Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

28
14
Medium Cost
vapvarun icon

wpcs-mcp-server

by vapvarun

Sec7

Integrates WordPress Coding Standards (WPCS) checks and automatic fixes with Claude AI for WordPress plugin/theme development workflows.

Setup Requirements

  • ⚠️Requires PHP 8.2+ and Composer 2.0+ to be correctly configured in the system PATH, as the server wraps these external tools.
  • ⚠️Relies on `phpcs`, `WPCS`, and `PHPCompatibilityWP` being installed globally via Composer; the server attempts auto-installation but manual setup might be required.
  • ⚠️Detailed PATH configuration specific to the operating system and PHP installation (e.g., Herd, Homebrew, MAMP, Windows, Linux) is critical for the server to find PHP and Composer binaries.
Verified SafeView Analysis
The server relies heavily on `execSync` to run `phpcs` and `phpcbf` commands. While arguments for file paths are quoted, a theoretical risk of shell injection exists if a malicious input could craft a path that escapes these quotes and injects arbitrary commands. However, this is a local development tool where the user implicitly trusts the execution. The paths originating from `git diff` are generally safe. No `eval` or obfuscation is present, and no direct network connections are initiated by the server itself, reducing external attack surface.
Updated: 2025-12-20GitHub
28
7
Medium Cost
mattzcarey icon

sandbox-mcp

by mattzcarey

Sec9

Manages and securely proxies AI coding agents running in Cloudflare Sandboxes to interact with external services like Anthropic and GitHub, providing zero-trust authentication and session persistence.

Setup Requirements

  • ⚠️Requires a Cloudflare account and familiarity with Cloudflare Workers, Durable Objects, and R2 Storage.
  • ⚠️Requires API keys for external paid services (Anthropic, GitHub) to be set as Wrangler secrets.
  • ⚠️Authentication to the `/mcp` endpoint requires a separate `AUTH_TOKEN` to be configured as a Wrangler secret.
Verified SafeView Analysis
The server implements a robust zero-trust authentication proxy using JWTs to ensure sandboxed AI agents do not directly access sensitive API keys. Specific services (like GitHub) restrict proxied paths to prevent abuse. Secrets are managed via Cloudflare Workers' secret store, and no hardcoded secrets are present. The use of `sandbox.exec` is contained to standard shell and git commands within an isolated sandbox environment. The `AUTH_TOKEN` mentioned in the README for the `/mcp` endpoint is a necessary security measure for the API entry point.
Updated: 2026-01-02GitHub
28
1
High Cost
PerkyZZ999 icon

MemorizedMCP-TS

by PerkyZZ999

Sec7

Provides a Bun + TypeScript powered Model Context Protocol (MCP) server with hybrid memory, document intelligence, and knowledge graph tooling for AI agents.

Setup Requirements

  • ⚠️Requires Bun >= 1.3.0 to run.
  • ⚠️Initial startup requires downloading the configured TRANSFORMER_MODEL (e.g., Xenova/all-MiniLM-L6-v2), which can be around ~80MB.
  • ⚠️SQLite is used for structured data and requires FTS5 support (usually available in standard SQLite builds).
  • ⚠️Requires manual creation of DATA_ROOT directories for persistent storage if not using default paths.
Verified SafeView Analysis
The server includes a `run_code` tool that executes TypeScript code in a sandbox (using `new AsyncFunction()`). While attempts are made to restrict access to globals (only `services` and `console` are injected), direct filesystem access via services (e.g., `document.ingest` within `DATA_ROOT`) and outbound network calls (e.g., `TRANSFORMER_MODEL` download) are part of its intended functionality. A compromised `TRANSFORMER_MODEL` URL or a successfully exploited vulnerability in the sandbox could lead to risks. Users should ensure `DATA_ROOT` permissions are restricted and `TRANSFORMER_MODEL` sources are trusted.
Updated: 2025-11-20GitHub
28
2
Medium Cost
norandom icon
Sec9

This server integrates RAGFlow's knowledge base and document management APIs with LLMs like Claude Desktop, providing enriched context and enhanced retrieval capabilities through a Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires a running RAGFlow instance with its BASE_URL and API_KEY configured.
  • ⚠️Requires an OpenAI API Key (or OpenRouter API Key) for DSPy query deepening functionality, which is a paid service.
  • ⚠️DSPy must be installed from its GitHub repository (`pip install git+https://github.com/stanfordnlp/dspy.git`) for macOS to avoid build issues.
  • ⚠️Requires Python 3.12+ as per `pyproject.toml`.
  • ⚠️The rerank functionality is currently disabled due to a known upstream API protocol issue.
Verified SafeView Analysis
The server demonstrates good security practices by loading sensitive API keys (RAGFlow, OpenAI, OpenRouter, Cloudflare Zero Trust) from `config.json` or environment variables using `os.getenv`, preventing hardcoding. Input validation is extensively used in `validation.py` (e.g., `validate_query`, `validate_dataset_id`) to sanitize user inputs, mitigating common injection risks. Log redaction for sensitive data is implemented. HTTP requests use `aiohttp` with timeouts and robust error handling. The development workflow enforces commit signing via SSH, promoting code integrity. A minor point is that included shell scripts directly parse `config.json` for API keys, which exposes them within the script's environment, but this is a common pattern for local utility scripts.
Updated: 2025-11-20GitHub
28
1
Low Cost
jesamkim icon

