Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
tariksagbas1 icon

ai-agent-mcp-server

by tariksagbas1

Sec2

This project implements an MCP (Model Context Protocol) server and client using AMQP (RabbitMQ) for communication, enabling an LLM-powered agent to interact with internal tools and data resources.

Setup Requirements

  • ⚠️Requires a running RabbitMQ server instance, possibly via Docker, with pre-defined queues, exchanges, and services.
  • ⚠️Requires a `.idep` JSON configuration file (e.g., `configs/${DEPLOYMENT_CODE}.idep`) to define services, tools, and RabbitMQ topology.
  • ⚠️Requires an OpenAI API Key for the LLM component, incurring paid usage costs.
  • ⚠️The `docker-compose.yml` references a private Azure Container Registry (`deploymentagent.azurecr.io/icron-llm`) for the LLM service image, which may require specific authentication or access.
Review RequiredView Analysis
Critical security vulnerabilities found: 1. Hardcoded Google API credentials (CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN) are present in `backup.ts`. This is a severe risk as these secrets would be exposed if the code is publicly accessible. 2. Hardcoded RabbitMQ credentials (username: 'platform', password: 'platform', vhost: 'tarik.sagbas') are used in `service_core/rpc_client.py` for `rpc_call_mcp`, making client-to-server communication dependent on static, non-environment-variable-driven secrets. 3. The FastAPI client (`mcp_amqp/lg_agent.py`) enables CORS with `allow_origins=["*"]`, which is overly permissive and can expose the service to cross-site scripting (XSS) attacks or unauthorized access from any domain. 4. The use of `exec` in `mcp_amqp/app.py` for dynamic function generation, while seemingly controlled by predefined schemas, still presents a potential attack vector if the schema generation or input is compromised.
Updated: 2025-11-26GitHub
30
1
Medium Cost
akkytech0617 icon

letta-cloud-mcp

by akkytech0617

Sec9

Provides a Model Context Protocol (MCP) server to connect AI agents like Factory Droid, Claude Code, and Cursor to Letta Cloud's stateful memory system for persistent memory, agent interaction, and archival storage.

Setup Requirements

  • ⚠️Requires a Letta Cloud API key (LETTA_API_KEY) which may involve a paid subscription on Letta Cloud's pay-as-you-go model.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Only supports Letta Cloud; not compatible with self-hosted Letta instances.
Verified SafeView Analysis
The server uses `process.env` for API keys, preventing hardcoding. Input validation is rigorously handled by Zod schemas for all tool arguments. Communication with Letta Cloud uses an official SDK, presumably over HTTPS. The server primarily communicates via standard I/O (stdio) as an MCP server, not exposing network ports directly. While `@modelcontextprotocol/sdk` (a dependency) can involve `cross-spawn` for running external processes, this specific server acts as the *target* for such commands from an MCP client, not an initiator of arbitrary commands based on user input. The main security considerations would be the secure handling of `LETTA_API_KEY` and the integrity of the MCP client connecting to it.
Updated: 2026-01-18GitHub
30
1
Medium Cost
surrealwolf icon

high-command-mcp

by surrealwolf

Sec9

Provides an MCP server to access real-time Helldivers 2 game data via the High-Command API, exposing game status, planets, statistics, and more as callable tools.

Setup Requirements

  • ⚠️Requires Python 3.9+
  • ⚠️MCP client does NOT implement automatic retries for rate limits (applications must implement exponential backoff)
  • ⚠️Production deployments (ENVIRONMENT=production) must use HTTPS for HIGH_COMMAND_API_BASE_URL
  • ⚠️Helldivers 2 API might have Cloudflare bot protection requiring X-Super-Client and X-Super-Contact headers for reliable access
Verified SafeView Analysis
The project demonstrates robust security practices, including explicit HTTPS enforcement for production environments, non-root user execution, read-only root filesystem, and dropped capabilities in Kubernetes deployments. Environment variables are used for configuration, avoiding hardcoded secrets. Error messages are designed not to leak sensitive information. While the default development URL is HTTP, this is strictly validated against HTTPS for production.
Updated: 2026-01-12GitHub
30
1
High Cost
ggmenu icon
Sec7

Extracts text from various document formats (PDF, DOCX, XLSX, CSV, TXT, JSON, Markdown) and converts them to Markdown.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires local installation of several document parsing libraries (e.g., pdfminer.six, openpyxl, python-docx). Full functionality (e.g., for `convert_to_markdown` and robust PDF image extraction) depends on `markitdown` and `PyMuPDF` (fitz), which are not explicitly listed in `setup.py`'s `install_requires` and may need to be installed separately, with PyMuPDF potentially requiring system dependencies.
  • ⚠️Windows PowerShell users may need to adjust the execution policy (`Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser`) to run automated setup scripts.
Verified SafeView Analysis
The server explicitly states it is designed for local, trusted environments and has no built-in authentication. It processes local files using `os.path.expanduser`, which could lead to reading arbitrary files within the process's permissions if an untrusted client sends malicious paths. Document parsing libraries (pdfminer.six, openpyxl, python-docx, markitdown, PyMuPDF) are used, which inherently carry risks if malformed or malicious documents are processed (no internal sandboxing for these libraries). However, the project provides comprehensive security documentation (`SECURITY.md`), enforces a 100MB file size limit, implements rate limiting, and truncates output for AI context protection. The `convert_to_markdown` tool converts the *entire* document to a file, bypassing the output truncation for the AI's preview, which could consume significant local resources.
Updated: 2026-01-19GitHub
30
1
Medium Cost
ry-ops icon
Sec8

The server integrates with the Cloudflare API to enable AI agents to manage zones, DNS records, Workers KV storage, cache, and analytics.

