Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

75
840
Low Cost
Azure-Samples icon

AI-Gateway

by Azure-Samples

Sec8

The project serves as a collection of labs demonstrating AI Gateway capabilities with Azure API Management, focusing on Model Context Protocol (MCP) to enable plug-and-play tool integration for Large Language Models (LLMs).

Setup Requirements

  • ⚠️Requires Python 3.12 or later.
  • ⚠️Requires an Azure Subscription with Contributor + RBAC Administrator (or Owner) roles for deploying and managing Azure resources.
  • ⚠️Requires Azure CLI installed and authenticated.
  • ⚠️Requires various environment variables for Azure API Management and Azure AD configuration (e.g., APIM_GATEWAY_URL, AZURE_TENANT_ID, AZURE_CLIENT_ID).
Verified SafeView Analysis
The project extensively uses Azure's built-in security features like Managed Identity and OAuth 2.0 through Azure API Management's credential manager, which is a strong foundation. Secrets are generally managed via environment variables. The use of `subprocess.run` for Azure CLI commands is present but within expected boundaries for an Azure-focused lab. MCP servers bind to `0.0.0.0` by default, which is common for development but requires external network security in production. The complexity of OAuth flows, even with Azure's abstractions, always poses a risk of misconfiguration if not handled meticulously. No explicit 'eval' or obfuscation found.
Updated: 2026-01-05GitHub
75
123
Medium Cost
rhel-lightspeed icon

linux-mcp-server

by rhel-lightspeed

Sec3

This server provides read-only Linux system administration, diagnostics, and troubleshooting capabilities for AI agents using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Default `LINUX_MCP_VERIFY_HOST_KEYS=False` exposes to MITM attacks for remote SSH; manual configuration to `True` is required for secure remote operations.
  • ⚠️Requires passwordless SSH authentication (key-based) to target Linux systems for remote execution.
  • ⚠️The `read_log_file` tool requires the `LINUX_MCP_ALLOWED_LOG_PATHS` environment variable to be explicitly configured with a comma-separated whitelist of permitted log file paths.
  • ⚠️Local execution is disallowed when running inside a container, requiring a `host` parameter for all tools.
  • ⚠️Optimized for RHEL-based/systemd Linux systems; local execution on macOS or Windows will have limited functionality.
Review RequiredView Analysis
The server explicitly states all operations are read-only, includes robust path validation to prevent injection/traversal attacks, and sanitizes sensitive parameters from logs. However, a critical security risk exists because `LINUX_MCP_VERIFY_HOST_KEYS` defaults to `False`, making remote SSH connections vulnerable to Man-in-the-Middle (MITM) attacks. This default configuration makes the server unsafe for production use without manual intervention to enable host key verification.
Updated: 2026-01-19GitHub
75
171
Medium Cost
Ami3466 icon

tomcp

by Ami3466

Sec7

Converts any website into an MCP (Model-Config-Protocol) server for AI tools and enables AI chat with website content by converting HTML to clean Markdown.

Setup Requirements

  • ⚠️Cloudflare account and Workers AI API key are required to unlock paid AI models and bypass free tier rate limits.
  • ⚠️The free tier is rate limited to 5 requests per IP per day and 200 total requests per day (global).
  • ⚠️JavaScript is not executed during content fetching, so Single Page Applications (SPAs) or dynamically-loaded content will not be captured accurately.
  • ⚠️Requires trust in the `tomcp` service, as your Cloudflare Workers AI API key is proxied through their server for requests when provided.
Verified SafeView Analysis
The server processes arbitrary URLs, fetching and converting their HTML to Markdown. While the HTML parsing is basic (regex-based, which can be brittle but is generally less prone to complex DOM-based vulnerabilities), it relies on fetching untrusted external content. User-provided Cloudflare API keys for paid models are sent in the request body to the worker, requiring users to trust the `tomcp` service not to log or misuse their keys, even if they are not persistently stored on the server. There are no obvious hardcoded sensitive secrets (Cloudflare account IDs configured in `wrangler.toml` are for the service owner's free tier, not secret data) or 'eval' usage. The Cloudflare Workers platform provides some inherent security benefits.
Updated: 2025-12-20GitHub
75
343
Medium Cost
awslabs icon
Sec8

This project provides a CDK pipeline to automate the deployment of Model Context Protocol (MCP) servers as AWS Lambda functions, offering client transports for Lambda invocation and SigV4 HTTP, and server adapters/handlers for various AWS Lambda event models.

