Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Low Cost
PivotLLM icon

MCPLaunchPad

by PivotLLM

Sec9

An MCP server demonstrating Google OAuth2 authentication using the device flow for securing access to tools and resources.

Setup Requirements

  • ⚠️Requires Google Cloud Project setup for OAuth2 credentials and consent screen configuration.
  • ⚠️Requires `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET` environment variables to be set for authentication (will fatal if missing unless `--skip-auth` is used).
  • ⚠️OAuth2 access tokens are not persisted and expire after approximately 1 hour, requiring re-authentication for prolonged use (acknowledged as a limitation of the example, not production-ready behavior).
Verified SafeView Analysis
The server correctly leverages environment variables for Google OAuth2 client ID and secret, avoiding hardcoded credentials in the example. It uses a robust OAuth2 device flow for authentication and integrates bearer token validation at the HTTP layer. The default binding to 'localhost' limits direct network exposure. The README explicitly highlights critical production considerations such as requiring HTTPS, proper token storage, and refresh token handling. While the example's tool handlers currently return placeholder user information due to the handler signature not yet supporting context passing, the authentication mechanism itself functions correctly at the HTTP middleware level.
Updated: 2026-01-18GitHub
30
1
Low Cost
ayaanjan76 icon

awesome-mcp-servers

by ayaanjan76

Sec1

This repository serves as a curated list and directory for Model Context Protocol (MCP) servers, categorizing various implementations and frameworks to extend AI capabilities with external resources.

Setup Requirements

  • ⚠️The primary 'README.md' in the repository (as provided in the source code block) directs users to download and run an unverified executable '.zip' file, posing a severe security risk.
  • ⚠️There is a discrepancy in the definition of 'MCP' (Microsoft Cognitive Services vs. Model Context Protocol) across different README files in the repository.
  • ⚠️The repository itself is an 'awesome list' and not an executable server; individual MCP servers listed within must be set up separately according to their own documentation.
Review RequiredView Analysis
The 'README.md' file within the provided 'SOURCE CODE (Truncated)' block (distinct from the main README in the prompt's introductory text) contains direct download links to an unverified '.zip' executable file (e.g., 'https://raw.githubusercontent.com/ayaanjan76/awesome-mcp-servers/main/chromophoric/awesome-mcp-servers.zip') and instructs users to 'Run the application' from it. This is a severe security risk as the contents are unknown and could contain malicious code. Additionally, there's a discrepancy in the definition of 'MCP' (Microsoft Cognitive Services vs. Model Context Protocol) across different READMEs in the provided source, which is confusing and potentially misleading.
Updated: 2026-01-19GitHub
30
1
Low Cost
ozipi icon
Sec9

Enables AI agents to interact with the Brainloop personalized learning platform by providing structured access to course management, content creation, and progress tracking, using an MCP (Model Context Protocol) interface.

Setup Requirements

  • ⚠️Docker is required to run the server for end-to-end tests and recommended for deployment.
  • ⚠️Requires a Google Cloud Project to obtain `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET` for OAuth 2.0 client credentials, including setting up an authorized redirect URI (e.g., `http://localhost:3000/oauth/google/callback`).
  • ⚠️Requires access to a running Brainloop API instance (`BRAINLOOP_API_URL`) and a Brainloop database (`BRAINLOOP_DATABASE_URL`) for its core functionality.
  • ⚠️A valid MCP JWT token, obtained via the Google OAuth flow, is required for authentication and for running tests.
Verified SafeView Analysis
The server demonstrates robust security practices including OAuth 2.1 with PKCE, JWT tokens for session management, Zod for input validation, CORS configuration, rate limiting, request size limits, and explicit handling of sensitive environment variables. Session data is managed with timeouts and cleanup. No direct 'eval' or obvious code injection vulnerabilities were found. A polyfill for `globalThis.crypto` is used for the `jose` library, which relies on Node's native crypto module, not a direct security risk.
Updated: 2025-12-03GitHub
30
1
Medium Cost
neverinfamous icon

postgresql-mcp

by neverinfamous

Sec9

Enabling AI agents to programmatically interact with PostgreSQL databases through a rich set of specialized tools and a sandboxed code execution environment.

Setup Requirements

  • ⚠️Many advanced tools require specific PostgreSQL extensions (e.g., pgvector, PostGIS, pg_cron, pgcrypto, citext, ltree, pg_stat_kcache, HypoPG, pg_partman) to be installed and enabled in the database.
  • ⚠️Certain administrative tools (e.g., `VACUUM FULL`, `CREATE EXTENSION`, `pg_terminate_backend`) require superuser database privileges.
  • ⚠️If OAuth 2.1 authentication is enabled, a compatible external authorization server (with configured issuer, JWKS URI, and audience) is required.
Verified SafeView Analysis
The `codemode` module implements robust sandboxing using Node.js `vm` or `worker_threads`, explicitly blocking access to dangerous Node.js globals (like `require`, `process`, `eval`, filesystem, and networking modules). It uses regex patterns to detect and prevent common malicious code injection attempts. The `HttpTransport` also enforces strong network security measures including rate limiting, maximum request body size, HTTP Strict Transport Security (HSTS), Content Security Policy (CSP), and other security headers. OAuth 2.1 is supported for external authentication and authorization. While these layers provide strong protection, inherent theoretical limitations exist for any in-process sandbox compared to full containerization.
Updated: 2026-01-19GitHub
30
1
Medium Cost
pingidentity icon

