Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

21
6
Medium Cost
pjueon icon

promptboard

by pjueon

Sec8

Provides a shared visual whiteboard for AI agents to paste screenshots, annotate, and share visual context via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js and npm installed to use the `npx` command or for manual setup.
  • ⚠️MCP integration requires specific JSON configuration to be added to your AI client's settings (e.g., Claude Desktop, Gemini CLI).
  • ⚠️The `postinstall` script attempts to download platform-specific Electron binaries from GitHub Releases, which may fail due to network issues or restricted access to GitHub, affecting the standalone GUI launch but not the MCP server functionality.
Verified SafeView Analysis
The application is an Electron-based GUI that runs a Node.js environment. While `contextIsolation` is enabled in the renderer process, `sandbox` is set to `false`. This means that if malicious code were to execute in the renderer, it would have more elevated privileges than in a sandboxed environment, although `contextIsolation` still prevents direct Node.js API access from the renderer's main context. The MCP bridge spawns the Electron GUI (`child_process.spawn`) with `stdio: 'ignore'` and `detached: true`, and communicates via local WebSockets (`ws://localhost`). The executable paths for the GUI are derived programmatically based on the operating system and installation method (npm binaries vs. local build), adding a layer of control. The `executeJavaScript` call in the Electron main process to capture canvas content from the renderer uses a fixed, internal script and does not directly incorporate external user input, mitigating common injection risks. No hardcoded secrets or obvious malicious patterns were found. The use of `localhost` for WebSocket communication significantly limits network exposure to external threats.
Updated: 2025-12-23GitHub
21
4
Low Cost
gamzesirin icon

MCP-News-Server

by gamzesirin

Sec3

An MCP-based server for aggregating, summarizing, and analyzing news from various Turkish news sources.

Setup Requirements

  • ⚠️Requires Node.js runtime environment to be installed.
  • ⚠️Needs a `.env` file configured with RSS feed URLs, cache settings, and server name/version.
  • ⚠️Primarily designed for integration with a local AI agent client (like Claude Desktop) via the Model Context Protocol.
Review RequiredView Analysis
Critical Server-Side Request Forgery (SSRF) vulnerability in the `tam_icerik_al` MCP tool. If the server is exposed to untrusted MCP clients, it allows fetching arbitrary URLs, potentially leading to internal network reconnaissance or access to sensitive resources. The web server also uses `app.use(cors())`, enabling cross-origin requests from any domain, which reduces browser-enforced security measures. There is a lack of explicit input validation on URLs passed to web scraping functions.
Updated: 2025-12-26GitHub
21
4
Low Cost
zed-extensions icon

mcp-server-axiom

by zed-extensions

Sec8

Integrates Axiom's context server with the Zed editor to provide model context, typically for AI-powered development features.

Setup Requirements

  • ⚠️Requires an Axiom API Token
  • ⚠️Manual creation of `config.txt` file with API token
Verified SafeView Analysis
The extension downloads and executes a binary from `axiomhq/mcp-server-axiom` GitHub releases. This method is common for extensions integrating external tools and is generally safe, assuming the source repository is trusted. No `eval`, obfuscation, or hardcoded secrets were found in the provided Rust code. The server configuration, including the Axiom API token, is loaded from a user-specified `config.txt` file path, which is passed as an argument to the downloaded binary.
Updated: 2025-12-29GitHub
21
3
Low Cost
marc-shade icon

fraud-detection-mcp

by marc-shade

Sec10

Provides advanced fraud detection and anomaly analysis for financial transactions, leveraging machine learning, behavioral biometrics, and graph neural networks for financial security.

Setup Requirements

  • ⚠️Requires Redis to be running for full security features (rate limiting), otherwise, it degrades gracefully.
  • ⚠️Requires an initial training run (`python training_pipeline.py`) to load models; otherwise, it operates in a limited 'demo mode'.
  • ⚠️The AuthManager uses in-memory storage by default for users and API keys; persistent storage (e.g., PostgreSQL) would require additional integration for a production setup.
Verified SafeView Analysis
A comprehensive, production-grade security layer is implemented and well-documented (security.py, SECURITY_AUDIT.md, SECURITY_IMPLEMENTATION_SUMMARY.md). It adheres to OWASP best practices, including JWT and API key authentication, Role-Based Access Control (RBAC), Redis-backed rate limiting, OWASP-compliant password validation (bcrypt with 12 rounds), and robust input sanitization against common injection attacks (SQL, XSS, null bytes). Security headers (HSTS, CSP, X-Frame-Options) are configured. Account lockout, token revocation, and dependency pinning are also in place. The system shows no signs of 'eval', obfuscation, or malicious patterns. Minor recommendations for future enhancements (e.g., MFA) are noted in the audit, but do not indicate critical vulnerabilities.
Updated: 2025-12-29GitHub
21
13
Medium Cost
yandex-cloud icon

