Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

29
1
Medium Cost
rogermt icon
Sec9

Analyzes local Python and Node.js repositories to generate and maintain practical ONBOARDING.md documentation.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Recommends 'uv' for faster installation
  • ⚠️Designed for integration with Gemini CLI
Verified SafeView Analysis
The server explicitly prioritizes static analysis, disallows network access, and prevents code execution (no subprocess.run on user code). Path resolution rigorously checks for directory traversal (`resolve_path_inside_repo`). It also uses `IgnoreMatcher` to filter sensitive directories like `.git/`, `node_modules/`, and virtual environments. File content reads are size-capped for safety. There are no hardcoded secrets or obvious obfuscation.
Updated: 2026-01-08GitHub
29
3
Low Cost
dreygur icon

mcp-connect

by dreygur

Sec9

This server acts as a proxy and multiplexer, bridging local Model Context Protocol (MCP) clients (like IDEs) to multiple remote HTTP-based MCP servers, offering features like OAuth authentication, centralized configuration, and namespace routing.

Setup Requirements

  • ⚠️Requires OpenSSL 3.x development libraries if building from source on Linux/macOS.
  • ⚠️Requires Node.js 14+ for npm/npx installation, or Rust 1.75+ for building from source.
  • ⚠️Credentials for remote MCP servers must be configured in a local .env file (e.g., GITHUB_TOKEN, CONTEXT7_API_KEY).
Verified SafeView Analysis
No hardcoded secrets found; extensive use of `.env` files for managing credentials. OAuth tokens are securely cached on disk with strict file permissions (owner-only read/write on Unix-like systems). Binary installation methods (npm and shell script) include checksum verification against GitHub releases to ensure integrity. The system promotes the use of HTTPS for remote server connections and performs SSL certificate validation. It properly handles network errors, timeouts, and gracefully manages subprocesses for STDIO transport.
Updated: 2026-01-07GitHub
29
39
High Cost
wheattoast11 icon
Sec4

This server orchestrates multi-agent AI research workflows by decomposing complex queries, executing parallel sub-queries using an ensemble of LLMs, and synthesizing findings into comprehensive reports, often leveraging real-time web data, internal knowledge bases, and advanced caching.

Setup Requirements

  • ⚠️Requires an OpenRouter API Key (implies paid service for LLM access).
  • ⚠️Initial setup requires database initialization (PGlite) and downloading/loading an embedding model (Xenova/all-MiniLM-L6-v2, ~50-100MB), which needs an active internet connection and can take several minutes.
  • ⚠️The system uses an internal 'verified local knowledge base' to guide LLM responses and prevent hallucinations about its own architecture, which can influence research outcomes.
Review RequiredView Analysis
The `calc` tool uses `new Function()` for expression evaluation. While input is sanitized with a regex, this is a high-risk primitive that could potentially allow arbitrary code execution if the sanitization is bypassed or incomplete. All API keys and sensitive configurations are correctly managed via environment variables. The server implements robust network security features including CORS, rate limiting, request size limits, HTTPS enforcement, and authentication via JWT or API keys. SQL queries are parameterized and restricted to SELECT statements, preventing SQL injection. External web scraping is also implemented but managed with timeouts and error handling.
Updated: 2025-12-27GitHub
29
2
Medium Cost
zhenxiay icon
Sec3

This MCP server enables AI agents to access and analyze Yahoo Finance stock data, providing real-time information, technical analysis, and recommendations.

Setup Requirements

  • ⚠️Requires `uv` for Python dependency management and execution.
  • ⚠️Requires active internet connectivity for Yahoo Finance data retrieval.
  • ⚠️Potential proxy configuration (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) is needed for Docker/Kubernetes deployments.
Review RequiredView Analysis
The `read_resources` tool located in `src/stock_intelligence_mcp/main.py` is vulnerable to path traversal. The `file_name` parameter is directly used to construct a file path (e.g., `f"resources/{file_name}"`). An attacker could provide a `file_name` like `../../../../etc/passwd` to read arbitrary files on the server, potentially exposing sensitive information depending on the server's file system permissions. This is a critical vulnerability for an AI agent server.
Updated: 2026-01-07GitHub
29
5
Medium Cost
DecisionsDev icon
Sec5

