Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

26
41
Medium Cost
tuannvm icon
Sec8

Enables LLM models and AI applications to interact with Apache Kafka for producing/consuming messages, managing topics, monitoring consumer groups, and assessing cluster health via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Go 1.24+ for building from source.
  • ⚠️Requires access to an Apache Kafka cluster for functionality.
  • ⚠️Enabling OAuth 2.1 for HTTP transport requires careful configuration of multiple environment variables (`OAUTH_ENABLED`, `OAUTH_SERVER_URL`, `OIDC_ISSUER`, `OIDC_AUDIENCE`, etc.).
Verified SafeView Analysis
The server leverages environment variables for all sensitive configurations (Kafka credentials, OAuth secrets), eliminating hardcoded secrets. It supports robust authentication mechanisms for Kafka (SASL, TLS) and the MCP server (OAuth 2.1 via HTTP transport). Input validation is present for tool arguments. However, using `KAFKA_TLS_INSECURE_SKIP_VERIFY=true` in production poses a significant man-in-the-middle risk, and the documentation explicitly warns against it. Overall, a secure setup is achievable but requires careful configuration by the user.
Updated: 2025-12-22GitHub
26
1
Medium Cost
davlloyd icon
Sec5

A Spring Boot server that exposes VMware vCenter operations as Model Context Protocol (MCP) tools, enabling AI assistants to interact with vCenter infrastructure.

Setup Requirements

  • ⚠️Requires access to a running VMware vCenter Server instance for functionality.
  • ⚠️Requires vCenter authentication credentials (host, username, password) to be configured.
  • ⚠️Defaults to insecure SSL (VCENTER_INSECURE=true), which must be explicitly set to 'false' for secure certificate validation in production environments.
Review RequiredView Analysis
The server defaults to 'insecure=true' for SSL certificate validation, which is explicitly noted as not recommended for production. This means it trusts all SSL certificates, making it vulnerable to man-in-the-middle attacks if not explicitly disabled (`VCENTER_INSECURE=false`) in production environments. Credentials are managed via environment variables or Cloud Foundry service bindings, which is a good practice for external configuration. Session management uses secure vAPI session tokens with automatic renewal.
Updated: 2025-11-20GitHub
26
1
Low Cost
dwmkerr icon

mock-llm

by dwmkerr

Sec8

Provides a configurable mock API server compatible with OpenAI's API, the Model Context Protocol (MCP), and the Agent-to-Agent (A2A) Protocol, primarily for deterministic testing and development of AI applications.

Setup Requirements

  • ⚠️Requires a Node.js runtime environment (version 18 or higher as per package-lock.json).
  • ⚠️Custom mock rules require familiarity with `mock-llm.yaml` file structure and JMESPath expressions for advanced matching and response templating.
  • ⚠️Deployment to a shared or production environment requires external authentication/authorization layers for the `/config` endpoints to prevent unauthorized configuration changes.
Verified SafeView Analysis
The server's core functionality for mocking responses and templating (using JMESPath) does not appear to use inherently dangerous functions like 'eval' or direct command execution with user input, making it safe for its intended purpose. Environment variables are used for host and port configuration, which is a good practice. However, the `/config` API endpoints (GET, POST, PATCH, DELETE) allow for runtime modification and reset of the server's rules and streaming configuration. If this mock server is deployed in an environment accessible by unauthorized parties without additional security layers (e.g., API Gateway authentication), an attacker could reconfigure the mock responses, potentially disrupting client testing or manipulating test data. This is a common pattern for mock servers and acceptable for local or isolated testing environments but poses a risk in shared or production-like setups without proper access controls.
Updated: 2026-01-06GitHub
26
2
Medium Cost
moldis icon

mcp-kaspa

by moldis

Sec9

Integrate with Kaspa blockchain nodes via RPC to provide tools for querying blockchain data and network status.

Setup Requirements

  • ⚠️Access to a running Kaspa node RPC endpoint is required for core functionality.
  • ⚠️uvx (part of the 'uv' package) is required for the recommended installation method.
  • ⚠️A KASFYI_API_KEY environment variable is required for tools that interact with the kas.fyi API, such as `get_blocks_by_blue_score_range`.
Verified SafeView Analysis
The server demonstrates good security practices by retrieving API keys from environment variables and avoiding hardcoded secrets. It utilizes a dedicated Kaspa RPC client library (kaspad-client) for network interactions, reducing the risk of custom RPC construction vulnerabilities. Input validation is performed for critical arguments like addresses and hashes, and comprehensive error handling ensures that unhandled exceptions do not crash the server or expose sensitive information directly to the client. Rate limiting is implemented for external API calls (kas.fyi) when an API key is provided.
Updated: 2026-01-06GitHub
26
1
Low Cost
franks42 icon
Sec5

A Babashka-based MCP server that bridges Claude Code (AI) with VS Code's Joyride nREPL server for AI-assisted Clojure development and editor automation.

