Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

23
1
Medium Cost
mcpservershub icon

mcp-servers

by mcpservershub

Sec7

The Playwright MCP Server enables AI agents to automate web browser interactions using Playwright. It provides tools for navigation, element manipulation (click, type, hover), tab management, content extraction (snapshots, screenshots, console, network), file uploads, PDF generation, and Playwright test generation. It primarily uses structured accessibility data for robust and LLM-friendly web automation, with an optional visual mode.

Setup Requirements

  • ⚠️Requires Node.js 18 or newer.
  • ⚠️Requires Playwright browsers (Chromium, Firefox, WebKit) to be installed. This might require running `npx playwright install` manually or using the `browser_install` tool.
  • ⚠️Running multiple server instances without the `--isolated` flag can lead to resource conflicts if they attempt to share the same browser user data directory.
  • ⚠️Using 'extension' mode requires installing a specific Chrome extension and configuring a CDP relay server.
Verified SafeView Analysis
1. The `execute_script` tool allows arbitrary JavaScript execution within the browser's context. While an intended feature for browser automation, it's inherently high-privilege. 2. User-provided `outputDir` for generated files (screenshots, PDFs, traces) could be configured to sensitive filesystem locations. Although filenames are sanitized, writing arbitrary browser output to critical system directories poses a risk if the server runs with elevated privileges. 3. The `browser_install` tool executes `playwright install` via `child_process.fork`, requiring appropriate system permissions.
Updated: 2026-01-05GitHub
23
5
Medium Cost
aplaceforallmystuff icon

mcp-tailscale

by aplaceforallmystuff

Sec9

Provides a Model Context Protocol (MCP) server to interact with the Tailscale API for read-only network management tasks.

Setup Requirements

  • ⚠️Requires a Tailscale API Key, which must be generated from the Tailscale admin console.
  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires building the TypeScript project by running 'npm install' then 'npm run build'.
Verified SafeView Analysis
The server explicitly states it uses read-only API calls, which significantly reduces the attack surface for accidental or malicious configuration changes to the Tailscale network. It handles the 'TAILSCALE_API_KEY' via environment variables, a standard secure practice, and checks for its presence. There are no indications of 'eval', 'child_process' (beyond standard Node.js module loading), or direct shell command injection points. The use of 'fetch' for API calls is standard. Error handling for API responses is present.
Updated: 2025-12-27GitHub
23
41
Low Cost
trade-it-inc icon

trade-it-mcp

by trade-it-inc

Sec3

Enables natural-language interaction with stock, crypto, and options brokerages for trading, portfolio queries, and market insights.

Setup Requirements

  • ⚠️Requires a Trade It account (Pro plan with free trial available)
  • ⚠️Requires linking an existing brokerage account
  • ⚠️Authentication is performed via browser-based OAuth flow
Review RequiredView Analysis
Only metadata and configuration files (`README.md`, `server.json`, `glama.json`) were provided for analysis. The actual executable source code of the remote server is not available, making it impossible to perform a comprehensive security audit for patterns like 'eval', obfuscation, network risks, hardcoded secrets, or malicious logic within the server's implementation.
Updated: 2025-12-16GitHub
23
3
Medium Cost
AuraFriday icon

mcp-link-server

by AuraFriday

Sec3

Provides a local server for AI agents to securely execute powerful tools on the user's machine, enabling real-world capabilities like file operations, system commands, browser automation, and local LLM inference.

Setup Requirements

  • ⚠️Requires significant disk space (1.5GB base + optional 1.2GB for embeddings + optional 3GB+ for local LLMs).
  • ⚠️Local LLM inference (`llm` tool) can be resource-intensive, requiring substantial CPU/GPU memory, and may auto-install PyTorch/CUDA libraries, potentially restarting the server.
  • ⚠️Requires API keys for certain tools (e.g., OPENROUTER_API_KEY, GITHUB_PERSONAL_ACCESS_TOKEN) which may need interactive collection via UI.
  • ⚠️For developer installation, Python 3.9+ is expected, and full functionality requires over 100 complex Python dependencies (some with auto-installation logic).
Review RequiredView Analysis
CRITICAL: The `python` tool (server/tools/python.py) allows arbitrary Python code execution via `exec()`. The `terminal` tool (server/tools/system.py) enables arbitrary shell command execution via `subprocess.run()`. While the project emphasizes 'user-controlled tool access' and 'sandboxing via Docker', these direct code/command execution capabilities pose significant security risks if not properly managed, configured, or if an AI agent acts maliciously. Placeholder API keys ('put-your-real-key-here', 'ghp_your_PAT_goes_here') exist in configuration defaults but are intended to be replaced. The EULA explicitly warns of 'catastrophic failure' risks inherent with agentic AI.
Updated: 2026-01-02GitHub
23
2
Medium Cost
securechaindev icon