html2pdf

by jesamkim

Sec3

Converts HTML content or files to PDF using a headless browser (Puppeteer) with various formatting options.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Puppeteer downloads Chromium (~300MB) on first run if not configured to use a system-installed browser.
  • ⚠️Requires specific system fonts (e.g., Noto CJK, Noto Emoji) for correct rendering of non-Latin characters and emojis.
Review RequiredView Analysis
CRITICAL VULNERABILITIES: The server allows path traversal for both input HTML files (`htmlPath`) and output PDF files (`outputPath`). A malicious actor can provide arbitrary file paths, potentially leading to unauthorized reading of sensitive local files via `file://` URLs (`fs.access` only checks existence, not content/permissions for sensitive files) and writing PDFs to arbitrary locations on the server's filesystem, which could overwrite critical system files or exhaust disk space. The `htmlContent`, `headerTemplate`, and `footerTemplate` parameters also accept raw HTML, which could embed malicious JavaScript if the generated PDF is viewed in an insecure context, though the immediate impact is contained within the PDF. Running Puppeteer with `--no-sandbox` (common in Docker) further reduces isolation, making these path traversal vulnerabilities more critical if the server is run as root or with elevated privileges.
Updated: 2025-11-20GitHub
27
1
Medium Cost
igorilic icon

obsidian-mcp

by igorilic

Sec8

Integrate AI assistants with Obsidian vaults to manage notes, track tasks, and facilitate knowledge discovery through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires 'OBSIDIAN_VAULT_PATH' environment variable to be set to the absolute path of your Obsidian vault.
  • ⚠️Node.js version 18 or higher is required.
  • ⚠️If using Docker, the host vault path must be correctly mounted to '/vault' within the container (e.g., via OBSIDIAN_VAULT_HOST_PATH in .env).
Verified SafeView Analysis
The server primarily interacts with the local file system within the configured 'OBSIDIAN_VAULT_PATH'. It uses `path.join` and `path.relative` to construct file paths, which helps mitigate directory traversal attacks within the vault. There are no direct uses of `eval` or obvious obfuscation. Network risks are present if the HTTP server (default port 3000, mapped to 9111 by Docker) is exposed to untrusted networks without proper access controls. The critical security aspect is ensuring the `OBSIDIAN_VAULT_PATH` environment variable is set to a specific, trusted Obsidian vault directory and not a broad system path (e.g., `/`) which could allow the AI to read/write arbitrary files outside the intended scope.
Updated: 2026-01-07GitHub
27
1
Low Cost
anesmeftah icon

mcp-doc-server

by anesmeftah

Sec8

The project serves as a document processing backend, extracting metadata and text from various document formats (Markdown, PDF), cleaning and segmenting the content, and preparing it for further analysis or embedding.

Setup Requirements

  • ⚠️Requires Python version 3.14 or higher, which is a very recent release and might not be commonly available.
  • ⚠️NLTK's 'punkt' tokenizer data may need to be downloaded explicitly (e.g., `nltk.download('punkt')`) if not already present, which is used by the embedder.
  • ⚠️The `mcp[cli]` dependency's specific setup or integration requirements are not detailed in the provided source and could introduce additional friction.
Verified SafeView Analysis
The current codebase does not contain obvious malicious patterns, hardcoded secrets, or 'eval' statements. The primary potential security risk lies in file path handling (`file_reader`, `md_extractor`, `pdf_extractor`) if the `file_path` inputs were derived from untrusted user input without proper sanitization, which could lead to directory traversal or unauthorized file access. Parsing untrusted PDFs with `pypdf` also carries inherent risks of denial-of-service or memory exhaustion. The 'server.py' is a placeholder with minimal functionality, so actual server-side vulnerabilities are currently unknown.
Updated: 2025-11-20GitHub
27
1
Low Cost
scaryrawr icon

strawberry-mcp

by scaryrawr

Sec9

This MCP server provides a tool for Large Language Models (LLMs) to count the occurrences of a specific letter within a given word, serving as a simple joke/learning example for building MCP tools.

