Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

16
5
Medium Cost
SafeBreach icon

safebreach-mcp

by SafeBreach

Sec9

A Model Context Protocol (MCP) server that enables AI agents to interact with SafeBreach's Breach and Attack Simulation platform for security posture management and analysis.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires the 'uv' package manager for dependency management and execution.
  • ⚠️Requires SafeBreach API tokens, which must be configured via environment variables, AWS SSM, or AWS Secrets Manager.
  • ⚠️Requires 'npx mcp-remote' installed globally via npm for Claude Desktop integration.
  • ⚠️AWS credentials are required if using AWS SSM or Secrets Manager for token storage.
Verified SafeView Analysis
The project prioritizes a 'Security-First Design' with automated secret scanning using pre-commit hooks, Claude security context awareness, and template-based configuration to prevent accidental credential exposure. API tokens are managed securely via environment variables, AWS SSM Parameter Store, or AWS Secrets Manager. External server access is optional and requires explicit configuration along with HTTP Bearer token authentication. Localhost connections bypass authentication for development convenience. No 'eval' or direct obfuscation was found, and network risks are clearly documented with warnings for external exposure.
Updated: 2025-12-21GitHub
16
3
Medium Cost
blakazulu icon

search-mcp

by blakazulu

Sec9

A local-first Model Context Protocol (MCP) server providing semantic search and indexing capabilities for codebases, enabling AI assistants to understand and interact with project code and documentation.

Setup Requirements

  • ⚠️Indexing large codebases can consume substantial local disk space for LanceDB, FTS index, metadata, and logs.
  • ⚠️For optimal keyword search performance, a native SQLite module (`better-sqlite3`) is recommended. If not available, the server gracefully falls back to a pure JavaScript FTS implementation, which may be slower.
  • ⚠️Efficient embedding generation benefits from a compatible GPU (WebGPU/DirectML). Without it, embeddings will run on CPU, potentially leading to slower indexing and search times.
Verified SafeView Analysis
The server demonstrates strong security practices for a local-first application. It uses a stdio transport, limiting external network exposure by default. Comprehensive path validation (e.g., `safeJoin`, `normalizePathUnicode`, symlink checks) is implemented to prevent path traversal and arbitrary file deletion. SQL injection is mitigated using `escapeSqlString`, and input schemas prevent oversized or malformed inputs (DoS protection). Concurrency is managed with `IndexingLock` to prevent race conditions during index operations.
Updated: 2025-12-20GitHub
16
3
Low Cost
sqliteai icon

sqlite-mcp

by sqliteai

Sec9

Integrates Model Context Protocol (MCP) servers, enabling SQLite databases to call their AI tools directly from SQL queries.

Setup Requirements

  • ⚠️Requires a running Model Context Protocol (MCP) server for functionality.
  • ⚠️Relies on platform-specific native binaries; installation may require `--force` if optional dependencies fail during `npm install`.
  • ⚠️The SQLite database process requires network access to connect to the MCP server.
Verified SafeView Analysis
The server (SQLite extension) itself does not directly handle external network requests or arbitrary code execution from user input. It acts as a client, connecting to a user-specified Model Context Protocol (MCP) server. JSON parsing for configuration (like headers) and tool results uses safe Rust libraries. An `execSync` call is present for musl libc detection but uses a fixed command. The primary security consideration is ensuring the configured MCP server is trusted and secure, as the extension will interact with it.
Updated: 2025-12-23GitHub
16
5
High Cost
m13253 icon

pdflens-mcp

by m13253

Sec9

This MCP server provides tools for reading and extracting information from PDF files, including text and images, designed for AI clients.

Setup Requirements

  • ⚠️Requires Rust compiler to be installed.
  • ⚠️Requires an MCP client for integration; specific setup instructions vary by client (e.g., VS Code, Continue.dev).
  • ⚠️The `pdf-extract` library used for text extraction may crash with some PDFs (a known issue, future versions might switch to `hayro` for improved stability).
  • ⚠️Path sandboxing requires MCP clients to correctly specify root paths, or the server must be started in the intended working directory to access PDFs.
Verified SafeView Analysis
The server implements strong path sandboxing, ensuring it only accesses PDFs within specified workspace directories (MCP root paths or current working directory) after resolving symbolic links. It uses `rmcp` for communication over standard I/O (stdio), avoiding direct network exposure. No 'eval' or similar dynamic code execution methods were found. There are no hardcoded secrets. The primary risk noted is the stability of the `pdf-extract` library for text extraction, which is a known issue but not a direct security vulnerability.
Updated: 2025-12-19GitHub
16
1
Medium Cost
adamanz icon
Sec8

An MCP (Model Context Protocol) server for AI agents like Claude to analyze videos and images using Qwen3-VL deployed on Modal.