Setup Requirements

  • ⚠️Requires Babashka to be installed.
  • ⚠️Requires UV (Python package manager) to be installed for managing Python tooling.
  • ⚠️Requires VS Code with the Joyride extension, and the Joyride nREPL server must be running in the VS Code workspace.
Verified SafeView Analysis
The server's core function is to execute arbitrary Clojure code via nREPL operations ('eval'). While this is its intended purpose for AI-assisted development, it means that any code passed to it (e.g., by a compromised or misbehaving AI agent) will be executed. The system relies on Joyride's sandboxed environment within VS Code and primarily uses local-only connections, mitigating external network risks. However, the inherent power of arbitrary code execution warrants a moderate security score.
Updated: 2025-11-20GitHub
26
1
Low Cost
bluetsys icon
Sec8

Exposes JsonPlaceholder API functionality as tools for AI agents and LLMs via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires .NET 10.0 SDK (recommended, though .NET 6+ is mentioned)
  • ⚠️Requires Visual Studio Code and GitHub Copilot Extension for full IDE integration and AI agent experience
  • ⚠️Requires explicit MCP server configuration (e.g., in .vscode/mcp.json) for IDE discovery and use
Verified SafeView Analysis
The server acts as a proxy for a public API (JsonPlaceholder). No 'eval' or malicious patterns are observed. The `HttpClient` configuration allows for a `bearerToken`, which could handle sensitive data if provided by the consuming agent, but the sample itself doesn't introduce vulnerabilities related to this. Overall, the code is straightforward and appears safe for its intended purpose as a sample MCP server.
Updated: 2025-11-19GitHub
26
36
High Cost
Lekssays icon
Sec6

A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) technology.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for the Joern analysis engine.
  • ⚠️Requires Python 3.10+ (Python 3.13 recommended) and pip.
  • ⚠️For 'local' source code analysis, the server needs read access to the specified host filesystem path.
  • ⚠️CPG generation and complex queries can be CPU and RAM intensive, requiring sufficient system resources.
Verified SafeView Analysis
The server itself does not use 'eval' or contain obvious malicious patterns. Input validation is applied to various parameters, including CPGQL queries, to prevent common injection attacks. However, the spawned Joern server instances run within a Docker container, and their ports (2000-2999) are mapped directly to the host's localhost interface by default (`docker-compose.yml`). These Joern instances currently lack explicit authentication (`joern.server_auth_username/password` from config are not passed to `JoernServerClient`), meaning any other process on the host machine could potentially interact with them directly, bypassing the MCP server's tool interface. While this is a local access risk rather than external network exposure, it's a notable design choice.
Updated: 2025-12-15GitHub
26
1
Low Cost
buildsomething01 icon

generic_mcp_server

by buildsomething01

Sec4

A generic Model Context Protocol (MCP) server that dynamically discovers and routes tool calls to external services based on metadata stored in Google Cloud Firestore.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with Firestore enabled.
  • ⚠️Requires Google Cloud credentials to be configured (e.g., via service account or `gcloud auth`).
  • ⚠️The server acts as a proxy; actual tool functionality must be implemented in external HTTP services pointed to by `run_url`.
Review RequiredView Analysis
The server dynamically routes client-provided arguments to external `run_url`s defined in Firestore. This poses a significant Server-Side Request Forgery (SSRF) risk if untrusted parties can modify the Firestore tool registry or if `run_url`s are not strictly whitelisted and validated internally by the server. Without robust input validation and whitelisting of `run_url`s, this architecture could allow an attacker to probe internal networks or exfiltrate data by registering malicious tool endpoints. Session management is in-memory, leading to non-persistent sessions and potential integrity issues on server restarts. No explicit authentication/authorization for the MCP endpoint itself is provided, making it an open gateway to registered tools.
Updated: 2025-11-19GitHub
26
1
High Cost
jarmentor icon
Sec8

