Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

29
1
High Cost
nickmisasi icon

sub-agents-mcp

by nickmisasi

Sec9

Orchestrates task-specific AI agents defined in markdown files for execution via Cursor, Claude Code, or Gemini CLIs within any MCP-compatible tool.

Setup Requirements

  • ⚠️Requires `AGENTS_DIR` environment variable to be set to an absolute path.
  • ⚠️Requires Node.js 20 or higher.
  • ⚠️Requires one of `cursor-agent` CLI, `claude` CLI, or `gemini` CLI to be installed and authenticated separately.
Verified SafeView Analysis
The server demonstrates strong security practices with robust input validation for agent names, prompts, and `cwd` parameters, preventing path traversal and injection risks. It utilizes `child_process.spawn` with `shell: false` for external command execution, which is inherently safer than `exec`. Prompts are carefully formatted and passed as arguments, reducing shell injection vectors. No hardcoded secrets or 'eval' patterns were identified. External CLI tools (Cursor, Claude, Gemini) are assumed to handle their `extra_args` securely, shifting some responsibility to those trusted binaries.
Updated: 2025-11-21GitHub
29
66
Medium Cost
hmldns icon

nautex

by hmldns

Sec7

Integrate Nautex AI's requirements and task management with various LLM Coding Agents for guided, step-by-step software development.

Setup Requirements

  • ⚠️Requires Nautex AI API Token (account creation on nautex.ai is needed).
  • ⚠️Requires Python 3.10 for execution.
  • ⚠️Requires the `uv` package manager for easy installation and execution (`uvx`).
  • ⚠️Requires a compatible Coding Agent (e.g., Cursor, Claude Code, Codex, OpenCode, Gemini CLI) to be installed and configured locally.
  • ⚠️Needs an active internet connection to communicate with the Nautex AI platform.
  • ⚠️Configuration involves local file modifications (`.mcp.json`, `config.toml`, `opencode.json`, agent-specific rule files), which require appropriate file system permissions.
Verified SafeView Analysis
The server primarily acts as a local proxy between AI coding agents (via Model-Context-Protocol over stdin/stdout) and the remote Nautex AI platform. It reads and writes configuration files (JSON, TOML) in project-specific or home directories (`.nautex/config.json`, `.cursor/mcp.json`, `~/.codex/config.toml`, `opencode.json`). External commands are executed via `subprocess` for specific agent integrations (e.g., `claude mcp add`, `cp` for backup); these commands are hardcoded and do not appear to take arbitrary user input, mitigating direct RCE risks. Sensitive API tokens are handled using `SecretStr` and stored in `.env` files with an attempt at in-memory shredding of non-relevant lines, which is a good practice. The `NAUTEX_API_HOST` is configurable via environment variables, requiring users to trust the specified host.
Updated: 2025-12-17GitHub
29
1
Low Cost
ACNet-AI icon

mcp-spec-kit

by ACNet-AI

Sec9

Guides AI agents through the full lifecycle development and validation of Model Context Protocol (MCP) servers, from requirements to operations.

Setup Requirements

  • ⚠️Python 3.11+ required
  • ⚠️For faster dependency management, 'uv' is recommended
Verified SafeView Analysis
The project uses safe parsing methods (yaml.safe_load, json.loads) and its file system operations are confined to managing project artifacts locally within a development environment. There are no direct network risks, dynamic code execution from untrusted sources, or obvious hardcoded secrets.
Updated: 2025-11-22GitHub
29
4
High Cost
kskarthik icon

mcp-bugzilla

by kskarthik

Sec6

Provides a Model Context Protocol (MCP) server for AI models and other MCP clients to interact with Bugzilla instances for querying bug information, managing comments, and performing searches.

Setup Requirements

  • ⚠️Requires Python 3.13 specifically.
  • ⚠️Requires an accessible Bugzilla instance with REST API enabled and a valid API key.
  • ⚠️The '--bugzilla-server' argument or 'BUGZILLA_SERVER' environment variable is mandatory.
Verified SafeView Analysis
The server passes the Bugzilla API key as a URL parameter to the Bugzilla REST API for every request. Crucially, the server's own logging configuration logs these outbound Bugzilla requests, including the full URL and parameters, which means the Bugzilla API key will be recorded in the MCP server's logs (at INFO level or higher). This poses a significant security risk as it exposes the API key if the server logs are accessed by unauthorized parties. Additionally, sensitive Bugzilla data returned by API calls (e.g., bug details, comments) may be logged at DEBUG level.
Updated: 2026-01-06GitHub
29
7
Medium Cost
veggiemonk icon

backlog

by veggiemonk

Sec9

Manage project backlog and tasks using Markdown files in a Git repository, designed for frictionless collaboration between AI agents and human developers.

