Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

30
1
Medium Cost
N1KH1LT0X1N icon

Spotify-MCP-Server

by N1KH1LT0X1N

Sec9

Enables AI assistants to control Spotify playback, manage playlists, discover music, and interact with the user's library through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires Spotify Client ID and Client Secret, obtained from the Spotify Developer Dashboard.
  • ⚠️Initial setup requires an interactive browser-based OAuth 2.0 authorization flow, where a redirect URL must be copied and pasted.
  • ⚠️Spotify Premium account is required for full playback control features (e.g., play, pause, skip, volume).
  • ⚠️If using Grafana (via Docker Compose monitoring profile), default credentials (admin/admin) must be changed for production security.
Verified SafeView Analysis
The server implements robust OAuth 2.0 with PKCE for authentication and automatically refreshes tokens, storing credentials in environment variables or an optional system keychain (`keyring`). A dedicated `SecurityManager` handles token rotation tracking and audit logging. Default Grafana credentials (`admin`/`admin`) are provided in the documentation and docker-compose, but a strong warning is given to change them in production. No `eval` or obvious malicious patterns were found.
Updated: 2025-12-09GitHub
30
1
Low Cost
Dothihon5937 icon

claude-explorer

by Dothihon5937

Sec8

Facilitate searching, analyzing, and exporting user's Claude.ai conversation history with an AI assistant via CLI and a web interface.

Setup Requirements

  • ⚠️Requires manual export of Claude.ai conversation data as a ZIP file.
  • ⚠️AI Assistant features require an Anthropic API Key or the Claude Code CLI to be installed and authenticated via `claude login`.
  • ⚠️Node.js version 18 or higher is required.
Verified SafeView Analysis
The application uses `child_process.spawn` with `shell: true` when interacting with the `claude-code` CLI. While the command arguments are hardcoded and user input is piped via stdin, the use of `shell: true` can carry inherent risks if the external `claude` command is compromised or if its execution environment is not fully controlled. File uploads are handled with checks for ZIP format and content, and uses temporary directories. No hardcoded API keys or obvious malicious patterns were found. Overall, it's reasonably secure assuming the `claude-code` CLI itself is trusted.
Updated: 2026-01-19GitHub
30
1
High Cost
stevenvo icon

slack-mcp-server

by stevenvo

Sec9

Provides an AI assistant, like Claude, programmatic access to Slack conversations, threads, and workspace information through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires a Slack App with specific OAuth scopes (channels:history, users:read, etc.) and a user (xoxp-) or bot (xoxb-) token.
  • ⚠️The SLACK_WORKSPACE_URL environment variable is required for generating message permalinks.
Verified SafeView Analysis
The server uses environment variables for Slack tokens, which is a good security practice. It relies on the official `slack_sdk` library, and the `README` explicitly warns against committing tokens. No `eval`, `exec`, or other direct code execution vulnerabilities are apparent. The primary security consideration lies in the broad permissions a 'User Token' can grant, which is clearly documented, making token management the user's responsibility.
Updated: 2026-01-16GitHub
30
1
High Cost
rawe icon
Sec7

The Agent Runner facilitates a distributed agent orchestration framework by polling an Agent Coordinator for AI and procedural agent execution tasks, managing their lifecycle, and providing an embedded MCP server for child agent communication.

Setup Requirements

  • ⚠️Requires Python 3.11+ and the 'uv' package manager.
  • ⚠️Requires an Agent Coordinator service to be running (default: http://localhost:8765).
  • ⚠️If the Coordinator has authentication enabled, Auth0 M2M credentials (domain, client_id, client_secret, audience) must be configured.
  • ⚠️If using the 'claude-code' executor in a Docker environment, a `CLAUDE_CODE_OAUTH_TOKEN` (from `claude setup-token`) is required, implying an active Claude subscription.
Review RequiredView Analysis
The system utilizes Auth0 M2M for authentication with the Coordinator, requiring sensitive credentials (client_secret) to be securely managed via environment variables. The embedded MCP server and Runner Gateway are bound to localhost by default, which is good for restricting network exposure. However, the 'claude-code' executor profile often uses 'bypassPermissions' mode, allowing AI agents extensive system access within their `project_dir` without user prompts. This is a significant privilege and a potential risk if agents or prompts are untrusted, making security highly dependent on the integrity of the agents themselves. Placeholder resolution and environment variable injection into MCP configurations (e.g., in `claude_client.py`) could also be vectors if the runner's environment is compromised.
Updated: 2026-01-19GitHub
30
1
Medium Cost
AdonaiVera icon

