Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

74
347
Low Cost
1mcp-app icon

agent

by 1mcp-app

Sec7

Manages and proxies multiple Model Context Protocol (MCP) servers locally, providing a unified entry point and CLI for installation, configuration, and status monitoring.

Setup Requirements

  • ⚠️Experimental platform support for Windows and Linux: paths are researched but untested, potentially leading to configuration discovery issues.
  • ⚠️Default interactive prompts for `app consolidate` and `mcp remove` commands require user confirmation, which can prevent unattended or scripted operations unless `--yes` or `--force` flags are used.
  • ⚠️Server installation may require interactive steps or using full registry IDs if simple names don't resolve automatically, indicating potential friction with server discovery.
Verified SafeView Analysis
The core function of this agent is to launch and manage external MCP servers, often using commands like `npx` or direct executables specified in the configuration. This inherently involves executing external code, which is a significant security consideration. The project implements measures like input sanitization (for server names, tags, command arguments) and redaction of sensitive information in logs (`redactCommandArgs`, `redactUrl`). Configuration validation (using Zod schemas) helps prevent malformed server configurations. However, the overall security depends heavily on the user's trust in the MCP servers they choose to install and the integrity of their `mcp.json` configuration file. The `docker-compose.dev.yml` uses `network: host` and mounts host configurations, which is a security concern for development environments. Direct manual input for environment variables and arguments through interactive prompts or CLI flags allows users to specify arbitrary values, which are then passed to child processes.
Updated: 2026-01-18GitHub
73
317
Low Cost
IBM icon

mcp

by IBM

Sec9

Connect IBM products and other enterprise systems to AI agents via the Model Context Protocol (MCP) to enable AI models to interact with various local and remote resources.

Setup Requirements

  • ⚠️Requires Docker for many server installations.
  • ⚠️Requires Node.js/npm (or a compatible runtime for 'uvx') for many 'npx' or 'uvx' based server installations.
  • ⚠️Requires extensive configuration of specific environment variables (e.g., API keys, tokens, credentials, endpoints) for each individual MCP server to function, which must be managed securely by the user.
Verified SafeView Analysis
This repository serves as an index and configuration template for various Model Context Protocol (MCP) servers and does not contain executable server code that could pose direct security risks like 'eval' or obfuscation. The 'CONTRIBUTING.md' emphasizes following security best practices for contributions to individual MCP servers. The 'mcp.json' file correctly uses placeholder environment variables for credentials (e.g., API keys, tokens), ensuring no sensitive information is hardcoded in the repository itself. Critical security considerations lie with the individual linked MCP servers and the secure management of credentials by users during deployment and operation.
Updated: 2026-01-19GitHub
73
52
Medium Cost
notch-ai icon

autosteer

by notch-ai

Sec8

An AI-powered desktop application (AutoSteer) designed to assist developers with coding, project management, and integrating various development tools. It provides a conversational interface with AI agents, manages projects as Git worktrees, offers an integrated terminal, Git changes viewer, and advanced tab management for session isolation and persistence. It also integrates with Multi-Cloud Platform (MCP) servers for extended functionality.

Setup Requirements

  • ⚠️Requires Python runtime and the Claude Agent SDK to be installed for local AI capabilities and MCP server integration.
  • ⚠️Project creation necessitates a valid GitHub repository URL and branch.
  • ⚠️Integrated with various IDEs (e.g., VS Code, Cursor, WebStorm), which users may need to install separately.
  • ⚠️MCP Server integration may require additional setup and OAuth authentication specific to those servers.
Verified SafeView Analysis
The application leverages Electron's secure IPC mechanisms and `shell.openExternal` for user-provided URLs, mitigating common webview injection risks. It utilizes standard and well-understood external processes for core functionalities like Git operations (`simple-git`, `child_process.exec/spawn`), Python runtime (`child_process.spawn` for MCP and SDK checks), and terminal emulation (`node-pty`). The codebase shows a conscientious approach to isolating and sanitizing inputs, and explicitly redacting sensitive information in logs via `safeHandlerWrapper`. No direct `eval` or blatant obfuscation was detected. While any tool executing external commands carries inherent risk, the codebase appears to handle these aspects reasonably.
Updated: 2025-11-26GitHub
73
40
Low Cost
rohitsoni007 icon

mcp-gearbox

by rohitsoni007

Sec7

A cross-platform desktop application for managing Model Context Protocol (MCP) servers across various AI agents.

