The server demonstrates a strong commitment to security, implementing robust HTTP middleware for DNS rebinding protection, rate limiting, and strict validation of Accept, Content-Type, and JSON-RPC headers. Log scrubbing (SecretScrubber) is used to redact sensitive information like API keys and JWTs from logs, while InjectionGuard prevents log injection attacks (CWE-117) by sanitizing control characters and ANSI escape sequences. Authentication credentials for the Komodo backend are exclusively managed via environment variables, eliminating hardcoded secrets. No 'eval' or similar dangerous patterns are present.
Updated: 2026-01-19GitHub
30
1
Medium Cost
aself101 icon

mcp-security

by aself101

Sec9

Provides NBA statistics, live scores, and player/team data from public APIs.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0
  • ⚠️Requires manual `npm run build` after `npm install` before running (standard for TypeScript projects)
Verified SafeView Analysis
The server leverages the `mcp-security` framework, which implements a 5-layer defense-in-depth model against various injection attacks, path traversal, SSRF, deserialization, XSS, and more. This specific NBA server is read-only and requires no authentication, further reducing its attack surface. While the broader framework's test server includes an `eval`-like `Function` for a calculator demonstration, it is explicitly sanitized and not present in this NBA server's domain-specific logic. The overall design prioritizes security, with built-in rate limiting and side effect declarations for network calls.
Updated: 2025-12-15GitHub
30
1
Medium Cost
medatarun icon

medatarun

by medatarun

Sec9

A platform for creating, managing, and versioning living domain models (entities, relationships, attributes, types, tags, documentation) to align business, development, operations, data governance, security, and AI agents. It acts as a single source of truth for domain semantics and enables model-level automation.

Setup Requirements

  • ⚠️Requires Java Development Kit (JDK) for the backend.
  • ⚠️Requires pnpm for Node.js package management for the UI.
  • ⚠️The backend server and UI development server run separately, requiring multiple commands.
  • ⚠️The MEDATARUN_HOME environment variable must be set correctly to specify the application data directory.
  • ⚠️The first run requires an initial admin bootstrap process, consuming a one-time secret (either auto-generated and logged, or pre-configured).
Verified SafeView Analysis
The project demonstrates robust security practices, including OIDC/JWT authentication with PKCE, strong password hashing (PBKDF2 with high iterations), and secure key management for JWT signing. It supports external OIDC providers and includes comprehensive input validation for user-defined fields like usernames and full names. Database interactions use prepared statements, mitigating SQL injection risks. The system is designed with role-based access control (Admin, Signed-in, Public). Potential minor risks arise from external OIDC configuration and dependencies, but core security mechanisms are sound.
Updated: 2026-01-19GitHub
30
2
High Cost
tjackiet icon
Sec9

This MCP server facilitates cryptocurrency market analysis using public bitbank API data, providing optimized analysis tools and visualizations for LLMs like Claude.

Setup Requirements

  • ⚠️Node.js 18+ is required; Docker is optional.
  • ⚠️Manual configuration in Claude Desktop's `claude_desktop_config.json` is needed, requiring replacement of absolute paths.
  • ⚠️macOS users may encounter permission issues if the project is placed in the Desktop folder; placement in the home directory is recommended.
Verified SafeView Analysis
The server primarily interacts with the public bitbank API for data fetching and performs local computations for analysis and SVG rendering. File system access is restricted to logging and saving generated SVG charts (configurable to `/mnt/user-data/outputs` or a local `assets` directory), which is justified by the application's functionality. There are no direct `eval` calls or unconstrained shell command executions. The optional HTTP transport respects `ALLOWED_HOSTS` and `ALLOWED_ORIGINS` for basic network security.
Updated: 2026-01-09GitHub
30
1
Low Cost
CyberBrown icon

orchestra

by CyberBrown

Sec4

Orchestra is a desktop application designed to provide a user-friendly interface for managing Claude Code MCP server configurations, eliminating the need for manual JSON file editing.

Setup Requirements

  • ⚠️Requires Node.js and a package manager (pnpm, npm, or yarn) for development and building.
  • ⚠️The application is an Electron desktop app, requiring native build processes for distribution (macOS, Windows, Linux).
  • ⚠️Toggle and edit functionalities are marked as 'coming soon!' in the UI code, indicating incomplete features.
Review RequiredView Analysis
The application uses Electron with good security practices like contextIsolation and nodeIntegration: false, limiting direct Node.js access from the renderer. However, it exposes IPC handlers that allow the renderer process to perform file system operations (read, write, add, remove, update, backup) on arbitrary file paths provided by the renderer. There is no explicit validation in the main process's IPC handlers to restrict `filePath` arguments to only the known configuration file locations (e.g., `~/.claude.json`, `.mcp.json`). This lack of path validation creates a local file system manipulation vulnerability, meaning a compromised renderer could read, write, or delete files anywhere the user has permissions, leading to data exfiltration, corruption, or potential further code execution by modifying sensitive system files.
Updated: 2025-12-10GitHub
30
1
Medium Cost
coladapo icon

purmemo-mcp

by coladapo

Sec9

A cross-platform AI conversation memory server enabling saving and recalling conversations across various MCP-compatible AI tools and IDEs like Claude Desktop, Cursor, and Windsurf.

