Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

27
1
Medium Cost
m10x icon

malim

by m10x

Sec2

A malicious MCP server designed to test MCP clients for potential security vulnerabilities.

Setup Requirements

  • ⚠️Requires a compatible MCP client for interaction.
  • ⚠️Dependencies from `requirements.txt` must be installed (e.g., `fastmcp`).
Review RequiredView Analysis
This server is *explicitly designed to be malicious* for security testing purposes. It contains deliberate XSS payloads in `website_url` and `icons`, and sophisticated prompt injection attempts in `instructions`, tool descriptions (`all_in_one_tool`, `write_stuff`), and tool prompts (`analyze_sentiment`, `creative_writing`). It also attempts tool poisoning and elicitation-based attacks. Running this server is inherently risky for any MCP client not specifically hardened against such attacks. It should only be run in a controlled, isolated environment for its intended purpose of client vulnerability assessment. No `eval`, obfuscation, or hardcoded secrets were found that weren't part of the deliberate malicious payloads.
Updated: 2025-11-20GitHub
27
83
Medium Cost
serpapi icon

mcp-server

by serpapi

Sec9

A Model Context Protocol (MCP) server that integrates with SerpApi to provide comprehensive search engine results and data extraction to an LLM.

Setup Requirements

  • ⚠️Requires a SerpApi API Key (SerpApi is a paid service, rate limits apply)
  • ⚠️Requires Python 3.12+ (Python 3.13+ explicitly mentioned in README)
  • ⚠️Uses 'uv' for dependency management and running in local development (a modern Python package installer)
Verified SafeView Analysis
The server correctly handles API keys via path or bearer token, avoiding hardcoding. It uses standard FastAPI/Starlette components and includes CORS, request metrics, and error handling for SerpApi calls. There are no obvious malicious patterns like 'eval' or obfuscation. Error responses are designed to avoid exposing sensitive internal details.
Updated: 2025-12-15GitHub
27
22
Medium Cost
agntcy icon

identity-spec

by agntcy

Sec9

Provides specifications, documentation, and API definitions for an identity framework managing verifiable credentials for agents and MCP Servers in an Internet of Agents (IoA).

Setup Requirements

  • ⚠️Requires Node.js >= 18.0
  • ⚠️Uses Yarn for package management
  • ⚠️Build process likely requires `make` and `protoc` (Protobuf compiler) to generate API documentation
Verified SafeView Analysis
The provided source code is for a Docusaurus documentation website describing the Identity framework and MCP Server specifications. It does not contain the executable code for the MCP Server itself. The documentation site code (`docs-src`) appears to be well-structured, uses standard Docusaurus practices, and does not exhibit obvious direct security vulnerabilities like `eval`, obfuscation, or hardcoded secrets. The OpenAPI and JSON Schema definitions describe an Identity Node/MCP Server that uses cryptographic methods (JWK, PQC algorithms) for secure identity management, indicating an intent for robust security in the *actual* server implementation (which is not provided).
Updated: 2025-12-29GitHub
27
1
Medium Cost
ghostsecurity icon

ghost-mcp-server

by ghostsecurity

Sec8

Provides a Model Context Protocol (MCP) server for the Ghost Security API, enabling AI agents to securely manage security findings and analyze repository data through standardized tools.

Setup Requirements

  • ⚠️Requires Ghost Security API Key (account/registration needed at Ghost Security)
  • ⚠️Requires Claude Code CLI for quick installation and integration
  • ⚠️Requires Anthropic API Key for the bundled CLI chatbot functionality (separate account/payment)
Verified SafeView Analysis
The core server and client code adhere to standard security practices for API interaction, utilizing API keys passed via environment variables or command-line arguments for authentication. Responses containing large lists of findings are intelligently truncated to prevent excessive token usage by AI models, which is a good reliability and cost-control measure. No direct use of 'eval' or other dynamic code execution that could lead to runtime injection vulnerabilities was observed. Installation scripts (e.g., `install.js`, `setup-claude-code.sh`) use `execSync` for system commands and directly embed user-provided API keys into JSON configuration files. While this is a common installer pattern, it carries a minor, theoretical risk if a maliciously crafted API key were to bypass string escaping during setup. This is a setup-time, not runtime, consideration, and assumes the user trusts the installer script itself.
Updated: 2026-01-07GitHub
27
51
Medium Cost
JamesANZ icon

