Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

82
246
High Cost
andrea9293 icon
Sec9

A local-first MCP server for document management, semantic search, and AI-powered document intelligence.

Setup Requirements

  • ⚠️Requires a Google Gemini API Key for AI-powered search (Gemini API usage is a paid service).
  • ⚠️Initial download of embedding models (hundreds of MB) occurs on first use, causing a delay and requiring disk space.
  • ⚠️Node.js version 22.0.0 or higher is recommended for full compatibility.
Verified SafeView Analysis
The server operates locally via stdio transport by default, minimizing external network exposure. It requires `GEMINI_API_KEY` for AI features, which should be handled as a sensitive environment variable. PDF processing utilizes `unpdf` for safe text extraction, mitigating known vulnerabilities. File operations are restricted to designated data and uploads directories, reducing path traversal risks. No explicit use of `eval` or other highly dangerous patterns was identified.
Updated: 2025-12-02GitHub
82
74
High Cost
iconben icon

z-image-studio

by iconben

Sec8

Z-Image Studio is a local toolkit for high-quality text-to-image generation using the Z-Image-Turbo model, providing CLI, Web UI, and MCP server interfaces with hardware optimizations.

Setup Requirements

  • ⚠️Requires Python >= 3.11.
  • ⚠️GPU acceleration requires NVIDIA (CUDA), Apple Silicon (MPS), or AMD (ROCm on Linux); otherwise, it falls back to CPU.
  • ⚠️`torch.compile` is disabled by default for Python 3.12+ due to known compatibility issues; users can force-enable it via `ZIMAGE_ENABLE_TORCH_COMPILE=1` (experimental).
  • ⚠️`ZIMAGE_BASE_URL` environment variable is recommended for reliable absolute URL generation when using MCP SSE or Streamable HTTP transports.
Verified SafeView Analysis
File upload (`/loras` endpoint) allows `.safetensors` files up to 1GB. While `safetensors` are generally safer than `pickle`, a malicious file could potentially exploit vulnerabilities in the `diffusers` loading process. The server performs hash checks and filename collision resolution, and files are stored in a dedicated `loras` directory. URL construction for `ResourceLink` in MCP SSE/Streamable HTTP modes relies on extracting base URL from request headers (`X-Forwarded-Proto`, `X-Forwarded-Host`) if `ZIMAGE_BASE_URL` is not set. In a misconfigured proxy environment, these headers could be spoofed, potentially leading to incorrect or malicious resource URIs. However, path traversal within the URL is mitigated by `urllib.parse.urljoin` and `urllib.parse.quote` for file paths. Image saving (`save_image`) includes robust path safety checks to prevent directory traversal attacks.
Updated: 2026-01-18GitHub
82
1920
Medium Cost
metatool-ai icon

metamcp

by metatool-ai

Sec7

MetaMCP acts as an MCP proxy to dynamically aggregate multiple MCP servers into a single unified MCP server endpoint, enabling middleware application and customized tool access for coding agents.

Setup Requirements

  • ⚠️Requires PostgreSQL database.
  • ⚠️Requires Docker and Docker Compose for recommended setup.
  • ⚠️The `BETTER_AUTH_SECRET` environment variable must be changed from its default value for production deployments.
  • ⚠️`APP_URL` and `NEXT_PUBLIC_APP_URL` must match the actual access URL due to CORS policies.
Verified SafeView Analysis
The default 'BETTER_AUTH_SECRET' in docker-compose files (both dev and prod) is a critical hardcoded secret that *must* be changed in production. The application implements good security practices including Helmet for HTTP headers, CORS configuration, robust OAuth 2.1 support with PKCE, API key authentication, and rate limiting. Spawning STDIO commands for MCP servers inherently carries risks; filtering of inherited environment variables helps mitigate this, but careful management of configured MCP servers is still essential.
Updated: 2025-12-23GitHub
81
2
Low Cost
savethepolarbears icon

jules-mcp-server

by savethepolarbears

Sec9

An MCP server that enables AI assistants to create, schedule, and manage autonomous coding tasks with Google Jules, bridging its stateless API with local stateful scheduling.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires a Google Jules API Key, which must be generated externally at jules.google/settings.
  • ⚠️GitHub repositories must be connected to Google Jules via the Jules web UI (jules.google) *before* using this server.
  • ⚠️When configuring in Claude Desktop or similar MCP clients, an *absolute path* to the `dist/index.js` file is required, which is a common source of setup error.
Verified SafeView Analysis
The server demonstrates a strong commitment to security with a 'defense-in-depth' strategy documented in `SECURITY.md`. It correctly handles sensitive information like `JULES_API_KEY` via environment variables. It implements input validation with Zod and enforces a configurable repository allowlist (`JULES_ALLOWED_REPOS`) to prevent unauthorized access. The architecture and code show no signs of 'eval', obfuscation, or malicious patterns. The primary network risk is to the external Google Jules API. The local stdio transport is inherently low risk.
Updated: 2025-12-10GitHub
81
103
High Cost
andrlange icon
Sec8

