Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

80
53
Medium Cost
82ch icon

MCP-Dandan

by 82ch

Sec8

Integrated monitoring service for MCP (Model Context Protocol) communications that detects and blocks security threats in real time, featuring an Electron-based desktop UI for management.

Setup Requirements

  • ⚠️Requires Python 3.8+
  • ⚠️Requires Electron 35+
  • ⚠️MISTRAL_API_KEY is required to enable the LLM-based Tools Poisoning Engine (Mistral is a paid API, but the engine uses a semaphore to limit concurrent calls).
  • ⚠️On macOS, `mcp_python_install_certificates.py` might require `sudo` to install SSL certificates.
Verified SafeView Analysis
The project is a security framework that requires deep system interaction, including modifying application configurations and spawning child processes, which are inherently complex operations. The codebase demonstrates awareness of these risks by implementing measures such as config backup/restore, explicit YARA rule syntax validation for custom rules, and using prepared statements for database operations (in the backend). The Electron frontend leverages a preload script to expose a controlled API, limiting direct Node.js access. IPC calls from the renderer to the main process are used to interact with the Python backend, which is responsible for sensitive operations. A notable aspect is the `ELECTRON_DISABLE_SECURITY_WARNINGS = 'true'` flag used during development, which is typically undesirable for a security product but common in development environments. `execSync` is used for process management and config modification, which requires careful control but appears to be used in a measured way (e.g., calling `config_finder.py` with specific flags to disable/restore proxies).
Updated: 2025-12-14GitHub
80
789
Medium Cost
ArcadeAI icon

arcade-mcp

by ArcadeAI

Sec9

Provides a framework and pre-built toolkits for integrating Large Language Models (LLMs) with various external services and databases, enabling AI agents to interact with the real world.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires `uv` installed for development and testing.
  • ⚠️External API keys and OAuth2 authentication are required for specific toolkits (e.g., BrightData, LinkedIn, Zendesk, MongoDB, ClickHouse, PostgreSQL).
  • ⚠️Local testing of database toolkits may require Docker for running database instances and `mongosh` for MongoDB setup.
Verified SafeView Analysis
The framework demonstrates strong security practices, especially within database interaction tools (ClickHouse, MongoDB, PostgreSQL) by explicitly blocking DML/DDL operations and dangerous MongoDB write/aggregation stages. It enforces API key and OAuth2 authentication for external services, with secrets managed in a way that prevents LLM exposure. The `arcade-mcp-server` component also includes validation for transport methods and robust error handling to prevent sensitive information leakage. The use of standard JWKS for token validation in the resource server further enhances security.
Updated: 2026-01-16GitHub
80
535
High Cost
neondatabase icon

mcp-server-neon

by neondatabase

Sec6

The Neon MCP Server allows users to interact with and manage their Neon Postgres databases using natural language commands, acting as a bridge between AI agents/LLMs and the Neon API and database operations.

Setup Requirements

  • ⚠️Requires ANTHROPIC_API_KEY for the client CLI to function (paid API).
  • ⚠️Requires a Neon API key or a full OAuth setup (including Postgres and Redis for token/session storage) for the server.
  • ⚠️Node.js >= v18.0.0 is required.
  • ⚠️Direct SQL execution capabilities through LLM interaction can lead to accidental or unauthorized changes; human review of generated SQL is critical.
Review RequiredView Analysis
The server's `run_sql` and `run_sql_transaction` tools execute arbitrary SQL provided by the LLM. While the `neon-serverless` driver's `readOnly: true` option offers some protection when the server is configured in read-only mode (via `x-read-only` header or OAuth scope), the core risk of an LLM generating potentially destructive or data-exfiltrating SQL remains. The project explicitly warns: 'Always review and authorize actions requested by the LLM before execution.' and 'We do not recommend using the Neon MCP Server in production environments.' It relies heavily on user vigilance and external database role configurations for true security. OAuth implementation uses standard libraries and persistent storage, and sensitive credentials (API keys, OAuth secrets) are managed via environment variables. Sentry logging is configured to send default PII, which is a privacy consideration.
Updated: 2026-01-19GitHub
80
353
Medium Cost
SonarSource icon

sonarqube-mcp-server

by SonarSource

Sec9

The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security, supporting analysis of code snippets and acting as a backend for AI coding agents.

