Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

21
12
Medium Cost
poddubnyoleg icon

lightdash_mcp

by poddubnyoleg

Sec9

An MCP server that enables LLMs to programmatically interact with Lightdash for data discovery, chart creation, and dashboard management.

Setup Requirements

  • ⚠️Requires an existing Lightdash instance (Cloud or self-hosted) to connect to.
  • ⚠️Requires a Lightdash Personal Access Token, which must be generated from within the Lightdash UI.
  • ⚠️Python 3.8+ is a prerequisite for running the server.
Verified SafeView Analysis
The server uses environment variables for sensitive information like Lightdash API tokens and Cloudflare Access credentials, which is good practice. No 'eval' or similar dynamic code execution functions are present in the provided source. Network requests use standard HTTP client practices with error handling. The overall security relies heavily on the secure handling of the `LIGHTDASH_TOKEN` and the inherent security of the Lightdash API itself.
Updated: 2025-12-17GitHub
21
2
Low Cost
Teradata icon
Sec9

The Teradata QueryGrid MCP Server provides a Model Context Protocol (MCP) interface, built with FastMCP, to programmatically interact with and manage Teradata QueryGrid Manager resources. It enables AI assistants and other MCP clients to perform comprehensive CRUD and operational tasks on QueryGrid resources.

Setup Requirements

  • ⚠️Requires Python 3.13+ with modern type annotations.
  • ⚠️Mandatory environment variables (`QG_MANAGER_HOST`, `QG_MANAGER_PORT`, `QG_MANAGER_USERNAME`, `QG_MANAGER_PASSWORD`) must be configured to connect to QueryGrid Manager.
  • ⚠️SSL verification can be explicitly disabled via `QG_MANAGER_VERIFY_SSL=false`, which may expose the connection to Man-in-the-Middle attacks if not intentionally configured for specific test/dev environments.
Verified SafeView Analysis
The server handles sensitive credentials (QueryGrid Manager username/password) by loading them exclusively from environment variables or a .env file, not hardcoding. It uses `requests.Session` for API calls with basic authentication. The ability to disable SSL verification (`QG_MANAGER_VERIFY_SSL=false`) is clearly documented as a 'CRITICAL GOTCHA' for LLMs, with specific tools (like `support_archive_tools`) explicitly instructing AI agents to prompt the user for credentials for file downloads, preventing leakage of pre-configured credentials for potentially sensitive operations. Password requirements for new users are enforced (min. 14 chars, symbols, numbers). Process management commands (`pgrep`, `taskkill`) used for server control appear to be securely handled without direct external input. No `eval` or `exec` statements were found in the provided code snippets. Overall, explicit security considerations are well-integrated.
Updated: 2025-12-30GitHub
21
25
Medium Cost
StacklokLabs icon

osv-mcp

by StacklokLabs

Sec8

An MCP (Model Context Protocol) server that provides access to the OSV (Open Source Vulnerabilities) database for LLM-powered applications.

Setup Requirements

  • ⚠️Requires Go 1.21 or later to build and run from source.
Verified SafeView Analysis
The server primarily acts as a proxy to the OSV API, handling input validation for network configuration (port, transport mode) and basic request parameters (commit, version, package_name, ecosystem, purl). It uses standard Go HTTP client practices with reasonable timeouts. There are no evident hardcoded secrets, 'eval' usage, or obvious command injection vulnerabilities in the provided code. The reliance on the `mark3labs/mcp-go` library's internal parsing mechanisms is an external dependency that would require separate audit, but its usage here appears correct.
Updated: 2025-12-17GitHub
21
3
Low Cost
Vonage-Community icon
Sec9

This MCP server enables developers to interact with various Vonage API functionalities, including sending messages, making voice calls, and managing Vonage accounts and phone numbers, through an MCP-compatible client.

Setup Requirements

  • ⚠️Requires a Vonage account and associated API credentials (API usage will incur costs).
  • ⚠️The `VONAGE_PRIVATE_KEY64` environment variable must be a Base64 encoded string of your Vonage application's private key file content.
  • ⚠️Specific Vonage numbers (`VONAGE_VIRTUAL_NUMBER`, `VONAGE_WHATSAPP_NUMBER`) and an `RCS_SENDER_ID` are required for their respective messaging and voice functionalities to operate correctly.
Verified SafeView Analysis
Secrets like API keys, API secret, and private key are handled via environment variables (`VONAGE_API_KEY`, `VONAGE_API_SECRET`, `VONAGE_PRIVATE_KEY64`), which is a good practice. Input validation for tool arguments is implemented using `zod` schemas, mitigating risks associated with arbitrary user input. No `eval` or direct command execution of user-controlled input was observed in the provided source code. Error handling wraps API errors and returns them as text, preventing exposure of internal stack traces, although the content of API error messages themselves could vary. The `VONAGE_PRIVATE_KEY64` requires Base64 encoding, which is correctly processed.
Updated: 2025-12-30GitHub
21
3
Medium Cost
arjun1194 icon

insta-mcp

by arjun1194

Sec6

An MCP server enabling LLMs to interact with Instagram for account management, social graph analysis, content creation, discovery, and direct messaging.