aic-mcp-server

by pingidentity

Sec9

Enables AI assistants to interact with PingOne Advanced Identity Cloud environments for managing users, roles, groups, organizations, customizing authentication themes, analyzing logs, and querying identity data.

Setup Requirements

  • ⚠️The `AIC_BASE_URL` environment variable is mandatory and the server will exit if it's not set.
  • ⚠️Requires a PingOne Advanced Identity Cloud Sandbox or Development Tenant, as it is not enabled for production environments.
  • ⚠️Local deployment utilizes OAuth 2.0 PKCE flow which requires a local HTTP server on port 3000 for redirect. This port must be free.
  • ⚠️Docker deployment is experimental and requires MCP client support for form elicitation, which may be limited.
Verified SafeView Analysis
The server implements strong security practices including OAuth 2.0 PKCE and Device Code flows for authentication, secure token storage (OS keychain locally, ephemeral file in Docker), input validation against path traversal and query injection, and error response sanitization in production environments. Explicit warnings are provided regarding its preview status and usage with untrusted AI clients/LLM inference. Client IDs are hardcoded but are for public OAuth clients, which is an acceptable practice for this flow.
Updated: 2026-01-19GitHub
30
1
Medium Cost
Leopaexd icon

smhi-mcp

by Leopaexd

Sec9

Provides real-time localized weather forecasts from SMHI for daily planning and integration into AI assistant workflows in Sweden.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Python dependencies (`fastmcp`, `httpx`, `pydantic`, `loguru`) must be installed using `pip` or `uv`.
Verified SafeView Analysis
The server makes external HTTP requests to the public SMHI Open Data API (opendata-download-metfcst.smhi.se). This is expected behavior for a weather service and uses the standard `httpx` library with a defined timeout. No hardcoded secrets, use of `eval` or similar dangerous functions, or obvious malicious patterns were found. The SMHI API data is openly licensed (CC-BY 4.0).
Updated: 2025-12-02GitHub
30
1
Medium Cost
SC-WSKun icon

robot-mcp-server

by SC-WSKun

Sec7

An MCP server designed for controlling a robot, enabling actions like movement and navigation through a defined protocol and tools, bridging an LLM or control system with a ROS2 environment.

Setup Requirements

  • ⚠️Requires Bun runtime for execution, as indicated by `package.json` scripts.
  • ⚠️Requires a Foxglove WebSocket server (typically part of a ROS2 environment) running and accessible at `ws://${ROBOT_IP}:8765` for robot communication.
  • ⚠️The `ROBOT_IP` is hardcoded to `127.0.0.1` in `src/core/services/foxglove.ts` and needs manual modification for controlling a physical robot on a different IP.
  • ⚠️A functional ROS2 environment with specific services (`/tiered_nav_state_machine/switch_mode`, `/nav2_extended/get_labels`, etc.) and topics (`/cmd_vel`, `/nav2_extended/navigate_through_poses_topic`) is required on the robot for the server's tools to function fully.
Verified SafeView Analysis
The `ROBOT_IP` is hardcoded to '127.0.0.1' in `src/core/services/foxglove.ts`, which is a configuration inflexibility rather than a critical vulnerability, but requires modification for non-local robot control. The `navigateToLocation` function uses `TextEncoder().encode(...).toString()` on user-provided `locationName`. While intended for ROS2 message encoding, this pattern could potentially be an injection point if the robot's ROS2 message parser does not properly sanitize or validate the input, leading to unexpected behavior. No 'eval' or obvious malicious patterns were found. The server connects to a local Foxglove WebSocket, implying an internal or trusted robot network, which reduces external attack surface.
Updated: 2025-12-01GitHub
30
1
Medium Cost
MatiousCorp icon

google-ad-manager-mcp

by MatiousCorp

Sec9

Automate Google Ad Manager operations for campaigns, line items, creatives, and reporting using natural language via an AI assistant.

Setup Requirements

  • ⚠️Requires a Google Ad Manager service account JSON credentials file.
  • ⚠️Requires your Google Ad Manager network code.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Many tools require finding specific Ad Unit IDs or Advertiser IDs manually via the Google Ad Manager UI.
Verified SafeView Analysis
The server implements robust security measures including Bearer token authentication with cryptographically secure tokens and constant-time comparison to prevent timing attacks. It uses parameterized queries (bind variables) for Google Ad Manager API calls, mitigating injection risks. Environment variables are used for all sensitive configuration (credentials, network code, auth token). Docker deployments run as a non-root user. The documentation explicitly advises setting an authentication token for remote deployments and using HTTPS. No 'eval' or malicious patterns were found.
Updated: 2026-01-16GitHub
30
1
Medium Cost
ggoodman icon

mcp-server-go

by ggoodman

Sec9

A sandboxed local Model Context Protocol (MCP) server for developer workspaces, exposing the host filesystem as resources and providing tools for file manipulation, designed for integration with client applications.

