Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

15
4
High Cost
InDate icon

cdp-tools-mcp

by InDate

Sec3

A comprehensive debugging and automation tool for web development, designed to validate capabilities of the Model Context Protocol (MCP) by interacting with browser and Node.js runtimes.

Setup Requirements

  • ⚠️Requires a Node.js environment (npm, Node.js runtime) to build and run.
  • ⚠️Requires a Chrome browser installation for UI automation and debugging functionality.
  • ⚠️For PDF generation, the external `WeasyPrint` tool needs to be installed and accessible in the system's PATH for optimal functionality.
  • ⚠️The test application, which this tool is designed to debug, is expected to be running on `http://localhost:3000`.
Review RequiredView Analysis
The server inherently exposes high-risk capabilities necessary for its debugging and development automation functions. It utilizes `Runtime.evaluate` (for arbitrary JavaScript execution in browser/Node.js contexts) and `child_process.spawn` (for running external commands like `weasyprint` and managing development servers via native, Docker, or Docker Compose runners). While `download-tools.ts` implements some file-system security (filename validation, content type checks, size limits, quarantining suspicious files, and removing executable permissions), the ability to execute arbitrary commands and code makes the server critically unsafe if exposed to unconstrained or malicious input from an AI agent. It relies on a trusted user context and external safeguards for safe operation.
Updated: 2025-12-19GitHub
15
4
Medium Cost
gkjpettet icon

MCPKit

by gkjpettet

Sec7

Provides a Xojo framework for creating Model Context Protocol (MCP) servers to enable Large Language Models (LLMs) with custom tools.

Setup Requirements

  • ⚠️Requires Xojo IDE and potentially a commercial license to develop and compile the server.
  • ⚠️Users must implement custom tools in Xojo and integrate the MCPKit module into their own Xojo console application.
  • ⚠️This project is a framework/module, not a ready-to-run executable; it requires compilation via the Xojo IDE after user development.
Verified SafeView Analysis
The framework promotes passing sensitive information like API keys via command-line options rather than hardcoding. Communication is over stdin/stdout, reducing direct network exposure for the server component itself. The primary security consideration will be the quality and security of custom tools implemented by the user, which can introduce network risks, data handling vulnerabilities, or expose internal systems if not carefully developed. The provided snippets do not show 'eval' or obvious malicious patterns in the framework's design.
Updated: 2025-12-20GitHub
15
4
Low Cost
clarkemn icon
Sec9

Provides an MCP server for Claude and other compatible clients to search Cortex Cloud and Cortex Cloud API documentation.

Setup Requirements

  • ⚠️Requires Python 3.12 or higher.
  • ⚠️Requires `uv` package manager for local development setup.
  • ⚠️Documentation must be explicitly indexed using `index_cortex_docs` or `index_cortex_api_docs` tools before search tools can return results.
Verified SafeView Analysis
The server uses standard Python libraries (aiohttp, BeautifulSoup) for web scraping documentation. It attempts to limit indexed content and only follows links within the same domain, reducing external attack surface. No 'eval' or clear malicious patterns were found. The primary risk would be from a compromise of the target documentation sites, but the server itself does not introduce severe vulnerabilities.
Updated: 2025-12-20GitHub
15
3
Medium Cost
gattjoe icon

ACMS

by gattjoe

Sec6

Provides programmatic access to Apple's container CLI tool on macOS via Model Context Protocol (MCP) for AI agents.

Setup Requirements

  • ⚠️Requires Mac with Apple Silicon.
  • ⚠️Requires macOS 26+ (or Sequoia with limitations).
  • ⚠️Requires Xcode 26 to compile Apple Containerization Framework.
  • ⚠️Requires Apple Containerization Framework and Apple Container Cli to be installed and in PATH.
  • ⚠️Running `container system start` is a prerequisite before starting the ACMS server.
Review RequiredView Analysis
The server includes robust argument validation (`_validate_container_arg`) to prevent command injection, which is a strong positive for code-level security. However, the README explicitly states: 'This is not secure, especially if you run it on a remote Mac OS endpoint on your home net. Also, you can lose your data when Claude tries to be helpful.' This warning highlights the inherent risk of granting an AI agent direct, programmatic control over container management, which can perform destructive operations (e.g., deleting containers, volumes, or modifying system properties). While command injection is mitigated, the legitimate functionality of the tools can lead to data loss or system instability if misused by an autonomous agent.
Updated: 2025-12-22GitHub
15
2
Low Cost
j-shelfwood icon

agents

by j-shelfwood

Sec8

Orchestrates autonomous GitHub Copilot CLI agents for coding tasks and integrates with Claude Code via the Model Context Protocol (MCP) server.