AI-powered semantic search and note management for Obsidian vaults, integrated with LLMs via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for full system deployment.
  • ⚠️Ollama must be running locally with the `nomic-embed-text:latest` model downloaded and accessible (e.g., via `host.docker.internal` from Docker or `127.0.0.1` locally).
  • ⚠️Manual configuration of the `NOTEBOOK_PATH` is required in `docker-compose.yml` or `claude_desktop_config.json` to point to your Obsidian vault.
Verified SafeView Analysis
The system processes local files and interacts with local services (Qdrant, Ollama). File system operations (`read`, `write`, `append`, `create`) are confined to the `NOTEBOOK_PATH` and use `path.join` to prevent directory traversal. In Docker, the `ai-note-searcher` container's volume mount is `read-only`, enhancing security for indexing. However, when the `mcp-server.js` script is run locally (e.g., for Claude Desktop integration), it has write access to the configured `NOTEBOOK_PATH`. In such a setup, a malicious LLM prompt, if allowed to use file modification tools, could potentially alter or create files within the configured `NOTEBOOK_PATH`. This is a configuration-dependent risk rather than a code vulnerability, emphasizing the need for users to configure `NOTEBOOK_PATH` to a confined Obsidian vault.
Updated: 2025-11-20GitHub
26
11
High Cost
M-Pineapple icon

claude-command-runner

by M-Pineapple

Sec3

Facilitates AI-driven command execution and terminal automation by bridging Claude Desktop with local macOS terminals, primarily Warp, enabling intelligent output capture, command pipelines, real-time streaming, and reusable templates for developers.

Setup Requirements

  • ⚠️Requires macOS 13.0 or later and Swift 6.0+ (Xcode 16+).
  • ⚠️Full feature set (auto output capture, history, analytics, smart suggestions) is only available with Warp Terminal due to its programmatic SQLite database access.
  • ⚠️Requires manual configuration of macOS AppleScript Accessibility permissions, which can be a complex troubleshooting step.
  • ⚠️Requires manual configuration in Claude Desktop's MCP settings with the correct path to the executable and port.
Review RequiredView Analysis
The most significant security risk is the direct use of `eval "$COMMAND"` within the `createOutputCaptureScript`. This command executes arbitrary strings as shell commands, making it highly vulnerable to command injection if the `$COMMAND` variable, derived from user input, is not perfectly sanitized. While there are security configurations to block known dangerous commands and patterns, and to require confirmation for sensitive operations, these are blacklist-based and an attacker could potentially bypass them with novel injection techniques (e.g., using semicolons, backticks, or other shell metacharacters not covered by the single-quote escaping). Crucially, the user is only prompted to execute `bash /tmp/claude_script_UUID.sh` in the terminal, not the potentially malicious command string itself, removing the user's direct visibility over the actual command being evaluated. This significantly reduces the user's ability to act as the final arbiter of safety. Additionally, the reliance on AppleScript for keystroke automation can be fragile and requires specific macOS accessibility permissions, which is a common point of friction and potential permission escalation.
Updated: 2025-12-30GitHub
26
1
Medium Cost
yugp31 icon
Sec9

Provides a comprehensive guide and build script to set up and run various Model Context Protocol (MCP) servers using Docker, enabling AI assistants to securely interact with local tools, files, APIs, and databases.

Setup Requirements

  • ⚠️Requires Docker installed and running
  • ⚠️Requires Git for cloning repositories
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop)
  • ⚠️API keys are required for certain servers (e.g., Brave Search, Google Maps)
  • ⚠️Critical to use absolute paths for Docker mounts and configure environment variables correctly for API keys
Verified SafeView Analysis
The project emphasizes strong security practices by recommending Docker for isolation, explicit warnings against hardcoding API keys, promoting read-only mounts, setting resource limits, dropping unnecessary container capabilities (e.g., for puppeteer), and limiting filesystem access. The build script even includes a check to verify it's running in the official repository. The main security risk is if users fail to follow the detailed security best practices provided, such as not reviewing server source code or exposing servers to the internet.
Updated: 2025-11-20GitHub
26
17
Medium Cost
zed-extensions icon

mcp-server-puppeteer

by zed-extensions

Sec9

Provides web content context to the Zed editor by wrapping a Puppeteer-based Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires a functional Node.js/npm environment (managed by Zed) for the underlying server.
  • ⚠️The underlying Puppeteer server will likely require specific browser binaries (e.g., Chromium), typically handled by npm but can occasionally cause environment-specific issues.
Verified SafeView Analysis
The Rust wrapper code is straightforward and does not introduce obvious security vulnerabilities like 'eval' or hardcoded secrets. Its security posture is highly dependent on the '@modelcontextprotocol/server-puppeteer' Node.js package it executes, which is outside the scope of the provided Rust source for direct audit.
Updated: 2025-12-29GitHub
PreviousPage 238 of 713Next