Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

10
1
Low Cost
sellisd icon

mcp-units

by sellisd

Sec9

Converts cooking measurements (volume, weight, temperature) between common units, designed for integration with MCP-compatible tools and VSCode extensions.

Setup Requirements

  • ⚠️Requires Python 3.11 or newer.
  • ⚠️Recommended installation and execution use 'uv' (a Python package installer and runner).
  • ⚠️Requires an MCP-compatible client/extension (e.g., Claude Desktop, VSCode Roo) to interact with it as a server.
Verified SafeView Analysis
The server code does not use `eval` or similar dangerous functions. Communication is handled via standard I/O (`stdio_server`), limiting network exposure. Input validation is robust, utilizing `jsonschema` for schema validation and Python's `Decimal` type for precise calculations and handling of numerical inputs, including checks for negative values where appropriate. No hardcoded secrets were found.
Updated: 2025-12-19GitHub
10
1
Medium Cost
miyaichi icon
Sec9

Provides AI agents with real-time access to OpenSincera's publisher verification and advertising metadata for transparency and risk assessment.

Setup Requirements

  • ⚠️Requires OpenSincera API Key (likely paid service)
  • ⚠️Node.js 18.0.0 or higher is required
Verified SafeView Analysis
The server demonstrates strong security practices, utilizing Zod for robust input validation which protects against common injection vulnerabilities. API keys are handled via environment variables and are explicitly redacted in console logs to prevent accidental exposure. It enforces secure HTTPS communication with `rejectUnauthorized: true`. No 'eval' or obvious malicious code patterns were identified. Minor logging of request URLs, while generally informational, is noted as a very low risk depending on sensitive URL content.
Updated: 2025-12-19GitHub
10
1
High Cost
manuelcattelan icon

cue

by manuelcattelan

Sec9

An MCP server designed to front-load prompt engineering, transforming vague task descriptions into well-structured, optimized prompts for agentic workflows.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (paid) if the client LLM does not support MCP sampling.
Verified SafeView Analysis
The server uses the MCP protocol for interaction, relying on the client LLM for completions when 'sampling' is supported, which delegates security and user permissions to the client. For unsupported clients, it falls back to Anthropic API, securely fetching API keys from environment variables. No 'eval' or malicious patterns were found. The use of StdioServerTransport indicates communication over standard I/O, which generally limits direct network exposure.
Updated: 2025-12-18GitHub
10
1
High Cost
maksimsarychau icon

mcp-zebrunner

by maksimsarychau

Sec9

A Model Context Protocol (MCP) server that integrates with Zebrunner Test Case Management to help QA teams manage test cases, test suites, and test execution data through AI assistants like Claude, enabling capabilities like test coverage analysis, test code generation, and failure diagnostics.

Setup Requirements

  • ⚠️Requires Zebrunner account credentials (ZEBRUNNER_URL, ZEBRUNNER_LOGIN, ZEBRUNNER_TOKEN).
  • ⚠️FFmpeg (and ffprobe) must be functional on the host machine for video analysis. While installers are provided, native dependencies can sometimes be a friction point.
  • ⚠️Full semantic/visual analysis features (e.g., analyze_screenshot, analyze_test_execution_video, semantic duplicate analysis) require an AI assistant with Vision capabilities (e.g., Claude Desktop/Code, Cursor) to process image/video frames and complex prompts.
  • ⚠️The 'intelligent rules engine' (for test code generation, validation, improvement) is enabled by setting `ENABLE_RULES_ENGINE=true` and optionally requires a `mcp-zebrunner-rules.md` file to be present.
Verified SafeView Analysis
The server uses `dotenv` for environment variables, preventing hardcoded secrets. It includes explicit `security.ts` utilities for path validation (`validateFilePath`), URL validation (`validateFileUrl`), and sanitizing error messages (`sanitizeErrorMessage`, `sanitizeApiError`). External process execution (e.g., `ffmpeg` for video analysis) is handled by robust libraries (`fluent-ffmpeg`) and inputs are validated, reducing command injection risk. There are no obvious `eval` or other dangerous arbitrary code execution patterns with untrusted input. Rate limiting is implemented and configurable, which helps prevent API abuse. Minor inherent risk for any external process interaction, but well mitigated.
Updated: 2025-12-19GitHub
10
1
Medium Cost
isakskogstad icon

OECD-MCP

by isakskogstad

Sec9

Provides AI assistants access to OECD's 5,000+ economic and statistical datasets via a Model Context Protocol (MCP) server, enabling AI to search, analyze, and compare data.