Setup Requirements

  • ⚠️Requires Go runtime for building from source or Go installation for `go install`.
  • ⚠️Docker required if using the container image.
  • ⚠️Assumes an AI agent (e.g., Gemini, Claude) is configured and able to interact with the MCP server or direct CLI commands. The AI agent itself may incur costs/token usage.
Verified SafeView Analysis
The server is designed for local execution. The MCP server binds to `localhost:8106` by default when using HTTP transport, preventing external network access without explicit configuration. Task data is stored in plain Markdown files within the Git repository, offering transparency. Git operations are handled via `go-git`, a pure Go library, which mitigates command injection risks associated with calling external `git` executables. There are no obvious signs of 'eval' or similar dangerous patterns. The primary security concern would be if a user deliberately exposes the MCP server publicly without proper authentication/authorization, which is outside the tool's default secure configuration.
Updated: 2026-01-04GitHub
29
3
Low Cost
DrDroidLab icon

drd-vpc-agent

by DrDroidLab

Sec6

A Python-based VPC agent that acts as a reverse proxy to collect metrics and operational data from various sources within a private network and securely transmit it to the Doctor Droid cloud platform.

Setup Requirements

  • ⚠️Doctor Droid Cloud API Token Required: The `DRD_CLOUD_API_TOKEN` environment variable is mandatory for authentication with the Doctor Droid platform.
  • ⚠️Kubernetes Permissions (High): When deployed on Kubernetes, the agent and its Network Mapper component require significant `ClusterRole` permissions, including read access to most Kubernetes resources, `hostNetwork` for network sniffing, and write access to deployments for auto-updates. This necessitates a thorough understanding of the security implications.
  • ⚠️Redis Dependency: The system relies on a Redis instance to function as a message broker and result backend for Celery tasks. This is typically managed automatically by the provided Docker Compose or Helm configurations.
Review RequiredView Analysis
The agent requires significant Kubernetes permissions, including extensive read access across various resources. When the optional Network Mapper is enabled (default behavior in Kubernetes deployments), it deploys a sniffer DaemonSet that runs with `hostNetwork: true` and requests `SYS_PTRACE`, `NET_RAW` capabilities, granting highly privileged access to node network traffic. The auto-update feature, enabled by default in Kubernetes, grants write (`get`, `patch`, `update`) access to `deployments` resources within the agent's namespace, which could be a risk if the update mechanism or cronjob is compromised. The use of `eval` in deployment scripts (`deploy_k8s.sh`) is noted, though appears contained to trusted local scripts. While these permissions are justified for the agent's monitoring and network mapping functionality, they introduce a broad attack surface and require careful security review and trust in the upstream images and update process.
Updated: 2026-01-07GitHub
29
2
Low Cost
dbbuilder icon
Sec7

Assists with analyzing and applying code migrations between different frameworks and their versions.

Setup Requirements

  • ⚠️Requires Node.js environment.
  • ⚠️Project must be built (TypeScript compiled) before running (`npm run build`).
  • ⚠️Requires a compatible MCP client (like the Claude Agent SDK CLI) to interact with it via `stdio` transport.
Verified SafeView Analysis
The `apply_migration_fixes` tool performs direct file system modifications (read, write, copy) and creates backups. Lack of explicit path traversal validation within the provided snippet for `projectPath` could lead to arbitrary file modification if not handled by the MCP SDK or a higher-level client. Regular expression patterns for detection are hardcoded, mitigating ReDoS from user input. No direct use of `eval` or `execSync` is present in this server's code.
Updated: 2025-11-19GitHub
29
2
High Cost
theharithsa icon

Dynatrace-Managed-MCP

by theharithsa

Sec9

This MCP server integrates with Dynatrace Managed environments to provide comprehensive observability, security analysis, and DevOps automation capabilities through a set of 39 tools.

Setup Requirements

  • ⚠️Requires a Dynatrace Managed environment with an API token (Paid service)
  • ⚠️Requires Node.js 18.0.0 or higher
  • ⚠️API token needs specific permissions (e.g., problems.read, metrics.write, entities.read, events.ingest, auditLogs.read, securityProblems.read)
Verified SafeView Analysis
The source code demonstrates good security practices: input validation with Zod schemas, explicit API token usage via environment variables (no hardcoding), and robust error handling. OpenTelemetry integration provides enhanced error tracking. The project's SECURITY.md outlines responsible vulnerability reporting and best practices for users and developers (e.g., HTTPS, firewall rules, token rotation, least-privilege). There are no obvious `eval` or obfuscation patterns. The tool returns raw JSON, avoiding client-side rendering vulnerabilities. Network communication is via Axios with explicit Authorization headers.
Updated: 2026-01-07GitHub
29
3
Medium Cost
cyverse icon
Sec7

Provides a Machine-Controlled Process (MCP) server for AI clients to access and manage data within iRODS data stores.