securechain-mcp-server

by securechaindev

Sec7

Provides tools for AI agents and LLMs to query the status and analyze the software supply chain for security vulnerabilities, exploits, and dependencies.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for deployment.
  • ⚠️Requires Python 3.14 or higher.
  • ⚠️Requires downloading large data dumps from Zenodo for database seeding.
  • ⚠️Relies on other Secure Chain backend services (Gateway, Auth, Depex, Vexgen) to be running.
  • ⚠️Requires a `securechain` Docker network to be created manually.
Verified SafeView Analysis
The server uses FastAPI and async Python with Aiohttp for network requests. Authentication for internal session management relies on an 'X-API-Key' header. Hardcoded default credentials for Neo4j and MongoDB (e.g., 'neo4j'/'neoSecureChain') are present in `settings.py`, which is a common pattern for defaults but should be changed in production via environment variables. The README instructs users to configure GitHub API keys and JWT secrets, which are likely consumed by other Secure Chain backend services rather than directly by this MCP server, but are crucial for the overall system's security. There are no obvious `eval`/`exec` or obfuscation patterns in the provided source.
Updated: 2026-01-03GitHub
23
6
High Cost
qtsone icon

workflows-mcp

by qtsone

Sec6

Automate, orchestrate, and manage development workflows (like CI/CD, TDD phases, GitHub issues, file operations) using AI assistants via YAML definitions. It acts as a backend server for AI assistants to execute complex, multi-step automation tasks.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires an MCP-compatible AI assistant (e.g., Claude Desktop/Code) for full integration and execution.
  • ⚠️LLMCall and ImageGen blocks require explicit LLM profile/provider configuration (e.g., API keys, models) which may incur costs.
  • ⚠️New or modified workflow YAML files require restarting the MCP server to be loaded and become available.
  • ⚠️Some `git` workflows (e.g., `github-create-issue`) depend on the GitHub CLI (`gh`) being installed and authenticated on the host system.
Verified SafeView Analysis
The server's core functionality involves executing arbitrary shell commands (`Shell` block type) and interacting with external APIs/filesystems as defined in YAML workflows. While this is its intended purpose for automation, it inherently carries security risks if malicious workflows are executed. The project implements several important mitigations: automatic secret redaction from outputs, audit logging for secret access, and robust variable resolution rules (`ForbiddenNamespaceRule`, `SecretRedactionRule`) to prevent unauthorized access to system resources or secrets from Jinja2 templates. However, one of the first-party templates (`github-create-issue.yaml`) utilizes `eval` within a `Shell` block for dynamic command construction. Although variables are constructed carefully, the use of `eval` in a shell context is generally a high-risk operation and can be a vector for shell injection if inputs are not perfectly sanitized. The `ShellExecutor` itself uses `shlex.split` for command execution (safer than `shell=True`), but the ultimate impact depends on the content of the `command` string after all template rendering.
Updated: 2025-12-28GitHub
23
2
Low Cost
hubertusgbecker icon

chatsuite

by hubertusgbecker

Sec7

A unified hub for managing and orchestrating multiple Model Context Protocol (MCP) servers, integrating with AI chat platforms like LibreChat for dynamic tool discovery and communication with services like MCP Email.

Setup Requirements

  • ⚠️Requires manual creation of `config/mcphub/mcp_settings.json` from its example template before first use.
  • ⚠️Full integration tests for some services (e.g., NocoDB, n8n) require manually generating API keys/auth tokens via their respective UIs.
  • ⚠️HTTPS setup for the Nginx proxy is recommended and requires `mkcert` or similar tools to generate self-signed certificates for `localhost-key.pem` and `localhost-crt.pem`.
Verified SafeView Analysis
The n8n service, part of the broader ChatSuite platform which MCPHub integrates with, is configured to run as root. While its entrypoint script attempts to drop privileges using `su-exec` or `gosu`, it will fall back to executing as root if these tools are unavailable, which is a security concern. The MCPHub documentation mentions a risk associated with Docker socket access, though it is not explicitly configured in the provided `docker-compose.yaml` for the MCPHub service. Default credentials are used in development environments for various services and must be changed for production deployments. A clear `SECURITY.md` is provided for responsible vulnerability reporting.
Updated: 2026-01-03GitHub
23
6
Low Cost
merlinrabens icon

image-gen-mcp-server

by merlinrabens

Sec10

This repository functions as a landing page and documentation for an AI image generation plugin that unifies multiple AI image providers through a single interface for Claude Code users.

Setup Requirements

  • ⚠️This repository does not contain the actual plugin or server code; it is solely a landing page and documentation.
  • ⚠️The described plugin requires the Claude Code environment for installation and usage.
  • ⚠️Using the plugin requires API keys for external AI image generation providers (e.g., OpenAI, BFL, Stability AI), which may incur costs from those providers.
Verified SafeView Analysis
The provided source code consists solely of documentation (README.md and social media content). There is no executable server or plugin code present in this repository to analyze for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns. Therefore, based on the provided files, there are no inherent security risks. Any security concerns related to API key handling or plugin execution would pertain to the actual plugin code, which is hosted in a different repository.
Updated: 2025-12-29GitHub
23
22
Low Cost
shinzo-labs icon

