Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

24
1
Medium Cost
yujeongJeon icon

caniuse-mcp

by yujeongJeon

Sec7

A Model Context Protocol (MCP) server providing browser compatibility data and web API support information using multiple data sources like caniuse.com, MDN BCD, and Web Features.

Setup Requirements

  • ⚠️Requires Node.js 20+ and pnpm@10.6.5 for local development/installation.
  • ⚠️Full functionality, especially 'Smart Feature Sampling', depends on the MCP client (e.g., Copilot) supporting sampling features and potentially requiring an active LLM session or API key on the client side.
Verified SafeView Analysis
External API calls directly embed user input (feature name, browserslist query) into URLs without explicit sanitization, posing a potential injection risk to the remote services. Local file access for configuration (browserslistrc, package.json) uses standard path resolution functions, but without explicit input validation or sanitization of `configPath` or `projectPath` parameters, there's a theoretical path traversal risk if these inputs are untrusted. The `session.requestSampling` mechanism sends a constructed prompt to the client's LLM, which could be a prompt injection vector for the client-side model, though the server filters the response for valid feature IDs.
Updated: 2025-11-19GitHub
24
15
Low Cost
birdseyevue icon

daisyui-mcp

by birdseyevue

Sec3

Provides DaisyUI component documentation to AI assistants via the Model Context Protocol (MCP) to help in generating UI code.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Requires running `python update_components.py` once for initial setup
  • ⚠️Requires `fastmcp` Python package
Review RequiredView Analysis
The `get_component` tool is vulnerable to path traversal. An AI assistant could request component names containing `../` (e.g., `get_component("../../mcp_server")`) to read arbitrary files outside the intended `components` directory but within the project's parent directories. This leads to an information disclosure vulnerability.
Updated: 2025-12-16GitHub
24
1
Medium Cost
hivemq icon
Sec9

Provides a Model Context Protocol (MCP) server for integrating with Businessmap (formerly Kanbanize) to read card details and add comments.

Setup Requirements

  • ⚠️Requires Go 1.25 or later to build and run.
  • ⚠️Requires an active Kanbanize/Businessmap account with API access.
  • ⚠️Requires configuration of KANBANIZE_API_KEY and KANBANIZE_BASE_URL environment variables (or via .env file).
Verified SafeView Analysis
The server securely handles API keys via environment variables and uses standard Go HTTP client practices, implicitly relying on HTTPS for API communications. Input validation for card IDs/URLs helps prevent basic injection attempts, with the regex for URL parsing appearing simple and efficient. Robust rate limit handling with exponential backoff and jitter is implemented. No 'eval' or other dynamic code execution patterns were found in the provided source code, and it adheres to a clear project structure.
Updated: 2025-11-19GitHub
24
1
Medium Cost
jaohbib icon

MCP-for-VuFind

by jaohbib

Sec8

This server integrates VuFind's Swagger API and DAIA into an LLM client like Claude for literature and article search.

Setup Requirements

  • ⚠️Requires manual configuration of API endpoints in 'config.ini'.
  • ⚠️External APIs (VuFind, DAIA) must be accessible from the machine running the server.
  • ⚠️Requires a client like Claude Desktop configured for MCP servers.
Verified SafeView Analysis
The server runs locally (127.0.0.1:8000) and acts as a proxy to external VuFind and DAIA APIs. It configures API endpoints via a local 'config.ini' file, which means the security relies on the integrity of this configuration. There are no direct uses of `eval` or `exec`. Input parameters like `lookfor` and `ppn` are passed to external APIs via `requests.get()` where they are URL-encoded, reducing direct injection risk within this server. The primary risk would stem from untrusted `config.ini` content or vulnerabilities in the external VuFind/DAIA APIs themselves.
Updated: 2025-11-19GitHub
24
1
Low Cost
rvmey icon
Sec9

Enables AI-driven control of TRIGGERcmd commands on remote computers via a Model Context Protocol (MCP) stdio server.

