Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

12
1
Medium Cost
AutoPrimeJa icon
Sec8

A remote MCP server allowing Claude.ai to manage ClickUp tasks and documents, deployed on Cloudflare Workers.

Setup Requirements

  • ⚠️Requires a Cloudflare account and Wrangler CLI for deployment.
  • ⚠️Requires a ClickUp API Token or OAuth application credentials (Client ID, Client Secret, Cookie Encryption Key) for authentication with ClickUp.
  • ⚠️Requires manual creation and configuration of a Cloudflare KV Namespace (for OAuth state) and a Durable Object binding named 'MCP_OBJECT' in `wrangler.toml`.
Verified SafeView Analysis
Secrets such as `CLICKUP_API_TOKEN`, `CLICKUP_CLIENT_ID`, `CLICKUP_CLIENT_SECRET`, and `COOKIE_ENCRYPTION_KEY` are designed to be managed securely via Cloudflare secrets. Input validation is performed using Zod schemas, mitigating common injection risks. There are no explicit uses of `eval` or other obfuscation/malicious patterns. Error messages directly return `e.message` which, in some verbose ClickUp API error cases, could potentially expose more information than desired, though this is a minor concern for an internal tool. OAuth 2.1 is supported for secure authentication.
Updated: 2025-12-22GitHub
12
1
High Cost
pinepaper icon

mcp-server

by pinepaper

Sec7

Enables AI assistants to create and animate web graphics and text compositions within the PinePaper Studio environment through a programmatic API.

Setup Requirements

  • ⚠️Requires a compatible environment for Puppeteer to launch Chromium (e.g., sufficient RAM, certain Linux libraries).
  • ⚠️By default, opens a visible browser window with PinePaper Studio, which might not be desired in all environments. A '--mode code' option is available to only generate code for manual execution.
  • ⚠️Requires an active internet connection to fetch assets from public SVG repositories (e.g., svgrepo.com, iconify.design) and connect to pinepaper.studio.
Verified SafeView Analysis
The server's core functionality relies on executing generated JavaScript code within a browser context (Puppeteer). This involves the use of `eval()` in `src/browser/bridge.ts` and `src/browser/puppeteer-controller.ts`. While `eval()` is generally a security risk, here it is the intended mechanism for an AI agent to programmatically control a web application. The execution is isolated within a sandboxed browser instance managed by Puppeteer, not directly on the host operating system. The server also fetches assets from external SVG repositories, which is expected behavior for its design.
Updated: 2025-12-21GitHub
12
1
High Cost
openpharma-org icon

patents-mcp

by openpharma-org

Sec8

Accessing and searching patent data from the United States Patent and Trademark Office (USPTO) and Google Patents, including full text, metadata, and PDF downloads.

Setup Requirements

  • ⚠️Requires Python 3.13+ (note: Python 3.13 is currently in pre-release/beta, so this might be a friction point for stable environments).
  • ⚠️Requires USPTO Open Data Portal API Key for `api.uspto.gov` tools (free, but requires registration).
  • ⚠️Requires Google Cloud Project and service account credentials for Google Patents (BigQuery) tools (free tier available, but setup is involved).
Verified SafeView Analysis
The server follows good practices for loading API keys and credentials from environment variables. BigQuery queries use parameterized statements, mitigating SQL injection risks. The `PpubsClient` handles session expiration and rate limiting gracefully. A potential minor concern is that the `LoggingTransport` can log full request/response bodies and headers, which, if debug logging is enabled in a production environment, could expose sensitive information (e.g., API keys, query data) if logs are not adequately secured. PDF downloads involve base64 encoding the file content, which can be memory-intensive for large files.
Updated: 2025-12-22GitHub
12
2
Medium Cost
lukleh icon
Sec9

Provides a secure, read-only (with optional admin write operations) MCP server interface to Grafana instances for AI assistants.

Setup Requirements

  • ⚠️Requires manual configuration of `connections.yaml` with Grafana instance details.
  • ⚠️Requires obtaining Grafana session cookies or API keys manually and setting them in a `.env` file.
  • ⚠️Admin write operations (e.g., alert rule management) are only enabled if the `--allow-admin` flag is used and require corresponding Grafana admin permissions.
Verified SafeView Analysis
The server is read-only by default, requiring an explicit '--allow-admin' flag for write operations. Credentials (API keys or session tokens) are loaded from environment variables (.env file) and are never hardcoded. Session tokens are automatically refreshed and persisted back to the .env file with an atomic write operation, enhancing security and usability. SSL verification is enabled by default. The security score is high, but admin mode requires careful management of Grafana admin permissions.
Updated: 2025-12-18GitHub
12
1
Medium Cost
MONA-RE icon
Sec8

This MCP server enables AI assistants to manage Dolibarr projects and tasks through a secure, natural language interface.

