Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

19
23
Medium Cost
bmen25124 icon
Sec2

Manages and integrates external tools and AI models with SillyTavern using the MCP protocol, allowing dynamic execution of local scripts or communication with remote services.

Setup Requirements

  • ⚠️Requires manual modification of SillyTavern's config.yaml to enable server plugins.
  • ⚠️MCP server configurations (commands, arguments, environment variables, URLs) must be manually defined in mcp_settings.json or via API, requiring user familiarity with command-line execution or network configuration.
  • ⚠️Relies on external 'MCP servers' which are themselves executable files or network services that the user must acquire and trust.
Review RequiredView Analysis
CRITICAL: The server plugin allows authenticated SillyTavern users to define and execute arbitrary commands on the host machine via the `/servers` API endpoint. The `startMcpServer` function uses `child_process.spawn` with user-provided `command`, `args`, and `env` values from the `mcp_settings.json` configuration or directly from API requests. This poses a severe security risk if SillyTavern's authentication is compromised, or if a malicious user intentionally configures dangerous commands, leading to potential remote code execution and full system compromise. HTTP transport options (streamableHttp, sse) also allow user-defined URLs and headers, creating potential for Server-Side Request Forgery (SSRF) or other network-based attacks.
Updated: 2025-12-16GitHub
19
1
Low Cost
la-rebelion icon

be-hapi

by la-rebelion

Sec6

Installs a Command Line Interface (CLI) tool for API management, enabling users to interact with and serve APIs.

Setup Requirements

  • ⚠️Requires write access to `/usr/local/bin` (typically root/sudo privileges for system-wide installation)
  • ⚠️Requires `sha256sum` utility for checksum verification (standard on Linux, often available on macOS via Coreutils or similar)
  • ⚠️Requires active internet connection to download binaries and version information from GitHub
Verified SafeView Analysis
The installation method `curl | bash` or `irm | iex` executes a remote script directly, which carries an inherent risk if the remote source (get.mcp.com.ai) is compromised. While the installer scripts implement checksum verification for the downloaded binaries from GitHub, ensuring integrity after the download, the initial script execution bypasses explicit user review. The scripts attempt to move binaries to `/usr/local/bin`, which typically requires root/sudo privileges; this is not explicitly requested by the script and could lead to permission errors if run by a standard user without elevated permissions.
Updated: 2025-12-31GitHub
19
1
Medium Cost
micartey icon

viro

by micartey

Sec8

JavaFX overlay doodle application for screen sharings and recordings, featuring an MCP endpoint for LLMs to programmatically draw and manipulate shapes.

Setup Requirements

  • ⚠️Requires Java 17+ with JavaFX installed; direct installation can be tricky outside of a Nix environment.
  • ⚠️LLM integration requires configuring an LLM client (e.g., gemini-cli) to connect to the local SSE endpoint at 'http://localhost:8099/mcp/sse'.
Verified SafeView Analysis
The MCP endpoint exposes 'ImageTools.drawImage' and 'ImageTools.drawImageFromURL' methods which allow loading images from arbitrary local file paths or URLs provided by an LLM. While 'viro' itself merely attempts to load the image, this could be an attack vector for an LLM to attempt local file access or Server-Side Request Forgery (SSRF) if not properly controlled or sandboxed in the LLM's environment. The server runs on localhost, limiting direct external network attacks.
Updated: 2026-01-01GitHub
19
1
Medium Cost
IgorKrupenja icon

buerokratt-mcp

by IgorKrupenja

Sec6

Provides an MCP (Model Context Protocol) server for sharing AI coding assistant rules specific to Bürokratt modules across various IDEs.

Setup Requirements

  • ⚠️Requires Docker for easy setup and `pnpm` for local development.
  • ⚠️GitHub API rate limits may be hit without a GITHUB_TOKEN environment variable when validating module names.
  • ⚠️Front-end browser debugging and interaction for the Service Module requires a mandatory multi-step authentication process involving an external TIM login service to obtain a JWT cookie, which then needs to be programmatically set in the browser via `browser_evaluate`.
Verified SafeView Analysis
The server's authentication is explicitly marked as 'Planned' for OAuth2, relying on a session ID in headers for current session management which is less robust. A hardcoded default testing key ('voorshpellhappilo') for the 'x-ruuter-testing' header in the Service Module is a notable security vulnerability if not changed. An example SQL command in documentation includes a hardcoded password which is poor practice. The `sync-upstream.sh` script is powerful, executing git commands requiring `all` permissions, and should be used with caution. Rule files are read-only in the Docker setup, which is good for integrity. No obvious 'eval' or direct command injection vulnerabilities were found in the provided TypeScript source code processing user input.
Updated: 2025-12-31GitHub
19
3
Medium Cost
axite-ai icon
Sec8

A lightweight, type-safe starter for building ChatGPT MCP apps with Next.js and Skybridge, featuring OAuth 2.1 authentication, optional Stripe subscription support, and Drizzle ORM with PostgreSQL.