Setup Requirements

  • ⚠️Requires a Cloudflare API Token with appropriate permissions (e.g., Zone - DNS - Edit, Account - Workers KV Storage - Edit).
  • ⚠️Requires a Cloudflare Account ID for all Workers KV operations.
  • ⚠️Manual configuration in Claude Desktop's `claude_desktop_config.json` is needed, including an absolute path to the server directory.
Verified SafeView Analysis
The server uses `httpx` for making API requests and retrieves sensitive API tokens from environment variables, which is a good practice. There is no usage of `eval` or other obvious code execution vulnerabilities. Input arguments are passed directly to the Cloudflare API, relying on Cloudflare's own API for input validation and sanitization. The primary security consideration is ensuring the Cloudflare API token has only the minimum necessary permissions to prevent privilege escalation.
Updated: 2026-01-18GitHub
30
1
Medium Cost
deeprave icon

mcp-server-guide

by deeprave

Sec9

An MCP server that centralizes AI agent instructions, documentation, and guidelines to support an iterative and phased software development cycle, ensuring structured, collaborative, and high-quality outcomes.

Setup Requirements

  • ⚠️Requires `uv` (Ruff's package manager and installer) for Python dependency management.
  • ⚠️Requires Python 3.13+.
  • ⚠️For Kiro CLI integration, `kiro-cli` must be separately installed and available in your system's PATH.
  • ⚠️Initial setup may involve interactive prompts for template installation and configuration file creation if not using Docker/auto-init.
Verified SafeView Analysis
The project demonstrates a high level of security awareness. It employs robust URL validation to prevent SSRF attacks, path validation and sanitization to prevent path traversal and unsafe filenames, and enforces explicit actions for critical file system operations. The Kiro CLI integration scripts include shell-level allowlisting for paths and commands, combined with consent mechanisms, creating strong guardrails for agent interactions. Content size validation is also present. There are no obvious `eval()` or obfuscation patterns, nor hardcoded secrets.
Updated: 2025-11-27GitHub
30
1
High Cost
trysoma icon

soma

by trysoma

Sec7

A platform for building and managing AI agents and functions using the Model Context Protocol (MCP). It provides SDKs for Python and TypeScript to define agents and functions, and an API server to manage them, including identity, encryption, and bridging capabilities to integrate with external AI models and services. The insurance claim bot serves as a comprehensive example application.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) or a compatible LLM API key for AI agent functionality.
  • ⚠️Requires a running Restate server instance.
  • ⚠️Development and deployment require both Python (>=3.8) and Node.js (>=18) environments with pnpm for dependency management.
  • ⚠️The Protobuf compiler (`protoc`) is needed for certain Rust build targets.
Verified SafeView Analysis
The system incorporates robust encryption and secret management features, supporting KMS integration. However, the use of `exec` within Python code generation (even if on trusted templates) presents a potential, albeit mitigated, risk. Hardcoded bootstrap/test API keys and default encryption aliases (e.g., 'default' DEK alias) require careful handling and rotation in production environments. Network interactions with external AI models and the Restate runtime also necessitate proper input validation, sanitization, and secure configuration.
Updated: 2026-01-16GitHub
30
1
Medium Cost
u9401066 icon

zotero-keeper

by u9401066

Sec7

AI-powered management and organization of local Zotero bibliographic references, enabling search, import, and basic library analytics through AI agents like VS Code Copilot or Claude Desktop.

Setup Requirements

  • ⚠️Requires Zotero 7.0+ desktop client to be running.
  • ⚠️Zotero's Local API must be manually enabled by running a JavaScript command in the Zotero console once.
  • ⚠️Requires Python 3.12+ (as specified in pyproject.toml).
  • ⚠️Remote Zotero access requires manual `netsh` port proxy and firewall configuration on the Zotero machine (Windows).
  • ⚠️PubMed integration features require the `pubmed-search-mcp` package to be installed separately.
Verified SafeView Analysis
The primary security concern stems from the underlying Zotero Local API (port 23119) which inherently lacks authentication. If the MCP server is exposed on a network, any client can interact with it and, by extension, the local Zotero instance. The server itself does not introduce new code-level vulnerabilities like arbitrary code execution via user input. However, for remote Zotero setups, the user is explicitly responsible for configuring `netsh` port proxies and firewall rules, and for ensuring network security. No hardcoded secrets were identified, and API keys are expected to be provided via environment variables. Input validation is implemented prior to Zotero API calls.
Updated: 2026-01-12GitHub
30
1
Medium Cost
dalehurley icon

laravel-php-mcp-sdk

by dalehurley

Sec8

A comprehensive Laravel wrapper that enables applications to act as Model Context Protocol (MCP) servers and clients, facilitating AI/LLM integration.

