Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
kecbigmt icon

mm

by kecbigmt

Sec9

A command-line interface (CLI) tool for personal knowledge management, integrating GTD, Bullet Journal, and Zettelkasten methods to manage notes, tasks, and events as Git-friendly Markdown files.

Setup Requirements

  • ⚠️Requires Deno runtime (v2.x or later) to be installed.
  • ⚠️Requires Git for version control and synchronization features.
  • ⚠️Designed primarily for macOS or Linux environments.
Verified SafeView Analysis
The application is a local CLI tool written in Deno. It heavily uses `Deno.Command` for Git operations (clone, push, pull, diff) and to launch user-configured external editors (`$EDITOR`) and pagers (`$PAGER`). While `Deno.Command` allows arbitrary command execution, its usage is confined to expected CLI functionalities, interacting with user-controlled Git repositories and user-configured tools. No obvious hardcoded secrets or malicious network patterns were found beyond legitimate Git remote interactions. The security relies on Deno's sandboxing (`--allow-read --allow-write --allow-env --allow-run`) and the user's caution with external tool configurations.
Updated: 2026-01-15GitHub
30
1
High Cost
praneethravuri icon

pitstop

by praneethravuri

Sec9

Provides comprehensive Formula 1 data including historical statistics, real-time telemetry, standings, schedules, and news via a Model Context Protocol server.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️For local deployment, requires replacing '/absolute/path/to/pitstop' with the actual repository path in client configuration.
  • ⚠️The 'get_telemetry_data' tool can return a very large number of data points, potentially leading to high token usage if not carefully filtered by the client.
Verified SafeView Analysis
The server uses standard, well-vetted libraries for network operations (httpx, feedparser) and data processing (fastf1, pandas, pydantic). Configuration is handled via environment variables and .env files, preventing hardcoded secrets. No 'eval' or other directly dangerous functions were found. The use of external APIs (OpenF1, Ergast, RSS feeds) is properly encapsulated.
Updated: 2026-01-18GitHub
30
1
Medium Cost
mcp-z icon

server-pdf

by mcp-z

Sec8

Generate PDFs from text or layouts, render PDF pages as images, and measure text before layout, with specialized support for JSON Resume format.

Setup Requirements

  • ⚠️Emoji rendering requires `NotoColorEmoji.ttf` to be present; it's downloaded during `postinstall`. If the download fails, emojis will be skipped in PDFs.
  • ⚠️The `pdf-image` tool uses `pdf-to-png-converter`, which internally relies on native PDF rendering libraries (like Poppler or Ghostscript). While it bundles binaries, platform-specific issues or missing system dependencies can occur.
  • ⚠️Custom font loading via URL requires active network access. If the URL is unreachable or the font download fails, it falls back to a default font (Helvetica).
Verified SafeView Analysis
The server involves filesystem operations (e.g., `pdfPath` in `pdf-image`, `writeFile` for output) and network requests (e.g., `fetch` for custom fonts). The `pdf-to-png-converter` dependency might rely on native system libraries, which could pose a risk if not properly isolated or if vulnerabilities exist in those libraries. `eval` is used internally for dual ESM/CJS loading, which is generally acceptable for bootstrapping. No hardcoded secrets were identified.
Updated: 2026-01-16GitHub
30
1
Low Cost
lornest icon

whoop-mcp

by lornest

Sec9

Provides conversational access to WHOOP fitness and recovery data through an MCP client like Claude.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires manual creation and configuration of a WHOOP OAuth application on their developer dashboard, including setting a redirect URI to `http://localhost:8080/callback`.
  • ⚠️The `bootstrap.py` script starts a local web server (http://localhost:8080) for OAuth callback, which might require firewall adjustments if blocked.
Verified SafeView Analysis
The server employs robust security practices. OAuth 2.0/2.1 compliance is handled by the well-tested `authlib` library. Tokens are stored securely using OS-native keychain (macOS Keychain, Windows Credential Locker, GNOME Keyring/KWallet) or fall back to an encrypted file with strong symmetric encryption (`cryptography.fernet`) and strict file permissions. CSRF protection is implemented in the OAuth bootstrap flow. Client secrets are stored securely and never exposed in runtime environment variables. API requests are centrally handled with comprehensive error handling for authentication, rate limits, and network issues. No 'eval' or other obviously dangerous patterns were found.
Updated: 2025-12-14GitHub
30
1
Medium Cost
hmmroger icon
Sec9

Enables AI assistants to manage Microsoft Outlook calendars and emails via the Microsoft Graph API.

Setup Requirements

  • ⚠️Requires Node.js 20.19.0 or higher.
  • ⚠️Requires manual Azure AD Application registration with specific `Calendars.ReadWrite`, `Mail.Read`, `Mail.Send`, `User.Read` permissions.
  • ⚠️Requires a one-time device code flow authentication via browser to set up initially.
Verified SafeView Analysis
The server securely handles authentication tokens using `@azure/identity` with local persistence. User-provided content for emails/events is sanitized via `DOMPurify` when converted from Markdown to HTML before being sent to Microsoft Graph, mitigating potential XSS. The client ID is not hardcoded and the README provides strong warnings and best practices for creating a dedicated Azure AD application. No 'eval' or malicious obfuscation patterns were found. Communication with the MCP client is over standard I/O (stdio), limiting direct network exposure.
Updated: 2026-01-19GitHub
30
1
High Cost
groupdocs-parser-cloud icon

groupdocs-parser-cloud-mcp

by groupdocs-parser-cloud

Sec8

Provides an MCP server that wraps the GroupDocs.Parser Cloud API to enable AI agents to extract text, images, and barcodes from various document formats and manage cloud storage.

