Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

29
14
Low Cost
bcharleson icon

instantly-mcp

by bcharleson

Sec9

Manages Instantly.ai email automation campaigns, leads, accounts, and analytics via a Model Context Protocol (MCP) server for AI assistants.

Setup Requirements

  • ⚠️Requires an Instantly.ai API Key (Instantly.ai is a paid service).
  • ⚠️Python 3.10 or higher is required.
  • ⚠️For stdio mode, the INSTANTLY_API_KEY environment variable is mandatory.
Verified SafeView Analysis
The server employs robust security practices, including Pydantic for input validation, multiple secure methods for API key management (environment variables, custom headers, Authorization header, URL path segments), and explicit annotations/warnings for destructive tools. It uses httpx for external API calls, a well-regarded HTTP client. No 'eval', 'exec', or other notoriously unsafe functions were found. The multi-tenant HTTP mode correctly isolates API keys per request context.
Updated: 2026-01-02GitHub
29
5
High Cost
n0zer0d4y icon

athena-protocol

by n0zer0d4y

Sec7

An intelligent MCP server that acts as an AI tech lead for coding agents, providing expert validation, impact analysis, and strategic guidance before code changes are made.

Setup Requirements

  • ⚠️Requires Node.js >= 18.
  • ⚠️Requires at least one paid LLM provider API key (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY) configured in environment variables.
  • ⚠️MCP client restart is required after any configuration changes in the environment variables (e.g., in `mcp.json` or `.env` file).
  • ⚠️GPT-5 models (e.g., OpenAI) currently require `LLM_TEMPERATURE_DEFAULT`, `LLM_MAX_TOKENS_DEFAULT`, and `LLM_TIMEOUT_DEFAULT` to be set, even if these parameters are not directly used by the model (a known limitation to be addressed in v0.3.0).
Verified SafeView Analysis
The server enables execution of shell commands (`executeShell`) and Git operations (`gitOperation`) via internal tools. While `executeShell` is safeguarded by a strict whitelist (`TOOL_CALLING_ALLOWED_COMMANDS`) and explicit `enabled` flag (default true), `gitOperation` does not appear to have the same whitelist validation applied directly within the `ToolCallingService` before execution. File writing (`writeFile`) and editing (`editFile`) are disabled by default (`TOOL_CALLING_WRITE_TO_FILE_ENABLED=false`, `TOOL_CALLING_REPLACE_IN_FILE_ENABLED=false`), which is a critical security measure. The `README.md` explicitly warns about the 'CRITICAL RISK' of `executeCommand` and encourages careful whitelisting. No hardcoded sensitive secrets are present in the core server, with API keys managed through environment variables. The test project's intentional flaws (e.g., multiple JWT secrets) are confined to test infrastructure and not the MCP server itself.
Updated: 2026-01-04GitHub
29
1
Low Cost
phate45 icon

mcp-vault

by phate45

Sec8

Enables AI assistants to interact with Obsidian vaults, facilitating file operations, heading analysis, and task querying via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a custom-compiled version of the Obsidian Local REST API plugin (from a specific fork with MOVE support) to be manually installed in Obsidian.
  • ⚠️Python >=3.13 and 'uv' for dependency management are prerequisites.
  • ⚠️The Obsidian Local REST API plugin must be running on 'localhost:27124' with an API key configured.
Verified SafeView Analysis
The server interacts with a local Obsidian Local REST API, and disables SSL verification for localhost connections. While justified for self-signed certificates in a local setup, disabling SSL verification is generally a security risk. File system access is broad (entire vault), which is inherent to its functionality. API tokens are loaded from local files, not hardcoded. Subprocess execution is limited to 'mcp-obsidian' via 'uvx', reducing arbitrary command injection risks.
Updated: 2025-11-22GitHub
29
4
Medium Cost
openSUSE icon

mcp-bugzilla

by openSUSE

Sec4

This MCP server enables AI models and other MCP clients to interact with Bugzilla instances, allowing them to query bug information, manage comments, and leverage quicksearch capabilities.

Setup Requirements

  • ⚠️Requires Python 3.13.
  • ⚠️Requires an active Bugzilla instance with REST API access and a user API key.
  • ⚠️Requires network access from the MCP server to the Bugzilla instance.
Verified SafeView Analysis
The primary security risk identified is that the internal `Bugzilla` client, which communicates with the Bugzilla server, includes the Bugzilla API key as a URL query parameter (`?api_key=...`) in every request. This is less secure than sending it in an HTTP header, as URLs are more prone to being logged, cached, and exposed in server access logs or network monitoring. Additionally, at `DEBUG` log level, sensitive information like full bug details and comment payloads are logged, which could expose private data if not handled carefully.
Updated: 2026-01-06GitHub
29
2
Medium Cost
Code4Delphi icon

MCP-Server-ACBrNFe

by Code4Delphi

Sec3

This project implements a server to automate the generation and submission of Brazilian electronic invoices (NF-e) by integrating with the ACBrNFe component.