Setup Requirements

  • ⚠️Requires Docker Desktop with MCP Toolkit enabled and Docker MCP CLI plugin.
  • ⚠️A running Dolibarr instance with the API/Web Services module enabled and a valid API key from a user profile with appropriate permissions (e.g., `projet->lire`, `projet->creer`).
  • ⚠️MCP tools require SINGLE-LINE DOCSTRINGS ONLY; multi-line docstrings can cause a 'gateway panic' in Claude Desktop.
  • ⚠️The `planned_workload` parameter for `dolibarr_create_task` and `dolibarr_modify_task` in the Tasks server must be provided in SECONDS, despite the documentation (README) stating 'Planned hours'. The tool will return an error if hours (e.g., '8.5') are passed directly.
Verified SafeView Analysis
The server uses environment variables and Docker secrets for API keys, preventing hardcoding. Input validation is performed for required fields and data types. No use of 'eval' or other directly dangerous functions was found. Network communication uses httpx, supporting HTTPS. The server is designed to run as a non-root user within Docker. A notable functional discrepancy exists where the `dolibarr_create_task` and `dolibarr_modify_task` tools in `dolibarr_tasks_server.py` expect `planned_workload` in seconds, but their documentation (READMEs) states 'Planned hours'. The code explicitly errors if it detects an input value that is small (less than 1 hour when interpreted as seconds), suggesting the user should convert hours to seconds before calling the tool, which contradicts the stated input format in the documentation. This is a usability bug rather than a security vulnerability.
Updated: 2025-12-22GitHub
12
1
Medium Cost
AI-Archive-io icon

MCP-server

by AI-Archive-io

Sec7

Enables AI agents to interact with the AI-Archive platform for research paper discovery, submission, peer review, and citation management.

Setup Requirements

  • ⚠️Requires an AI-Archive API Key for protected features (submission, reviews, profile management), obtained from ai-archive.io/api-keys or via 'register_user'/'login_user' tools. Key is stored locally in a .env file.
  • ⚠️For paper submissions ('submit_paper', 'create_paper_version'), actual local file paths (e.g., /path/to/paper.tex) from the user's filesystem are required, implying the MCP client/LLM needs filesystem access and awareness.
  • ⚠️New user registration via the server requires an email verification step before login is possible.
Verified SafeView Analysis
The server demonstrates good security practices by outlining a detailed security policy (SECURITY.md) and handling sensitive information (API keys, passwords) via environment variables and local .env files. Input validation is in place through tool schemas, and file uploads are handled by reading file buffers from user-provided paths after existence checks. There are no obvious 'eval' or direct arbitrary command execution vulnerabilities. The use of axios with timeouts and token refresh logic is robust. A notable inconsistency exists: SECURITY.md states 'Only PDF files are accepted for paper submissions', while `src/tools/papers/index.js` allows 'latex', 'markdown', and 'text' content types, along with 'additionalFiles' (images, data, etc.). This discrepancy could lead to a misunderstanding of acceptable file types, potentially exposing the backend if the stricter policy isn't enforced at the API level. Local storage of API keys and supervisor credentials in plaintext .env files, while common for developer convenience, always carries a risk if the host system is compromised.
Updated: 2025-12-22GitHub
12
1
High Cost
ironsheep icon

image_tools_mcp

by ironsheep

Sec8

Provides precise image analysis capabilities (measurements, color extraction, OCR, shape detection) to Claude for tasks like diagram recreation and UI analysis.

Setup Requirements

  • ⚠️Tesseract OCR (CLI tool) must be manually installed on macOS and Windows for OCR features; Linux binaries include embedded OCR.
  • ⚠️Requires `jq` for the `install.sh` script to automatically update MCP configuration files (otherwise manual `mcp.json` editing is needed).
  • ⚠️Docker deployments require specific volume mounts (e.g., `${HOME}/Pictures`, `${PWD}`) to make image files accessible inside the container.
Verified SafeView Analysis
The server is written in Go, which is memory-safe. It uses `os/exec` for OCR on macOS and Windows, but arguments to the `tesseract` command-line tool are passed as separate strings, preventing shell injection vulnerabilities. Docker deployments mount user directories as read-only (`:ro`), limiting potential write-based attacks from within the container. OCR on Linux is embedded, removing the `os/exec` dependency for that platform. No `eval`, obvious obfuscation, or hardcoded secrets were found. The primary remaining risk would be an unknown vulnerability within the external Tesseract CLI itself, which is outside the scope of this server's code.
Updated: 2025-12-22GitHub
12
1
Medium Cost
imouiche icon
Sec9

Provides AI-native access to the MITRE ATT&CK framework, enabling LLMs and agentic systems to query, reason over, and visualize threat intelligence.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Requires Node.js 16+ for npm installation options.
  • ⚠️Performs an initial download of approximately 59MB of MITRE ATT&CK data on first run, which is cached locally.
Verified SafeView Analysis
The server primarily leverages the official `mitreattack-python` library for data handling, which is a strong security practice. STIX data downloads include hash verification for integrity. Input parameters to MCP tools are standard types (strings, booleans, integers) and are processed internally by the trusted `mitreattack-python` library without apparent direct arbitrary code execution or shell command injection vulnerabilities. No hardcoded secrets or malicious patterns were identified. Network risks are limited to the secure download of MITRE ATT&CK data.
Updated: 2025-12-22GitHub
12
1
Low Cost
ogison icon

mcp-dashboard

by ogison

Sec9

Manage Model Context Protocol (MCP) server settings for Claude Code and Claude Desktop through a local web-based graphical user interface.