Setup Requirements

  • ⚠️Requires PostgreSQL database setup and connection string (`DATABASE_URL`).
  • ⚠️Requires a Redis instance for caching and rate limiting (`REDIS_URL`).
  • ⚠️Authentication requires configuring `BETTER_AUTH_SECRET` and optionally Google OAuth credentials (`GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`).
  • ⚠️Stripe integration (for subscriptions) is optional but requires multiple Stripe API keys and price IDs if enabled (`ENABLE_SUBSCRIPTIONS`, `STRIPE_SECRET_KEY`, `STRIPE_WEBHOOK_SECRET`, `STRIPE_BASIC_PRICE_ID`, `STRIPE_PRO_PRICE_ID`, `STRIPE_ENTERPRISE_PRICE_ID`).
  • ⚠️Designed for Next.js 15+ with App Router and Turbopack. Compatibility with older Next.js versions is not guaranteed.
Verified SafeView Analysis
The `NextChatSDKBootstrap.tsx` file includes an inline script used for SDK bootstrapping within iframes. This script manipulates `window.history` and `window.fetch` to ensure proper widget behavior (e.g., external links, API calls). While inline scripts generally require careful review, this implementation appears designed to enable core functionality rather than malicious intent. The project effectively uses environment variables for sensitive configurations (`BETTER_AUTH_SECRET`, `STRIPE_SECRET_KEY`, `GOOGLE_CLIENT_SECRET`), with `lib/utils/env-validation.ts` providing startup validation to ensure critical variables are set, mitigating hardcoded secret risks. Drizzle ORM helps prevent SQL injection. Rate limiting is implemented via Redis. Overall, good security practices are in place, but the nature of embedded dynamic scripts warrants ongoing vigilance.
Updated: 2025-12-25GitHub
19
8
High Cost
Kaiohz icon
Sec6

Provides a FastAPI REST API and MCP server for Retrieval Augmented Generation (RAG) capabilities, integrating with the RAG-Anything and LightRAG libraries for multi-modal document processing and knowledge graph operations.

Setup Requirements

  • ⚠️Requires an OpenRouter API Key (Paid, essential for LLM functionality).
  • ⚠️Docker & Docker Compose are required for the recommended setup (including PostgreSQL with pgvector/Apache AGE and the LightRAG Server).
  • ⚠️Requires Python 3.13+.
  • ⚠️The application relies on a separate `LightRAG Server` which itself may require an additional `LLM_BINDING_API_KEY`.
Review RequiredView Analysis
The server has several potential security concerns: - **Arbitrary File Uploads:** The `/api/v1/file/index` endpoint allows users to upload arbitrary files to a temporary directory (`/tmp/output`). While basic path traversal for the file path is mitigated, there is no explicit content validation or type checking. Maliciously crafted documents (e.g., PDFs, DOCX) could exploit vulnerabilities in the underlying `Docling` or `raganything` parsing libraries, potentially leading to denial-of-service, resource exhaustion, or remote code execution. - **Permissive CORS:** The `ALLOWED_ORIGINS` defaults to `"*"`, which is overly permissive for a production environment and could expose the API to unintended cross-origin requests. - **Untrusted LightRAG API URL:** The application fetches and merges the LightRAG server's OpenAPI specification from `LIGHTRAG_API_URL` during startup. If this URL is controlled by an attacker, it could be used to inject malicious content into the API documentation, cause denial-of-service during startup (if the URL points to a slow/malicious server), or potentially leak information. - **Proxying Authorization Headers:** The application forwards `Authorization` and `api_key_header_value` headers to the LightRAG server. While intended functionality, this means the security of the overall system is dependent on the trustworthiness and security of the configured LightRAG server.
Updated: 2025-12-15GitHub
19
8
Medium Cost
takaakit icon

astah-pro-mcp

by takaakit

Sec9

This local MCP server integrates AI agents with Astah Professional to facilitate UML modeling, diagram explanation, code generation, and diagram creation from sketches.

Setup Requirements

  • ⚠️Astah Professional v11.0 or later is required.
  • ⚠️AI clients must be configured to connect to `127.0.0.1` (not `localhost`) on specific ports (`8888` for full tools, `8889` for query-only).
  • ⚠️The MCP server only operates with AI assistants/agents running on the same machine as Astah Professional (no remote AI agents).
  • ⚠️A valid Astah license is required, and usage via AI assistants/agents must comply with Astah's terms of use.
  • ⚠️If using Claude Desktop, Node.js v20 or later is required for the `mcp-remote` bridge.
Verified SafeView Analysis
The server binds exclusively to `127.0.0.1` and requires explicit user approval via a Swing dialog for each new client connection, significantly enhancing local security. Origin header validation is also implemented. File system interactions are limited to a designated workspace for text-based content, mitigating common file-based exploits. No `eval` or similar dynamic code execution methods are evident.
Updated: 2025-12-21GitHub
19
1
Medium Cost
albertoferrazzoli icon

SlotixMCP

by albertoferrazzoli

Sec9

Manages Slotix appointments, clients, notifications, and business analytics through an AI assistant interface.