medical-mcp

by JamesANZ

Sec8

Provides comprehensive, real-time medical data from authoritative sources to enhance AI workflows locally and privately.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm to be installed.
  • ⚠️The Puppeteer dependency will download a Chromium browser instance (~170MB) upon first run or install, which can take time and storage.
  • ⚠️Manual setup for Claude Desktop requires editing a JSON configuration file with the absolute path to the server's build directory, which can be error-prone or require platform-specific adjustments.
Verified SafeView Analysis
The server runs 100% locally and requires no API keys, significantly reducing external attack surface and credential leakage risks. It actively logs safety warnings regarding medical advice. However, the use of Puppeteer for web scraping (Google Scholar, Cochrane, AAP) introduces a slight risk, as it launches a Chromium browser with `--no-sandbox` and other flags. While common for scraping, a vulnerability in Chromium or a malicious target website could theoretically pose a local execution risk. The code attempts to mitigate this by disabling JavaScript and images in some scraping contexts and running locally, but it's a non-zero risk inherent to browser automation for untrusted content.
Updated: 2025-12-18GitHub
27
1
Low Cost
botzrDev icon

mcp-guard

by botzrDev

Sec9

Security gateway for Model Context Protocol (MCP) servers, providing authentication, authorization, rate limiting, and observability.

Setup Requirements

  • ⚠️Requires Rust toolchain for `cargo install` or building from source.
  • ⚠️The default `stdio` upstream configuration in `mcp-guard.toml` relies on `npx @modelcontextprotocol/server-filesystem`, which requires Node.js and npm to be installed.
  • ⚠️Commercial tiers (Pro, Enterprise) require a valid license key to be set as an environment variable (`MCP_GUARD_LICENSE_KEY`). The Enterprise tier also requires initial online validation via Keygen.sh.
Verified SafeView Analysis
The project demonstrates a strong focus on security. Key strengths include robust input validation (SSRF and command injection prevention for upstream connections), API key hashing with constant-time comparison, comprehensive OAuth 2.1 support with PKCE and state protection, and explicit configuration for mTLS trusted proxies to prevent header spoofing. Error messages are sanitized to avoid exposing internal details. Hardcoded production secrets are avoided, as evidenced by a past fix documented in `CHANGES.md`. The overall architecture and practices implemented contribute to a secure gateway solution.
Updated: 2026-01-07GitHub
27
1
Medium Cost
quiltdata icon

quilt-mcp-server

by quiltdata

Sec9

Enables AI models (LLMs) to query, analyze, visualize, and package data in AWS S3, Athena, and Quilt catalogs using natural language interactions.

Setup Requirements

  • ⚠️Requires Python 3.11+ for execution.
  • ⚠️Demands separate AWS credentials for Bedrock access AND a `quilt3 login` for S3/Athena/Glue data access, which can be a point of friction.
  • ⚠️Relies on `uv` (a modern Python package manager) for installation, which might be new for some users.
Verified SafeView Analysis
The server leverages standard AWS boto3 and Quilt3 authentication mechanisms for secure access to AWS resources. Direct interaction with `subprocess` and file system operations are primarily confined to server management and testing scripts, not core runtime operations with arbitrary user input. Data loading from S3 is a core feature, relying on configured IAM/Quilt permissions. No direct `eval` or obvious malicious patterns are present.
Updated: 2026-01-08GitHub
27
1
High Cost
Nadiar icon
Sec9

Integrate Destiny 2 game data (player profiles, activities, items, clans, triumphs) with LLMs for rich context and query capabilities.

Setup Requirements

  • ⚠️Requires a Bungie API Key obtained by creating a 'Private' application on the Bungie Developer Portal.
  • ⚠️Requires Node.js 18.x+ or Docker for execution.
  • ⚠️Downloads and maintains a local manifest cache (tens of MBs) on first run, which requires disk space and can take some time to initialize.
Verified SafeView Analysis
The server demonstrates strong security practices: `BUNGIE_API_KEY` is strictly loaded from environment variables and never hardcoded. It uses a `sanitize` function to redact API keys from logs and error messages. Input validation is performed using Zod schemas for tool parameters, reducing injection risks. API calls include rate limiting, exponential backoff, and timeouts to handle external service interactions robustly. The `SECURITY.md` explicitly addresses a known vulnerability in a dependency (`@modelcontextprotocol/sdk`) and clarifies why this server is not affected due to its stdio transport. No 'eval' or obvious obfuscation is present. Overall, it is well-engineered for secure operation.
Updated: 2026-01-07GitHub
27
20
Low Cost
zed-extensions icon

mcp-server-brave-search

by zed-extensions

Sec8

Integrates Brave Search results as a Model Context Protocol server within the Zed editor, providing AI context.