Setup Requirements

  • ⚠️Requires a valid TRIGGERcmd API token for authentication, either as an environment variable (TRIGGERCMD_TOKEN) or a mounted token file.
  • ⚠️Requires Docker to run the containerized version or a Go runtime/pre-compiled binary for direct execution.
  • ⚠️The server requires outbound internet access to https://triggercmd.com to fetch commands and send run requests (contrary to the 'network_mode: none' in docker-compose.yml, which would prevent this).
Verified SafeView Analysis
The server retrieves the TRIGGERcmd token from environment variables or a file, avoiding hardcoded secrets. It employs robust Docker security practices like running as a non-root user, using a read-only filesystem, preventing privilege escalation, and utilizing a minimal Alpine Linux base image. The core Go application does not use eval or similar dangerous functions. A minor discrepancy exists where `docker-compose.yml` includes `network_mode: none` and `tty: true`, which would prevent API calls and interfere with stdio respectively, making the container dysfunctional for its intended purpose; however, the `docker run` examples for MCP clients correctly omit these potentially problematic settings, and generally, network access to triggercmd.com is required for functionality.
Updated: 2025-11-19GitHub
24
1
Medium Cost
alperenkocyigit icon

AuthorProfileMCP

by alperenkocyigit

Sec1

Analyzes academic author networks and research collaborations to find co-authors and research keywords.

Setup Requirements

  • ⚠️Google Scholar scraping may be unreliable due to anti-bot measures and IP blocking.
  • ⚠️Free tier API limits apply for external data sources (Semantic Scholar, OpenAlex, Crossref).
Review RequiredView Analysis
CRITICAL VULNERABILITY: The code explicitly disables SSL certificate verification (`ssl_context.check_hostname = False` and `ssl_context.verify_mode = ssl.CERT_NONE`) for all HTTPS connections made via `aiohttp.ClientSession`. This renders the client vulnerable to Man-in-the-Middle (MITM) attacks, allowing an attacker to intercept or alter communication with external APIs (Semantic Scholar, OpenAlex, Crossref) and Google Scholar during web scraping. This is a severe security flaw. Additionally, Google Scholar web scraping carries inherent risks of IP blocking and potential terms of service violations, though delays are included.
Updated: 2025-11-19GitHub
24
3
Medium Cost
tarfu icon

tanuki-mcp

by tarfu

Sec9

A high-performance GitLab Model Context Protocol (MCP) server for AI agents to interact with GitLab resources, with fine-grained access control.

Setup Requirements

  • ⚠️Requires a GitLab Personal Access Token (PAT) with appropriate scopes (e.g., `read_api` for read operations, `api` for full functionality).
  • ⚠️Requires access to a GitLab instance (e.g., `https://gitlab.com` or a self-hosted one).
  • ⚠️Building from source requires Rust 1.83+.
Verified SafeView Analysis
The server features robust, hierarchical access control to limit what AI agents can do on GitLab, including regex-based allow/deny lists. It uses a `SecretString` type to prevent accidental logging of sensitive tokens. Network services (HTTP, Dashboard) bind to `127.0.0.1` by default, reducing external exposure. Auto-update from GitHub releases introduces a dependency chain risk, common for such features. Proper configuration of access control rules by the user is critical to prevent unintended data exposure or actions, as powerful tools like `create_or_update_file` and `delete_project` are available.
Updated: 2025-12-31GitHub
23
5
High Cost
igamenovoer icon

blender-remote

by igamenovoer

Sec2

Enables complex Blender automation through LLM-assisted Python development, bridging AI-generated scripts with external Python tools.

Setup Requirements

  • ⚠️Requires Blender 4.4.3+ with the BLD_Remote_MCP addon installed and enabled.
  • ⚠️Port 6688 (default) must be available for the Blender addon's TCP server.
  • ⚠️Requires `uv` to be installed for `uvx` command execution.
Review RequiredView Analysis
The server is explicitly designed for remote code execution (RCE) by executing arbitrary Python code via `exec()` within the Blender environment. This grants full privileges of the Blender process on the host machine, without any sandboxing for `bpy` or standard Python modules like `os` or `subprocess`. While the MCP server defaults to binding to `localhost`, it can be configured to listen on external network interfaces. This makes it highly dangerous if exposed to untrusted networks or clients, as an attacker could execute arbitrary code on the machine running Blender. It is critical to use this server only in isolated, trusted environments with verified inputs.
Updated: 2025-12-31GitHub
23
1
High Cost
emerzon icon

mt-data-mcp

by emerzon

Sec3

A MetaTrader5 (MT5) Market Data Provider offering advanced financial analysis capabilities including price forecasting, volatility estimation, pattern detection, technical indicators, and algorithmic trading decision support.

