Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

26
1
Medium Cost
notifly-tech icon

notifly-mcp-server

by notifly-tech

Sec9

Enables AI agents to deliver real-time, trustworthy Notifly documentation and SDK code examples for seamless integrations within MCP-compatible clients.

Setup Requirements

  • ⚠️Node.js version >= 18 is required for execution.
  • ⚠️Requires Internet access to fetch documentation pages and SDK source files from external Notifly and GitHub resources.
  • ⚠️Needs to be configured in an MCP-compatible client (e.g., VS Code extension, Claude Code, Codex) as it runs as a server for AI agents rather than a standalone application.
Verified SafeView Analysis
The server uses `fetch` to retrieve documentation and SDK source files from specified GitHub raw URLs and Notifly's documentation site. Input validation for queries and parameters is enforced using Zod, mitigating injection risks. Timeouts are implemented for network requests. No hardcoded secrets or 'eval' statements were found. The primary external dependency is on the integrity of content hosted on GitHub (specifically `raw.githubusercontent.com` within the notifly-tech organization) and `docs.notifly.tech`. Assuming these sources are secure, the server's direct security posture is strong.
Updated: 2026-01-07GitHub
26
21
Medium Cost
bejaminjones icon

bear-notes-mcp

by bejaminjones

Sec8

This server connects Claude Desktop to Bear notes, enabling natural language querying and management of notes through a hybrid sync-safe approach.

Setup Requirements

  • ⚠️Requires 'Full Disk Access' permission for Claude Desktop in macOS System Settings.
  • ⚠️Requires Node.js 18+ to be installed on the system.
  • ⚠️Requires manual replacement of `/path/to/bear-notes-mcp` with the actual server installation path in Claude Desktop's configuration.
Verified SafeView Analysis
The server employs a hybrid architecture for safety: direct read-only access to the Bear SQLite database for performance, and sync-safe write operations via Bear's x-callback-url API to prevent data corruption and ensure iCloud compatibility. SQL injection risks are mitigated through parameterized queries. The use of 'child_process.exec' is confined to controlled macOS inter-application communication (osascript and bear://x-callback-url/), not arbitrary user-controlled command execution. The main security consideration is the requirement for Claude Desktop to have 'Full Disk Access' permission on macOS, which is a significant privilege but necessary for this local integration.
Updated: 2025-12-27GitHub
26
5
Medium Cost
pangeacyber icon

pangea-mcp-proxy

by pangeacyber

Sec9

The Pangea MCP proxy secures communications between an MCP client and any MCP server by running all MCP I/O through Pangea AI Guard to block prompt injections, malicious content, and PII.

Setup Requirements

  • ⚠️Requires Node.js v22.15.0 or greater.
  • ⚠️Requires pnpm v10.12.1 or greater.
  • ⚠️Requires Pangea API tokens for Vault (to store and fetch AI Guard token). The `PANGEA_AIDR_TOKEN` mentioned in the README for client setup is fetched by the proxy from Vault via `PANGEA_VAULT_ITEM_ID`, which can be confusing during initial configuration.
  • ⚠️For examples/agent-demo: AWS credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`) are needed for Bedrock usage.
Verified SafeView Analysis
The server's primary function is to enhance security by acting as a proxy that routes client-server communications through Pangea AI Guard for threat detection and data protection. It uses Pangea Vault to securely fetch the AI Guard API token, which is a good practice for secret management and token rotation. Environment variables are used for sensitive API tokens (Vault token, Vault item ID) instead of hardcoding. The code does not use `eval` or other obvious dynamic code execution on arbitrary user input. `JSON.parse` is used for tool arguments and outputs, assuming the Pangea AI Guard service has already performed its sanitization and validation. The overall design emphasizes security via integration with a dedicated security service.
Updated: 2026-01-02GitHub
26
4
Medium Cost
lfnovo icon

surreal-mcp

by lfnovo

Sec3

Enables AI assistants to interact with SurrealDB databases using the Model Context Protocol.

Setup Requirements

  • ⚠️Requires a running SurrealDB instance (local or remote).
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Database credentials (URL, username, password) must be provided via environment variables (SURREAL_URL, SURREAL_USER, SURREAL_PASSWORD).
Review RequiredView Analysis
The server includes a 'query' tool that allows direct execution of arbitrary SurrealQL queries provided by the AI. While this is an intended feature to provide full database control, it represents a critical security risk if the AI model is untrusted, unconstrained, or compromised. An attacker could leverage this to perform arbitrary database operations including data deletion, modification, or exfiltration, especially if the SurrealDB user configured for the server has broad permissions (e.g., 'root' as in the examples). The `patch` tool also allows path-based updates, which, if not carefully controlled by the AI, could target sensitive fields. It is NOT safe to run this server in production or with untrusted AI input unless the SurrealDB user permissions are severely restricted to only necessary operations and/or AI input to the 'query' tool is rigorously validated and sanitized by an external layer.
Updated: 2026-01-03GitHub
26
7
Medium Cost
sshailabh icon

antlr4-mcp-server

by sshailabh

Sec9

MCP server enabling AI assistants to help with ANTLR4 grammar development by providing grammar analysis, parsing, and code generation capabilities.