Setup Requirements

  • ⚠️Requires Node.js (version 16 or higher as per typical TypeScript SDK usage) and npm/yarn for dependency management.
  • ⚠️The project needs to be built with `npm run build` (which executes `tsc`) before it can be started with `node dist/index.js`.
Verified SafeView Analysis
The server uses `StdioServerTransport`, meaning it communicates via standard input/output, which is generally safe for local processes as it does not expose network ports. There are no external network requests made by the core logic of this server, no hardcoded secrets, and no use of dangerous functions like `eval`. Input validation is present for the `letter` parameter, ensuring it's a single character. The server is designed for a very specific, contained task, minimizing attack surface.
Updated: 2026-01-07GitHub
27
8
Medium Cost
saadmanrafat icon

uv-mcp

by saadmanrafat

Sec9

Provides AI-native environment diagnostics, repair, and dependency management for Python projects using the uv package manager.

Setup Requirements

  • ⚠️Requires the `uv` package manager to be pre-installed on the system.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires an MCP-compliant AI client (e.g., Gemini CLI, Claude Desktop) for invocation.
Verified SafeView Analysis
The server primarily acts as a wrapper around the `uv` CLI, executing `uv` commands via `asyncio.create_subprocess_exec`. Arguments are passed as a list, which is generally safe against shell injection when `shell=False` (the default for `create_subprocess_exec`). Path handling uses `pathlib.Path`, which provides some sanitization. There are no explicit uses of `eval`, code obfuscation, or hardcoded secrets. The core security relies on the trustworthiness of the `uv` tool itself and the permissions of the user running the server. Logging is configured to help audit operations.
Updated: 2025-12-28GitHub
27
7
Medium Cost
Crawleo icon

Crawleo-MCP

by Crawleo

Sec9

Provides AI assistants with real-time web search and crawling capabilities via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Crawleo API Key (paid service after a free tier, see crawleo.dev for pricing).
  • ⚠️Dependent on the external Crawleo API (api.crawleo.dev) for all functionality and requires an active internet connection.
  • ⚠️Requires Node.js version 18 or higher to run directly from source or as an npm package.
Verified SafeView Analysis
The source code is clean, well-structured, and does not contain 'eval', obfuscation, or hardcoded secrets. It securely retrieves the CRAWLEO_API_KEY from environment variables and transmits it over HTTPS to the external Crawleo API. The security score reflects the code's robust handling of API keys and network communication, assuming the external Crawleo service itself adheres to secure practices.
Updated: 2025-12-31GitHub
27
1
Medium Cost
kmransom56 icon
Sec6

A comprehensive collection of 40+ Model Context Protocol (MCP) servers providing powerful capabilities for all major AI development tools, offering integration for IDEs, desktop applications, and command-line interfaces.

Setup Requirements

  • ⚠️Requires OpenAI API Key (paid service) for the OpenAI server.
  • ⚠️Requires Google Drive API credentials (OAuth 2.0 setup) for the GDrive server.
  • ⚠️Requires Fortinet/Meraki API Keys/credentials for the Fortinet, FortiManager, and Meraki servers.
  • ⚠️Requires FFmpeg to be installed for audio and video processing functionalities.
  • ⚠️Python 3.8+ and Node.js 18+ are required runtime environments.
  • ⚠️Many servers assume other local services (e.g., AIAutoDash) are running on default `localhost` ports.
Verified SafeView Analysis
The collection includes diverse servers with varying security postures. Positive aspects include robust path validation and symlink resolution in the 'filesystem' server, and explicit SQL injection prevention for read queries in the 'sqlite' server. However, potential risks exist in media processing tools (audio/video/image) if user-controlled input paths are not fully sanitized before being passed to external executables like FFmpeg, which could lead to command injection. The 'ai-mcp-platform' server allows making HTTP requests to internal platform services with user-controlled endpoints and data, posing a significant internal network exploitation risk if exposed to untrusted LLM input without further client-side sanitization. The Fortinet server notes `verify_ssl=False` by default, which is a potential MITM vulnerability if not configured carefully. The 'sqlite' server's write/create table tools lack the strong input validation present in the read query tool.
Updated: 2026-01-07GitHub
27
1
Low Cost
mpreziuso icon

mcp-atlas

by mpreziuso

Sec7

An MCP server enabling AI assistants to interact with Ariga Atlas migration tools for database schema management.

Setup Requirements

  • ⚠️Requires Atlas CLI to be pre-installed and available in system PATH.
  • ⚠️Requires Node.js 18 or higher.
Verified SafeView Analysis
The server executes external 'atlas' CLI commands using `node:child_process.spawn` with `shell: true`. While a custom `escapeShellArg` function is used to escape arguments, relying on `shell: true` with custom escaping can be less secure than passing arguments as an array to `spawn` (without `shell: true`) or using a more robust, battle-tested library. This approach introduces a potential, albeit mitigated, risk of shell injection if the escaping mechanism were to be bypassed or contain a subtle flaw. No 'eval', obfuscation, or hardcoded secrets were found. Database connection URLs and other sensitive parameters are passed by the AI assistant as tool arguments, implying user control.
Updated: 2026-01-07GitHub
PreviousPage 232 of 713Next