Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

16
1
Medium Cost
aplaceforallmystuff icon

mcp-threatintel

by aplaceforallmystuff

Sec9

MCP server providing unified access to multiple threat intelligence sources for security research and analysis, reducing context switching and correlating intelligence.

Setup Requirements

  • ⚠️Requires Node.js 18+
  • ⚠️API keys for AlienVault OTX, AbuseIPDB, GreyNoise, and abuse.ch are optional but required for full functionality (Feodo Tracker works without a key).
  • ⚠️Requires configuration in Claude Desktop or ~/.claude.json to integrate with the Model Context Protocol.
Verified SafeView Analysis
API keys are correctly handled via environment variables, not hardcoded. The server acts as a proxy, making authenticated requests to legitimate external threat intelligence APIs. Robust error handling is implemented for API failures, preventing crashes. No use of 'eval' or other inherently dangerous dynamic code execution. The primary security consideration is the secure management of API keys by the user.
Updated: 2025-12-27GitHub
16
4
High Cost
wrlu icon
Sec3

Decompile and analyze Android application binaries (APKs, DEX, JAR) by exposing a programmatic HTTP API.

Setup Requirements

  • ⚠️Requires a Java Runtime Environment (JRE) to run the Jadx daemon.
  • ⚠️The Java Jadx daemon must be compiled and run as a separate process before the Python 'server.py' script (the MCP entry point) can be used, as 'server.py' acts as a client to the Java daemon and does not start it.
  • ⚠️Can consume significant memory, especially when loading large Android binaries or managing multiple Jadx instances, potentially leading to OutOfMemory errors.
Review RequiredView Analysis
The server lacks authentication, allowing any client with network access to invoke its APIs. It accepts file paths (`filePath`, `dirPath`) directly from user-controlled query parameters, posing a significant risk of arbitrary file loading or path traversal. This could lead to information disclosure from the server's filesystem or potential exploitation through malformed input files processed by the underlying Jadx library. While the Java daemon defaults to binding on 'localhost', a misconfiguration of 'JADX_DAEMON_MCP_HOST' could expose it externally without any access controls.
Updated: 2025-12-20GitHub
16
1
High Cost
mikdeangelis icon

mcp-google-ads

by mikdeangelis

Sec9

Manages Google Ads campaigns, ad groups, ads, keywords, and assets, while providing performance insights and optimization recommendations through a Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires comprehensive Google Ads API access setup, including obtaining a developer token, OAuth2 client ID/secret, and an OAuth refresh token (involves Google Cloud Console project and an OAuth flow).
  • ⚠️All Google Ads API credentials must be configured as environment variables (e.g., in a .env file) for the server to authenticate.
  • ⚠️Python 3.9 or later is a prerequisite, and dependencies must be installed in a virtual environment.
  • ⚠️Creating Performance Max campaigns with image assets requires providing local file paths to image files, which will then be uploaded.
Verified SafeView Analysis
The server correctly loads API credentials from environment variables, which is a good security practice. Extensive Pydantic validation is applied to all input parameters, mitigating common injection vulnerabilities in API calls (e.g., for customer IDs or date ranges). No 'eval' or other dynamic code execution functions are observed. File I/O operations for image uploads (e.g., in PMAX campaign creation) include checks for file existence, type (extensions), and size, significantly reducing the risk of arbitrary file access. The code follows standard practices for interacting with the Google Ads API client library.
Updated: 2025-12-29GitHub
15
7
Medium Cost
TingjiaInFuture icon

allbeapi

by TingjiaInFuture

Sec6

Transforms any Python library or local script into an LLM-callable Model Context Protocol (MCP) server, enabling LLMs to execute local functions and manage stateful objects.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Client configuration examples typically use 'uv', a modern Python package installer and runner, which may need to be installed separately.
  • ⚠️When exposing custom scripts, the server assumes the script is in the current working directory, or an absolute 'cwd' must be specified in the client configuration.
Review RequiredView Analysis
The core functionality involves dynamically importing and executing user-specified Python code or libraries within the server's process. While designed for trusted local environments and implementing basic input sanitization for `pip install` (`installer.py`), there are no explicit sandboxing mechanisms to isolate the executed code. An LLM could potentially instruct the server to call dangerous methods on exposed objects (`_call_stored_method` using `getattr`) if a vulnerability exists in the exposed library or if a 'jailbreak' allows for unintended command execution through trusted functions. The security of this tool heavily relies on the trustworthiness of the Python code it is configured to expose.
Updated: 2025-12-17GitHub
15
5
Medium Cost
SetsunaYukiOvO icon

x64dbg-mcp

by SetsunaYukiOvO

Sec3

Provides a JSON-RPC 2.0 HTTP/SSE interface for external applications and AI agents to perform remote debugging and interact programmatically with x64dbg/x32dbg.