Setup Requirements

  • ⚠️Requires Java 17+ runtime environment (or Docker for a self-contained setup)
  • ⚠️SVG ATN visualization requires Graphviz to be installed separately in the environment to render SVG output
  • ⚠️Grammar imports are not supported; all grammar rules must be in a single file inline with the request
Verified SafeView Analysis
The server includes robust security measures designed for LLM interaction: input validation (regex patterns for grammar/rule names, detection of shell metacharacters), path traversal prevention, and strict resource limits (max grammar/input sizes, process execution timeouts for compilation, and output truncation). The Docker setup further enhances security by running read-only containers with restricted privileges and temporary files mounted to a tmpfs with noexec/nosuid. No hardcoded secrets or malicious patterns were found.
Updated: 2026-01-01GitHub
26
1
Medium Cost
Automaat icon

drafts-mcp

by Automaat

Sec7

Enables Claude to interact with Drafts notes on macOS by providing tools for creating, retrieving, searching, modifying, and opening drafts.

Setup Requirements

  • ⚠️macOS operating system is required.
  • ⚠️Drafts application must be installed and running for write operations.
  • ⚠️Node.js 22+ is a prerequisite.
  • ⚠️Manual configuration of Claude Desktop's `mcpServers` JSON file is required.
Verified SafeView Analysis
The server uses `child_process.execFile` to interact with the Drafts app via URL schemes (`open` command) and directly with the local SQLite database (`sqlite3` command). While input sanitization (`encodeURIComponentSafe` for URLs and `replace(/'/g, "''")` for SQL queries) is implemented, the use of external execution commands inherently carries a risk if the sanitization were to be bypassed or if the underlying commands themselves had unpatched vulnerabilities. However, given the context of a local-only tool integration for a specific app, this approach is standard and seems reasonably secured for its intended purpose. No hardcoded secrets or arbitrary code execution (`eval`) were found.
Updated: 2025-11-19GitHub
26
1
Low Cost
sammcgeown icon
Sec7

Deploys HashiCorp Model Context Protocol (MCP) servers (Terraform and Vault) on Kubernetes, enabling AI assistants to interact with HashiCorp products via a unified ingress.

Setup Requirements

  • ⚠️Requires Kubernetes 1.19+ and Helm 3.0+.
  • ⚠️Optional: cert-manager for automatic TLS certificate management.
  • ⚠️Requires a HashiCorp Vault instance/token and/or Terraform Enterprise/Cloud account/token for full functionality.
  • ⚠️🚨 Security Warning: HashiCorp MCP servers are beta features. Using them may expose sensitive Vault/Terraform data to untrusted AI clients/LLMs. Exercise extreme caution.
Verified SafeView Analysis
The project uses standard and generally secure Kubernetes practices, including managing secrets via Kubernetes secrets and TLS certificates via cert-manager. The source code does not contain obvious malicious patterns or unsafe code execution (`eval`). However, the project's README explicitly states it's 'provided as-is' and 'not officially maintained by HashiCorp,' which implies potential long-term security maintenance risks. Crucially, the Vault MCP documentation warns that it is a beta feature and that the MCP server may expose Vault data/secrets to untrusted MCP clients and LLMs, advising against its use with untrusted parties. This highlights inherent risks in the application's use case, which users must mitigate.
Updated: 2025-11-20GitHub
26
39
High Cost
autolearnai icon

autolearn

by autolearnai

Sec1

AutoLearn is a Model Context Protocol (MCP) server that enables AI agents to dynamically create, refine, and reuse functional code workflows (skills) from natural language, acting as a self-improving coding agent.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid): Critical for core AI functionality.
  • ⚠️Python 3.11+ only: Project specifies Python version compatibility.
  • ⚠️Node.js/npm required for frontend: Separate installation and running steps for the UI.
Review RequiredView Analysis
CRITICAL: The `backend/sandbox.py` explicitly bypasses the sandboxing mechanism (`logger.warning(f"Executing skill {skill_name} directly (no sandbox) due to pickling limitations")`), meaning dynamically generated Python code is executed directly in the main server process using `exec()`. This allows for arbitrary remote code execution via API endpoints (`/skills/generate`, `/skills/register`, `/mcp` tools/call), which is an extremely severe vulnerability. Any unauthenticated access to these endpoints would allow complete system compromise. This is the most critical security flaw, making the system unsafe to run in its current state without a robust sandbox or process isolation.
Updated: 2025-12-16GitHub
26
1
Medium Cost
AgentRing icon