mcp

by yandex-cloud

Sec9

Enabling AI applications to manage Yandex Cloud infrastructure, access documentation, perform web searches, and query data catalogs through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires manual retrieval and periodic recreation of Yandex Cloud IAM tokens, as they have a maximum lifespan of 12 hours.
  • ⚠️Requires the Yandex Cloud CLI installed to obtain IAM tokens for authorization.
  • ⚠️Certain services, like the Yandex Search MCP Server, require a Yandex Cloud Folder ID for scoping operations.
  • ⚠️If using the 'stdio' configuration, 'npx' must be installed to run the 'mcp-remote' client.
Verified SafeView Analysis
The server configurations utilize standard Yandex Cloud IAM tokens for authorization, with explicit notes on their 12-hour lifespan and the need for manual renewal, which is a standard security practice for short-lived credentials. No hardcoded secrets, obfuscation, or malicious patterns were observed in the provided documentation. Network access points to official Yandex Cloud domains. The overall approach to security, based on the documentation, appears sound for cloud service integration.
Updated: 2025-12-16GitHub
21
3
Medium Cost
tfscharff icon

doi-mcp

by tfscharff

Sec9

Prevents AI citation hallucination by verifying academic citations against multiple authoritative databases.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0
  • ⚠️Requires @modelcontextprotocol/sdk and Smithery CLI for local development/deployment
Verified SafeView Analysis
The code does not use 'eval' or similar dangerous patterns. There are no hardcoded secrets or API keys. Network calls are outbound to well-known academic APIs, and query parameters are URL-encoded, mitigating common injection risks. The server acts as a client to public APIs and does not expose direct inbound interfaces beyond the MCP server framework, which is presumed secure. Overall, it appears safe to run.
Updated: 2025-12-29GitHub
21
1
Medium Cost
rainmana icon

tinybrain

by rainmana

Sec9

Security-focused LLM memory storage for intelligence gathering, reverse engineering, and MITRE ATT&CK integration.

Setup Requirements

  • ⚠️Requires a Go (1.21+) environment or Docker for setup.
  • ⚠️Full AI-enhanced semantic search and embedding generation features are placeholders and require future integration with external AI models.
  • ⚠️Designed to be integrated with a Model Context Protocol (MCP) client, such as Claude Desktop.
Verified SafeView Analysis
The server operates over standard input/output (stdio) by default, significantly reducing its direct network attack surface. SQL queries are consistently parameterized, mitigating SQL injection risks. There is no evidence of 'eval' or similar dangerous dynamic code execution. The templating in `CreateMemoryFromTemplate` and security pattern data handling is performed safely by string replacement before database storage, but relies on downstream LLM clients not executing unsanitized memory content. No hardcoded secrets were found; sensitive paths are configurable via environment variables.
Updated: 2026-01-03GitHub
21
7
High Cost
X-iZhang icon

CCD

by X-iZhang

Sec8

Mitigates medical hallucinations in radiology Multimodal Large Language Models (MLLMs) by integrating structured clinical signals from task-specific radiology expert models during inference.

Setup Requirements

  • ⚠️Requires a CUDA-compatible GPU for practical performance (CPU is supported but very slow).
  • ⚠️MedSigLip and Device expert models require authorization to access from Hugging Face, necessitating local deployment and authentication.
  • ⚠️The project depends on a specific version of the 'libra' library installed directly from a GitHub repository ('libra @ git+https://github.com/X-iZhang/Libra.git@v1.0.3').
Verified SafeView Analysis
The project uses standard, well-regarded libraries (HuggingFace Transformers, TorchXRayVision) for ML model loading and inference. No direct 'eval' on user input or hardcoded secrets were identified. The Gradio demo is launched with `share=True`, which creates a public URL for access; users should be aware that outputs on a shared link are publicly accessible and usage is for research/demonstration only, as stated in the explicit terms of use.
Updated: 2025-12-25GitHub
21
3
High Cost
holocode-ai icon

gemini-mcp

by holocode-ai

Sec9

The server provides a Model Context Protocol (MCP) interface to Google Gemini AI services, enabling multimodal generation including image creation, image editing, and video production.