Setup Requirements

  • ⚠️Requires GroupDocs Cloud API credentials (CLIENT_ID, CLIENT_SECRET), which may imply a paid service.
  • ⚠️Requires Python 3.10+.
Verified SafeView Analysis
The `file_upload_local` and `file_download_local` tools allow agents to specify local filesystem paths for uploads/downloads. While useful for local agent execution, this could introduce arbitrary file read/write vulnerabilities if the MCP server is exposed to untrusted external input or deployed in an insecure network configuration without proper access controls, as `local_path` is directly used. Secrets are handled via environment variables.
Updated: 2025-12-14GitHub
30
1
Medium Cost
rezashahnazar icon

digikala-mcp-server

by rezashahnazar

Sec9

Facilitates intelligent product discovery, search, recommendations, and detailed information retrieval on Digikala, a prominent e-commerce platform.

Setup Requirements

  • ⚠️Requires Python 3.14+ (as specified in pyproject.toml, though Python 3.10+ is mentioned in documentation, the pyproject.toml is definitive and implies a pre-release Python version or a typo)
  • ⚠️Requires `uv` package manager for dependency management and execution
Verified SafeView Analysis
The server primarily makes HTTP GET requests to public Digikala APIs. No hardcoded sensitive API keys or credentials are found within the provided source code. HTTP timeouts are configured (30 seconds) to prevent prolonged external connections. There are no 'eval' statements, obfuscation, or direct file system/shell interactions observed. Standard network risks associated with interacting with external APIs apply, but no specific vulnerabilities are apparent.
Updated: 2025-12-03GitHub
30
1
High Cost
yanqinghao icon

mcp-crypto-server

by yanqinghao

Sec8

A high-performance platform for real-time cryptocurrency and stock market data, technical analysis, LLM-powered insights, and news aggregation, primarily for generating trading signals and reports for AI applications.

Setup Requirements

  • ⚠️Requires paid API keys for cryptocurrency exchanges (e.g., Binance), potentially AKShare/yfinance for stock data, and a paid LLM service (e.g., OpenAI API Key).
  • ⚠️Docker and Docker Compose are essential for running the TimescaleDB database and the multi-service architecture.
  • ⚠️Telegram Bot Token and Chat ID are necessary for receiving alerts and signals.
  • ⚠️Requires Python 3.9+ and the 'uv' package manager for local development and dependency management.
Verified SafeView Analysis
Sensitive credentials such as API keys for exchanges and Telegram tokens are correctly loaded from environment variables. There are no direct 'eval' calls or obvious obfuscation. Network access is essential for its functionality (exchanges, Telegram API). The Docker setup exposes standard ports. Overall, good security practices are followed for credential handling.
Updated: 2025-11-24GitHub
30
1
Low Cost
hyperpolymath icon

poly-k8s-mcp

by hyperpolymath

Sec4

Provides a Model Context Protocol (MCP) server for AI assistants to programmatically manage Kubernetes clusters using kubectl, Helm, and Kustomize CLIs.

Setup Requirements

  • ⚠️Requires Deno runtime (v2.0+).
  • ⚠️Requires `kubectl`, `helm` (optional), and `kustomize` (optional) CLIs to be installed and accessible in the system's PATH.
  • ⚠️Requires a valid Kubernetes kubeconfig (`~/.kube/config` or `KUBECONFIG` environment variable) with appropriate cluster access.
  • ⚠️Must be run with Deno's `--allow-run`, `--allow-read`, `--allow-write`, `--allow-env`, and potentially `--allow-net` permissions, granting broad system access.
Review RequiredView Analysis
The server explicitly requires and uses Deno's `--allow-run` permission to execute `kubectl`, `helm`, and `kustomize` CLI tools directly. This means the security boundary is the user's local Kubernetes configuration (`~/.kube/config`) and credentials. An MCP client (e.g., AI assistant) could perform any action the user's configured `kubectl` can. There are no additional authentication or authorization layers provided by the server itself beyond the underlying CLI tools. The `kubectl_apply` tool writes manifest content to `/tmp/kubectl-manifest.yaml` before applying it, which is a common pattern but could pose risks if the server runs in a compromised environment or with over-privileged access. The `kustomize_create` tool writes `kustomization.yaml` files based on input, allowing arbitrary Kustomize configuration to be created. The project's `PROVEN-INTEGRATION.md` indicates future plans for formal verification of resource lifecycles, RBAC, and manifest validation (`SafeSchema`), but these are not currently implemented, meaning input validation against Kubernetes schemas is not enforced by the server itself.
Updated: 2026-01-17GitHub
30
1
Medium Cost
GalacticQuasar icon