Setup Requirements

  • ⚠️Requires an active Slotix account and API key.
  • ⚠️Requires Python 3.10 or higher.
Verified SafeView Analysis
The server uses `httpx` for API calls and retrieves the API key from environment variables, which are good practices. There are no direct uses of `eval`, `exec`, or `subprocess` from user input. Error handling for API responses is present. The `call_tool` function directly maps tool names to predefined client methods, mitigating injection risks. The primary security consideration is the secure handling of the `SLOTIX_API_KEY` by the user.
Updated: 2025-12-31GitHub
19
1
Low Cost
vespo92 icon

BrocadeICXMCP

by vespo92

Sec7

Automates the management of Brocade ICX 6450 network switches via SSH CLI commands, integrating with AI agents through the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires SSH access and credentials to a Brocade ICX 6450 switch.
  • ⚠️Required environment variables (BROCADE_HOST, BROCADE_USERNAME, BROCADE_PASSWORD) must be configured.
Verified SafeView Analysis
The server uses environment variables for SSH credentials, which is good practice. Input validation is applied to most tool calls via Zod schemas. However, the 'execute_command' tool allows executing arbitrary CLI commands, which is a significant security risk if the client (AI agent) is untrusted or compromised, although it is clearly marked as requiring privilege and 'use with caution' in the tool definitions. The SSE server's default CORS origin '*' is also permissive and could be a risk in web-exposed deployments if not restricted. No hardcoded secrets, `eval`, or obfuscation were found.
Updated: 2026-01-01GitHub
19
11
Medium Cost
NERVsystems icon

osmmcp

by NERVsystems

Sec9

Enables LLMs to interact with OpenStreetMap data through a rich set of geospatial tools, including geocoding, routing, and points of interest search.

Setup Requirements

  • ⚠️Requires Go 1.24 or higher for building and running.
  • ⚠️Full functionality for LLM integration requires an MCP-compatible client, such as Claude Desktop Client, to interact with the server's tools.
  • ⚠️Relies on public OpenStreetMap APIs (Nominatim, Overpass API, OSRM) which, while not requiring API keys, are subject to rate limits and usage policies that can impact performance if exceeded.
Verified SafeView Analysis
The server employs robust security practices including extensive input validation to prevent injection (e.g., in `validateTags`, `sanitizeAddress`), per-IP rate limiting (`pkg/server/middleware.go`), connection pooling with timeouts, structured error handling, and the application of standard HTTP security headers (`X-Content-Type-Options`, `X-Frame-Options`, `X-XSS-Protection`, `Strict-Transport-Security`, `Content-Security-Policy`). Request body size limits are enforced, and authentication (bearer, basic) is supported for HTTP transport. No use of 'eval' or similar dynamic code execution is apparent, and sensitive API keys are externalized or passed via flags, not hardcoded. OpenTelemetry tracing and Prometheus monitoring enhance observability for security audits.
Updated: 2025-12-22GitHub
19
4
Low Cost
Xyber-Labs icon

mcp-servers

by Xyber-Labs

Sec8

Provides an MCP server for Qdrant vector database integration, enabling AI agents to perform semantic search, store documents, and manage collections with advanced multi-tenant filtering capabilities.

Setup Requirements

  • ⚠️Requires a running Qdrant instance (local or cloud) for operation.
  • ⚠️Python 3.12+ is required.
  • ⚠️Qdrant API key (`QDRANT_API_KEY`) might be required depending on your Qdrant instance's security configuration.
Verified SafeView Analysis
The server uses Pydantic for input validation, which is a good practice to prevent common injection vulnerabilities. API keys (for Qdrant and potentially x402 payments if enabled) are expected from environment variables, avoiding hardcoding. The `X402WrapperMiddleware` processes `X-PAYMENT` headers, including base64 decoding and JSON parsing; while this uses a dedicated `x402` library, improper handling of such headers can introduce risks, but no obvious critical flaw is apparent from the truncated code. Connection to Qdrant requires a secure setup (e.g., TLS, API key).
Updated: 2025-12-26GitHub
18
1
Medium Cost
JavaAIDev icon

amap-mcp-server

by JavaAIDev

Sec9

Provides a server that exposes Amap's various geographical and location-based services as tools, designed for integration with Model Context Protocol (MCP) clients.

Setup Requirements

  • ⚠️Requires an Amap API Key, set via the AMAP_API_KEY environment variable.
  • ⚠️Requires Java 11 to run the JAR file directly.
  • ⚠️Using the container image option requires Docker to be installed and running.
Verified SafeView Analysis
The project correctly retrieves the API key from environment variables, avoiding hardcoded secrets. It utilizes Ktor HttpClient for making external API calls, which is a reputable library. Request parameters are built from structured data classes, reducing direct string injection risks. Error handling for API responses is present. No obvious dynamic code execution (e.g., 'eval') or malicious patterns were found in the provided source code.
Updated: 2025-12-31GitHub
PreviousPage 249 of 713Next