Setup Requirements

  • ⚠️Requires `STORAGE_PATH` and `SONARQUBE_TOKEN` environment variables to be set. If connecting to SonarQube Cloud (default), `SONARQUBE_ORG` is also mandatory.
  • ⚠️The simplest setup method involves using Docker or another OCI-compatible container runtime.
  • ⚠️Some advanced tools (e.g., `search_dependency_risks`) have minimum SonarQube Server version requirements (e.g., 2025.4 Enterprise) or depend on specific SonarQube Cloud features (e.g., Advanced Security).
  • ⚠️Initial startup involves a background download of SonarLint analyzers, which may cause a temporary delay in the availability of code analysis tools.
Verified SafeView Analysis
The server employs robust security practices including TTL-based session token management, explicit authentication via 'SONARQUBE_TOKEN' header, and CORS protection to prevent DNS rebinding. It explicitly warns about binding to all network interfaces (0.0.0.0) and running without HTTPS. While a default keystore password ('sonarlint') is present for HTTPS setup, it's meant to be configurable. No direct 'eval' or arbitrary code execution vulnerabilities were found in the provided code snippets.
Updated: 2026-01-19GitHub
80
405
Low Cost
punkpeye icon
Sec10

This repository serves as a curated list of developer tools, SDKs, libraries, and resources for building and interacting with Model Context Protocol (MCP) servers.

Verified SafeView Analysis
The repository contains only documentation (README.md, CONTRIBUTING.md) and no executable code that could pose direct security risks when 'run' as a server. Security concerns would relate to the external projects linked within the list, which are outside the scope of this repository's analysis.
Updated: 2026-01-06GitHub
80
390
Medium Cost
redis icon

mcp-redis

by redis

Sec9

Provides a natural language interface for AI agents to manage, search, and interact with structured and unstructured data in a Redis database.

Setup Requirements

  • ⚠️Requires a running Redis server instance accessible from the deployment environment.
  • ⚠️Requires Python 3.14+ for full compatibility (as indicated by badges, although Pyproject specifies >=3.10).
  • ⚠️The recommended installation and running methods (`uv` or `uvx`) are required, which are modern Python package and environment managers.
  • ⚠️EntraID authentication for Azure Managed Redis requires specific environment variables to be configured, and depends on the `redis-entraid` package.
Verified SafeView Analysis
The server demonstrates good security practices by using environment variables or CLI arguments for configuration, avoiding hardcoded secrets. Comprehensive error handling for Redis operations is in place. It supports robust authentication mechanisms including EntraID for Azure Managed Redis. The `search_redis_documents` tool makes external HTTP requests to `MCP_DOCS_SEARCH_URL`, which is an external dependency whose security and availability are outside the direct control of this server, but it's a documented feature.
Updated: 2026-01-13GitHub
80
148
Medium Cost
pydantic icon

mcp-run-python

by pydantic

Sec8

MCP server to securely run untrusted Python code in a sandboxed WebAssembly environment, typically as a tool for AI agents.

Setup Requirements

  • ⚠️Requires Deno to be installed on the host machine.
  • ⚠️Requires Python 3.10 or higher for the `mcp-run-python` host package.
  • ⚠️Initial setup (loading Pyodide, installing dependencies) can incur a noticeable startup cost and network bandwidth.
Verified SafeView Analysis
The server's core function is to execute arbitrary Python code. This is achieved within a robust sandbox provided by Pyodide (WebAssembly) running on Deno. Deno's explicit permission model is used to limit file system access (read-only for execution, write for dependency installation to `./node_modules` only). Importantly, `process.env` is polyfilled to be an empty object within the sandbox, preventing secrets leakage or environment tampering by executed code. The main point of caution is the `--allow-net` flag which is enabled by default when running the server via the CLI (`mcp-run-python` command) but is configurable (`--disable-networking`). The `code_sandbox` helper in the Python library defaults to `allow_networking=False`, offering a more secure default for programmatic use.
Updated: 2025-12-11GitHub
80
303
Medium Cost
mapbox icon

mcp-server

by mapbox

Sec9

Enables AI agents and applications with Mapbox's geospatial intelligence, including geocoding, routing, POI search, and map visualization.

