Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Medium Cost
keith-hung icon

WeDaka-MCP

by keith-hung

Sec3

This MCP server provides an interface for an AI agent to interact with an employee time-tracking and clock-in/out system (WeDaka).

Setup Requirements

  • ⚠️Requires Node.js 20.0.0+.
  • ⚠️Requires an external 'WeDaka' server instance to connect to, configured via WEDAKA_API_URL.
  • ⚠️Requires specific environment variables (WEDAKA_API_URL, WEDAKA_USERNAME, WEDAKA_DEVICE_ID, WEDAKA_EMP_NO) for authentication and API communication.
Review RequiredView Analysis
CRITICAL RISK: The `WedakaApiClient` explicitly disables SSL certificate validation (`rejectUnauthorized: false`) when making HTTPS requests. This makes all communications with the `WEDAKA_API_URL` vulnerable to Man-in-the-Middle (MITM) attacks, allowing attackers to intercept, read, or alter sensitive employee data. While noted 'as per API spec', this is a severe security flaw in either the API design or its integration. The server relies heavily on environment variables for authentication (`WEDAKA_USERNAME`, `WEDAKA_DEVICE_ID`, `WEDAKA_EMP_NO`), which is a standard practice but requires secure handling of these variables in the deployment environment. The `DEBUG_API` flag can expose raw API responses if enabled in production, which is a minor concern.
Updated: 2025-11-27GitHub
30
1
Medium Cost
ada333 icon
Sec8

Manages AI/ML development environments (workbenches, images, hardware profiles) on Red Hat OpenShift AI (RHOAI) via an AI agent.

Setup Requirements

  • ⚠️Requires Go runtime and compiler to build the binary (`go build`).
  • ⚠️Requires a configured `~/.kube/config` file with access to the target OpenShift/Kubernetes cluster.
  • ⚠️The user running the server must be logged into the OpenShift cluster with sufficient permissions for the operations requested by the tools.
Verified SafeView Analysis
The server uses `client-go` to interact with a Kubernetes/OpenShift cluster, requiring `~/.kube/config` to be present and configured with appropriate access permissions. Communication with the AI agent is via standard I/O, not external network ports. No explicit hardcoded secrets, obfuscation, or malicious patterns were found in the provided code. Security primarily depends on the RBAC permissions granted to the server's underlying service account/kubeconfig.
Updated: 2026-01-12GitHub
30
1
Low Cost
kgain21 icon

voicepeak-mcp

by kgain21

Sec10

Provides a reusable Flutter widget for cycling through a list of other widgets with transition animations.

Setup Requirements

  • ⚠️Requires Flutter SDK to build and run
  • ⚠️Requires Xcode for iOS development
  • ⚠️Requires Android SDK/Studio for Android development
Verified SafeView Analysis
Based on the provided truncated source code, which primarily consists of standard Flutter project boilerplate and asset configuration, there are no apparent security risks such as 'eval' usage, code obfuscation, network risks, hardcoded secrets, or malicious patterns.
Updated: 2026-01-19GitHub
30
1
Medium Cost
saygex9965 icon
Sec3

Converts any Model Context Protocol (MCP) server into a Claude Skill to enable dynamic tool invocation and achieve significant context savings.

Setup Requirements

  • ⚠️Requires the `mcp` Python package (`pip install mcp`).
  • ⚠️The input MCP server configuration (`mcp-config.json`) may contain sensitive information (e.g., API tokens) that will be copied to the generated skill directory.
  • ⚠️The target MCP server might have its own external dependencies (e.g., Node.js/npm for `npx` commands) that must be installed on the system where the skill executor runs.
Review RequiredView Analysis
The `mcp_to_skill.py` script generates an `executor.py` script and `mcp-config.json` based on a user-provided MCP configuration. The `mcp-config.json` specifies a `command` field which the generated `executor.py` will run via `subprocess`. If the initial `mcp-config.json` is sourced from an untrusted party, it can lead to arbitrary code execution on the system running the converter or the generated skill. Additionally, sensitive environment variables like `GITHUB_TOKEN` are stored directly within the generated `mcp-config.json` file, posing a risk if the file's permissions are not properly managed.
Updated: 2026-01-19GitHub
30
1
High Cost
oldnordic icon

syncore

by oldnordic

Sec6

A Model Context Protocol (MCP) server providing a unified interface to 65+ AI-native development tools, including persistent memory, dual-domain vector search, tree-sitter based code analysis, knowledge graphs (Neo4j), task management, and multi-agent coordination.