fiftyone-mcp-server

by AdonaiVera

Sec8

The FiftyOne MCP server enables AI assistants to interact with and control FiftyOne computer vision datasets and their associated workflows through natural language commands via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a Python environment (virtualenv or conda) to be activated for AI tool configuration as the server runs as a Python script.
  • ⚠️Has heavy ML dependencies (`fiftyone`, `torch`, `torchvision`, `ultralytics`) that are large, can be resource-intensive, and may require specific hardware (e.g., GPU) for optimal performance or even installation.
  • ⚠️FiftyOne operators, especially those from plugins, may introduce additional runtime dependencies that require manual `pip install <package>` by the user, although the server provides instructions for these.
Verified SafeView Analysis
The server acts as a proxy for the powerful FiftyOne operator framework. While its own code avoids direct dangerous patterns like 'eval' or 'os.system' on user input, the broad capability to execute any installed FiftyOne operator or plugin means its security is heavily reliant on the security and robustness of the underlying FiftyOne library and its entire ecosystem. If a FiftyOne operator has vulnerabilities (e.g., arbitrary file access or code execution), this server would expose that capability to AI agents or malicious MCP requests. Dependency error messages suggest 'pip install' commands, but these are for user information and are not executed by the server based on untrusted input.
Updated: 2026-01-15GitHub
30
1
Low Cost
billlzzz18 icon
Sec8

A Slack bot acting as an interface to a Craft Workflow & Marketing MCP for document management, content creation, and marketing automation.

Setup Requirements

  • ⚠️Requires a Slack App with Bot Token and App Token configured for Socket Mode.
  • ⚠️Requires Python environment with 'slack_bolt' and 'python-dotenv' packages installed.
  • ⚠️Full functionality depends on a connected Craft.io workspace or a compatible Craft MCP server.
Verified SafeView Analysis
The bot.py code uses environment variables for Slack tokens and implements standard Slack Bolt message and event handlers. There are no direct indications of 'eval', arbitrary code execution from user input, or hardcoded sensitive credentials. The provided MCP schema (craft-v1.json) defines powerful tools (e.g., publishing to platforms, block manipulation), but these are specifications; the security of their actual implementation and authorization within the Craft MCP server (not fully provided) would require further audit. Based on the provided bot code, it appears reasonably safe.
Updated: 2025-12-02GitHub
30
1
Medium Cost
EdibleTuber icon

mcp-server

by EdibleTuber

Sec9

Provides a secure, sandboxed MCP server for filesystem access, enabling an AI agent to perform file operations within a project.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires Void Editor or another MCP-compatible client.
  • ⚠️Known Void Editor bug: The 'cwd' setting in mcp.json is ignored, requiring projects to be placed inside the Void Editor installation directory as a workaround.
Verified SafeView Analysis
The server implements robust multi-layered security, including path sandboxing, sensitive file/directory blocking (.git, .env, .ssh), file extension whitelisting, and file size limits. It explicitly prevents arbitrary shell command execution. There is no usage of 'eval' or hardcoded secrets. A minor consideration is that symbolic link attacks are noted as 'not explicitly handled', although Path.resolve() offers some mitigation.
Updated: 2025-11-30GitHub
30
1
Medium Cost
amkisko icon

status_mcp.rb

by amkisko

Sec7

Provides a set of tools to retrieve and process real-time status and historical data for various online services from their public status pages and feeds.

Setup Requirements

  • ⚠️Requires a Ruby environment with `Bundler` to install gems like `fast_mcp`, `vcr`, and `webmock`.
  • ⚠️The `spec/fixtures/vcr_cassettes` directory must exist for running tests.
  • ⚠️The `API_KEY` environment variable should be set if external API calls within the server require authentication.
Verified SafeView Analysis
The core server runtime, as indicated by the `FetchStatusTool`, implements a `max_length` to limit response sizes (default 10KB), mitigating resource exhaustion attacks from large external data fetches. Sensitive data (like API keys) are configured to be handled via environment variables and filtered in logs, a good practice. The primary security consideration for the running server is the reliance on a static `assets/data.json` for service URLs. If this file or its generation process (`update_status_list.rb`) were compromised, it could lead to fetching from malicious sources. The presence of `execute_command(command)` in `usr/bin/release.rb` is a critical concern, but it appears to be an auxiliary script for release management rather than part of the continuously running server process; its implementation details are not provided.
Updated: 2026-01-19GitHub
30
1
Medium Cost
hyperpolymath icon

poly-queue-mcp

by hyperpolymath

Sec7

Unified Message Context Protocol (MCP) server for managing message queues across Redis Streams, RabbitMQ, and NATS, enabling AI assistants to interact with these systems.