Setup Requirements

  • ⚠️Requires an Instagram account and its credentials (username and password).
  • ⚠️Uses an unofficial Instagram API, which may violate Instagram's Terms of Service and lead to account suspension/ban.
  • ⚠️Accounts with Two-Factor Authentication (2FA) enabled may require manual intervention to complete login challenges, or 2FA must be temporarily disabled as the current server version does not fully support 2FA challenges.
Verified SafeView Analysis
This project utilizes the `instagram-private-api`, which is an unofficial API client. Use of this client carries inherent risks, including potential violations of Instagram's Terms of Service and the risk of account suspensions or permanent bans. The server attempts to mitigate some risks with built-in rate limiting and robust error handling for Instagram's security challenges (e.g., checkpoints, 2FA, spam blocks). Credentials can be stored in `data/credentials.json`, which is less secure than environment variables if the file is not properly protected. The `uploadAlbum` tool fetches image/video URLs from external sources, which could lead to SSRF or fetching malicious content if LLM input is not carefully constrained. Media upload tools (`upload_photo`, `upload_video`, `upload_reel`) require absolute file paths, posing a risk if an attacker can control these paths to access arbitrary files on the server's filesystem.
Updated: 2025-12-28GitHub
20
1
Medium Cost
fsmiamoto icon

reagent

by fsmiamoto

Sec2

Provides a lightweight Model Context Protocol (MCP) server for browser-based, GitHub-style code reviews to facilitate human-in-the-loop feedback for AI coding agents.

Setup Requirements

  • ⚠️Requires Git to be installed and available in PATH for any Git-based review features.
  • ⚠️Requires Node.js (or Bun) and npm/npx for installation and execution.
  • ⚠️The server binds to port 3636 by default, which may conflict with other services if not explicitly changed.
Review RequiredView Analysis
The server executes Git commands using `child_process.execSync` where user-provided input (such as `commitHash`, `base`, and `head` for `git diff` or `git show`) is directly concatenated into the shell command string without apparent sanitization. This creates a critical command injection vulnerability. An attacker or an AI agent (accidentally or maliciously) providing crafted input like `abc123; rm -rf /` to parameters like `commitHash` could execute arbitrary shell commands on the host machine. The `express.json({ limit: '50mb' })` setting also presents a potential, albeit lower, risk for denial-of-service via large request bodies.
Updated: 2026-01-02GitHub
20
1
High Cost
keyurgolani icon

ThoughtMcp

by keyurgolani

Sec8

Provides AI systems with human-like memory, parallel reasoning, and metacognitive capabilities through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher and npm 9.0.0 or higher.
  • ⚠️Requires PostgreSQL 14.0 or higher with the 'pgvector' extension installed and configured.
  • ⚠️Requires Docker and Docker Compose for local development (to run PostgreSQL and Ollama).
  • ⚠️Requires Ollama to be running locally (or accessible via `OLLAMA_HOST`) with a compatible embedding model (e.g., `nomic-embed-text`) pulled for embedding generation. This adds an external dependency not everyone might have set up.
Verified SafeView Analysis
The project demonstrates strong security awareness, implementing input validation, rate limiting, and a dedicated secrets manager. It also enforces dependency auditing by overriding known vulnerable packages (e.g., `qs`) and requiring `npm audit` to pass. Credentials are explicitly discouraged from version control. The primary security consideration for this type of AI application is the inherent risk associated with large language model (LLM) interactions, such as potential prompt injection or unintended code execution if LLM outputs are not rigorously sanitized and validated before use. While validation mechanisms are in place, the complexity of LLM outputs means continuous vigilance is required.
Updated: 2026-01-01GitHub
20
1
Low Cost
melbamorph icon

zonerMCP

by melbamorph

Sec9

This server provides a hardened Model Context Protocol (MCP) interface for accessing Lebanon, NH GIS data (zoning, addresses, parcels, environmental overlays) to AI agents, designed for platforms like OpenAI Agent Builder.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires `ARCGIS_BASE_URL` environment variable (secret) to be set, pointing to an ArcGIS FeatureServer endpoint.
  • ⚠️Customization of `config.js` and `mcp-server.js` business logic is necessary to adapt it from the Lebanon, NH example to a different geospatial data source and use case.
Verified SafeView Analysis
The server demonstrates strong security hardening, explicitly noted in its `replit.md` and implemented in the code. Key measures include: an explicit layer registry and field policy (allowlist approach, blocked fields, summary/full profiles), structured query modes to prevent freeform SQL injection, comprehensive input validation (e.g., coordinate ranges, bounding box size limits, object ID counts, string lengths), record count caps on query results, bearer token authentication (configurable), robust rate limiting with IP-based and authenticated token buckets, a response cache, optional session enforcement (though stateless mode is default, it's configurable), validation for geometry inclusion, payload size limits, and configurable CORS origins. External API calls (ArcGIS) are made with a timeout to prevent long-running requests. The `ARCGIS_BASE_URL` is correctly configured as a required secret and checked at startup. No 'eval' or other obviously dangerous patterns were found.
Updated: 2026-01-01GitHub
20
1
High Cost
mcp-research icon

mcp-security-scans

by mcp-research

Sec4

Automates the discovery, forking, and enablement of GitHub Advanced Security (GHAS) features on MCP (Model Context Protocol) server repositories, and generates comprehensive security reports.