Setup Requirements

  • ⚠️Requires a Modal account and pre-deployment of the Qwen3-VL model (from a separate repository) to Modal.
  • ⚠️Input videos and images must be accessible via publicly available URLs.
  • ⚠️Requires specific configuration within the Claude Desktop application to enable tools.
Verified SafeView Analysis
The server's primary function is to proxy requests to a Modal backend, processing external video/image URLs. While the server code itself does not show immediate vulnerabilities like 'eval' or hardcoded secrets, the security heavily relies on the Modal backend's ability to safely handle arbitrary URLs and prevent SSRF or other attacks during media processing. Configuration is managed via environment variables, which is a good practice.
Updated: 2025-12-27GitHub
16
5
Low Cost
agudulin icon

infomate-mcp

by agudulin

Sec8

An MCP server designed to fetch news from infomate.club/vas3k, extract articles, and provide categorized summaries.

Setup Requirements

  • ⚠️Requires Bun (package manager) or Node.js version 22.0.0 or higher.
  • ⚠️Relies on the `xmcp` framework; users need to understand MCP server interaction (e.g., via `claude mcp add-json`).
  • ⚠️The news fetching tool depends on the external `https://infomate.club/vas3k/` URL remaining accessible and its HTML structure unchanged for correct operation.
Verified SafeView Analysis
The server fetches content from a hardcoded external URL (infomate.club/vas3k) and parses it using basic string manipulation and regex, rather than a full DOM parser. While regex for HTML is often fragile, in this context (parsing a fixed, known external source), it does not appear to introduce direct injection vulnerabilities. Article URLs are validated to start with 'http' or are prepended with the base domain. File system access is limited to reading the project's own README.md. No 'eval' or similar dangerous dynamic code execution patterns were found. No obvious hardcoded secrets are present in the provided code.
Updated: 2025-12-19GitHub
16
3
Medium Cost
chew-z icon

GeminiMCP

by chew-z

Sec8

Integrate Google's Gemini API for AI-powered tasks and search with Model Control Protocol (MCP) clients, focusing on developer-centric features like code analysis and context handling.

Setup Requirements

  • ⚠️Requires a Google Gemini API key.
  • ⚠️For Claude Desktop clients, all configuration variables (including GEMINI_API_KEY) must be set within the client's MCP configuration JSON, not as system environment variables.
  • ⚠️If HTTP transport with authentication is enabled, configuring a robust `GEMINI_AUTH_SECRET_KEY` (at least 32 characters) is critical, although the server currently only warns about short keys during startup.
Verified SafeView Analysis
The server handles API keys and JWT secrets via environment variables. Local file access via `file_paths` is restricted to `stdio` transport and includes robust path traversal and symlink checks. CORS defaults to `*` for HTTP transport, which is a production security risk, but this is explicitly warned about in the README with clear configuration instructions. JWT authentication for HTTP is implemented, though the `GEMINI_AUTH_SECRET_KEY` length is only warned about (not enforced as an error) if less than 32 characters, which is a minor weakness. Input to prompts (e.g., `problem_statement`) is HTML-escaped to prevent prompt injection into the generated instructions. No 'eval' or direct malicious code patterns were found.
Updated: 2025-12-23GitHub
16
1
High Cost
Osama-Null icon

vluggy-lite

by Osama-Null

Sec2

An AI-powered MCP server that integrates with Claude Desktop to provide CTF-focused hacking assistance, tool execution, and knowledge base search.

Setup Requirements

  • ⚠️Requires Docker Desktop and Python 3.10+ to run the services.
  • ⚠️Requires manual configuration or merging of `claude_desktop_config.json` for Claude Desktop to connect.
  • ⚠️Full CTF Brain functionality, especially semantic search, requires an external Supabase account to be configured and ingested.
Review RequiredView Analysis
This server carries significant security risks due to its architecture and intended purpose. The `vluggy-lite-http` service mounts the Docker daemon's socket (`/var/run/docker.sock`) from the host machine. If this service is compromised (e.g., via a flaw in the API, a dependency, or a sophisticated attack leveraging its arbitrary command execution capabilities), an attacker gains root access to the Docker host system. Furthermore, the `vluggy-lite-kali` container runs with elevated privileges (`NET_RAW`, `NET_ADMIN`, `seccomp:unconfined`), which are necessary for many hacking tools but increase the blast radius in case of container escape. The core functionality involves executing arbitrary commands (`exec_tool`, `plan_exec`) within the Kali container. While a denylist and (conditional) allowlist are present, the `VLUGGY_ALLOW_ALL` flag can dramatically expand the attack surface. Authentication relies solely on an API key via an `X-API-Key` header, making the system vulnerable if the key is leaked. The listener management functionality (`listener_start`, `listener_stop`) also allows for easy establishment of C2 channels or data exfiltration by an authenticated attacker.
Updated: 2025-12-26GitHub
16
1
Medium Cost
druellan icon
Sec9

Provides a Model Context Protocol (MCP) server for streamlined access to Fathom.video meeting recordings, transcripts, summaries, teams, and team members.