Setup Requirements

  • ⚠️Requires a Brave Search API Key.
  • ⚠️Requires signing up for a Brave Search API account (a free tier with usage limits is available).
Verified SafeView Analysis
The extension functions as a wrapper, installing the official `@brave/brave-search-mcp-server` NPM package and executing it via Node.js. The Brave Search API key is securely handled by being passed as an environment variable to the Node.js process, preventing exposure. While executing third-party NPM packages always involves some inherent risk, the package is from a reputable source (Brave), and the core logic of the wrapper appears sound. No `eval`, code obfuscation, or other immediately malicious patterns were detected within the provided source code.
Updated: 2025-12-29GitHub
27
1
Low Cost
jon-the-dev icon

1password-mcp-server

by jon-the-dev

Sec1

Provides secure access to 1Password credentials for AI assistants through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires a 1Password service account with 'Read' access to specific vaults (e.g., 'AI').
  • ⚠️The OP_SERVICE_ACCOUNT_TOKEN environment variable is required for operation.
Review RequiredView Analysis
The server has critical security flaws that undermine its stated 'enterprise-grade security hardening' and 'P1 security hardening' claims. Specifically: 1. **Credential Bypass in Secure Memory Protection (C-1)**: The `SecureString` wrapper, intended for memory protection, is immediately bypassed by calling `.get_value()` within its own context. This extracts the plaintext password and places it into a standard dictionary before returning, rendering the `SecureString` ineffective for the *returned* credential's memory lifecycle, creating a false sense of security. 2. **No Authentication or Authorization for MCP Tools (C-2)**: The server fundamentally lacks an authentication or authorization layer for incoming MCP tool requests. Any process that can connect to the server (e.g., locally via stdio) can request *any* accessible 1Password credential, bypassing the principle of least privilege and user accountability. 3. **Service Account Token Stored in Plaintext Memory (C-3)**: The critical 1Password service account token, which grants broad access to vaults, is loaded as a plaintext Python string and remains unprotected in memory throughout the server's operation. This exposes the token to memory dumps, debuggers, and other memory inspection techniques. These issues represent fundamental vulnerabilities that contradict the project's security assertions, making it highly unsafe for sensitive data in any environment.
Updated: 2026-01-08GitHub
27
38
Medium Cost
Rootly-AI-Labs icon

Rootly-MCP-server

by Rootly-AI-Labs

Sec8

This server integrates the Rootly API as an MCP server, enabling AI agents to manage production incidents, analyze historical data for insights, and suggest solutions directly within MCP-compatible editors.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires the `uv` package manager for dependency installation and execution.
  • ⚠️A Rootly API token (Global API Key recommended) is required and must be set as the ROOTLY_API_TOKEN environment variable.
Verified SafeView Analysis
The server retrieves the OpenAPI (Swagger) specification from an external S3 URL if not found locally. While the spec is non-executable JSON, fetching external content introduces a minor supply chain risk. API tokens are correctly handled via environment variables and are not hardcoded. Logging of API tokens is restricted to prefixes for debugging, which is a good practice. The `strip_heavy_nested_data` function helps reduce the exposure of sensitive or extensive data to the LLM context.
Updated: 2025-12-26GitHub
27
1
Medium Cost
domdomegg icon
Sec9

Enables AI systems to interact with Google Docs for reading, editing, and content generation, facilitating workflows like document Q&A, meeting summaries, content drafting, and daily planning with persistent context.

Setup Requirements

  • ⚠️Requires manual creation of Google OAuth 2.0 credentials in the Google Cloud Console and enabling the Google Docs API.
  • ⚠️Requires specific environment variables (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET for HTTP transport or GOOGLE_ACCESS_TOKEN for stdio transport) to be configured.
  • ⚠️Node.js and npm must be installed on the host system to run the server.
Verified SafeView Analysis
The server acts as an OAuth proxy, enhancing security by abstracting Google client credentials from the MCP client. It enforces bearer token authentication and validates tokens against Google's tokeninfo endpoint to prevent unauthorized access with expired or invalid tokens. All external network calls are directed to legitimate Google API endpoints. The server relies on environment variables for sensitive credentials (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_ACCESS_TOKEN), avoiding hardcoded secrets. No 'eval' or direct arbitrary file system writes were observed; all file operations are handled by standard Node.js and MCP SDK mechanisms.
Updated: 2026-01-07GitHub
PreviousPage 233 of 713Next