Setup Requirements

  • ⚠️Requires Docker for client-side execution.
  • ⚠️Requires iRODS account credentials (username/password) for authenticated access, or relies on anonymous iRODS user.
  • ⚠️Client-side configuration (e.g., `~/.config/Claude/claude_desktop_config.json`, `~/.config/Code/User/mcp.json`) is necessary for integration with AI clients like Claude Desktop or VS Code.
  • ⚠️Server-side execution requires a `config.yaml` file for configuration or setting environment variables.
Verified SafeView Analysis
The server uses `Access-Control-Allow-Origin: *` for CORS, which is very broad and could be a security concern if not mitigated by external proxies/firewalls. Logging is configured to report caller information (`log.SetReportCaller(true)`), which may expose sensitive file paths in logs if not configured differently for production environments. While `service_url` supports HTTPS, the server itself does not strictly enforce it, relying on deployment configuration. Basic authentication transmits credentials (which could be base64 decoded) and relies on the underlying HTTP transport for security (e.g., HTTPS). OAuth2/OIDC support adds a robust authentication layer but requires careful configuration of client ID/secret and discovery URLs. Hardcoded credentials for Keycloak are for a development setup only, not for iRODS access.
Updated: 2026-01-06GitHub
29
2
Medium Cost
twistingmercury icon

team-agentic-setup

by twistingmercury

Sec4

The Cognee MCP Server functions as a central knowledge memory for a hierarchical AI agent system, enabling agents to dynamically retrieve and apply specialized development patterns for architecture, coding, testing, and deployment tasks.

Setup Requirements

  • ⚠️Requires Cognee MCP server configured and running (essential for agents to function)
  • ⚠️Requires Claude Code with MCP server support (the primary client application)
  • ⚠️Requires Docker for service orchestration and building/testing agents
  • ⚠️Requires `jq` and `yq` for script execution and pattern validation
Review RequiredView Analysis
The system grants extensive Bash execution and file system write/edit permissions to AI agents, notably the 'shell-script-engineer' which can generate and run arbitrary shell scripts, and 'go-devops-engineer' for Docker/cloud operations. This poses a significant risk for arbitrary code execution, system compromise, or data manipulation if an agent is compromised, misaligned, or acts maliciously. The underlying Cognee MCP Server's implementation details, crucial for network security and internal processing, are not provided for review.
Updated: 2026-01-07GitHub
29
63
Low Cost
QuantConnect icon

mcp-server

by QuantConnect

Sec9

Serves as a bridge for AIs to interact with the QuantConnect cloud platform, enabling tasks like project updates, strategy writing, backtesting, and live trading deployments.

Setup Requirements

  • ⚠️Requires Docker Desktop for local execution.
  • ⚠️Requires QuantConnect User ID and API Token configured as environment variables.
  • ⚠️Requires internet access to `https://www.quantconnect.com/api/v2` for QuantConnect API interactions.
  • ⚠️Requires specifying the correct Docker `--platform` (e.g., `linux/amd64` or `linux/arm64`) for your system architecture.
Verified SafeView Analysis
The server loads sensitive credentials (API token, user ID) from environment variables, which is a good security practice. Input validation for tools is handled by Pydantic models, mitigating common injection risks. The `organization_workspace.py` reads local `config.json` files, which could be a concern if the mounted `MOUNT_DESTINATION` is writable and contains malicious JSON, however, `test_organization_workspace.py` indicates it's typically mounted as read-only, limiting this risk in a Docker environment. No direct `eval` or `exec` of user input was found. The core functionality relies on `httpx` for API calls with robust error handling (`raise_for_status`). Dockerization provides good isolation.
Updated: 2025-12-19GitHub
29
1
High Cost
josefbacik icon

kerneldev-mcp

by josefbacik

Sec7

An MCP server for intelligent Linux kernel configuration management, building, and filesystem regression testing, including advanced device management for performance optimization.

Setup Requirements

  • ⚠️Requires `virtme-ng` (install via `pip install virtme-ng`).
  • ⚠️Requires `QEMU` (system-level package, e.g., `qemu-system-x86_64` for x86_64 targets).
  • ⚠️Requires `LVM2` tools (`lvm2` system-level package) for LVM Device Pools.
  • ⚠️Requires cross-compilation toolchains (e.g., `gcc-aarch64-linux-gnu`) for cross-compilation targets.
  • ⚠️Requires the user account running the MCP server to have passwordless `sudo` access configured for various system commands (e.g., `pvcreate`, `vgcreate`, `lvcreate`, `losetup`, `modprobe`, `chown`, `umount`, `mount`, `blockdev`, `udevadm`, `sgdisk`, `dd`).
Verified SafeView Analysis
The server heavily relies on `subprocess.run` and `subprocess.Popen` to execute system commands (`make`, `git`, `lvm` tools, `virtme-ng`, `qemu`, `sudo`). It is designed for kernel developers with appropriate system privileges. The documentation explicitly states that it requires `sudo` access for many operations (e.g., LVM device management, `modprobe`, `chown`) without password prompts, implying a trust relationship with the user running the MCP server. Arbitrary shell commands/scripts can be executed inside isolated VMs via `boot_test` and `boot_with_custom_command` tools, which is documented as intentional for flexibility and requires trusted input. There is no direct `eval` from user input in the core server logic. Remote code execution would be possible if the server is run by an untrusted user with configured passwordless sudo access.
Updated: 2025-11-21GitHub
PreviousPage 228 of 713Next