Setup Requirements

  • ⚠️Requires a GitHub App setup with extensive 'Read & Write' permissions (Administration, Contents, Secret/Code/Dependabot scanning alerts, Organization Members read-only).
  • ⚠️The GitHub App's installation ID is hardcoded (65023400) in the source code; the App must be installed with this exact ID on the target organization.
  • ⚠️Requires `curl`, `tar` (for repository cloning), and the underlying C library for `python-magic` (`libmagic`) to be installed on the system.
Review RequiredView Analysis
The AppInstallationAuthStrategy in `src/github.py` uses a hardcoded `installation_id=65023400`. This is a critical security and usability flaw, as the GitHub App must be installed with this specific ID on the target organization for proper authentication. Additionally, `src/github.py`'s `clone_repository` uses `subprocess.run` with `curl -L` and `tar -xvf` to download and extract tarballs from external GitHub URLs. While `libmagic` is used for basic file type verification, following redirects (`-L`) and extracting external archives is a significant supply chain risk, as a compromised source repository could lead to arbitrary code execution on the system running the script. The script also requires extensive `Read & Write` GitHub App permissions, amplifying the impact of any vulnerabilities or credential compromise.
Updated: 2026-01-01GitHub
20
2
Low Cost
jpotter80 icon

mcp

by jpotter80

Sec8

A framework for building and deploying self-contained, searchable Model Context Protocol (MCP) servers for technical documentation, leveraging hybrid semantic and keyword search.

Setup Requirements

  • ⚠️Requires a local MAX embeddings server binary (`max`) to be installed and available in PATH if `AUTO_START_MAX` is enabled, or requires manual starting of the MAX server.
  • ⚠️Requires Python 3.11-3.13, specifically pinned to `==3.12.3` for the overall project's pixi environment (individual server configurations might specify a range).
  • ⚠️VS Code integration requires manual `mcp.json` configuration, often necessitating absolute paths to the server directory.
Verified SafeView Analysis
The system utilizes `subprocess.Popen` to auto-start a local `MAX` embedding server, which is a common pattern for local infrastructure orchestration. While this inherently carries a degree of risk, the command executed is fixed and not derived from arbitrary user input, mitigating severe vulnerabilities. All `openai.OpenAI` client instances are configured with `api_key="EMPTY"`, preventing accidental exposure of sensitive API keys. The primary server interaction occurs via `stdio` with an MCP-compatible host (e.g., VS Code, Claude Desktop), reducing direct external network exposure. File operations are confined to predefined paths for database and configuration files, preventing arbitrary file system access.
Updated: 2025-12-30GitHub
20
2
Medium Cost
DeepBlueCoding icon

mcp_replay_dota2

by DeepBlueCoding

Sec8

A FastMCP server for Dota 2 match analysis, leveraging replay files and OpenDota API to provide built-in coaching instructions for LLMs to generate meaningful analysis, including pattern recognition, objective rotations, and actionable advice.

Setup Requirements

  • ⚠️Requires `uv` (Python package management tool) for local setup.
  • ⚠️Requires local storage for Dota 2 replay files (50-400MB per match) which can consume significant disk space.
  • ⚠️LLM access for 'coaching analysis' is provided by the MCP client, not the server itself, meaning the client application (e.g., Anthropic Claude desktop, or other FastMCP client) needs to be configured for LLM interaction.
  • ⚠️Requires Python 3.12.
Verified SafeView Analysis
The server relies on external dependencies like `python-manta` (a C++-based replay parser) and the OpenDota API for data fetching. Replay files (50-400MB) are downloaded from OpenDota and stored locally; while the download process uses standard practices (requests.get, raise_for_status, timeouts), the parsing of untrusted binary files inherently carries a risk of vulnerabilities in the parser. LLM interactions for coaching analysis occur via client-side sampling (`ctx.sample`), offloading potential data exfiltration risks to the client implementation rather than the server itself. No direct code injection vulnerabilities (e.g., `eval`) or hardcoded sensitive API keys were found within the provided source.
Updated: 2025-12-31GitHub
20
3
Medium Cost
endorhq icon
Sec8

Provides AI agents with controlled access to the Alpine Linux APK package manager for system package operations.

Setup Requirements

  • ⚠️Requires Rust (2024 edition) for building.
  • ⚠️Designed specifically for Alpine Linux environments, as it exclusively uses the `apk` package manager.
  • ⚠️Requires appropriate user permissions for the `apk` package manager to perform installations and updates.
Verified SafeView Analysis
The server executes `apk` commands with the privileges of the running user, requiring careful deployment regarding user permissions. Input validation is implemented for `install_package_with_version` to prevent command injection, and arguments are passed explicitly to `std::process::Command::new("apk")`, reducing risks. Binds to `0.0.0.0` by default, necessitating firewall rules if not intended for public access.
Updated: 2025-12-30GitHub
PreviousPage 247 of 713Next