Setup Requirements

  • ⚠️Requires the ACBrNFe component to be installed and properly configured, which is specific to Brazilian tax systems.
  • ⚠️Likely requires a specific runtime environment compatible with ACBrNFe (e.g., Windows for older versions, or a specific Delphi/Lazarus/cross-platform setup for newer ones).
Review RequiredView Analysis
A comprehensive security audit is impossible as the provided "SOURCE CODE" only contains the README.md file, lacking any actual server-side code. Without access to the implementation details, it's impossible to check for `eval`, obfuscation, network risks, hardcoded secrets, or malicious patterns. Therefore, the safety cannot be verified.
Updated: 2025-11-19GitHub
29
2
Low Cost
Icinga icon

icinga-mcp

by Icinga

Sec9

Acts as a bridge and proxy for Icinga Web 2 (Icinga DB Web module), exposing its monitoring capabilities via a FastAPI REST API and an MCP server for orchestration.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Requires an Icinga Web 2 instance with the Icinga DB Web module accessible via HTTP/HTTPS.
  • ⚠️Requires Icinga Web 2 API credentials (username/password) to be configured as environment variables (ICINGA_WEB_USERNAME, ICINGA_WEB_PASSWORD).
Verified SafeView Analysis
The application demonstrates strong security practices including Pydantic for configuration, `SecretStr` for sensitive environment variables (passwords, API keys), `httpx` with configurable TLS verification (including CA bundles), and robust error handling to prevent information leakage. Input parameters are sanitized (`sanitize_query`) before being sent upstream, reducing injection risks. Authentication via Bearer token is optional but recommended for the REST API. The solution delegates core authorization to the upstream Icinga Web 2, requiring a least-privilege Icinga Web 2 account. The project is explicitly marked as a 'proof of concept' for experimental use, not officially supported for production, which should be considered.
Updated: 2025-11-18GitHub
29
4
High Cost
cnosuke icon
Sec9

Provides grounded search functionality using Google's Gemini API, allowing MCP clients to perform web searches and retrieve up-to-date information with sources.

Setup Requirements

  • ⚠️Requires Gemini API Key (Paid Service)
  • ⚠️Docker recommended for easy setup, otherwise Go 1.24+ is needed for local compilation
Verified SafeView Analysis
The server correctly handles the Gemini API key, requiring it via environment variables, config file, or command line arguments, preventing hardcoding. Communication occurs via standard I/O (ServeStdio), minimizing direct network attack surface. Uses standard, well-vetted Go libraries. No 'eval' or similar dangerous patterns are present. Logging is configurable, allowing sensitive data control.
Updated: 2025-11-19GitHub
29
12
Medium Cost
richardwooding icon

feed-mcp

by richardwooding

Sec9

Integrate RSS, Atom, and JSON feeds directly into Claude Desktop conversations for news reading and content analysis.

Setup Requirements

  • ⚠️Requires Docker or Podman for the recommended installation method.
  • ⚠️Requires manual editing of the `claude_desktop_config.json` file to add the MCP server configuration.
  • ⚠️Users must provide feed URLs directly as arguments or via an OPML file (which may require volume mounting for containerized deployment).
Verified SafeView Analysis
The server includes robust URL validation (scheme, private IP blocking) and a custom `FuzzValidateFeedURL` test to prevent Server-Side Request Forgery (SSRF) attacks. It uses the `gofeed` library for feed parsing, which is generally secure against common XML parsing vulnerabilities. The `fetch_link` tool and image embedding feature expand the attack surface by performing arbitrary HTTP requests, but these are mitigated by the extensive URL validation and built-in circuit breakers/timeouts. OPML parsing is handled, and fuzz tests explicitly address XML vulnerabilities (e.g., XXE). The design prioritizes security-by-default with explicit opt-in for less secure options (e.g., `--allow-private-ips`). No hardcoded secrets or malicious patterns were identified in the truncated source.
Updated: 2026-01-02GitHub
29
8
Low Cost
vadimklimov icon

cpi-mcp-server

by vadimklimov

Sec8

The MCP server provides AI-powered applications with access to integration packages and artifacts within an SAP Cloud Integration tenant.