Setup Requirements

  • ⚠️Requires PHP 8.1 or higher and Laravel 10.x, 11.x, or 12.x.
  • ⚠️Relies on 'dalehurley/php-mcp-sdk' as a core dependency, which may have its own PHP extension requirements for AMP-based transports (HTTP/WebSocket).
  • ⚠️For background tasks (e.g., PeriodicPingJob), Laravel's queue system must be configured and queue workers running.
Verified SafeView Analysis
The server implements comprehensive security features including CORS, rate limiting, input sanitization, security headers (CSP, XSS, Frame Options), and suspicious activity detection (SQLi, XSS, Path Traversal, Command Injection patterns). Authentication supports OAuth 2.1, Bearer tokens, and API keys with scope-based authorization. A potential risk exists if the 'mcp.authorization.bearer.valid_tokens' or 'mcp.authorization.api_key.valid_keys' configurations are empty while authorization is enabled, as it would allow any non-empty token/key to authenticate. It is crucial to configure valid tokens/keys in production environments.
Updated: 2025-11-25GitHub
30
1
Low Cost
la-rebelion icon

mcp-website

by la-rebelion

Sec9

Public site for the Headless API (HAPI) Stack for Model Context Protocol (MCP), providing guidance, clarifying limitations, and offering practical advice for making existing APIs AI-ready.

Setup Requirements

  • ⚠️Requires Node.js ≥ 20
  • ⚠️Uses Bun as the preferred package manager (though npm/yarn may also work)
Verified SafeView Analysis
This repository hosts a static Docusaurus website. The primary security risks are limited to client-side vulnerabilities (e.g., XSS through maliciously crafted blog content, though Docusaurus's Markdown parsing helps mitigate this) and potential vulnerabilities in its third-party dependencies (e.g., Docusaurus itself, React, or embedded scripts like HubSpot and Google Analytics). No server-side vulnerabilities are present as it is a static site. No hardcoded sensitive secrets were identified in the provided source code snippets. The forms on the site are handled client-side for tracking or simulated submission, with no direct server-side processing from this codebase.
Updated: 2026-01-16GitHub
30
11
Low Cost
jritsema icon

mcp-cli

by jritsema

Sec9

A command-line interface tool for managing Model Context Protocol (MCP) server configuration files across various AI tools.

Setup Requirements

  • ⚠️Requires `mcp-compose.yml` (Docker Compose specification) for server configurations.
  • ⚠️Relies on environment variables for sensitive data (e.g., API keys, client secrets), which can be loaded from the system environment or a `.env` file.
  • ⚠️If using containerized MCP servers (via the `image` property in `mcp-compose.yml`), Docker or a compatible container runtime (e.g., Finch, Podman) is required.
Verified SafeView Analysis
The CLI tool is written in Go, which generally provides better memory safety and reduced risk of common scripting vulnerabilities. It processes local YAML/JSON files and environment variables. Network calls are made for OAuth token acquisition for remote MCP servers, using standard HTTP client practices. There are no indications of 'eval' or malicious patterns. A warning is explicitly provided in the `mcp ls -c` command documentation that its output (expanded commands with environment variables) 'may expose sensitive data such as API keys'. This is a disclosure risk if the output is mishandled by the user/agent, but not an inherent vulnerability in the CLI's execution logic.
Updated: 2026-01-03GitHub
30
1
Low Cost
detailobsessed icon

unblu-mcp

by detailobsessed

Sec8

A Model Context Protocol (MCP) server providing AI assistants with token-efficient access to Unblu API endpoints through progressive disclosure and Kubernetes integration.

Setup Requirements

  • ⚠️Requires `kubectl` to be installed and authenticated for Kubernetes deployments.
  • ⚠️`PATH` environment variable needs explicit configuration in MCP client (e.g., Claude Desktop on macOS) to ensure `unblu-mcp` and `kubectl` are found.
  • ⚠️For the default provider, `UNBLU_BASE_URL` and `UNBLU_API_KEY` (or `UNBLU_USERNAME`/`UNBLU_PASSWORD`) environment variables are mandatory.
  • ⚠️`PyYAML` is an optional dependency but required if using custom K8s environment configuration files.
  • ⚠️`eunomia-mcp` is an optional dependency (requiring `pip install unblu-mcp[safety]`) but highly recommended for server-side policy enforcement.
Verified SafeView Analysis
The server uses `subprocess` for `kubectl` commands, which is necessary for Kubernetes integration but requires careful validation of inputs. The `call_api` tool acts as a proxy, passing parameters directly to `httpx.AsyncClient`, which could be a vector for malicious inputs if an AI agent or user crafts vulnerable `operation_id` or parameters (e.g., SQL injection, XSS), though `operation_id` must exist in the OpenAPI spec. Optional server-side policy enforcement via Eunomia is available and recommended for restricting API access. No hardcoded secrets, obfuscation, or `eval` usage was found.
Updated: 2026-01-16GitHub
PreviousPage 201 of 713Next