Setup Requirements

  • ⚠️Requires manual configuration of GitHub repository and owner names in the CDK pipeline source code.
  • ⚠️Requires manual creation and policy attachment for the CodeBuild IAM role outside of the CDK deployment.
  • ⚠️Requires manual activation of the GitHub connection and pipeline release via AWS CodeConnections and CodePipeline consoles after initial deployment.
  • ⚠️Python 3.11+ and Node.js 18+ are required for respective components.
Verified SafeView Analysis
The project uses standard AWS SDKs for Lambda invocation and SigV4 HTTP signing, which are generally secure. The `stdioServerAdapter` runs child processes per request; while this is a common pattern for certain types of servers, it introduces a potential risk vector if the `command` or `args` parameters are sourced from untrusted input or configured insecurely. However, within the context of this deployment pipeline, these parameters are expected to be defined by the developer for trusted MCP servers. No obvious 'eval' or obfuscation is present. Hardcoded secrets are avoided by using AWS Secrets Manager for examples like the Dog Facts API Key.
Updated: 2026-01-15GitHub
75
167
Medium Cost
ChiR24 icon

Unreal_mcp

by ChiR24

Sec9

High-performance bridge and automation server for Unreal Engine, enabling programmatic control, data processing, and asset authoring through a WebSocket API and optional WebAssembly acceleration.

Setup Requirements

  • ⚠️Requires Rust and wasm-pack to build the WebAssembly module.
  • ⚠️Requires Unreal Engine to be installed, running, and accessible for the automation bridge to connect.
  • ⚠️Requires the custom Unreal Engine plugin 'McpAutomationBridge' to be installed and enabled in the Unreal project.
  • ⚠️Reliance on several environment variables (e.g., UE_EDITOR_EXE, UE_PROJECT_PATH, MCP_AUTOMATION_CAPABILITY_TOKEN) for configuration.
Verified SafeView Analysis
The server implements robust input validation and path sanitization (`sanitizePath`, `CommandValidator`) to prevent common vulnerabilities like command injection and directory traversal. A capability token is used for authenticating with the Unreal Engine automation bridge and is redacted in logs. GraphQL and metrics endpoints are exposed, which is standard for servers, but requires appropriate network access control and firewall configuration.
Updated: 2026-01-19GitHub
74
310
Medium Cost
Tiberriver256 icon

mcp-server-azure-devops

by Tiberriver256

Sec9

This server provides an AI agent with tools to interact with Azure DevOps services, including searching code, wikis, and work items, managing pull requests, retrieving project details, and handling pipeline operations.

Setup Requirements

  • ⚠️Requires an Azure DevOps organization and project with appropriate permissions for read/write operations (e.g., creating pull requests, updating work items, accessing repositories).
  • ⚠️Authentication is configured via environment variables (e.g., AZURE_DEVOPS_PAT for Personal Access Token, or Azure CLI login / Managed Identity / Service Principal for Azure Identity methods).
  • ⚠️Some search features (e.g., Code Search) require the respective Azure DevOps extensions to be installed in the target organization.
Verified SafeView Analysis
The server handles sensitive information (Azure DevOps credentials) via environment variables, which is a standard and secure practice. It integrates with Azure SDKs (@azure/identity, azure-devops-node-api) for authentication, which provides robust security features. Error handling for API calls is comprehensive, mitigating risks from malformed responses or external API issues. The `create_branch.sh` script is a local utility and not part of the server's runtime exposed to external requests. While shell scripts always carry a minimal risk of injection, the direct use of `$1` with `git checkout -b` is generally robust for branch names. No 'eval' or direct arbitrary code execution on user input was identified within the server's core logic. The hardcoded Azure DevOps resource ID is a public identifier, not a secret.
Updated: 2025-12-02GitHub
74
337
Medium Cost
FreePeak icon

db-mcp-server

by FreePeak

Sec8

Provides AI assistants with structured access to multiple database systems (MySQL, PostgreSQL, SQLite, TimescaleDB) through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires proper database configuration (credentials, host, port) in `config.json` or environment variables for all connected databases.
  • ⚠️For Docker deployments, external databases need to be accessible and `wait-for-it.sh` correctly resolves hostnames.
  • ⚠️For TimescaleDB features, the PostgreSQL instance must have the TimescaleDB extension installed and enabled.
Verified SafeView Analysis
The server uses parameterized queries to mitigate SQL injection risks. Example configuration files, such as `config.sqlite-example.json` and `config.timescaledb-test.json`, contain hardcoded default or placeholder credentials. While these are for example/test environments and users are expected to replace them, it highlights a common security pitfall if not properly managed in production. The server binds to `0.0.0.0` in some Docker configurations, which means it listens on all network interfaces, requiring a controlled network environment.
Updated: 2026-01-16GitHub
74
12
Medium Cost
iceener icon
Sec9

This MCP server is designed for location-aware AI agents running on mobile devices to search places, get details, and plan routes using Google Maps Platform APIs.

Setup Requirements

  • ⚠️Requires a Google Maps Platform API Key (Places API (New) and Routes API must be enabled, which are paid services).
  • ⚠️Requires a `BEARER_TOKEN` secret to be generated and configured for client authentication (unless authentication is explicitly disabled).
  • ⚠️Cloudflare Worker deployment requires a Cloudflare account, `wrangler` CLI, a KV namespace, and setting secrets via `wrangler secret put`.
Verified SafeView Analysis
The server implements robust security practices, including explicit use of environment variables/secrets for API keys and bearer tokens, input validation via Zod schemas, and proper CORS configuration. It features a security middleware that validates origin and MCP protocol version, and a logger with sensitive data redaction. AES-256-GCM encryption is available for KV storage in Cloudflare Workers. While origin validation for production includes a placeholder that defaults to `true` (requiring explicit configuration by the user), the overall code design prioritizes security.
Updated: 2025-12-09GitHub
74
192
High Cost
speakeasy-api icon