Provides an AI-driven Model Context Protocol (MCP) server for comprehensive access to Spring ecosystem documentation, migration guides, code examples, and project compatibility, serving as a knowledge base and tool integration for AI agents.

Setup Requirements

  • ⚠️Requires PostgreSQL database with 'pgvector' extension installed for embedding features.
  • ⚠️Requires Docker for easy setup of PostgreSQL and optional Ollama embedding server.
  • ⚠️Mandatory external/local embedding service if `mcp.features.embeddings.enabled` is true: either Ollama (requires local server, configured via `mcp.features.embeddings.ollama.base-url`) or OpenAI (requires API key, configured via `mcp.features.embeddings.openai.api-key`).
  • ⚠️Targets Spring Boot 4.0.1, which is a future/unreleased version, potentially leading to compatibility issues with current Spring Boot dependencies or tools.
  • ⚠️Initial data synchronization from numerous external sources (spring.io, GitHub, etc.) can be time-consuming and prone to network issues during setup.
Verified SafeView Analysis
The application leverages Spring Security for API key-based authentication, with hashed storage of API keys. External API integrations (OpenAI, Ollama, GitHub, spring.io) use externalized API keys from environment variables or properties, which is good practice. Extensive data fetching from external sources is handled with timeouts and retry mechanisms. HTML parsing for documentation relies on Jsoup, which is generally robust, but processing untrusted HTML can introduce risks for unexpected behavior. No direct code injection or SQL injection vulnerabilities are apparent from the provided truncated source code. Overall, it follows standard Spring Boot security practices for an application of this complexity, but a comprehensive review of all third-party dependencies and their configurations would be essential for production deployment.
Updated: 2026-01-15GitHub
81
2
Low Cost
tekkidev icon

mcpstat

by tekkidev

Sec9

Adds usage tracking, analytics, and an audit trail to Model Context Protocol (MCP) servers to monitor tool, prompt, and resource interactions.

Setup Requirements

  • ⚠️Requires integration into an existing MCP server application; it's a library, not a standalone end-user application.
  • ⚠️Python 3.10+ is required.
  • ⚠️The 'mcp' SDK dependency is optional for core functionality but required for full MCP server integration (install with `mcpstat[mcp]`).
Verified SafeView Analysis
The server stores usage data locally in a SQLite database and optionally in log files. The project's SECURITY.md advises ensuring appropriate file permissions for sensitive deployments. There are no indications of direct network exposure, hardcoded secrets, 'eval' usage, or obfuscation in the provided source code.
Updated: 2026-01-17GitHub
81
2
Low Cost
BlockRunAI icon
Sec10

To provide a curated list and guide for contributing to a collection of Model Context Protocol (MCP) servers relevant to healthcare, medical, and life sciences.

Verified SafeView Analysis
The provided source code consists solely of Markdown documentation files (README.md and CONTRIBUTING.md). There is no executable server code within this repository to analyze for security vulnerabilities such as 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. The repository serves as a list of external MCP servers, and while the `CONTRIBUTING.md` emphasizes compliance and security for *submitted* MCPs, the repository itself poses no direct execution risk.
Updated: 2026-01-17GitHub
81
2
High Cost
RomiconEZ icon
Sec8

A server for automating LLM red teaming workflows by orchestrating LLAMATOR test runs via HTTP API and MCP interface, managing job state, and storing artifacts.