nova-llm

by GalacticQuasar

Sec8

A full-stack LLM agent workflow with custom tool calling capabilities and configuration with Model Context Protocol (MCP) servers, supporting multiple Gemini models.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key (paid service) for LLM access.
  • ⚠️Requires Node.js 18+ and npm for both client and server setup.
  • ⚠️Automatically downloads and runs an external MCP server package via `npx` during initialization, requiring internet access and relying on the security of that third-party package.
Verified SafeView Analysis
The server uses environment variables for API keys (GEMINI_API_KEY) and client origin, which is good practice. A rate limit is applied to the streaming endpoint, enhancing protection against abuse. The custom tool calls (`getTime`, `getRandomNumber`) use safe native JavaScript functions, mitigating direct injection risks through their arguments. However, the server automatically executes `npx @modelcontextprotocol/server-sequential-thinking` to connect to an MCP server; while intended, this introduces a dependency on the security of that external package and the `npm` ecosystem during execution.
Updated: 2026-01-17GitHub
30
1
Medium Cost
postmanlabs icon

postman-code-examples

by postmanlabs

Sec9

A CLI tool for searching, navigating, and reading content from a Notion workspace, designed for AI agents.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires creation of a Notion Integration with 'Read content' capabilities via notion.so/my-integrations.
  • ⚠️Notion pages and databases must be explicitly shared with the created integration for the CLI to access them.
  • ⚠️Requires the NOTION_API_KEY environment variable to be set with the integration's secret token.
Verified SafeView Analysis
The CLI securely handles API keys by requiring them to be loaded from environment variables (NOTION_API_KEY), preventing hardcoding. It interacts with the official Notion API endpoints. No 'eval' or obfuscation is present. Standard API interaction patterns are followed, and the code appears straightforward. Minor deduction for not including explicit network request timeouts in the generated fetch clients, which is a common practice for robustness but less critical for a simple demo.
Updated: 2026-01-16GitHub
30
1
High Cost
shawnmcrowley icon

n8n_workflows

by shawnmcrowley

Sec3

This N8N server serves as a collection of production-ready automation workflows, exposing them as tools for AI agents (MCP clients) to enable dynamic, AI-driven automation across various platforms and data sources.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed.
  • ⚠️Requires PostgreSQL with pgvector extension installed and configured.
  • ⚠️Requires N8N account or self-hosted instance (Docker setup handles this).
  • ⚠️Requires API keys for multiple external services (OpenAI, FireCrawl, EODHD, Ahrefs, SEMrush, BuzzSumo, AnswerThePublic, Reddit, Perplexity, OpenWeather, Alpha Vantage) which may be paid services.
  • ⚠️Requires a local Ollama instance running for local LLMs.
  • ⚠️Requires Redis for the dynamic workflow management feature (`build-your-own-n8n-workflows-mcp-server-.json`).
  • ⚠️For RAG chatbot, requires a Google Cloud Project with Vertex AI API enabled and Google AI API Key, and Pinecone account/index named 'company-files'.
  • ⚠️For Microsoft Excel integration, requires Microsoft Azure credentials with Microsoft Graph permissions.
  • ⚠️Many workflows require specific Google Cloud APIs enabled (Drive, Sheets, Gmail).
  • ⚠️Some workflows implicitly require a functional n8n API key (`N8N_API_KEY`) to retrieve workflow definitions.
Review RequiredView Analysis
Critical security risks identified: 1. **Hardcoded Secrets**: Multiple workflow files contain hardcoded API keys (e.g., NYT Article Search, FireCrawl, EODHD, Brave Search). These sensitive credentials are exposed in the source code, posing a significant vulnerability. 2. **Potential XSS in HTML Generation**: Workflows that generate HTML content (e.g., for emails) from dynamic data (e.g., `postgres_api_workflow_with_email-postgres.json`, `url-parsing-and-email-generation-.json`, `firecrawl_webscraping-.json`, `html-newsletter-with-real-time-data-.json`) do not appear to sanitize inputs before embedding them. If malicious content is injected into data sources, it could lead to Cross-Site Scripting (XSS) in email clients or rendered HTML outputs. 3. **Dynamic Workflow Execution**: The `build-your-own-n8n-workflows-mcp-server-.json` workflow allows AI agents to execute other N8N workflows by ID. While attempts are made to manage an 'available' list, this introduces a complex trust boundary. A compromised or maliciously prompted AI agent could potentially execute unintended or harmful workflows, bypassing their `availableInMCP: false` settings. The reliance on `workflowInputs` without strict validation could allow arbitrary parameter injection. 4. **Exposed Admin Interface**: PgAdmin is exposed on `localhost:5050` by default. While not publicly exposed in a standard Docker setup, if the host machine has public access, this becomes a direct attack vector to the PostgreSQL database. 5. **Sensitive Information in Logs**: Depending on the workflow execution and error handling, sensitive data or API responses might be inadvertently logged.
Updated: 2026-01-18GitHub
PreviousPage 200 of 713Next