Setup Requirements

  • ⚠️Requires Node.js version 22.0.0 or higher.
  • ⚠️Defaults to port 4000, which might be in use; a `--port` option is available for specifying an alternative port.
Verified SafeView Analysis
The server implements strong input validation, command injection prevention, and path traversal protection. File system operations are guarded by `validateFilePath` and `validateWriteData` to ensure paths are within safe directories (home or CWD) and content is not malicious. Rate limiting is applied to API endpoints. The Express server explicitly logs listening on `http://localhost`, but the underlying `app.listen(port)` method in Node.js defaults to binding to all available network interfaces (0.0.0.0) if no host is specified, which could be tightened to `127.0.0.1` for strict localhost-only enforcement. No hardcoded secrets were found; placeholder values are used in presets.
Updated: 2025-12-22GitHub
12
1
Medium Cost
rustomax icon
Sec8

Provides LLMs with intelligent access to Observe platform data through semantic search, automated dataset discovery, and metrics intelligence.

Setup Requirements

  • ⚠️Docker & Docker Compose required
  • ⚠️Python 3.11+ required
  • ⚠️Observe API credentials required (OBSERVE_CUSTOMER_ID, OBSERVE_TOKEN, OBSERVE_DOMAIN)
  • ⚠️JWT Public Key required for authentication (PUBLIC_KEY_PEM)
  • ⚠️PostgreSQL database with pgvector extension required (SEMANTIC_GRAPH_PASSWORD)
  • ⚠️Google Gemini API Key required for documentation search (GEMINI_API_KEY)
  • ⚠️OpenTelemetry Collector is integrated and recommended for observability data collection (OBSERVE_OTEL_TOKEN, OBSERVE_OTEL_CUSTOMER_ID, OBSERVE_OTEL_DOMAIN)
Verified SafeView Analysis
Secrets are managed via environment variables (good practice). JWT authentication with scope-based access control is implemented. Input OPAL queries undergo structural validation and auto-correction. The OpenTelemetry exporter is set to 'insecure=True' by default, which is suitable for local development but should be reviewed for production deployments. Custom OPAL query validation (src/observe/opal_validation.py) helps reduce the risk of malformed queries but relies on the upstream Observe platform for full semantic security validation. Database interactions (src/observe/skills_search.py) use parameterized queries via stored procedures.
Updated: 2025-12-23GitHub
12
1
Medium Cost
RenEra-ai icon

boomi-mcp-server

by RenEra-ai

Sec10

Provides a secure Model Context Protocol (MCP) server for Claude Code and other AI clients to integrate with Boomi Platform APIs, enabling automated management of Boomi accounts, trading partners, and processes with OAuth 2.0 authentication and cloud-native credential storage.

Setup Requirements

  • ⚠️Requires a valid Boomi Platform account, username (email), and API token.
  • ⚠️For production deployments, requires configuration and authentication with a supported cloud provider (GCP, AWS, or Azure) for Secret Manager, including appropriate IAM roles/permissions.
  • ⚠️Requires Python 3.11+.
Verified SafeView Analysis
The server is designed with a strong emphasis on security for production deployments. It leverages cloud-native secret management (AWS Secrets Manager, GCP Secret Manager, Azure Key Vault) for credentials and implements robust JWT authentication (RS256/JWKS) with automatic key rotation and explicit issuer/audience validation. Development mode (HS256) is clearly identified with warnings about using default secrets. Role-based access control is enforced via JWT scopes. No 'eval' or obvious obfuscation detected. Relies on well-established third-party libraries (PyJWT, boto3, google-cloud-secret-manager, azure-identity). The HTTP server setup with Starlette allows for secure HTTP practices (HTTPS only, session management).
Updated: 2025-12-23GitHub
12
2
Medium Cost
semanticintent icon
Sec9

A Model Context Protocol (MCP) server providing AI agents with a 3-layer temporal intelligence system for memory, causality, and prediction.

Setup Requirements

  • ⚠️Requires a Cloudflare account (free tier works) and Wrangler CLI installed globally.
  • ⚠️Requires a Cloudflare D1 database instance to be created and configured in `wrangler.jsonc`.
  • ⚠️Requires Cloudflare Workers AI bindings to be configured in `wrangler.jsonc` for AI-powered summarization and tagging.
Verified SafeView Analysis
The server appears to follow good security practices for a Cloudflare Workers environment. It uses D1 prepared statements to prevent SQL injection, handles JSON parsing errors gracefully, and stores sensitive configurations (like database IDs) outside of version control via `wrangler.jsonc` and `.dev.vars` (as per `SECURITY.md`). Input validation is applied at the domain entity level (`ContextSnapshot.validate()`). CORS is permissive (`Access-Control-Allow-Origin: *`), which is noted. No `eval` or code obfuscation was found, and there are no hardcoded secrets in the provided source. Worker bindings (`env.DB`, `env.AI`) are used securely instead of direct `process.env` access.
Updated: 2025-12-18GitHub
PreviousPage 259 of 713Next