Setup Requirements

  • ⚠️Requires Windows 10/11 (x64) for building and execution.
  • ⚠️Building requires CMake 3.15+, Visual Studio 2022 (with C++ Desktop Development), and vcpkg.
  • ⚠️Requires x64dbg/x32dbg installed to function as a plugin, not a standalone application.
  • ⚠️Default configuration grants highly permissive access (memory write, script execution) which is a security risk; manual configuration to restrict permissions is strongly advised.
Review RequiredView Analysis
The plugin exposes an HTTP server with JSON-RPC over SSE, by default on localhost (127.0.0.1:3000). A critical security concern is that the default `config.json` generated by `pluginit` explicitly sets `allow_memory_write: true`, `allow_register_write: true`, `allow_script_execution: true`, and `allow_breakpoint_modification: true`. This grants broad control over the debugging process and the debugged application, including arbitrary command execution, memory manipulation, and register modification. If the server address is changed from `127.0.0.1` or if other local processes are malicious, this poses a significant risk. The `Access-Control-Allow-Origin: *` header in HTTP responses is also very permissive.
Updated: 2025-12-16GitHub
15
4
Medium Cost
gkjpettet icon

mcpkagi

by gkjpettet

Sec5

Provides a web search capability to local LLMs by integrating with the Kagi search API.

Setup Requirements

  • ⚠️Requires a Kagi API Key, which typically requires a paid Kagi subscription.
  • ⚠️Requires building the Xojo project from source, implying a Xojo development environment.
  • ⚠️Requires manual configuration of the MCP client's mcp.json file.
Review RequiredView Analysis
Full security audit is not possible as the Xojo source code was not provided, only the README.md. Based on the README, the Kagi API key is passed as a command-line argument, which could make it visible in system process lists.
Updated: 2025-12-20GitHub
15
3
Medium Cost
vespo92 icon

MindbodyMCP

by vespo92

Sec6

Provides AI assistants with comprehensive access to the Mindbody API for managing fitness and wellness studio operations, including classes, clients, staff, sales, appointments, and enrollments.

Setup Requirements

  • ⚠️Requires Mindbody API credentials (API Key, Site ID, Source Name, Source Password), which may require a Mindbody developer account and potentially a paid Mindbody subscription for a real site.
  • ⚠️Requires Bun 1.0+ or Node.js 18+ runtime to operate.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop) to interact with the server's tools.
Verified SafeView Analysis
Mindbody API credentials are securely managed via environment variables, which is a good practice. The server supports HTTPS, but requires manual configuration in production. Critical security settings for the SSE transport, such as CORS (`MCP_CORS_ORIGIN`) and DNS rebinding protection (`enableDnsRebindingProtection`), default to permissive values (`*` and `false` respectively) which are unsafe for production and require explicit hardening. Additionally, while `express-rate-limit` is a dependency, it is not explicitly shown being applied to the raw `http.createServer` instance used for the SSE endpoint in `src/index.ts`, posing a potential risk for rate limit exhaustion.
Updated: 2025-12-22GitHub
15
2
Medium Cost
aiagenta2z icon

mcp-marketplace

by aiagenta2z

Sec3

A comprehensive AI agent framework that facilitates tool orchestration and access to a marketplace of MCP (Model Context Protocol) servers, offering a web-based client for chat, administration, and benchmarking.

Setup Requirements

  • ⚠️Requires API keys for integrated LLM providers (Qwen, OpenAI, Claude, etc.), which are paid services.
  • ⚠️Many MCP servers rely on Node.js/NPM, which must be installed on the system to run them.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Running with an untrusted `mcp_config.json` file is a severe security risk due to arbitrary command execution capabilities.
  • ⚠️Defaults to `0.0.0.0` host, which means public network exposure if not run behind a firewall or restricted network environment.
Review RequiredView Analysis
The server uses `subprocess.create_subprocess_shell` to execute commands and arguments defined in `mcp_config.json` files (local or fetched from marketplace). This presents a critical Remote Code Execution (RCE) vulnerability if the `mcp_config.json` files are sourced from an untrusted location or compromised. Additionally, the server defaults to binding on `0.0.0.0`, exposing it to all network interfaces, which can be a security risk if not properly firewalled. Beta test keys are included in examples but explicitly marked as such.
Updated: 2025-12-23GitHub
15
1
Medium Cost
tiflux icon

tiflux-mcp

by tiflux

Sec9

Provides a Model Context Protocol (MCP) server for integrating with the TiFlux API to manage tickets, clients, and internal communications, deployable on AWS Lambda.