Setup Requirements

  • ⚠️Requires an SAP Cloud Integration (part of SAP Integration Suite) tenant.
  • ⚠️Requires an OAuth client and service key setup with specific roles (e.g., WorkspacePackagesRead, MonitoringDataRead) in the SAP Business Technology Platform subaccount.
  • ⚠️Critical environment variables (Base URL, Token URL, Client ID, Client Secret for SAP CPI) must be provided for the server to function.
Verified SafeView Analysis
The server uses standard OAuth2 client credentials for authentication with SAP CPI, which is a secure approach. Configuration for sensitive credentials is done via environment variables, avoiding hardcoded secrets. The README explicitly warns about running the server in remote mode without HTTPS and proper authorization mechanisms, highlighting potential deployment-related risks if not configured carefully. The internal logic for data retrieval and filtering appears sound, without obvious command injection or dangerous patterns.
Updated: 2026-01-03GitHub
29
2
Medium Cost
sbl-sdsc icon

mcp-genelab

by sbl-sdsc

Sec8

Enables AI-assisted natural language querying and analysis of NASA GeneLab and integrated biomedical knowledge graphs in Neo4j.

Setup Requirements

  • ⚠️Requires a Claude Desktop Pro/Max or VS Code Insiders with GitHub Copilot subscription for client interaction.
  • ⚠️Requires a running Neo4j instance populated with the NASA GeneLab Knowledge Graph (and potentially SPOKE) data.
  • ⚠️The `uv` package manager must be installed and in the user's PATH.
Verified SafeView Analysis
The server explicitly attempts to prevent write operations (MERGE, CREATE, SET, DELETE, REMOVE, ADD) by raising a ValueError if such keywords are detected in a Cypher query, which is a strong positive for security. Neo4j credentials are managed through environment variables, avoiding hardcoded secrets in production. The default 'neo4jdemo' password for local setup is not ideal for non-local instances, but users are expected to override it. The regex-based write query prevention is a good safeguard, but a sophisticated attacker *might* bypass it if not perfectly comprehensive; however, the tool is primarily intended for LLM-generated queries, not direct user input. There are no obvious `eval` or `exec` calls on user-controlled input.
Updated: 2026-01-07GitHub
29
2
Low Cost
jander99 icon

overture

by jander99

Sec9

Orchestrates Model Context Protocol (MCP) servers and AI agents across multiple AI development tools from a unified configuration.

Setup Requirements

  • ⚠️Requires Node.js 20+ and npm 10+.
  • ⚠️Full functionality depends on specific AI CLI clients (e.g., Claude Code, GitHub Copilot CLI, OpenCode) being installed on the system.
  • ⚠️Some MCP servers require external environment variables (e.g., GITHUB_TOKEN, BRAVE_API_KEY) for accessing external services or APIs, which may need manual configuration and could incur usage costs from those third-party services.
Verified SafeView Analysis
The project demonstrates strong security awareness. It actively validates against hardcoded credentials (GitHub tokens, database strings, AWS keys, etc.) in configuration files. Process execution uses 'execa' which is safer against shell injection, and its adapter includes specific tests against such vulnerabilities. ESLint with a security plugin is used. No 'eval' or obvious obfuscation was found. The process locking mechanism is robust. Sensitive data like API keys are expected to be provided via environment variables, not hardcoded in configs.
Updated: 2026-01-08GitHub
29
2
Medium Cost
lemonadolabs icon

lemonado-mcp-server

by lemonadolabs

Sec7

Enables AI agents to query and analyze data from various marketing, payment, and productivity platforms using SQL via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Lemonado account (free, but necessary for all functionality).
  • ⚠️Requires at least one data source connected within your Lemonado account.
  • ⚠️Requires an MCP-compatible client (e.g., Claude, ChatGPT, n8n) for interaction.
Review RequiredView Analysis
The provided source code (README.md, server.json) itself contains no malicious patterns, hardcoded secrets, or dangerous functions. However, the core MCP server functionality is a remote endpoint (`https://mcp.lemonado.io/mcp`) and its implementation details are not available for audit in this repository. Users relying on this server are inherently trusting an external, unaudited service for data handling. Authentication methods (OAuth 2.0, Bearer Token) are standard, and documentation mentions read-only access and audit logs as good practices, but the underlying server's security cannot be verified from the provided files.
Updated: 2025-11-19GitHub
PreviousPage 229 of 713Next