gram

by speakeasy-api

Sec4

A platform for developing, deploying, and managing AI tools/functions and their integrations, featuring a dashboard and embeddable UI components for AI assistants.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for running local development environment.
  • ⚠️Requires both Go and Node.js/TypeScript development environments due to its monorepo structure.
  • ⚠️Full functionality (especially for AI models and integrations) requires external API keys for various services (e.g., LLMs via OpenRouter, cloud services like Snowflake, Supabase, Google Cloud, Pinecone, Temporal, etc.), many of which can incur costs.
  • ⚠️Specific database setup: PostgreSQL with the `pgvector` extension is used, and Redis for caching and Temporal for workflow orchestration.
Review RequiredView Analysis
The `compose.yml` file contains hardcoded secrets for `gram-cache` (Redis password: `xi9XILbY`) and `mcp-registry` (JWT private key: `ffb75d70bdacadee50324c5f93b04e5674b1df37b4e234e603e5c08500eb0740`). These should be parameterized with environment variables, even for local development configurations, to prevent accidental exposure in non-development environments. The system integrates with numerous external APIs and cloud services, which expands the attack surface, necessitating careful management of associated API keys and credentials.
Updated: 2026-01-19GitHub
74
253
Medium Cost
GuDaStudio icon

geminimcp

by GuDaStudio

Sec7

Integrates Google's Gemini CLI with Claude Code as an MCP server for AI-assisted programming, particularly strong in frontend design.

Setup Requirements

  • ⚠️Requires Claude Code to be installed and configured.
  • ⚠️Requires Gemini CLI to be installed and configured (including API access).
  • ⚠️Requires the `uv` tool for installation.
  • ⚠️Python 3.12+ is required.
Verified SafeView Analysis
The server executes the `gemini` CLI via `subprocess.Popen` with `shell=False`, which is generally secure against shell injection. User-provided `PROMPT` is passed directly as an argument to `gemini-cli`. While `windows_escape` is used for Windows, the overall security relies on the robustness of `gemini-cli` itself against malicious or malformed prompts that could potentially exploit internal `gemini-cli` vulnerabilities or command injection if `gemini-cli` misinterprets arguments. No `eval`, hardcoded secrets, or obvious network risks beyond communicating with the underlying `gemini-cli`.
Updated: 2025-12-16GitHub
74
340
Medium Cost
pab1it0 icon
Sec7

A Model Context Protocol (MCP) server that enables AI assistants to query and analyze Prometheus metrics for monitoring and insights.

Setup Requirements

  • ⚠️Requires a running Prometheus server accessible from the environment, with its URL (`PROMETHEUS_URL`) being a mandatory configuration.
  • ⚠️Requires Docker for the most straightforward installation and usage, or Python 3.10+ with `uv` for manual setup.
Verified SafeView Analysis
The server's core function involves making HTTP requests to a user-defined Prometheus URL (`PROMETHEUS_URL`). If `PROMETHEUS_URL` points to an untrusted or internal network location, it could potentially be exploited for Server-Side Request Forgery (SSRF). The `PROMETHEUS_URL_SSL_VERIFY` option allows disabling SSL verification, which is insecure and explicitly warned against in the logs. Authentication credentials (username/password, bearer token) are passed via environment variables, which is standard for containerized applications but requires secure environment management. The `PROMETHEUS_CUSTOM_HEADERS` option allows arbitrary headers as a JSON string; while `json.loads` is generally safe, this could be a point of concern if not handled carefully in specific deployment scenarios. The Docker image runs as a non-root user (`app`), which is a good security practice.
Updated: 2026-01-10GitHub
74
2691
Low Cost
opensolon icon

solon

by opensolon

Sec4

Java enterprise application framework for building high-performance, resource-efficient services, including AI agents and workflow solutions.

Setup Requirements

  • ⚠️Default `app.yml` includes a hardcoded Redis password (`123456`) for session state (`server.session.state.redis.password`), which is a severe security risk and requires immediate change.
  • ⚠️HTTPS support requires explicit configuration of a Java KeyStore (`server.ssl.keyStore`, `server.ssl.keyPassword`).
  • ⚠️Leveraging performance benefits like native image compilation requires specific build tools (e.g., GraalVM) and configurations, potentially increasing setup complexity.
Review RequiredView Analysis
The `app.yml` configuration file contains a hardcoded default password (`123456`) for Redis session state, which is a critical security vulnerability for any production deployment. This must be changed immediately. The framework uses SnEL (Solon Expression Language) for configuration and templating. While generally safer than arbitrary code execution, care must be taken to prevent expression injection if user input is not properly sanitized before being passed to SnEL evaluation functions. Support for `HttpSslSupplierAny` allows disabling strict SSL/TLS certificate validation, which is discouraged for production environments. Proper security modules (Auth, Validation) are available, but their effective use depends on application-level implementation.
Updated: 2026-01-17GitHub
PreviousPage 25 of 713Next