Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Medium Cost
reyhansunduk icon

efatura-mcp-server

by reyhansunduk

Sec8

Integrate with the Turkish GİB e-Arşiv Fatura system to manage e-invoices via an MCP server.

Setup Requirements

  • ⚠️Requires existing Turkish GİB e-Fatura credentials for real API usage (company registration needed).
  • ⚠️Primarily designed for use with Claude Desktop or any compatible MCP client.
  • ⚠️Python dependencies include `mcp`, `python-dotenv`, `pydantic`, and `pydantic-settings` which must be installed.
Verified SafeView Analysis
The project demonstrates strong security awareness, especially with the detailed `SECURITY.md` and the automatic fallback to a mock API if real GİB credentials are not properly configured or are placeholder values. Credentials are loaded from environment variables (`.env`). Network communication with GİB uses HTTPS for security. A minor concern is the potential logging of sensitive `e.response.text` in `gib_earsiv_client.py` during error handling, which could expose parts of a GİB error message if it contains sensitive data. There's also a discrepancy where `zeep` and `lxml` are listed as dependencies in `pyproject.toml` but are not directly used by the provided `gib_earsiv_client.py`, which instead uses `requests`.
Updated: 2025-12-05GitHub
30
1
Medium Cost
quanticsoul4772 icon

grafana-mcp

by quanticsoul4772

Sec9

Provides AI-powered integration with Grafana instances via Model Context Protocol (MCP) tools for management and querying.

Setup Requirements

  • ⚠️Requires access to a Grafana instance (v8.0+).
  • ⚠️Requires a Grafana API key or Service Account Token with appropriate permissions (GRAFANA_TOKEN environment variable).
  • ⚠️Requires Node.js 18+ with ES modules support and TypeScript 4.9+ for development/build.
Verified SafeView Analysis
The server demonstrates a strong security-first design, featuring automatic credential sanitization in logs and outputs (`security-utils.ts`), and robust error categorization to prevent sensitive internal details from being exposed to the user. It explicitly loads `GRAFANA_TOKEN` from environment variables, which is a recommended practice. TLS configuration with optional `GRAFANA_TLS_SKIP_VERIFY` provides control over certificate validation, although skipping verification should be used with caution in production. Input validation using Zod schemas adds a layer of protection against malformed requests. No 'eval' or other dynamic code execution from external, untrusted input was found.
Updated: 2025-11-23GitHub
30
1
Medium Cost
hithereiamaliff icon

mcp-keywords-everywhere

by hithereiamaliff

Sec8

Provides AI assistants access to Keywords Everywhere API for SEO research, keyword analysis, domain analysis, traffic metrics, and backlink analysis.

Setup Requirements

  • ⚠️Requires a Keywords Everywhere API key, which is a paid service with credit consumption per API call.
  • ⚠️Specific advanced features (e.g., related keywords, backlink analysis, domain/URL traffic) require a Gold or Platinum Keywords Everywhere subscription plan.
  • ⚠️Self-hosting requires Node.js 18.0.0 or higher.
Verified SafeView Analysis
The server uses environment variables for the Keywords Everywhere API key and implements robust error handling for API calls, including rate limiting with exponential backoff. No 'eval' or other directly exploitable patterns were found in the provided source code. CORS is configured to allow all origins (`Access-Control-Allow-Origin: *`), which is common for MCP servers but broad. The analytics dashboard, while informational, exposes client IP addresses and user agents, which might be a privacy consideration if the server is publicly accessible. However, this is an explicit analytics feature.
Updated: 2026-01-15GitHub
30
1
Low Cost
hyperpolymath icon

poly-observability-mcp

by hyperpolymath

Sec9

Unified Model Context Protocol (MCP) server for querying metrics, logs, and traces from various observability backends like Prometheus, Grafana, Loki, and Jaeger, primarily enabling AI assistants.

Setup Requirements

  • ⚠️Requires Deno runtime to be installed.
  • ⚠️Requires external Prometheus, Grafana, Loki, and Jaeger instances to be running and accessible.
  • ⚠️Mandatory environment variables for connecting to observability backends (e.g., PROMETHEUS_URL, GRAFANA_API_KEY).
Verified SafeView Analysis
The project demonstrates strong security practices, including explicit environment variable usage for credentials (GRAFANA_API_KEY), a detailed SECURITY.md policy, and no obvious hardcoded secrets or 'eval' calls. It utilizes Deno's permission model, and while the `deno.json` allows `--allow-write` and `--allow-run`, `allow-run` is justified by the `Deno.Command` binding, and `allow-write` may be for internal Deno cache/logging. The presence of resilience patterns like circuit breakers and health checks also contributes to operational stability and indirect security. Automated security scanning (TruffleHog, CodeQL) is mentioned in `SECURITY.md`.
Updated: 2026-01-18GitHub
30
1
Medium Cost
britus icon

eofmcp

by britus

Sec2

Provides a Model Context Protocol (MCP) server with a Source Code Handler tool for remote management and processing of source code, primarily for integration with AI agents.