Setup Requirements

  • ⚠️Requires `uv` (Python package manager) or Python 3.11+ for `mcp-cli` installation.
  • ⚠️Requires Git for `mcp-cli` installation from source (GitHub repositories).
  • ⚠️Initially attempts to auto-install `mcp-cli` on first run; manual intervention might be needed if dependencies (Python, uv) are not met.
Verified SafeView Analysis
The application follows good security practices for an Electron app, including `nodeIntegration: false` and `contextIsolation: true` in the main process, and exposing a controlled API via `contextBridge.exposeInMainWorld`. Interactions with the `mcp-gearbox-cli` are proxied through a main process service (`ElectronMcpService`) using `ipcMain.handle`, limiting direct shell access from the renderer. User-provided inputs (like server names, agent names, project location) are passed as distinct arguments to the underlying CLI commands. The main security assumption lies in the `mcp-gearbox` (npm package) library and the `mcp-gearbox-cli`'s robust handling and sanitization of these arguments to prevent shell injection or other vulnerabilities. Without the source code for the `mcp-gearbox` library itself, a full audit of the CLI interaction security cannot be completed, but the application's wrapper adheres to secure design patterns.
Updated: 2025-11-20GitHub
73
162
Low Cost
cursor icon

mcp-servers

by cursor

Sec8

A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.

Setup Requirements

  • ⚠️Requires various API Keys/Personal Access Tokens to be manually obtained and configured as environment variables.
  • ⚠️Several servers require Docker to be installed and running (e.g., GitHub, Vault, Terraform, SonarQube).
  • ⚠️Many CLI-based servers (using 'npx' or 'uvx') require Node.js/NPM or Python runtime environments respectively.
Verified SafeView Analysis
The repository itself consists of configuration files (server.json) and a script to generate the README.md. No direct malicious code, 'eval' statements, or obfuscation were found within this source code. Secrets are not hardcoded; placeholder environment variables and API keys are specified for user configuration. The security risk primarily lies in the execution of the external MCP servers (via 'npx', 'docker run', 'uvx', or direct HTTP connections) which are third-party applications. Users must trust the source of these external tools and properly secure their environment variables. The average tokens per call is not applicable as this repository is a collection of configurations, not a runtime server itself.
Updated: 2026-01-16GitHub
73
477
Medium Cost
ggozad icon

haiku.rag

by ggozad

Sec8

Opinionated agentic RAG powered by LanceDB, Pydantic AI, and Docling to provide hybrid search, intelligent QA, and multi-agent research over user-provided documents, accessible via CLI, Python API, Web App, TUI, or as an MCP server for AI assistants.

Setup Requirements

  • ⚠️Python 3.12+ required.
  • ⚠️Requires API keys for chosen LLM/Embedding/Reranking providers (e.g., OpenAI, Anthropic, VoyageAI), which may incur costs.
  • ⚠️For local LLMs (e.g., Ollama, vLLM, LM Studio) or remote document processing (docling-serve), a separate server instance must be running.
Verified SafeView Analysis
The project adheres to good practices by not hardcoding API keys and expecting them via environment variables. It relies heavily on external AI model providers and document processing services, inheriting their security profiles. The file monitoring feature processes local files, which introduces a potential vector for malicious document injection, though filtering mechanisms are provided. Input validation for search filters is implemented. The MCP server exposes tools, meaning client-side tool usage should be trusted, and server-side validation is crucial for robust security.
Updated: 2026-01-19GitHub
73
324
Low Cost
microsoft icon

mcsmcp

by microsoft

Sec8

Deploying a Model Context Protocol (MCP) server to provide joke-telling tools for LLMs, specifically for integration with Microsoft Copilot Studio.

Setup Requirements

  • ⚠️Requires Node.js v22
  • ⚠️Docker required for Azure deployment
  • ⚠️Azure Subscription with payment method (for Azure deployment)
Verified SafeView Analysis
The server uses external APIs (api.chucknorris.io, icanhazdadjoke.com) to fetch joke content. While the code is straightforward and handles input validation with `zod`, reliance on external APIs introduces a dependency risk regarding their availability and data integrity. No `eval`, obfuscation, or obvious hardcoded secrets were found. The server exposes a POST /mcp endpoint, which is expected for an MCP server.
Updated: 2026-01-07GitHub
73
53
Medium Cost
LunFengChen icon

proxypin-mcp-server

by LunFengChen

Sec7

Enables an AI agent to interact with the ProxyPin network analysis and proxy tool, allowing it to manage requests, generate code, rewrite traffic, and analyze network data.

Setup Requirements

  • ⚠️Requires a running ProxyPin instance (version with built-in MCP support) configured to listen on port 17777.
  • ⚠️Requires Python 3.10+ and the `fastmcp` and `requests` Python dependencies.
  • ⚠️Assumes the underlying ProxyPin application is correctly configured and trusted.
Verified SafeView Analysis
The server acts as an API gateway to the ProxyPin application. It does not contain direct 'eval' or obvious obfuscation. However, it exposes powerful network manipulation capabilities (e.g., rewriting requests/responses, blocking URLs, running scripts) via an API to an AI. Security largely depends on the trustworthiness of the AI calling these tools and the configuration of the underlying ProxyPin application. Disabling system proxy for requests (`session.trust_env = False`) is a good practice. The tool's ability to 'autoApprove' all listed functions when integrated into an IDE can be a security risk if not carefully managed.
Updated: 2026-01-07GitHub
73
122
Low Cost
AgiFlow icon

aicode-toolkit

by AgiFlow

Sec4

An MCP proxy server that aggregates multiple Model Context Protocol (MCP) servers, enabling on-demand tool discovery and execution, thereby significantly reducing AI agent token usage and improving context window efficiency by loading tools progressively.