Setup Requirements

  • ⚠️Requires local installation and connection to MetaTrader5 (MT5) terminal.
  • ⚠️Requires MT5 account credentials (login, password, server) to be configured as environment variables (MT5_LOGIN, MT5_PASSWORD, MT5_SERVER).
  • ⚠️Demands a wide array of Python scientific and machine learning libraries, some with potentially complex native dependencies (e.g., PyTorch for neural models, `arch` for GARCH).
  • ⚠️Some advanced forecasting models (Chronos, TimesFM, Lag-Llama) may require downloading large model files from Hugging Face Hub.
Review RequiredView Analysis
The system utilizes dynamic module loading for forecasting methods (e.g., `GenericSktimeMethod`, `GenericMLForecastMethod`) where a user-provided string specifies the Python class path. If a publicly exposed server allows arbitrary input to these parameters, it creates a severe remote code execution vulnerability, allowing untrusted users to import and execute arbitrary Python code. Additionally, `huggingface_hub_download` in `pretrained.py` can download external models, posing a supply chain risk if models are malicious or compromised. Trading operations (`trading_place`, `trading_modify`, `trading_close`) are inherently high-risk, managing real funds; while implemented using the official MT5 API, their misuse or exploitation requires robust MT5 account-level security and explicit user consent. No direct use of `eval` or `os.system` was found, and MT5 credentials are loaded from environment variables, which is good practice.
Updated: 2026-01-05GitHub
23
2
Low Cost
paolodalprato icon

ollama-mcp-server

by paolodalprato

Sec8

Provides a self-contained Model Context Protocol (MCP) server for local Ollama management, enabling features like listing models, chatting, server control, and intelligent model recommendations.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Requires Ollama to be installed and accessible in the system's PATH.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) to interact with the server.
Verified SafeView Analysis
The server uses `subprocess.run` and `subprocess.Popen` to interact with the local `ollama` command-line tool and other system utilities (`nvidia-smi`, `rocm-smi`, `lspci`, `sysctl`). While the command arguments appear to be well-controlled and do not directly expose arbitrary command injection from raw user input, executing external binaries always carries an inherent risk. The primary security consideration is the integrity and security of the locally installed `ollama` executable and other system tools.
Updated: 2026-01-02GitHub
23
3
High Cost
fernforestgames icon

mcp-server-godot

by fernforestgames

Sec4

Provides AI assistants with tools to programmatically interact with Godot game engine projects.

Setup Requirements

  • ⚠️Requires Node.js 22+.
  • ⚠️Godot engine must be installed and accessible on the host system.
  • ⚠️The `GODOT_PATH` environment variable must be configured to point to the Godot executable.
  • ⚠️Many advanced interaction tools (e.g., `capture_screenshot`, `get_scene_tree`, `set_property`, `send_input_*`) require the 'MCP Bridge' addon to be installed within the Godot project itself, which is a manual setup step.
Review RequiredView Analysis
The server executes external Godot binaries and performs file system operations (read, write, list files) based on configured paths and parameters provided by the AI client. Specifically, the `run_project` tool allows specifying an optional `projectPath` and `args` which are directly passed to `child_process.spawn`. If an untrusted AI agent provides malicious paths or arguments, this could lead to arbitrary code execution or unauthorized file access on the host system. Similarly, file resource handlers and `search_scenes` operate within the configured `projectPath` or client-provided paths. The `execSync` call for Godot version detection also executes an external binary (`godotPath`), which is a risk if `godotPath` is misconfigured. Due to these capabilities, the server should be run in a secure, sandboxed environment with strict input validation for AI agents.
Updated: 2026-01-01GitHub
23
1
Medium Cost
tamago-labs icon

kaia-mcp

by tamago-labs

Sec9

Enables AI agents to interact directly with DeFi protocols like lending (KiloLend) and decentralized exchange (DragonSwap V3) on the KAIA blockchain.

Setup Requirements

  • ⚠️The `KAIA_RPC_URL` environment variable is strictly required for the server to function.
  • ⚠️For 'transaction' mode features (e.g., sending tokens, supplying, swapping), the `KAIA_PRIVATE_KEY` environment variable must be provided and securely managed.
  • ⚠️Linux users utilizing NVM may need to configure absolute paths for the `npx` command in their Claude Desktop settings due to how NVM installs global packages.
Verified SafeView Analysis
The server demonstrates high security awareness through its agent modes (read-only vs. transaction) and explicit handling of sensitive data. `KAIA_PRIVATE_KEY` is expected as an environment variable, which is good practice. Transaction-heavy operations explicitly check `isTransactionMode()`. Input validation (`zod`, `validateTransactionParams`) is used to sanitize inputs. The server communicates via standard I/O (`StdioServerTransport`), which limits direct network exposure compared to a traditional HTTP server. Reliance on external price APIs and a KILO points API introduces standard third-party risks, but the code handles API errors. No `eval` or obfuscation detected. Overall, well-architected for security within its domain.
Updated: 2026-01-05GitHub
PreviousPage 242 of 713Next