Setup Requirements

  • ⚠️Requires a pūrmemo API key, which needs to be obtained by signing up for an account at app.purmemo.ai.
  • ⚠️OAuth authentication is currently stated as unavailable in the setup script, forcing API key usage.
  • ⚠️Requires Node.js version 18 or higher to run.
Verified SafeView Analysis
The project demonstrates robust security practices, including: usage of HTTPS for all API communications; tokens stored encrypted with restrictive file permissions and a machine-specific key derivation; OAuth 2.1 with PKCE (though currently disabled as a fallback to API keys); and secure command execution (`execFile` instead of `exec`) to prevent injection. No use of `eval` or obfuscation was found. The primary authentication is via an API key, which is expected to be managed as an environment variable, preventing hardcoded secrets. The local OAuth callback server runs on HTTP, but this is a standard and safe practice for PKCE flows confined to localhost.
Updated: 2025-11-25GitHub
30
1
Medium Cost
nwthomas icon
Sec9

Integrate Oura Ring health data with LLMs via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires manual OAuth2 setup with Oura Ring Developer Applications Dashboard to obtain CLIENT_ID, CLIENT_SECRET, and a one-time USER_CODE.
  • ⚠️Requires `uv` package manager and Python 3.14.0, which the setup recommends managing via `pyenv`.
  • ⚠️If the `tokens.json` file is deleted, the full manual OAuth2 setup must be repeated as Oura Ring user codes are single-use.
Verified SafeView Analysis
Secrets (client ID, client secret, user code) are loaded from environment variables using `python-dotenv`, preventing hardcoding. OAuth2 is implemented for authentication, including automatic token refresh, enhancing security over Personal Access Tokens. Access and refresh tokens are stored locally in `tokens.json`, which is explicitly git-ignored to prevent accidental exposure. No `eval` or obvious obfuscation is present. The server communicates via standard I/O (stdio), limiting direct network exposure for local LLM integration.
Updated: 2025-12-09GitHub
30
1
Low Cost
teemow icon

inboxfewer

by teemow

Sec9

Provides AI assistants with programmatic access to Google productivity services (Gmail, Docs, Drive, Calendar, Meet, Tasks).

Setup Requirements

  • ⚠️Google OAuth Client ID & Secret: Critical for `streamable-http` transport (OAuth proxy mode). Must be obtained from Google Cloud Console and securely provided via Kubernetes secrets or environment variables.
  • ⚠️Public Base URL: For any deployed instance using HTTP transport, the `MCP_BASE_URL` environment variable (or `--base-url` flag) *must* be correctly configured to the publicly accessible URL of the server for OAuth callbacks.
  • ⚠️Persistent OAuth Token Storage: By default, OAuth tokens are ephemeral (lost on pod restart). For production, a `PersistentVolumeClaim` or a Valkey (Redis-compatible) instance is required for token persistence and horizontal scaling.
  • ⚠️"--yolo" Flag for Write Operations: The server defaults to a read-only "safety mode". Write operations (e.g., sending emails, deleting files) require explicitly enabling the `--yolo` flag.
Verified SafeView Analysis
The project demonstrates a strong security posture. It adheres to Kubernetes Pod Security Standards (Restricted), defaults to `runAsNonRoot`, drops all capabilities, and uses a read-only root filesystem. Secrets management emphasizes using Kubernetes Secrets or external managers, with explicit warnings against unsafe practices. The OAuth proxy architecture prevents AI assistants from directly handling sensitive tokens. Instrumentation features include security warnings for insecure OTLP endpoints. The `mcp-oauth` library implements robust OAuth 2.1 hardening (PKCE, refresh token rotation, authenticated client registration, rate limiting) with secure defaults and verbose logging for potential misconfigurations. Comprehensive security documentation is provided.
Updated: 2026-01-18GitHub
30
1
Medium Cost
opencore-x icon

openotes

by opencore-x

Sec9

Provides Claude (or other AI agents) with tools to read, search, write, and organize markdown notes in a local vault.

Setup Requirements

  • ⚠️VAULT_PATH environment variable is required and must point to an accessible directory containing markdown files.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️For remote access (e.g., Claude.ai web/mobile), Cloudflare Tunnel and Cloudflare Access setup is necessary, adding network configuration complexity.
Verified SafeView Analysis
The server implements robust path validation in `src/core/paths.ts` to prevent directory traversal, absolute path access, and symlink escapes, sandboxing all file operations to the configured `VAULT_PATH`. Null bytes in paths are also explicitly rejected. No 'eval' or obvious malicious patterns were found. The README recommends Cloudflare Tunnel and Cloudflare Access for secure remote access, acknowledging the need for careful network exposure, which is an appropriate security recommendation rather than a vulnerability of the server itself. Local operation binds to 127.0.0.1 by default.
Updated: 2026-01-19GitHub
PreviousPage 197 of 713Next