Setup Requirements

  • ⚠️Requires `tmux` to be installed on the system.
  • ⚠️Requires Node.js (>=16.0.0) installed.
  • ⚠️Relies on GitHub Copilot CLI being installed for agent operations (installation script provides a warning if not found, but it's essential for functionality).
  • ⚠️Manual `PATH` configuration (`~/.local/bin`) might be required after installation for the `agent` command to be globally available.
  • ⚠️Requires specific configuration within Claude Code's MCP settings, including the absolute path to `index.js`.
Verified SafeView Analysis
The server implements strict session name validation using regex to prevent shell injection attacks. External commands (`agent` CLI) are executed via `spawn` with argument arrays, mitigating shell interpretation of user input. A critical path traversal vulnerability in `agent-launch` was previously discovered and fixed, demonstrating a proactive approach to security. Additionally, Git operations like commit/push/merge are explicitly blocked for agents to ensure human oversight and prevent autonomous repository modification. While robust, any system executing external shell scripts carries inherent security considerations for the underlying scripts.
Updated: 2025-12-22GitHub
15
4
Medium Cost
drutigliano19 icon
Sec1

Provides AI agents with structured access to SUSE Observability data for intelligent troubleshooting and root cause analysis.

Setup Requirements

  • ⚠️Requires Go 1.23 or later to build.
  • ⚠️Requires SUSE Observability API URL and API Token/Service Token for operation.
  • ⚠️The server connects to SUSE Observability API with TLS certificate verification disabled (InsecureSkipVerify: true), which is a critical security risk and makes the deployment inherently insecure.
Review RequiredView Analysis
CRITICAL: The client disables TLS certificate verification (InsecureSkipVerify: true) when connecting to the SUSE Observability API, making it vulnerable to Man-in-the-Middle attacks. There is also a potential Groovy script injection vulnerability in the topology query execution, as user-controlled input is directly embedded into Groovy scripts without robust sanitization.
Updated: 2025-12-16GitHub
15
1
High Cost
chirag127 icon
Sec9

A frontend-only web application for orchestrating multiple AI providers to fetch and process web content directly in the browser, featuring automatic fallback and client-side API key management.

Setup Requirements

  • ⚠️Requires API keys for multiple AI providers, some of which may entail costs for exceeding free tiers or using advanced models.
  • ⚠️The Cloudflare API key requires a specific 'ACCOUNT_ID/API_TOKEN' format.
  • ⚠️API keys must be manually entered into the UI and saved in local storage, not through environment variables (as intended by the frontend-only design).
Verified SafeView Analysis
The project adheres to a 100% frontend-only architecture, which inherently reduces the attack surface by eliminating server-side vulnerabilities. API keys are user-provided at runtime and stored exclusively in the browser's local storage (as per SECURITY.md and source code), ensuring they are never transmitted to a server. There are no indications of 'eval' or other malicious patterns. Dependency scanning and prompt injection defenses are also mentioned in the security policy.
Updated: 2025-12-27GitHub
15
1
High Cost
chirag127 icon
Sec9

A frontend-only web application for orchestrating multiple AI providers to generate responses from user prompts, emphasizing client-side processing and secure API key management.

Setup Requirements

  • ⚠️Requires API keys from multiple AI providers (Cerebras, Google Gemini, Groq, Mistral, NVIDIA, Cloudflare), some of which may incur costs depending on usage tiers.
  • ⚠️Cloudflare API Key requires a specific format: 'ACCOUNT_ID/API_TOKEN', combining an account ID and an API token with Workers AI permissions.
  • ⚠️Requires Node.js (version 18 or newer) and npm (version 9 or newer) for local development and running.
Verified SafeView Analysis
The application enforces a 100% frontend-only architecture with API keys securely stored exclusively in the browser's local storage, preventing server-side compromise. There are no hardcoded secrets or use of 'eval'. The primary security risk inherent to such AI applications, prompt injection, is acknowledged in the SECURITY.md, but specific input sanitization beyond trimming is not explicitly detailed in the provided code snippet.
Updated: 2025-12-27GitHub
14
3
Low Cost
cr2007 icon

mcp-wordle-go

by cr2007

Sec9

Fetches Wordle solutions for specific dates using the New York Times Wordle API.

