Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

17
1
Medium Cost
kliushnichenko icon

jooby-mcp

by kliushnichenko

Sec7

Integrates the Java Model Context Protocol (MCP) SDK with Jooby to enable declarative, annotation-based registration and serving of tools, prompts, and resources as a standardized API.

Setup Requirements

  • ⚠️Requires `jooby-mcp` and `jooby-mcp-apt` (annotation processor) dependencies in Maven `pom.xml`.
  • ⚠️Requires explicit configuration in `application.conf` for each MCP server, specifying `name`, `version`, and `transport`.
  • ⚠️A JSON encoder/decoder (e.g., Jooby's `JacksonModule`) and a Dependency Injection module (e.g., `AvajeInjectModule`) must be installed in the Jooby application.
Verified SafeView Analysis
The server relies on the official Java MCP SDK for core protocol handling and JSON serialization/deserialization. Method invocation logic is generated at build time using APT, which reduces runtime reflection risks. Input arguments are cast using `mcpJsonMapper.convertValue`, which could be a point of deserialization vulnerability if not robustly handled by the underlying JSON mapper, though the SDK likely accounts for this. Required arguments are validated. No obvious hardcoded secrets or direct arbitrary code execution from user input are observed in the provided code snippets. The main risk factor would reside within the security posture of the Java MCP SDK's JSON processing capabilities.
Updated: 2025-12-29GitHub
17
13
Low Cost
ntk148v icon
Sec8

Enables AI assistants and tools to query and manage Prometheus Alertmanager resources programmatically and securely.

Setup Requirements

  • ⚠️Requires Python 3.12+
  • ⚠️Requires a running and accessible Prometheus Alertmanager server
  • ⚠️The ALERTMANAGER_URL environment variable is mandatory for operation
Verified SafeView Analysis
The server uses environment variables for sensitive configuration like Alertmanager URL, username, and password, avoiding hardcoded secrets. It employs basic authentication and provides multi-tenant support via the `X-Scope-OrgId` header, which is handled securely using `ContextVar` for per-request isolation. HTTP requests use a fixed timeout (60 seconds) to prevent hanging connections. There are no explicit uses of `eval` or other obvious code injection vectors in the provided source code. The primary network risk involves `requests.request` calls to a configurable `ALERTMANAGER_URL`, but this URL is typically managed via environment variables, limiting user-controlled SSRF risks. Overall, the security posture appears sound for its intended purpose.
Updated: 2025-12-16GitHub
17
2
High Cost
angrysky56 icon
Sec4

A research prototype for a Reflective Agent Architecture (RAA) that integrates modern associative memory with metacognitive monitoring for insight-like problem-solving, capable of self-reflection and dynamic adaptation.

Setup Requirements

  • ⚠️Requires Neo4j Database instance running and configured (NEO4J_URI, NEO4J_USER, NEO4J_PASSWORD)
  • ⚠️Requires API keys for chosen commercial LLM providers (e.g., OPENROUTER_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, HF_TOKEN)
  • ⚠️Requires local Ollama or LM Studio instance if local LLM providers are selected
  • ⚠️Automatically installs LADR theorem prover binaries locally (Python packages: sentence-transformers, openai, ollama, anthropic, google.generativeai, huggingface_hub, chromadb, numpy, torch, neo4j)
Review RequiredView Analysis
Direct `subprocess.run` calls (e.g., in `_search_codebase`, `_run_mace4`) can be vulnerable to command injection if inputs are not thoroughly sanitized. The `exec` call within `src/compass/sandbox.py` is intended for sandboxing but represents an inherent risk point. The use of `torch.load(weights_only=False)` for loading model projections in `src/vectordb_migrate/migration.py` presents a deserialization vulnerability if untrusted projection files are inadvertently loaded. API keys are generally handled via environment variables, which is good practice.
Updated: 2025-12-26GitHub
17
10
Medium Cost
iunera icon
Sec7

Manages and analyzes Apache Druid clusters, facilitating operations like data ingestion, security, and health monitoring via an MCP client.

Setup Requirements

  • ⚠️Requires a running Apache Druid cluster for full functionality.
  • ⚠️Docker is the recommended deployment method for the server. Alternatively, Java and Maven are required to build and run the JAR.
  • ⚠️An MCP client (e.g., Claude Desktop or custom client using the Model Context Protocol library) is required to interact with the server.
Verified SafeView Analysis
The server offers an explicit 'druid.ssl.skip-verification' option, which poses a security risk if used in production environments, as it disables certificate validation. It also includes a metrics service (enabled by default via 'druid.mcp.metrics.enabled=true') that sends usage data (tool name, status, execution time, hashed hostname, server version, Docker status, protocol, OAuth2/readonly enabled) to 'https://mcpmetrics.k8s.iunera.com/druid/v1'. While the hostname is hashed, users should be aware of this data collection. OAuth2 security can be enabled or disabled; when disabled, all HTTP requests are permitted ('permitAll()'), which requires careful deployment to avoid exposure. The 'SecurityRepository' correctly implements guards for 'admin' and 'druid_system' users/roles, preventing their deletion and changes to 'druid_system' password.
Updated: 2025-12-18GitHub
17
6
Medium Cost
roruizf icon
Sec7

Enables AI assistants like Claude to interact with OpenStudio building energy models through a comprehensive set of natural language accessible tools for loading, inspecting, and manipulating models.