shinzo

by shinzo-labs

Sec4

Shinzo is an open-source observability platform for monitoring and analyzing the performance, usage, and telemetry data of AI agents and Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires an external PostgreSQL 15+ database instance, not designed for Dockerized database deployment.
  • ⚠️The recommended PostgreSQL setup in `db/README.md` uses dangerously insecure defaults (`0.0.0.0/0 md5`, `listen_addresses = '*'`) that should NOT be used in production.
  • ⚠️Critical environment variables `JWT_SECRET` and `ENCRYPTION_KEY` MUST be changed from their default/fallback values in production.
  • ⚠️Local development requires Node.js 18+ and pnpm.
Review RequiredView Analysis
The database setup instructions in `db/README.md` are critically insecure for any production environment, recommending exposing PostgreSQL publicly (`0.0.0.0/0`) with MD5 passwords. The application's Fastify server enables Cross-Origin Resource Sharing (`CORS`) with `origin: true`, allowing requests from any origin, which is overly permissive for most production setups. Developers explicitly flag default `JWT_SECRET` and `ENCRYPTION_KEY` values in `backend/src/config.ts` and `backend/src/utils.ts` as insecure for production. While the codebase uses parameterized SQL queries to prevent injection, the reliance on a single, environment-provided `ENCRYPTION_KEY` means compromise of the server's environment would expose all stored provider keys. JWTs are used for user sessions, which are valid for 24 hours without an explicit server-side invalidation mechanism.
Updated: 2025-12-19GitHub
23
4
Low Cost
CrowdHailer icon

aide

by CrowdHailer

Sec9

This server acts as an implementation for the Model Context Protocol (MCP), providing AI models with access to defined tools, specifically demonstrated through basic mathematical operations.

Setup Requirements

  • ⚠️Requires the Gleam programming language and toolchain to be installed.
  • ⚠️May require explicitly running `gleam run dev` to generate MCP definitions if not automatically handled by the main `gleam run` command.
Verified SafeView Analysis
The server uses standard Gleam libraries and the Wisp web framework for handling HTTP and JSON-RPC requests. Input decoding relies on `gleam/dynamic/decode` and `aide`'s internal decoders, which appear to be robust against common injection attacks. The `call_tool` implementations are simple, direct function calls (e.g., `math.add`, `math.random`), and do not involve dynamic code execution from user input. No hardcoded secrets were identified in the provided snippets. A minor risk of information disclosure exists if raw `string.inspect` error messages are returned directly to external users, though this is not a critical code execution vulnerability.
Updated: 2025-12-31GitHub
23
12
Medium Cost
JavierusTk icon

DelphiMCP

by JavierusTk

Sec7

Enables AI-driven automation and control of Delphi VCL applications via the Model Context Protocol (MCP) and named pipes.

Setup Requirements

  • ⚠️Requires Delphi 12+ (RAD Studio 12 Athens) to compile.
  • ⚠️Windows-only due to reliance on Windows-specific named pipes.
  • ⚠️Requires the 'Delphi-MCP-Server' framework (a separate GitHub repository) to be cloned and configured locally.
  • ⚠️If running Claude Code in WSL, the 'mcp_servers.json' configuration must use the actual WSL IP address for the server URL, not 'localhost'.
Verified SafeView Analysis
The server can optionally bind to all network interfaces (`Host=0.0.0.0`) instead of `localhost`, which creates a network attack surface if not properly firewalled. The debug capture system (a feature) can expose sensitive application data if not carefully filtered in production environments. It assumes a trusted local environment and lacks built-in authentication for tool calls. Named pipe communication is local-only and inherently more secure.
Updated: 2025-12-23GitHub
23
6
Low Cost
marlonluo2018 icon

outlook-mcp-server

by marlonluo2018

Sec8

AI-powered local email management for Microsoft Outlook, enabling search, composition, organization, and batch forwarding of emails using natural language commands.

Setup Requirements

  • ⚠️Requires Microsoft Outlook 2016+ (must be running)
  • ⚠️Requires Windows 10+ (due to Win32COM dependency)
  • ⚠️Requires Python 3.8+ for execution
  • ⚠️Requires an MCP-compatible AI client (e.g., Claude Desktop) to connect to the server
Verified SafeView Analysis
The project primarily uses the Win32COM interface, ensuring all email operations happen locally on the user's Windows machine, which enhances privacy as no data leaves the computer. Input sanitization for Outlook's DASL-like search criteria (e.g., `search_term.replace("'", "''")`) is implemented to mitigate potential injection risks for email filters. There are no obvious signs of 'eval' or 'exec' on untrusted input. The server uses FastMCP, which typically implies local inter-process communication with an AI client. While `outlook_graph_api.py` and `graph_api_auth_local.py` exist, they represent an alternative cloud-based approach not central to this particular repository's core Win32COM focus. The `client_id` in `graph_api_auth_local.py` is a public application ID for demonstration and not a secret. Overall, for a local desktop application, it appears reasonably secure against common external threats.
Updated: 2025-12-31GitHub
PreviousPage 243 of 713Next