Setup Requirements

  • ⚠️Requires Rust toolchain (cargo) for building.
  • ⚠️Requires Ollama running locally for all AI-powered features (IntelliTask, sequential reasoning).
  • ⚠️Requires a Neo4j instance for all graph-related features.
  • ⚠️Downloads approximately 500MB of HuggingFace embedding models on first run, requiring internet access and disk space.
  • ⚠️Initial startup consumes ~500MB RAM due to loaded embedding models.
  • ⚠️Uses various language-specific tools (e.g., `clangd`, `gopls`, `eslint`, `javac`) through plugins, which need to be installed and available in the environment.
  • ⚠️Sensitive configurations like Neo4j credentials (`NEO4J_PASS`) must be set via environment variables for full graph functionality.
Verified SafeView Analysis
The server explicitly states 'No authentication - Designed for local use'. If exposed on a network, the default HTTP streaming server on port 3001, and potential interactions with exposed Ollama/Neo4j endpoints could be vulnerable. It relies on external processes for LSP and language-specific diagnostics, which carries inherent trust and execution environment risks.
Updated: 2025-12-09GitHub
30
2
Medium Cost
nagual69 icon
Sec9

A production-ready infrastructure discovery and CMDB platform, delivering 53 tools via the Model Context Protocol (MCP) SDK for AI assistants, automation, and enterprise infrastructure management.

Setup Requirements

  • ⚠️Requires Docker & Docker Compose for easy deployment of the full stack (server, RabbitMQ, optional monitoring).
  • ⚠️Requires Node.js version 23 or higher, as specified in `package.json`.
  • ⚠️Specific Nmap scan types (`nmap_tcp_syn_scan`, `nmap_udp_scan`) require elevated privileges (e.g., `CAP_NET_RAW`, `CAP_NET_ADMIN` capabilities or `--privileged` mode) in the Docker container for full functionality.
  • ⚠️Full functionality, including multi-transport and hot-reload broadcasting, relies on a running RabbitMQ (AMQP) instance.
Verified SafeView Analysis
The project demonstrates a very strong focus on security, particularly in plugin management, input sanitization, and credential handling. - **Strong Plugin Security**: Implements manifest validation (JSON Schema), SHA256 integrity checks for plugin distributions, static code analysis for restricted module imports, runtime sandboxing (via `Module._load` override) to enforce permissions and dependency policies (`bundled-only`, `external-allowlist`, `sandbox-required`), and optional digital signature verification for trusted plugins. Untrusted or invalid plugins can be quarantined. - **Input Sanitization**: Crucially, `nmap_tools_sdk.js` and `network_tools_sdk.js` explicitly use `sanitizeHost` and `sanitizeUrl` functions to mitigate command injection risks when executing external binaries (`nmap`, `ping`, `wget`, etc.). - **Secure Credential Management**: Utilizes AES-256-CBC encryption for sensitive data (passwords, API keys, SSH keys, etc.) stored locally, supports encryption key rotation, maintains an audit log, and integrates with AWS Secrets Manager and Azure Key Vault for robust secret management. - **Operational Security Concerns**: Default AMQP credentials (`amqp://mcp:discovery@localhost:5672`) and Zabbix credentials (`Admin/zabbix`) are provided for quick start but **must be overridden** in production deployments. Some Nmap tools (`-sS`, `-sU`) explicitly add `--privileged` arguments or inherently require elevated privileges (e.g., `CAP_NET_RAW`, `CAP_NET_ADMIN` in Docker), which is a significant deployment-time security decision and should be managed carefully.
Updated: 2026-01-08GitHub
30
25
Low Cost
appsecco icon
Sec10

Provides a comprehensive checklist for security practitioners to pentest Model Context Protocol (MCP) servers and AI agents.

Verified SafeView Analysis
This repository provides a security checklist for pentesting MCP servers; it is not an MCP server itself and contains only documentation (Markdown files and a PDF). The repository source code itself poses no direct security risks, as it contains no executable logic, 'eval' statements, obfuscation, network risks, or hardcoded secrets. It is an informational resource.
Updated: 2025-12-18GitHub
30
1
Low Cost
jsoncut icon
Sec8

Enables AI agents to programmatically generate and validate image and video configurations via the Model Context Protocol (MCP) for the Jsoncut API.