Setup Requirements

  • ⚠️Docker required (for recommended setup)
  • ⚠️Go programming language installation required (for local setup)
Verified SafeView Analysis
The 'date' parameter is directly interpolated into the URL path. While the `.json` suffix and expected date format mitigate common path traversal risks, it's generally safer to validate or sanitize user input before direct URL inclusion. The raw HTTP response body is returned without explicit sanitization or parsing of its content, meaning any unexpected or potentially malicious content from the external API would be passed through directly.
Updated: 2025-12-20GitHub
14
3
High Cost
scalvert icon
Sec8

A Playwright-based testing framework for evaluating and validating Model Context Protocol (MCP) servers, including tool calls, conformance, and LLM-driven scenarios.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid) if using OpenAI LLM host simulation or judge.
  • ⚠️Requires Anthropic API Key (Paid) if using Anthropic LLM host simulation or judge.
  • ⚠️OAuth authentication for HTTP servers requires a separate browser automation step (e.g., in Playwright's globalSetup) or using the `mcp-server-tester login` CLI command.
Verified SafeView Analysis
The framework itself is a test client. The stdio transport allows executing arbitrary local commands defined in `mcpConfig`, which is an expected feature for testing local servers, not a vulnerability, assuming trusted configuration inputs. LLM integration (OpenAI/Anthropic) requires API keys loaded from environment variables. OAuth authentication involves opening a browser and running a local HTTP callback server, which is a standard process. No direct `eval()` or obfuscation was found. The primary risk comes from configuring the `command` field in `mcpConfig` (for stdio transport) with an untrusted source, which could lead to arbitrary code execution outside the scope of the framework's direct operation.
Updated: 2025-12-18GitHub
14
3
Medium Cost
faze79 icon
Sec8

Enables AI coding agents to inspect, debug, and analyze WPF application UI hierarchies in real-time.

Setup Requirements

  • ⚠️Requires Windows 10/11 operating system.
  • ⚠️Requires .NET 8.0 SDK to build and run the server.
  • ⚠️The target WPF application must be explicitly modified to include and initialize the `WpfVisualTreeMcp.Inspector` DLL (self-hosted mode) to be inspectable, as the external DLL injector is currently a stub.
Verified SafeView Analysis
The project primarily operates in a 'self-hosted' mode where the target WPF application explicitly includes and initializes the inspector DLL, implying consent. The `WpfVisualTreeMcp.Injector` component, which would handle DLL injection into arbitrary external processes, is explicitly stated as a 'stub implementation' and not yet functional for complex managed code injection. Inter-process communication uses Named Pipes with specified ACLs for local, secure interaction. No 'eval' or obfuscation is noted. While the *concept* of injecting into other processes inherently carries risks, its current implementation and recommended usage mitigate immediate security concerns.
Updated: 2025-12-17GitHub
14
3
Medium Cost
jeanlopezxyz icon

mcp-sessionize

by jeanlopezxyz

Sec9

Provides tools to query and display event data (speakers, sessions, schedules) from any Sessionize-powered conference or event.

Setup Requirements

  • ⚠️Node.js 16+ required for npx execution
  • ⚠️Sessionize API must be manually enabled for your event on Sessionize.com, and the Event ID copied
Verified SafeView Analysis
The server uses a standard MicroProfile REST Client to interact with the Sessionize API. Input sanitization for `eventId` is implemented (`replaceAll("[^a-zA-Z0-9]", "")`), preventing injection vulnerabilities. No direct shell command execution, dynamic code evaluation (like `eval`), or hardcoded sensitive secrets are present. Error handling for API call failures (e.g., 404, 403, 5xx) is robust. The primary external interaction is with the legitimate Sessionize API. The project is open source, allowing for transparency.
Updated: 2025-12-17GitHub
PreviousPage 254 of 713Next