Setup Requirements

  • ⚠️Requires Docker Desktop for Windows/Mac/Linux (for recommended setup).
  • ⚠️Requires a system-level installation of OpenStudio 3.7.0 (not a Python pip package) within the Docker container or local environment.
  • ⚠️Strongly recommends cloning the repository to a short root path (e.g., C:\openstudio-mcp-server) on Windows to avoid the 260-character path limit.
Verified SafeView Analysis
The server uses Docker with a critical volume mount (`-v C:\:/mnt/c`) that grants the container Read/Write access to the entire host C: drive. While necessary for the stated use case of interacting with local files, this is a high-privilege configuration that requires full trust in the container and its dependencies. The server itself communicates over standard I/O (stdio) via the MCP protocol, limiting direct external network exposure. No 'eval' or hardcoded secrets were found in the provided code.
Updated: 2025-12-15GitHub
17
1
Medium Cost
yoichiojima-2 icon

mcp-servers

by yoichiojima-2

Sec8

Aggregates various specialized MCP servers into a single, unified endpoint for AI agent interaction, enabling complex multi-domain tasks such as data analysis, document processing, web automation, and AI workflow management.

Setup Requirements

  • ⚠️Requires multiple external software dependencies like Node.js, Playwright, LibreOffice, and Pandoc for full functionality.
  • ⚠️Requires paid API keys for OpenAI (for o3, vectorstore, img2pptx), Dify (for dify), and Google GenAI (for nano-banana) depending on usage.
  • ⚠️The `shell` server's `ALLOWED_COMMANDS` environment variable is empty by default, enabling all shell commands. It is CRITICAL to configure this allowlist for production environments to mitigate security risks.
Verified SafeView Analysis
The server includes several controlled capabilities that require careful configuration. Shell command execution (`shell` server) uses an allowlist mechanism (`ALLOWED_COMMANDS`), which is empty by default, allowing all commands (a critical security risk if not configured). The `preview` server explicitly states that it serves HTML content without sanitization and should only be used in trusted environments to avoid XSS vulnerabilities. File management operations include robust path traversal prevention and checks for writing to forbidden system directories. Marp-based PPTX generation includes frontmatter sanitization to prevent injection attacks. External dependencies (Node.js, LibreOffice, Pandoc, Playwright) are invoked via subprocess, introducing dependency-related risks.
Updated: 2025-12-29GitHub
17
1
High Cost
liuwuliuyun icon

tf-mcp-server

by liuwuliuyun

Sec8

An MCP server for AI assistants to manage Azure infrastructure-as-code (IaC) using Terraform, providing documentation, security validation, code generation, and state management capabilities.

Setup Requirements

  • ⚠️Requires Docker for recommended deployment (pre-built image available)
  • ⚠️Azure Authentication (Service Principal or `az login`) is critical for most Azure-related functionalities
  • ⚠️External CLI tools (Terraform, TFLint, Conftest, aztfexport) are bundled in Docker image; must be manually installed if running outside Docker
  • ⚠️GitHub Token is recommended to avoid rate limiting for Azure Verified Modules (AVM) documentation and content downloads
Verified SafeView Analysis
The server heavily relies on executing external CLI tools (Terraform, TFLint, Conftest, aztfexport, Azure CLI) via subprocesses. Inputs to these commands are generally handled via tool arguments, some of which are Pydantic validated or split using `shlex.split` to mitigate injection risks. AVM module downloads involve `tarfile.extractall` into a temporary directory, which could be vulnerable to zip slip if not carefully handled. The Docker container runs as a non-root user. Azure authentication secrets and GitHub tokens are expected via environment variables, not hardcoded. Overall, designed with security in mind for its operational context, but external execution and archive extraction always carry inherent risks.
Updated: 2025-12-30GitHub
17
2
High Cost
entro314-labs icon