Setup Requirements

  • ⚠️Requires Qt 6 development framework and its dependencies.
  • ⚠️Requires a C++ compiler and build system (e.g., CMake/qmake, make/ninja) to build the executable.
Review RequiredView Analysis
The `SourceCodeHandler` tool allows reading from and writing to arbitrary file paths on the server's filesystem due to insufficient path validation. The `isValidPath` function only checks for non-empty absolute paths and does not prevent path traversal (e.g., using '..' sequences). This makes the server highly vulnerable to unauthorized file access and modification if exposed to untrusted input. The server listens on all interfaces (`0.0.0.0`) by default, further increasing exposure risk.
Updated: 2026-01-14GitHub
30
1
Low Cost
garoon icon
Sec9

Provides an official local Model Context Protocol (MCP) server for Garoon, enabling AI tools to interact with Garoon's scheduling, user, and organization APIs.

Setup Requirements

  • ⚠️Requires Garoon API credentials (Base URL, Username, Password) set as environment variables.
  • ⚠️Requires Docker or Node.js (npm) installed to run.
  • ⚠️Client certificate (.pfx file and password) might be required depending on the Garoon environment configuration.
  • ⚠️Saving configuration files with login information on your computer poses security risks and requires appropriate management.
Verified SafeView Analysis
The server correctly uses environment variables for all sensitive information such as Garoon credentials, client certificate paths/passwords, and Basic Auth credentials, preventing hardcoded secrets. It supports HTTPS proxies and client certificates, which are good practices for enterprise environments. All API interactions are wrapped with error handling, providing structured error outputs. No 'eval' or obvious malicious patterns were found in the provided code. Network requests are made to a configurable Garoon instance, which relies on the administrator to configure a trusted endpoint. The project acknowledges the security risks of saving configuration files with login information on a local machine.
Updated: 2026-01-19GitHub
30
1
High Cost
Sarapakistan0 icon

eShopLite

by Sarapakistan0

Sec9

An e-commerce application demonstrating advanced AI integration via Model Context Protocol (MCP) for semantic search, real-time audio chat, and external tool access.

Setup Requirements

  • ⚠️Requires .NET 9 SDK and .NET Aspire workload.
  • ⚠️Requires Azure Developer CLI (azd) for deployment.
  • ⚠️Requires OCI compliant container runtime (e.g., Docker Desktop, Podman) for local development.
  • ⚠️Requires an Azure subscription and access to specific Azure OpenAI models (gpt-4o-mini, gpt-4o-realtime-preview, text-embedding-ada-002, DeepSeek-R1) which are paid services and need specific regional availability. Local development with existing models requires setting connection strings via `dotnet user-secrets`.
Verified SafeView Analysis
The project uses modern .NET Aspire and Azure deployment practices including Managed Identity and `secretRef` for secrets, indicating a strong posture against hardcoded credentials. External ingress is configured to disallow insecure connections. The README explicitly mentions security guidelines and GitHub Actions for security scanning, promoting good practices. No 'eval' or other highly dangerous patterns were found in the truncated code. The only minor point for not being a perfect 10 is that internal container communication `allowInsecure: true` is noted in some templates, which is generally acceptable within a private VNet or Container Apps environment but conceptually less secure than end-to-end HTTPS.
Updated: 2026-01-19GitHub
30
1
Low Cost
Digital-Defiance icon

mcp-debugger-server

by Digital-Defiance

Sec5

Provides enterprise-grade debugging capabilities for Node.js and TypeScript applications to AI agents, covering breakpoint management, execution control, variable inspection, performance profiling, and hang detection.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 to run.
  • ⚠️For secure deployments, strong authentication (MCP_AUTH_TOKEN) and authorization must be configured; running with '--no-auth' or exposing to untrusted networks is highly risky due to arbitrary code execution capabilities.
  • ⚠️When running from source, requires a build step ('npx nx build @ai-capabilities-suite/mcp-debugger-server') before execution.
Review RequiredView Analysis
The server's core functionality, such as `debugger_inspect` (evaluating arbitrary JavaScript expressions) and `debugger_start`/`debugger_detect_hang` (executing arbitrary commands), poses significant security risks if exposed to untrusted clients or networks without robust authentication and authorization. The `--no-auth` CLI option explicitly allows disabling authentication, and the server can be exposed via TCP, making secure deployment configuration a critical concern.
Updated: 2026-01-17GitHub
30
1
Medium Cost
readcommitted icon