Setup Requirements

  • ⚠️Deno runtime environment is required.
  • ⚠️Requires external installations of Redis, RabbitMQ (with Management Plugin), and NATS (with NATS CLI installed) for full adapter functionality.
  • ⚠️The `redis-cli` and `nats` executables must be available in the system's PATH.
Verified SafeView Analysis
The server utilizes Deno's `Deno.Command.run` to interact with external CLI tools (`redis-cli`, `nats`). While `Deno.Command` mitigates typical shell injection by passing arguments as a string array, potential vulnerabilities could exist if these underlying CLIs interpret specific argument values maliciously. RabbitMQ interaction is via its Management HTTP API. The `lib/resilience.js` module exposes diagnostic information that could lead to information disclosure if the MCP server itself is not secured by an upstream authentication/authorization layer. The project's `SECURITY.md` outlines strong container security, CI/CD security, and code security practices, including the use of Chainguard Wolfi, non-root users, SHA-pinned actions, SAST/DAST, and strict secret management. Environment variables are used for credentials, avoiding hardcoded secrets. The Deno runtime permissions (`--allow-net`, `--allow-read`, `--allow-write`, `--allow-env`, `--allow-run`) are broad but necessary for its function.
Updated: 2026-01-18GitHub
30
1
High Cost
redhat-cop icon

ansible.mcp_builder

by redhat-cop

Sec8

Automated deployment and management of Model Context Protocol (MCP) servers within Ansible Execution Environments.

Setup Requirements

  • ⚠️Requires Ansible Builder for creating Execution Environments.
  • ⚠️Requires a container runtime (Podman or Docker).
  • ⚠️Tested with Fedora/RHEL UBI9 base image for Execution Environments with Python 3.11+.
Verified SafeView Analysis
The project uses `ansible.builtin.command` and `ansible.builtin.shell` extensively for installing language runtimes (Go, Node.js, Python/uv) and packages (npm, PyPI) from external sources like golang.org, nodesource.com, and astral.sh. While these are common and necessary for its function, reliance on external sources carries inherent risks. Repository cloning (github.com) is also used. There are no direct hardcoded secrets or obvious malicious patterns found. Temporary disabling of `aws_core_mcp_do_verify` is noted due to an upstream issue. Overall, it's safe for its intended purpose of building execution environments.
Updated: 2026-01-16GitHub
30
1
High Cost
ansible icon
Sec7

Automates the installation and management of Model Context Protocol (MCP) servers from various sources into Ansible Execution Environments.

Setup Requirements

  • ⚠️Requires ansible-core >= 2.16.0 and Python 3.11+.
  • ⚠️Requires ansible-builder and a container runtime (podman or docker).
  • ⚠️Requires internet access to download all external dependencies (Go, Node.js, uv, npm/PyPI packages, Git repositories).
  • ⚠️AWS credentials (e.g., AWS_PROFILE or AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION) are required for AWS MCP servers.
  • ⚠️A GitHub Personal Access Token (GITHUB_PERSONAL_ACCESS_TOKEN) is required for the GitHub MCP server in local mode.
Verified SafeView Analysis
The collection downloads and executes external installer scripts (e.g., NodeSource setup, uv installer) and binaries (Go, npm/PyPI packages) from third-party URLs. While standard for build processes, this introduces a supply chain risk, as the integrity of these external sources is crucial. The playbook requires elevated privileges (`become: true`) for system modifications.
Updated: 2026-01-16GitHub
30
1
Medium Cost
Hildegaardchiasmal966 icon

claude-skills

by Hildegaardchiasmal966

Sec9

A comprehensive collection of agent skills designed to enhance AI capabilities (like Claude) across web development, real-time AI interaction, content generation, and database management, providing templates, scripts, and best practices.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm installed for Next.js projects.
  • ⚠️Requires `supabase CLI` installed and local Supabase running for database migration scripts.
  • ⚠️Requires a Google Gemini API Key for using features described in the Gemini Live API skill, if implemented.
  • ⚠️Requires a Resend (or similar) API key for the contact form functionality in the Next.js template to send emails.
Verified SafeView Analysis
The source code primarily consists of documentation, helper scripts for development, and a Next.js template. It explicitly advises against exposing API keys in client-side code and uses placeholders for API keys (e.g., 'YOUR_API_KEY'). Bash scripts interact with local files/CLI tools (supabase, git, grep) and do not pose inherent network risks or contain malicious patterns. The Next.js contact form includes a TODO for API integration, indicating it's not implemented out-of-the-box, mitigating immediate network risks. No 'eval' or obfuscation found. The primary risk would be if a user of the provided templates fails to follow recommended security practices during implementation (e.g., hardcoding API keys client-side).
Updated: 2026-01-19GitHub
PreviousPage 226 of 713Next