ai-changelog-generator

by entro314-labs

Sec6

Generates AI-powered changelogs from Git commits and working directory changes, provides repository analysis, and suggests AI-enhanced commit messages by integrating with various AI providers.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires npm or pnpm for dependency installation.
  • ⚠️Requires configuration of at least one AI provider's API key (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.) in a .env.local file (AI services typically incur costs).
  • ⚠️Must be run from within a Git repository for most functionalities.
Verified SafeView Analysis
The application uses `child_process.execSync` and `child_process.spawnSync` extensively for Git operations (`git log`, `git status`, `git show`, `git add`, `git commit`, `git diff`, `cat`). While `spawnSync` with an array of arguments is generally safer, `execSync` is used with string interpolation for constructing some Git commands (e.g., `git show ${commitHash}:"${filePath}"`, `cat "${filePath}"`). If `commitHash` or `filePath` could be influenced by untrusted user input without robust sanitization, this could lead to command injection vulnerabilities. No hardcoded secrets were found, and API keys are expected from environment variables. Network calls to various AI providers are inherent to its functionality.
Updated: 2025-12-26GitHub
17
2
Medium Cost
Lynxe-public icon

bing-mcp-cn-enhanced

by Lynxe-public

Sec7

Provides a local Model Context Protocol (MCP) server that allows AI agents (like Claude) to perform localized Chinese Bing searches and fetch content from the resulting web pages.

Setup Requirements

  • ⚠️Requires Node.js version >= 16.0.0.
  • ⚠️Requires Playwright Chromium browser to be installed; the server attempts to auto-install it, but manual installation (`npx playwright install chromium`) might be necessary if auto-installation fails.
  • ⚠️Requires manual configuration in an MCP client's settings (e.g., `.cursor/mcp.json`) to register the server and its tools.
Verified SafeView Analysis
The server uses Playwright for browser automation, which involves launching a headless browser and injecting a comprehensive anti-detection JavaScript payload into every page visited. While this is necessary for its functionality, fetching arbitrary web content always carries inherent risks of exposure to malicious web content within the isolated browser environment. The `execSync` function is used for Playwright Chromium installation, which executes shell commands but is for a controlled, hardcoded installation step.
Updated: 2025-12-26GitHub
17
6
Medium Cost
johnib icon

kusto-mcp

by johnib

Sec8

Enables AI assistants to interact with Azure Data Explorer (Kusto) databases using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Azure CLI login for authentication by default, or Azure Identity credentials.
  • ⚠️Requires Node.js v16+ to run the server.
  • ⚠️Requires network access to an Azure Data Explorer (Kusto) cluster.
Verified SafeView Analysis
The server primarily relies on Azure SDKs for Kusto interaction and authentication (Azure CLI or Azure Identity). Configuration is handled via environment variables, preventing hardcoded secrets. No 'eval' or obvious obfuscation was found. Network risks are inherent to connecting to external Kusto clusters and OpenTelemetry endpoints, which are core to its functionality. Proper Azure IAM setup is critical for security.
Updated: 2025-12-23GitHub
17
1
Low Cost
WagnerAgent icon
Sec10

Provides a curated list of Model Context Protocol (MCP) servers relevant to DevOps workflows for AI agents and developers.

Verified SafeView Analysis
The repository's source code consists of documentation (`README.md`, `CONTRIBUTING.md`) and does not contain any executable server logic, `eval` calls, obfuscation, or direct network operations that would pose a security risk from running *this specific repository*. The 'Safety First' section in the README provides crucial security recommendations for *using* the third-party MCP servers listed (e.g., start read-only, scope permissions, audit actions), but these do not apply to the repository itself. Standard GitHub practices apply for managing contributions.
Updated: 2025-12-29GitHub
17
5
Medium Cost
rad-security icon

mcp-server

by rad-security

Sec9

Provides an AI-powered Model Context Protocol (MCP) server for integrating with RAD Security's Kubernetes and cloud security insights.

Setup Requirements

  • ⚠️Requires Node.js 20.x or higher.
  • ⚠️Requires RAD Security account credentials (RAD_SECURITY_ACCESS_KEY_ID, RAD_SECURITY_SECRET_KEY, RAD_SECURITY_ACCOUNT_ID) for most functionalities, implying a dependency on the proprietary Rad Security platform.
  • ⚠️Relies on external APIs for data (Rad Security API, cve.circl.lu API).
Verified SafeView Analysis
The server handles API authentication credentials via environment variables, ensuring secrets are not hardcoded. It utilizes Zod for robust input validation across all tool calls, mitigating common injection risks. Sensitive data in logs is redacted using Pino's configuration. CORS is enabled for all origins, which is a design choice for an MCP server expecting integration with various frontends/IDEs. No 'eval' or obvious obfuscation detected. The primary external security considerations lie with the security posture of the third-party Rad Security API and cve.circl.lu API it integrates with.
Updated: 2025-12-23GitHub
PreviousPage 251 of 713Next