Setup Requirements

  • ⚠️Requires a Fathom API key, which must be provided via the `FATHOM_API_KEY` environment variable.
  • ⚠️Requires Python 3.10 or a newer version to run.
  • ⚠️The `search_meetings` tool, particularly when `include_transcript=True`, can be resource-intensive. It may fetch up to 500 meetings and their transcripts for local processing, potentially leading to a high number of API calls and significant token usage in a single execution.
Verified SafeView Analysis
The API key (`FATHOM_API_KEY`) is securely managed by loading from environment variables, preventing hardcoded secrets. No 'eval' statements, obfuscation, or other malicious patterns were identified in the provided source code. Error handling for Fathom API interactions is robust, explicitly catching and reporting various HTTP errors (e.g., 401, 404, 429) without exposing excessive internal server details. Output filtering is primarily implemented for efficiency (reducing token usage for LLMs) rather than stringent security filtering, though it does remove specific fields like `email_domain` and `links` from responses.
Updated: 2025-12-28GitHub
16
1
Low Cost
dean0x icon

claudine

by dean0x

Sec9

Orchestrates and delegates coding tasks to multiple AI agents (Claude Code instances) for parallel execution and resource management.

Setup Requirements

  • ⚠️Requires Node.js 20.0.0+ and npm 10.0.0+.
  • ⚠️Requires the Claude Code CLI (`claude` command) to be installed and available in PATH.
  • ⚠️GitHub CLI (`gh` command) is required for 'pr' merge strategy; otherwise, PR functionality is disabled.
Verified SafeView Analysis
The project demonstrates a strong focus on security. It uses prepared statements for SQLite operations, passes arguments to `child_process.spawn` as arrays to prevent command injection, and explicitly validates file paths (`validatePath`) to prevent traversal attacks. Resource limits (queue size, output buffer, worker count, dependency chain depth) are implemented to prevent denial-of-service (DoS) attacks. Input validation is performed using Zod schemas. Environment variables are parsed with safeguards. No obvious hardcoded secrets or obfuscation were found. Robust error handling using the Result pattern minimizes unexpected crashes. Logging to stderr helps keep stdout clean for MCP communication.
Updated: 2025-12-28GitHub
16
1
Low Cost
domdomegg icon

google-sheets-mcp

by domdomegg

Sec9

The server allows AI systems to perform read, write, and query operations on Google Sheets spreadsheets, facilitating data automation, analysis, and entry workflows.

Setup Requirements

  • ⚠️Requires manual setup of Google OAuth credentials (Client ID and Client Secret) in the Google Cloud Console, including enabling the Google Sheets API and configuring redirect URIs.
  • ⚠️Requires Node.js and npm to be installed.
  • ⚠️For HTTP transport, `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET` environment variables are mandatory. For stdio transport, `GOOGLE_ACCESS_TOKEN` environment variable is mandatory.
Verified SafeView Analysis
The server functions as an OAuth proxy, transparently handling Google authentication and API calls. It uses Zod for robust input and output validation (via `strictSchemaWithAliases`), mitigating risks from malformed requests. A notable security feature is the proactive token validation cache (`isTokenValid`), which checks Google access token validity before processing MCP requests. This ensures that only valid tokens are used for Google API calls and allows MCP clients to properly handle expired tokens by triggering a refresh. No hardcoded secrets, `eval` usage, or obfuscation were found in the provided source code. All sensitive credentials (`GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`, `GOOGLE_ACCESS_TOKEN`) are loaded from environment variables.
Updated: 2025-12-28GitHub
16
2
Medium Cost
monkdbofficial icon

monkdb-mcp

by monkdbofficial

Sec9

Enables LLM frameworks (Claude, LangChain, CrewAI) to securely and efficiently interact with MonkDB using standardized tools for SQL queries, table inspection, and health checks.

Setup Requirements

  • ⚠️Requires a running MonkDB instance and its connection details (host, port, user, password).
  • ⚠️Python 3.13+ and Node.js 20+ are required depending on which stack (Python or TypeScript) is used.
  • ⚠️For Python usage, `uv` or `poetry` package managers are recommended/required as per Claude Desktop configuration examples.
  • ⚠️A database user with only the minimum necessary privileges for operation must be configured.
Verified SafeView Analysis
The server primarily mitigates SQL injection risks by explicitly blocking non-SELECT queries in the `run_select_query` tool and using parameterized queries for user-controlled inputs (e.g., `describe_table`). Sensitive credentials are handled via environment variables. The READMEs provide explicit warnings about granting minimum necessary database privileges and avoiding administrative users. It's important to note that all executed SQL queries are logged, which could expose sensitive data if queries contain PII, but this is a common practice for auditing database interactions.
Updated: 2025-12-26GitHub
PreviousPage 252 of 713Next