gym-mcp-server

by AgentRing

Sec8

Expose any Gymnasium environment as an MCP (Model Context Protocol) server via HTTP/REST and MCP endpoints for AI agent integration.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Specific Gymnasium environments might require additional `pip install gymnasium[extra]` dependencies (e.g., `[atari]`, `[box2d]`).
  • ⚠️Requires a Gymnasium environment ID (`--env`) or a custom environment entry point (`--entry-point`) at server startup.
Verified SafeView Analysis
The server uses `importlib.import_module` to dynamically load environment classes specified by the `--entry-point` command-line argument at startup. While this is a common Python extensibility pattern and not directly exposed via an API endpoint, it means that if an attacker could control the server's startup command (e.g., via a misconfigured deployment), they could potentially load arbitrary Python code. API endpoints (`/reset`, `/step`, etc.) are protected by FastAPI's Pydantic validation and internal checks against the Gymnasium action space, mitigating common injection risks. No obvious hardcoded secrets or other direct code execution vulnerabilities from user input via HTTP were found.
Updated: 2026-01-06GitHub
26
36
High Cost
Lekssays icon

codebadger

by Lekssays

Sec2

A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) technology.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose installed and running.
  • ⚠️Requires Python 3.10+ (3.13 recommended) and pip.
  • ⚠️CPG generation for large codebases can consume significant disk space and CPU/RAM, with a default timeout of 10 minutes per generation.
Review RequiredView Analysis
The server has critical security vulnerabilities. Specifically, tools like `get_method_source` and `get_code_snippet` construct file paths using user-provided `filename` parameters without sufficient path traversal validation. This allows an attacker to use `../` sequences in the `filename` to escape the intended codebase directory and potentially read arbitrary files from the host filesystem (since the Python server runs on the host and mounts the playground directory). The `find_bounds_checks` tool also interpolates user-provided `filename` directly into a Scala query, which could lead to path traversal vulnerabilities if Joern's internal file resolution doesn't fully sanitize it. The `run_cpgql_query` tool explicitly allows execution of arbitrary CPGQL queries, posing a risk of system information disclosure or manipulation within the sandboxed (but powerful) Joern environment, despite some basic input validation. The default server configuration listens on `0.0.0.0` (all network interfaces) and maps a wide range of ports (2000-2999) from the Docker container to the host, increasing the network attack surface.
Updated: 2025-12-15GitHub
26
75
Medium Cost
Vortiago icon

mcp-outline

by Vortiago

Sec9

A Model Context Protocol server for interacting with Outline document management, enabling AI assistants to search, read, create, edit, archive, and manage documents, collections, and comments.

Setup Requirements

  • ⚠️Requires an Outline account (cloud hosted or self-hosted)
  • ⚠️Requires an Outline API Key, obtained from Outline web UI settings
  • ⚠️Requires Python 3.10+ for non-Docker installations
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API keys. No dynamic code execution (e.g., 'eval', 'exec', or 'subprocess' with user-controlled input) is apparent in the provided source. The `_sanitize_value` function handles basic cleanup of environment variable strings. A patch is included to handle malformed input from specific MCP clients (GitHub Copilot CLI), which enhances robustness against potentially invalid requests. Reliance on `httpx` and `FastMCP` (reputable libraries) is a positive. The security of the underlying Outline instance itself would be an external dependency.
Updated: 2025-12-15GitHub
26
5
Medium Cost
ctford icon

mcp-nrepl

by ctford

Sec5

A minimal and fast Model Context Protocol (MCP) server implementation for Clojure's nREPL, enabling AI assistants to interact with the Clojure REPL for coding tasks.

Setup Requirements

  • ⚠️Requires Babashka to be installed as a prerequisite.
  • ⚠️Requires manually downloading the 'mcp-nrepl.bb' script to a permanent location.
  • ⚠️For bridge mode, an external nREPL server (e.g., 'lein repl', 'bb nrepl-server') must be running in the project directory, or the port must be explicitly specified.
Verified SafeView Analysis
This server is explicitly designed to grant full REPL access to AI assistants, which inherently allows arbitrary code execution, file system access, network access, and environment access with the user's permissions. The project documentation transparently highlights these significant security implications. While there are no hidden malicious patterns or obfuscation, and no hardcoded secrets were found, users must fully trust the AI assistant and understand these risks before deployment, as misuse could lead to severe consequences.
Updated: 2026-01-02GitHub
PreviousPage 237 of 713Next