The IBM ODM Decision MCP Server bridges IBM ODM with modern AI assistants and orchestration platforms to expose decision services (rulesets) as tools for dynamic automation in workflows.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires `uv` Python package installer (recommended).
  • ⚠️Requires a running IBM Operational Decision Manager (ODM) instance.
  • ⚠️Authentication (Basic, Zen, OpenID Connect, mTLS) and authorization setup can be complex and are critical for secure operation, requiring specific roles/permissions in ODM.
Verified SafeView Analysis
The server has configurable authentication methods including Basic Auth, Zen API Key, and OpenID Connect (Client Secret/PKJWT), as well as mTLS. However, there are notable security concerns: 1. **Weakened TLS Verification (Conditional):** If `--ssl-cert-path` is used for SSL/TLS verification (e.g., with self-signed certificates) while `--verifyssl` is `True` (default), the custom `CustomHTTPAdapter` disables hostname verification (`assert_hostname = False`). This can make the connection vulnerable to Man-in-the-Middle (MITM) attacks, even if the certificate itself is trusted. 2. **Hardcoded Default Credentials:** The `argparse` module defaults for `--username` and `--password` are `odmAdmin`, which is a common security anti-pattern. While these can be overridden by environment variables or CLI arguments, using defaults in production without changing them is a significant risk. 3. **Explicit SSL Disablement:** The `--verifyssl "False"` option explicitly disables SSL/TLS certificate verification. While documented for dev/test, its misuse in production can lead to severe vulnerabilities. These issues, particularly the conditional weakening of TLS security and hardcoded defaults, lower the overall security score.
Updated: 2026-01-05GitHub
28
2
Medium Cost
shlomiuziel icon

asher-mcp

by shlomiuziel

Sec8

A secure, local-first financial data aggregator for Israeli banks and credit card companies, providing an MCP server interface for AI hosts to analyze transactions.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm for installation.
  • ⚠️Requires 'tsx' to be installed globally for Claude Desktop integration.
  • ⚠️Requires manual creation of a 'credentials.json' file with sensitive banking information.
  • ⚠️A database encryption key must be entered at runtime and managed securely by the user.
Verified SafeView Analysis
The project implements strong security practices including local-first data storage, encryption at rest for sensitive data (using better-sqlite3-multiple-ciphers), runtime encryption key prompting (key not stored on disk), and strict file permissions (chmod 600) for the SQLite database. SQL SELECT queries from MCP hosts are validated to prevent injection and restrict access to allowed tables. The primary remaining risks are inherent to banking scrapers (reliance on israeli-bank-scrapers library, potential for account lockout if scrapers fail, security of the initial credentials.json file, and the user's secure management of their encryption key). No 'eval' or malicious patterns were found.
Updated: 2025-11-20GitHub
28
1
Low Cost
longdog icon

notify-mcp

by longdog

Sec9

A lightweight Model Context Protocol (MCP) server that enables AI assistants to send desktop notifications via `notify-send` or `osascript`.

Setup Requirements

  • ⚠️Requires `notify-send` (libnotify-bin on Linux) to be installed.
  • ⚠️Requires `jq` tool for JSON parsing.
  • ⚠️Requires proper `DBUS_SESSION_BUS_ADDRESS` environment variable for `notify-send` to function correctly on Linux (though the script attempts to set a default).
Verified SafeView Analysis
The script directly passes user-provided 'title' and 'message' to `notify-send` on Linux and `osascript` on MacOS. While these specific commands generally treat arguments as literal strings, robust input sanitization or explicit argument escaping for arbitrary shell commands would be required in more complex scenarios. In this specific context, the risk of command injection is very low due to how `notify-send` and `osascript` handle arguments for notification display. There is no 'eval' usage, network exposure, or hardcoded secrets.
Updated: 2026-01-08GitHub
28
54
Low Cost
arm icon

mcp

by arm

Sec8

An MCP server that equips AI assistants with specialized tools and knowledge for Arm architecture development, migration, and optimization.

Setup Requirements

  • ⚠️Requires Docker (with buildx support)
  • ⚠️Requires an MCP-compatible AI assistant client
  • ⚠️Requires correct configuration of Docker volume mounts for workspace access (e.g., `-v /path/to/your/workspace:/workspace`)
Verified SafeView Analysis
The server runs within a Docker container and primarily invokes external CLI tools (migrate-ease, skopeo, llvm-mca) using `subprocess.run` with list-based arguments, mitigating direct shell injection risks. Workspace scanning operations utilize a filtered copy of the mounted workspace, and remote Git repository cloning occurs in temporary, self-cleaned directories, which are good security practices. No `eval()` or code obfuscation was found. External network requests are made to Docker Hub and GitHub, which are legitimate for its functionality. There are no hardcoded secrets in the runtime server code. The primary risk is inherent to allowing an AI agent to execute commands on a mounted user workspace, requiring user awareness regarding the data mounted. Logging of tool invocations and errors is directed to the user's mounted workspace for transparency.
Updated: 2025-12-17GitHub
28
5
Medium Cost
aybelatchane icon

mcp-server-terminal

by aybelatchane

Sec9

Enables AI agents to interact with and automate terminal applications by converting terminal content into a structured UI tree.