Setup Requirements

  • ⚠️Requires external OpenAI-compatible LLM endpoints (attack, tested, judge models), often implying a local LLM setup like LM Studio or Ollama.
  • ⚠️Requires Docker and Docker Compose for recommended deployment.
  • ⚠️Requires Redis and MinIO for job queuing, state management, and artifact storage.
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The server implements API key authentication via 'X-API-Key' header, with explicit checks at the ASGI middleware level and FastAPI dependencies. Artifact path validation prevents path traversal attacks. Custom test imports are restricted to allowed prefixes ('llamator.', 'llamator_mcp_server.'), mitigating arbitrary code execution risks. However, the `docker-compose.yml` uses weak default credentials (e.g., 'minioadmin', 'lm-studio') and an empty API key for 'LLAMATOR_MCP_API_KEY'. While these are configurable via environment variables, their default values lower the initial security posture, requiring careful setup in production to avoid vulnerabilities.
Updated: 2026-01-18GitHub
81
2
Medium Cost
7Ese icon
Sec9

A comprehensive directory and navigation station for AI Agent Skills and Model Context Protocol (MCP) servers, designed for developers and power users to discover and integrate AI capabilities.

Verified SafeView Analysis
This project is a static frontend React application serving as a directory for AI Agent Skills and MCP Servers. It does not include any backend logic, user authentication, or direct database interactions within its own codebase. The content is loaded from local TypeScript files. The application's attack surface is minimal, primarily limited to client-side vulnerabilities like potential XSS, though the current implementation appears to handle user input (search query) safely through filtering rather than direct HTML rendering. No 'eval', dynamic code execution from external sources, or hardcoded sensitive credentials are found in the application's operational source code. Examples of API tokens in documentation ('IDE_SETUP.md') are for configuring *external* MCP servers by the user, not for this application's own use. Note: The project itself is a frontend app that *lists* MCP Servers, not an MCP Server itself.
Updated: 2026-01-18GitHub
81
2
Medium Cost
redf0x1 icon

ui-ux-pro-mcp

by redf0x1

Sec9

Provides AI-powered UI/UX design intelligence by offering natural language search across curated design resources.

Setup Requirements

  • ⚠️Requires Node.js v18+
  • ⚠️Relies on pre-existing CSV data files in the `data/` directory (included in npm package, but required for source runs)
  • ⚠️Requires an MCP-compatible client (VS Code, Claude Desktop, Cursor) for full interaction
Verified SafeView Analysis
The server implements input validation for queries and result limits, uses Express with JSON body limits, and includes rate limiting for HTTP mode. Session management relies on UUIDs. The BM25 search algorithm operates on pre-indexed data. No direct shell command execution from untrusted input is observed, indicating a well-protected service within its operational scope.
Updated: 2026-01-19GitHub
81
400
Medium Cost
Softeria icon
Sec9

Interacting with Microsoft 365 and Office services through the Graph API via a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Node.js >= 20 to run (Node.js 14+ may work with warnings).
  • ⚠️Requires a Microsoft account or Azure AD App Registration for authentication; configuration details (Client ID, Tenant ID, Client Secret) may be needed via environment variables or Azure Key Vault.
  • ⚠️For `--http` mode, the server listens on a network port and requires outbound network access to Microsoft Graph and authentication endpoints. OAuth authentication is required for HTTP mode MCP requests.
Verified SafeView Analysis
The server demonstrates robust security practices: it uses Microsoft Authentication Library (MSAL) for authentication, supports secure credential storage via OS credential store (keytar) or Azure Key Vault, and externalizes secrets through environment variables. Public client IDs for default configurations are appropriately handled, and OAuth flows are implemented for HTTP mode. There are no obvious signs of 'eval', obfuscation, or malicious patterns. Network risks are inherent to any HTTP server, but the MCP endpoint is protected by Bearer token authentication.
Updated: 2026-01-19GitHub
81
2
Low Cost
At0mXploit icon

Trackor

by At0mXploit

Sec9

Provides an MCP server for tracking personal expenses, including adding, listing, summarizing, updating, and exporting data.

Setup Requirements

  • ⚠️Direct remote deployment with Claude requires a Claude Pro subscription.
  • ⚠️Non-Pro Claude Desktop users must run a local proxy and install a custom desktop extension via `mcpb`.
  • ⚠️Requires `uv` to manage dependencies and run the server (`uv sync` for installation).
Verified SafeView Analysis
The server code (mcp.py) uses parameterized queries for all database interactions with SQLite, effectively preventing SQL injection vulnerabilities. No 'eval' or similar dynamic code execution functions are present. File paths are handled relative to the current working directory, which is standard for a local application. No hardcoded secrets or API keys are found in the provided source.
Updated: 2025-12-13GitHub
PreviousPage 21 of 713Next