Setup Requirements

  • ⚠️The repository is explicitly marked as 'OUTDATED' and 'no longer maintained', recommending use of the official public server.
  • ⚠️Requires a Jsoncut API Key, which typically implies a paid service.
  • ⚠️Requires Node.js >= 18 for local execution using npx.
Verified SafeView Analysis
The server correctly uses environment variables or request headers for API keys, avoiding hardcoding. It integrates with an external API via HTTPS. For the HTTP server mode, it uses CORS with `origin: '*'`, which is acceptable for a public API gateway where clients are expected to provide their own authentication, but could be restricted further for private deployments. No 'eval' or malicious patterns were found in the provided code.
Updated: 2025-11-29GitHub
30
1
Medium Cost
adamkwhite icon

claude-memory-mcp

by adamkwhite

Sec9

Provides searchable local storage for Claude conversation history, enabling context retrieval during current sessions.

Setup Requirements

  • ⚠️Requires Python 3.11+ (tested with 3.11.12).
  • ⚠️Ubuntu/WSL environment is recommended, suggesting potential compatibility/setup challenges on other operating systems.
  • ⚠️The recommended installation command requires manual replacement of the project's absolute path.
Verified SafeView Analysis
The project demonstrates strong security practices with comprehensive input validation (titles, content, queries) to prevent path traversal, null byte injection, and dangerous regex patterns. Path validation ensures operations are confined to safe directories. Logging includes sanitization and path redaction to prevent log injection and information disclosure. Search queries are sanitized for SQLite FTS. No obvious hardcoded secrets or malicious patterns were found. The primary MCP transport is stdio, reducing network exposure.
Updated: 2025-11-30GitHub
30
1
Medium Cost
agarabhishek icon

iam-lens-mcp

by agarabhishek

Sec9

Provides AWS IAM analysis capabilities through a Model Context Protocol (MCP) server, enabling AI assistants to query and simulate IAM permissions and configurations using natural language.

Setup Requirements

  • ⚠️Requires installation of multiple tools (uv, npm, iam-collect, iam-lens) with different package managers.
  • ⚠️Python 3.13 or higher is a prerequisite, which might be newer than system defaults for some users.
  • ⚠️Requires manual configuration of Claude Desktop's `claude_desktop_config.json` with absolute paths for both the server directory and the `iam-collect.jsonc` file, which can be error-prone.
Verified SafeView Analysis
The server uses `subprocess.create_subprocess_exec` to run the `iam-lens` CLI tool, passing arguments as a list which mitigates shell injection risks. File path operations for direct IAM data analysis use `Path.resolve()` and `startswith` checks to prevent path traversal vulnerabilities. No `eval` or obviously dangerous patterns are present. The primary external risk would come from the `iam-lens` CLI tool itself or the contents of the `iam-collect` data.
Updated: 2025-11-24GitHub
30
1
Medium Cost
dnlbauer icon

cordra-mcp

by dnlbauer

Sec8

Provides AI assistants with read-only access to explore and understand Cordra digital object repositories, including schema discovery, object retrieval, and content search.

Setup Requirements

  • ⚠️Requires a running and accessible Cordra repository, specified by CORDRA_BASE_URL.
  • ⚠️Authentication (CORDRA_USERNAME, CORDRA_PASSWORD) may be required for accessing private Cordra instances or administrative objects.
  • ⚠️Requires Python 3.11 or newer to run.
Verified SafeView Analysis
The server provides strictly read-only access, which inherently limits the potential impact of vulnerabilities to data exposure or denial of service, not data modification. Search queries (Lucene/Solr syntax) are passed directly to the Cordra backend; therefore, the security against query injection largely relies on the Cordra backend's sanitization. No 'eval' or obvious hardcoded secrets are present in the provided source code. Configuration is handled securely via environment variables.
Updated: 2025-12-04GitHub
30
1
Medium Cost
deeptendies icon

financial-mcp-servers

by deeptendies

Sec5

A repository for discovering, organizing, and running Model Context Protocol (MCP) servers primarily focused on financial, market, and cryptocurrency data sources.

Setup Requirements

  • ⚠️Requires Node.js v18+.
  • ⚠️Many managed MCP servers require API keys for external financial data services, which may be paid or require registration (e.g., Financial Modeling Prep, Alpha Vantage).
  • ⚠️Relies on `npx` to fetch and execute npm packages, requiring network access to `registry.npmjs.org` and trust in upstream package integrity.
Review RequiredView Analysis
The repository's core function involves executing arbitrary npm packages and connecting to external APIs, which carries inherent supply chain and third-party risks. The automated GitHub Action, by default, directly commits discovered MCP server configurations to the repository without a mandatory review step, posing a significant security vulnerability if untrusted packages are automatically added. API keys are placeholders and not hardcoded, which is good practice. The `autoApprove` feature offers a good control mechanism for allowed actions.
Updated: 2026-01-19GitHub
PreviousPage 221 of 713Next