wildlife2_client

by readcommitted

Sec7

Organizing, identifying, and exploring wildlife imagery using AI models, geospatial analysis, and semantic search.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires PostgreSQL database with `pgvector` extension installed
  • ⚠️Requires external command-line tools: `exiftool` and `ogr2ogr` for full functionality (metadata extraction, geospatial data loading)
Verified SafeView Analysis
The project uses environment variables or Streamlit secrets for sensitive API keys (e.g., OpenAI, DigitalOcean Spaces, Database), which is good practice. External tools (`exiftool`, `ogr2ogr`) are invoked via `subprocess.run`; while using lists for commands reduces shell injection risk, reliance on external input for file paths or connection strings still poses a potential risk if not thoroughly sanitized. `torch.load` is used for model loading, which can be vulnerable to arbitrary code execution if model files are untrusted; the `load_speciesnet` function offers an optional SHA256 checksum validation to mitigate this. `ast.literal_eval` is used for parsing data, which is generally safer than `eval()` but should still be used with caution for untrusted inputs. Overall, common modern application security practices are followed for secrets, but external dependencies introduce typical supply-chain and runtime execution risks that require careful management of trusted sources.
Updated: 2025-12-15GitHub
30
1
Low Cost
connyay icon

starlark-mcp

by connyay

Sec9

A flexible server for the Model Context Protocol that allows users to create custom tools using Starlark scripts, integrating with external systems via built-in modules for HTTP, databases, and system commands.

Setup Requirements

  • ⚠️Extensions relying on external CLI tools (e.g., `gh`, `docker`) require those tools to be installed and available in the server's execution environment.
  • ⚠️Extensions relying on external APIs or databases need their respective connection details (e.e.g., API keys, database credentials) provided via environment variables accessible to the `starlark-mcp` process.
  • ⚠️Developers must understand Starlark syntax and the project's specific built-in modules (e.g., `http`, `exec`, `sqlite`) to write effective extensions.
Verified SafeView Analysis
The server uses Starlark, which is a sandboxed language, limiting arbitrary system access by default. The `exec` module enforces a strict `allowed_exec` whitelist, preventing extensions from running unapproved system commands. The `data.load_json` function includes explicit path traversal (`..`) checks and confines file access to the designated extensions directory. The `http`, `postgres`, and `sqlite` modules enable external interactions, which is expected functionality, but they rely on the `reqwest`, `postgres`, and `rusqlite` crates, which are generally robust. PostgreSQL password obfuscation is implemented in error messages. The server communicates primarily over stdio, limiting direct network exposure. Test files (`_test.star`) are correctly filtered out from being loaded as active tools. The primary security model relies on careful vetting of extensions and their `allowed_exec` declarations, but the framework provides strong safeguards to manage potential risks.
Updated: 2026-01-18GitHub
30
1
Low Cost
jgentes icon

mcpflare

by jgentes

Sec9

Enhances security and efficiency of Model Context Protocol (MCP) servers for AI agents by providing zero-trust isolation and significantly reducing context window token usage.

Setup Requirements

  • ⚠️Requires Node.js 20+ installed.
  • ⚠️Requires `wrangler` CLI to be installed (or accessible via `npx`) for local Worker execution.
  • ⚠️Needs to be added to the IDE's MCP configuration (e.g., Cursor, Claude Code, GitHub Copilot).
  • ⚠️Recommended to disable other MCPs in the IDE configuration to route them through MCPflare for maximum security and efficiency.
Verified SafeView Analysis
Implements multi-layered security including V8 isolate sandboxing (Cloudflare Workers), network isolation (default zero outbound access, configurable allowlist), and pre-execution code validation to block dangerous patterns like `eval()`, `require()`, `process`, `__dirname`, `__filename`, `global.`, and external `import` statements. All MCP tool calls are routed through this secure isolation layer. Sensitive information like API tokens in HTTP headers are masked in logs. Authentication (e.g., OAuth) for URL-based MCPs is handled through the proxy, but MCPflare itself does not implement OAuth flows for third-party MCPs, requiring pre-configured authorization headers for those.
Updated: 2026-01-18GitHub
30
1
Medium Cost
Crazytieguy icon

llms-fetch-mcp

by Crazytieguy

Sec9

Fetches web content, prioritizing LLM-friendly formats like llms.txt and Markdown, converting HTML to Markdown, and caching results with a generated table of contents.

Setup Requirements

  • ⚠️Requires Node.js for `npx` installation/execution.
  • ⚠️Requires Rust toolchain if installed via Cargo or run from source.
  • ⚠️Requires external network access to fetch web content.
Verified SafeView Analysis
The server's primary attack surface involves handling URLs and local file paths for caching. The `url_to_path` function includes robust sanitization to prevent directory traversal, explicitly checking for '..' and '.' components, and sanitizing query parameters. It also includes a final check to ensure the generated path remains within the designated cache directory. No 'eval' or obvious obfuscation is present. It uses `reqwest` for network requests and declares a `User-Agent`. The overall implementation demonstrates strong security awareness for its intended function.
Updated: 2026-01-19GitHub
PreviousPage 224 of 713Next