Setup Requirements

  • ⚠️Requires Node.js >=18 to run.
  • ⚠️Initial setup requires running 'npx @agiflowai/one-mcp init' to create an 'mcp-config.yaml' file, which must then be manually configured to point to desired upstream MCP servers.
  • ⚠️If connecting to remote MCP servers, environment variables for API keys or authentication tokens (e.g., MY_API_KEY, TOKEN) must be set in the operating system environment or included in the 'mcp-config.yaml'.
Review RequiredView Analysis
The server can execute arbitrary local commands (via 'command' and 'args' in 'mcp-config.yaml' for stdio servers) and make HTTP/SSE requests to arbitrary remote URLs defined in its configuration. If the 'mcp-config.yaml' is not secured or is user-editable in a multi-tenant environment, this can lead to severe remote code execution (RCE) or Server-Side Request Forgery (SSRF) vulnerabilities. The responsibility for securing the configuration and deployment environment falls heavily on the user. While tool blacklisting is available, it requires proper setup.
Updated: 2026-01-16GitHub
73
197
Low Cost
Piebald-AI icon

gemini-cli-desktop

by Piebald-AI

Sec9

A cross-platform desktop and web UI for interacting with AI models (Gemini CLI, Qwen Code, LLxprt Code) through ACP and MCP, featuring tool confirmation, code diffing, chat history, and file browsing.

Setup Requirements

  • ⚠️Requires Rust, Node.js, and pnpm for development/building, with specific system dependencies for Linux.
  • ⚠️Requires installation of external AI CLIs (Gemini CLI, Qwen Code, LLxprt Code) to function.
  • ⚠️Requires API keys (potentially paid) for integrated AI providers (e.g., Anthropic, OpenAI, Gemini) configured at runtime.
Verified SafeView Analysis
The project demonstrates strong security practices, including 5-layer SSRF protection with URL validation, API key masking in logs, and a comprehensive command execution whitelist/blacklist. Tauri's sandboxed environment and minimal capabilities further enhance desktop security. Environment variables for child processes are handled with an RAII pattern for secure cleanup.
Updated: 2026-01-17GitHub
72
207
Low Cost
Vvkmnn icon
Sec9

Provides an MCP server for Claude Code to search and retrieve insights from conversation history, including past solutions, file changes, and tool usage patterns.

Setup Requirements

  • ⚠️Requires Claude Code application for conversation history data.
  • ⚠️Node.js version must be >=20.0.0 and npm >=10.0.0.
Verified SafeView Analysis
The server's primary function involves reading local `.jsonl` conversation files. It utilizes `fs/promises` and `readline` for file access, which are standard for local file operations. It does not perform outbound network requests for its core search functionality. The `UniversalHistorySearchEngine` attempts to access Claude Desktop data (e.g., LevelDB, SQLite) via temporary file copying to prevent locks, with temporary directories created using `mkdtemp` with secure permissions (`0o700`) and subsequently cleaned up. The `child_process` module is used for internal build/test scripts or controlled local execution in `testMCPServer`, not for executing arbitrary user input. No hardcoded secrets or 'eval' are observed in the runtime code. Desktop support for directly reading LevelDB/SQLite is explicitly marked as 'TEMPORARILY DISABLED' in the code, further reducing potential attack surface related to complex database interactions, and simplifying its runtime behavior to primarily local Claude Code files.
Updated: 2026-01-19GitHub
72
23
Low Cost
JoJoJotarou icon

AskUserQuestionPlus

by JoJoJotarou

Sec9

Facilitates asking structured questions to users via a web interface, collecting their input for AI models interacting through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Node.js and npm/npx installed locally.
  • ⚠️Requires a local web browser capable of being launched automatically.
  • ⚠️Requires configuration with an MCP-compatible AI client (e.g., Claude Code, Codex, Gemini CLI).
Verified SafeView Analysis
The server uses Zod for input schema validation for the MCP tool, ensuring structured and validated input from the AI model. WebSocket messages from the client are parsed as JSON, with error handling for malformed messages. The `open` package is used to launch a web browser, which is an intentional feature for user interaction and the URL is controlled by the server. No obvious hardcoded secrets, 'eval' usage, or direct command injection vulnerabilities from user input were found. The service runs on localhost, limiting direct external attack surface.
Updated: 2026-01-19GitHub
PreviousPage 26 of 713Next