Setup Requirements

  • ⚠️Requires Node.js (>=16) for `npx` installation, or Rust (1.75+) for building from source.
  • ⚠️Visual mode on Linux/WSL requires an X11 server and configuration of the `DISPLAY` environment variable (e.g., `DISPLAY=:0`).
  • ⚠️Full visual mode functionality on Windows requires WSL2; native Windows support is currently headless-only.
Verified SafeView Analysis
The project demonstrates a strong focus on security, explicitly addressing common vulnerabilities in `SECURITY.md`. It utilizes memory-safe Rust, employs a command whitelist feature to restrict execution, and uses `portable-pty`'s `CommandBuilder` to prevent command injection. Tmux input is sent via hex mode for reliability and security. The `cli.js` wrapper auto-updates the binary from GitHub Releases, which is a standard distribution method but means users are always running the latest version, implying trust in GitHub's release process and the project maintainers. Visual mode and session recordings have clear security considerations outlined, such as potential exposure of terminal content in untrusted environments.
Updated: 2026-01-02GitHub
28
2
High Cost
clouatre-labs icon

math-mcp-learning-server

by clouatre-labs

Sec8

An educational Model Context Protocol (MCP) server providing persistent mathematical calculations, statistical analysis, unit conversions, and data visualizations, primarily for learning and agent interaction.

Setup Requirements

  • ⚠️Python 3.11+ is required.
  • ⚠️Visualization and matrix operations require optional '[plotting]' (matplotlib, numpy) and '[scientific]' (numpy) extras to be installed, otherwise, tools will return a missing dependency error.
  • ⚠️When deployed to FastMCP Cloud, the persistent workspace data ('save_calculation', 'load_variable') will reset on container restart due to ephemeral storage.
Verified SafeView Analysis
The server employs 'eval()' for mathematical expressions but does so within a heavily sandboxed environment. This includes whitelisting allowed characters and math functions, blocking dangerous keywords ('import', 'exec', 'eval', 'open', 'file'), and restricting the 'eval' global scope. Comprehensive input validation using Pydantic, DoS prevention via length/size limits (expressions, arrays, matrices), and rate limiting are implemented. File system operations are confined to a user-specific workspace directory. 'SECURITY.md' provides clear documentation on these measures.
Updated: 2026-01-07GitHub
28
1
Medium Cost
pandiaaman icon

CloudUxMCP

by pandiaaman

Sec3

Provides an AI-powered assistant for Avid MediaCentral CTMS, enabling natural language interaction and system browsing of Production Asset Management (PAM) and Media Asset Management (MAM) systems.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (Paid) for AI chatbot functionality.
  • ⚠️Requires access to an Avid MediaCentral CTMS instance (host, username, password, and a bearer token).
  • ⚠️Frontend UI and test scripts contain hardcoded default credentials, requiring manual updates and posing a security risk during initial setup and testing.
  • ⚠️SSL certificate verification is disabled (`verify=False`) in the backend's HTTP client, which is insecure and should not be used in production.
Review RequiredView Analysis
Critical security risks identified: Hardcoded MediaCentral credentials (host, username, password, bearer_token) are present in frontend source files (`avidmcpui/src/components/LoginScreen.jsx`) and backend test scripts (`avidmcpserver/test_auth.py`, `avidmcpserver/test_complete.py`), making them easily discoverable and exploitable. SSL certificate verification is explicitly disabled (`verify=False`) for `httpx` client in `auth_service.py` and `ctms_service.py`, which is highly insecure for production environments and susceptible to Man-in-the-Middle (MITM) attacks. The backend's CORS middleware (`allow_origins=["*"]`) allows requests from any origin, which is overly permissive and potentially risky if sensitive data is involved. OpenAI API key is configured via environment variables but requires careful handling to prevent exposure.
Updated: 2025-11-19GitHub
28
17
Medium Cost
collibra icon

chip

by collibra

Sec8

The Collibra MCP Server acts as a bridge, enabling AI agents to interact with Collibra Data Governance Center for intelligent data discovery and governance operations.

Setup Requirements

  • ⚠️Requires access to an existing Collibra Data Governance Center instance.
  • ⚠️Requires valid Collibra credentials (either configured server-wide or provided by the client).
  • ⚠️Building from source requires a Go development environment.
Verified SafeView Analysis
The server uses environment variables or configuration files for credentials, avoiding hardcoding. In HTTP mode, it binds to localhost only for security. It explicitly documents and warns about skipping TLS verification for development/testing, indicating an awareness of the security implications. There are no obvious code execution vulnerabilities like 'eval' in the Go source.
Updated: 2025-12-30GitHub
PreviousPage 230 of 713Next