Setup Requirements

  • ⚠️Requires a Mapbox Access Token (MAPBOX_ACCESS_TOKEN environment variable) for API access, which might incur paid usage depending on the Mapbox plan.
  • ⚠️Requires Node.js 22+ LTS runtime.
  • ⚠️For interactive UI embeds (MCP-UI), it requires a compatible client (e.g., Goose); clients like Claude Desktop or VS Code only display static images.
Verified SafeView Analysis
Robust implementation with token validation, Zod schemas for input, and a custom HTTP pipeline for external requests. No hardcoded secrets or 'eval' found. The output schema validation patch enhances resilience without compromising core security.
Updated: 2026-01-16GitHub
79
3370
Low Cost
wong2 icon
Sec10

A comprehensive directory for discovering various Model Context Protocol (MCP) servers, clients, and frameworks across different domains, facilitating integration with AI assistants.

Verified SafeView Analysis
The provided 'source code' is a README.md file, which serves as a directory of links to other MCP servers and related projects. It does not contain executable code for an MCP server to audit for typical security risks like 'eval', obfuscation, network risks, or hardcoded secrets. The README itself poses no direct security threats; the safety of any linked repositories would require individual analysis.
Updated: 2025-12-17GitHub
79
345
High Cost
mcpdotdirect icon

evm-mcp-server

by mcpdotdirect

Sec9

Enables AI agents to interact with 60+ EVM-compatible blockchains, perform transactions, query data, and interact with smart contracts via a unified Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires EVM_PRIVATE_KEY or EVM_MNEMONIC environment variable for write operations (token transfers, contract writes, message signing).
  • ⚠️Requires ETHERSCAN_API_KEY environment variable for automatic ABI fetching from block explorers.
  • ⚠️Requires Bun 1.0.0+ or Node.js 20.0.0+.
Verified SafeView Analysis
Sensitive credentials (EVM_PRIVATE_KEY, EVM_MNEMONIC, ETHERSCAN_API_KEY) are correctly handled via environment variables and are never exposed as tool arguments. The server sets an input payload limit (10MB) for basic DoS prevention. Write operations are guarded by explicit AI-guided prompts emphasizing user confirmation and security checks. The HTTP server listens on 0.0.0.0 by default, which is common for backend services but requires external security measures (e.g., HTTPS, firewall) in production. No 'eval' or malicious obfuscation patterns were detected in the provided source code.
Updated: 2025-11-26GitHub
78
142
High Cost
penpot icon

penpot-mcp

by penpot

Sec2

The Penpot MCP server enables LLMs to perform data queries, transformation, and creation operations on Penpot design files by allowing LLMs to execute JavaScript code via a Penpot plugin.

Setup Requirements

  • ⚠️Requires Node.js v22 for server and plugin.
  • ⚠️Chromium-based browsers (v142+) may require explicit approval for Private Network Access (PNA) to connect to the local plugin server.
  • ⚠️Multi-user mode is under development and uses a hardcoded 'dummyToken', lacking proper authentication.
  • ⚠️Python scripts (for API docs generation) use `pixi` for environment management, requiring its installation for development tasks.
Review RequiredView Analysis
CRITICAL: The `execute_code` tool allows arbitrary JavaScript code execution directly within the Penpot plugin's context (`new Function(...)` is used). If an attacker gains control of the MCP server or the LLM client, they could execute malicious code within the user's Penpot session, potentially manipulating design files or exfiltrating data. File system access for `import_image` and `export_shape` tools is enabled by default in single-user (local) mode, allowing local file read/write, which is risky. Multi-user mode currently uses a hardcoded 'dummyToken' for authentication, making it insecure for shared deployments.
Updated: 2026-01-19GitHub
78
52
Low Cost
apisec-inc icon

mcp-audit

by apisec-inc

Sec9

Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.

Setup Requirements

  • ⚠️Backend deployment requires a Vercel account, Google Workspace email (@apisec.ai), and a Gmail App Password.
  • ⚠️Web app GitHub scanning requires a Personal Access Token with 'repo' and 'read:org' permissions.
  • ⚠️CLI tool requires Python 3.9+.
Verified SafeView Analysis
The server's primary function is to generate and email PDF reports of scan summaries. It follows good security practices by: (1) only transmitting scan *summary* data (counts, risk levels) to the backend, *never* actual secret values or raw configurations; (2) using environment variables for sensitive credentials (Gmail user/password, API key); (3) implementing an API key for its report endpoint; (4) using a client-side approach for GitHub scanning, ensuring user tokens remain in the browser; (5) verifying the integrity of its known MCP registry file with SHA-256. The code shows no signs of 'eval', obfuscation, or direct malicious patterns. The overall design prioritizes privacy and transparency.
Updated: 2026-01-16GitHub
PreviousPage 23 of 713Next