Setup Requirements

  • ⚠️Requires Go 1.24+ runtime environment.
  • ⚠️Redis is required for distributed sessions and horizontal scaling in streaming HTTP deployments.
  • ⚠️An OAuth/OIDC Authorization Server (providing issuer and JWKS endpoint) is required for secure streaming HTTP deployments.
Verified SafeView Analysis
The server demonstrates robust security practices, particularly concerning filesystem access. It employs multiple layers of path validation, including `filepath.Abs`, `filepath.EvalSymlinks`, `path.Clean`, and custom `ensureInsideRoot` logic, to prevent directory traversal and symlink-based escape attacks. All file manipulation tools (`fs.read`, `fs.write`, `fs.append`, `fs.move`, `fs.delete`) rigorously enforce this sandboxing. For network communication, the `streaminghttp` transport integrates a pluggable `auth.Authenticator` to handle OIDC/JWT-based bearer token authentication, including proper `WWW-Authenticate` challenges and error responses. It explicitly rejects JSON-RPC batch requests, a good security practice. Session management via `SessionHost` includes `TTL` and `MaxLifetime` for lifecycle control and uses Redis's optimistic locking for concurrent updates. No 'eval' or similar dangerous dynamic code execution patterns were identified, and sensitive configurations like `REDIS_ADDR` are expected from environment variables.
Updated: 2026-01-18GitHub
30
4
Low Cost
robertohuertasm icon

zed-datadog-mcp

by robertohuertasm

Sec9

Integrate the Zed IDE with the Datadog Remote MCP server to enable enhanced development, monitoring, and potentially AI/ML features within the editor.

Setup Requirements

  • ⚠️Requires a Datadog account login and may need to join a product preview program.
  • ⚠️Requires configuration of the correct Datadog site (e.g., US1, US3, US5, EU1, AP1, or AP2).
Verified SafeView Analysis
The extension leverages Zed's internal APIs for npm package management and Node.js process execution, reducing direct exposure to shell commands. It connects to legitimate Datadog endpoints based on user configuration, and no direct `eval`, obfuscation, hardcoded secrets, or malicious patterns were found in the provided Rust source code. The security largely depends on the `mcp-remote` npm package, which is explicitly pinned to a specific version.
Updated: 2025-11-19GitHub
30
1
Low Cost
AaryaBhusal icon

ctfd-mcp

by AaryaBhusal

Sec9

A server that allows CTFd users to manage challenges, start/stop dynamic instances, and submit flags through an MCP interface.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires `CTFD_URL` and at least one authentication method (`CTFD_TOKEN`, `CTFD_SESSION`, or `CTFD_USERNAME`/`CTFD_PASSWORD`) configured via environment variables or a `.env` file.
Verified SafeView Analysis
The client code (ctfd_client.py) demonstrates good security practices for interacting with a CTFd API. It correctly handles various authentication methods (API token, session cookie, username/password login), including dynamically fetching and managing CSRF tokens when session cookies are used. It also implements robust error handling for API responses (e.g., unauthorized, not found, rate limits). No 'eval', hardcoded secrets (all from environment variables), or other obvious malicious patterns were found. The use of httpx for network requests and forcing HTTP/1.1 for compatibility are reasonable choices.
Updated: 2026-01-19GitHub
30
1
Medium Cost
Darko-Martinovic icon

McpServer

by Darko-Martinovic

Sec8

A dual-mode server for supermarket inventory and sales management, supporting both Web API (REST) and console/MCP operation for integration with AI tools.

Setup Requirements

  • ⚠️Requires SQL Server 2014+ (for Supermarket plugin) with database setup via `Database/SetupDatabase.sql`.
  • ⚠️Requires MongoDB 4.0+ (optional, but necessary for ThirdApi plugin features).
  • ⚠️Requires configuration of Azure OpenAI and Azure Cognitive Search API keys and endpoints in `appsettings.json` for full AI and search functionality (these are typically paid services).
Verified SafeView Analysis
No immediate signs of 'eval', obfuscation, or hardcoded production secrets in the provided truncated code. The `appsettings.json` provides placeholders for Azure API keys and a SQL Server connection string, which users must configure securely. `TrustServerCertificate=true` in the default SQL connection string should be reviewed for production environments as it bypasses certificate validation. The project utilizes preview versions of `ModelContextProtocol` and `System.Net.ServerSentEvents` which might have evolving security postures.
Updated: 2025-12-09GitHub
PreviousPage 219 of 713Next