Setup Requirements

  • ⚠️Requires a Google API Key with Gemini API access (paid service).
  • ⚠️Requires Go 1.23+ for building from source.
  • ⚠️For HTTP mode to use image/video tools with local files, the `upload_media` CLI tool must be separately installed and S3/MinIO storage must be configured via environment variables. This adds complexity to local file handling.
  • ⚠️If running in HTTP mode without `SERVICE_TOKENS` configured, the server will be publicly accessible without authentication.
Verified SafeView Analysis
The server demonstrates good security practices by using environment variables for sensitive API keys and S3 credentials. HTTP mode includes configurable Bearer token authentication, with explicit warnings logged if authentication is disabled. The file upload mechanism for local files ('upload_media' CLI via HTTP) uses secure, one-time use tokens generated with `crypto/rand`, which prevents replay attacks. Input path resolution for image/video tools correctly handles S3 object keys by downloading to temporary files (with cleanup) or verifies absolute local paths, mitigating direct path traversal vulnerabilities. No use of `eval` or similar dangerous dynamic code execution patterns was found.
Updated: 2025-12-29GitHub
21
33
Medium Cost
AtomGraph icon

Web-Algebra

by AtomGraph

Sec5

Translates natural language instructions into JSON-formatted domain-specific language operations for loading, querying, and writing RDF Linked Data, consumable by AI agents.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service) for natural language processing functions (e.g., SPARQLString).
  • ⚠️Requires a running LinkedDataHub v5 instance for `ldh-` prefixed operations.
  • ⚠️Optional client certificates (`CERT_PEM_PATH`, `CERT_PASSWORD`) for LinkedDataHub authentication.
Review RequiredView Analysis
The `web_algebra.operations.sparql.substitute.py` file explicitly notes a potential insecurity: 'Note: not a safe replacement atm, can lead to invalid SPARQL queries!'. This suggests a risk of SPARQL injection if user input is not carefully controlled, potentially leading to unauthorized data access or modification. Additionally, the `LinkedDataClient` and `SPARQLClient` allow `verify_ssl=False` (though configurable), which can expose the client to man-in-the-middle attacks if used in production without proper justification. No obvious hardcoded secrets were found as API keys and certificates are loaded from environment variables.
Updated: 2025-12-16GitHub
21
2
Medium Cost
ry-ops icon
Sec9

Manages Proxmox Virtual Environment infrastructure (VMs, containers, storage, nodes, cluster) through a Model Context Protocol (MCP) server, enabling AI-driven automation and monitoring.

Setup Requirements

  • ⚠️Requires Python 3.10+ and the `uv` package manager for dependency management and execution.
  • ⚠️Proxmox authentication requires a specific user format (e.g., `root@pam` or `user@pve`) and, if using API tokens, requires unchecking 'Privilege Separation' during token creation.
  • ⚠️The Claude Desktop configuration must use the absolute path to the `proxmox-mcp-server` directory for the `uv` command.
Verified SafeView Analysis
The server uses environment variables for all credentials, preventing hardcoding secrets. It supports API tokens (recommended) or password authentication. While `PROXMOX_VERIFY_SSL` defaults to `false`, the documentation thoroughly highlights the security implications and strongly advises enabling it for production. No 'eval' or other obfuscation/malicious patterns were found. The project emphasizes security best practices like least privilege, token rotation, and network security for the underlying Proxmox API access.
Updated: 2026-01-01GitHub
21
2
High Cost
waldur icon
Sec2

Integrates Waldur instances with Claude Desktop via Model Context Protocol for API access and management.

Setup Requirements

  • ⚠️Requires Python 3.13 or higher.
  • ⚠️Requires 'uv' package manager.
  • ⚠️Requires a valid Waldur API URL and a token with appropriate permissions configured as environment variables.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json`.
Review RequiredView Analysis
The 'query' tool allows arbitrary SQL queries to be executed against the Waldur API. Although it is described as 'read-only', directly exposing an SQL interface to an LLM without robust sanitization on the Waldur API side presents a critical SQL injection vulnerability and a high risk of unintended data exfiltration or manipulation. The 'schema_aware_query' prompt also provides a detailed database schema (meta.yaml) to the LLM, which further enables it to construct complex (and potentially malicious) SQL queries. Additionally, the 'create_invitation' tool performs a highly sensitive administrative action (inviting users and assigning roles) which, if misused or exploited via an LLM, could lead to unauthorized access or user management issues. There are no hardcoded secrets, as API credentials are expected from environment variables.
Updated: 2025-12-31GitHub
PreviousPage 246 of 713Next