Setup Requirements

  • ⚠️Requires `TIFLUX_API_KEY` environment variable for TiFlux API access.
  • ⚠️Requires Node.js (version 24.x is explicitly mentioned in `start.sh`, implying a specific runtime dependency or recommendation).
  • ⚠️Designed for AWS Lambda Function URLs, requiring an AWS account and SAM CLI for full deployment experience, though local execution via `stdio` is possible.
Verified SafeView Analysis
The server demonstrates strong security practices including API key management via environment variables, robust input validation, file upload validation (including basic content inspection for malicious executables via magic numbers), and structured logging with sensitive data redaction. CORS is configured with `access-control-allow-origin: *`, which is common for serverless APIs but might warrant stricter configuration depending on the intended client. The in-memory rate limiting is acknowledged by the developers as a limitation for serverless environments, suggesting awareness of scalability implications for security.
Updated: 2025-12-26GitHub
15
1
Medium Cost
programinglive icon

dev-workflow-mcp-server

by programinglive

Sec8

Enforce development workflow discipline by guiding developers through a sequence of best practices (testing, documentation, commit, release) using an MCP (Model Context Protocol) server.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️Requires Git installed and configured (`user.name`, `user.email`).
  • ⚠️Windows users may need Python 3 and Visual Studio Build Tools for `better-sqlite3` native module dependencies during `npm install`.
  • ⚠️Requires an MCP-compatible AI assistant (e.g., Claude Desktop, Antigravity) for full interaction.
  • ⚠️The `API_BASE_URL` in `web/lib/api-client.ts` is hardcoded to a Cloudflare tunnel address; this will need to be updated if you host the Next.js frontend and API separately.
Verified SafeView Analysis
The server uses `child_process.exec` and `child_process.spawn` for Git operations and script execution. User-provided commit messages are passed through `utils.shellEscape` to mitigate shell injection risks. Hardcoded default secrets for PostgreSQL password, session secret, and JWT secret are present but explicitly marked with 'change_me' warnings and are overridden by environment variables. The API server has explicit CORS configuration, limiting access to specified origins.
Updated: 2025-12-26GitHub
15
2
High Cost
josbeir icon

cakephp-synapse

by josbeir

Sec3

Exposes CakePHP application functionality as tools, resources, and prompts to AI assistants via the Model Context Protocol, primarily for development workflows like code review, debugging, and documentation search.

Setup Requirements

  • ⚠️Requires PHP 8.2 or higher.
  • ⚠️Requires CakePHP 5.2 or higher.
  • ⚠️Requires SQLite FTS5 extension enabled for documentation search.
  • ⚠️Requires Git command-line tool for cloning documentation repositories.
  • ⚠️The '--inspect' feature requires Node.js and npx installed.
Review RequiredView Analysis
The plugin explicitly uses `eval()` in `src/Command/TinkerEvalCommand.php` to execute arbitrary PHP code. While intended as a core feature for a 'tinker' tool (interactive PHP exploration) and noted for development use, this presents a critical security vulnerability if the server or client is compromised, allowing remote code execution. The documentation explicitly warns against using it in production environments. Git operations (`clone`, `pull`) are executed via shell commands, but use `escapeshellarg()` for sanitization. File system operations for documentation caching require write permissions to `TMP` directory.
Updated: 2025-12-23GitHub
15
3
Low Cost
IAMSamuelRodda icon

lazy-mcp-preload

by IAMSamuelRodda

Sec9

An aggregating MCP proxy that reduces context window usage by ~95% while providing zero-latency tool execution for LLMs like Claude Code.

Setup Requirements

  • ⚠️Requires Go 1.21+ to build and run the proxy.
  • ⚠️Dependencies like Python 3, `jq`, and `envsubst` are required for the bootstrap script.
  • ⚠️The `~/.claude.json` configuration must be updated to replace direct MCP server entries with a single `mcp-proxy` entry.
  • ⚠️The structure generator tool (a separate component) has a known issue where direct stdio MCP server connections can hang during initialization, recommending fetching tools via the running MCP proxy's HTTP endpoint or using pre-fetched data as a workaround.
Verified SafeView Analysis
The server demonstrates good security practices by explicitly validating stdio commands against shell injection patterns and warning about non-absolute paths. It enforces minimum length for authentication tokens and integrates with external secrets management (OpenBao/Bitwarden) to avoid hardcoded secrets. Configuration templates guide users away from insecure practices. Network risks are managed by supporting local stdio connections by default, and for HTTP connections, it allows for authentication tokens.
Updated: 2025-12-21GitHub
PreviousPage 253 of 713Next