Setup Requirements

  • ⚠️Node.js 18+ required
  • ⚠️TypeScript project: Requires `npm run build` before running
Verified SafeView Analysis
The server implements robust input validation using Zod schemas for all tool arguments, preventing common injection attacks. Filter parameters are explicitly sanitized to prevent SSRF (Server-Side Request Forgery) and other malicious inputs. Error messages returned to clients are sanitized to prevent information leakage (e.g., file paths, stack traces, internal IP addresses). Rate limiting is enforced internally for API calls to the OECD SDMX endpoint. Deployment configurations (Docker, Kubernetes) suggest good security practices like read-only filesystems, non-root user execution, and dropped capabilities. A minor potential concern is the default `cors()` middleware in `http-server.ts`, which allows all origins; for production, this should ideally be restricted to specific trusted origins (though typically handled by a proxy/gateway). The `OECDSDMXClient` constructor could theoretically allow an arbitrary `baseUrl`, but the `OECDClient` wrapper, which is used by the MCP server, hardcodes the OECD SDMX base URL, mitigating this risk in practice.
Updated: 2025-12-18GitHub
9
1
Low Cost
jmsaavedra icon

katachi-gen

by jmsaavedra

Sec8

AI-driven sentiment analysis and NFT curation for generative origami art, powered by blockchain data analytics (Gasback, Stack, Network monitoring).

Setup Requirements

  • ⚠️Requires Alchemy API Key (free tier may have limits, paid for heavy usage)
  • ⚠️Requires Anthropic API Key (paid per token for AI models)
  • ⚠️Minter wallet private key (`MINTER_WALLET_PRIVATE_KEY`) is needed for NFT minting/URI setting (CRITICAL: must be securely managed as an environment variable)
  • ⚠️Redis (e.g., Upstash) is recommended for caching and the queue system (`REDIS_URL`) but will gracefully degrade if not configured
Verified SafeView Analysis
The server uses standard practices for API key management (environment variables) and implements rate limiting in production. It processes user input for AI prompts and NFT metadata; input validation is present. The use of a server-side `MINTER_WALLET_PRIVATE_KEY` for NFT minting operations is a critical security consideration. This private key must be managed with extreme care in the deployment environment to prevent unauthorized access or misuse. `puppeteer-core` (or `playwright`) is used for thumbnail generation, loading local files, which is safer than external untrusted URLs. No direct `eval` or obvious command injection vulnerabilities were found.
Updated: 2025-12-16GitHub
9
1
High Cost
arkinjo icon

togo-mcp

by arkinjo

Sec3

Facilitates querying biological/biomedical RDF databases and interacting with related REST APIs for life science research and knowledge graph construction.

Setup Requirements

  • ⚠️Requires Python >= 3.11.
  • ⚠️Requires `uv` package manager.
  • ⚠️Admin mode (`togo-mcp-admin`) provides sensitive file writing functionality (`save_MIE_file`) and must be secured via external authentication/authorization if exposed.
  • ⚠️Requires external network access to various RDF Portal SPARQL endpoints and third-party REST APIs (UniProt, ChEMBL, PubChem, PDB, MeSH, Togoid).
Review RequiredView Analysis
The `save_MIE_file` tool available in `togo-mcp-admin` mode allows writing arbitrary content to files specified by a `dbname` (e.g., `mie/{dbname}.yaml`). While `dbname` is validated, the `mie_content` is not sanitized. If the admin interface is exposed without strong authentication/authorization, this can lead to remote code execution or arbitrary file overwrites. Additionally, the `run_sparql` tool executes SPARQL queries directly from these MIE files, posing a SPARQL injection risk if the MIE files are compromised.
Updated: 2025-12-16GitHub
9
1
High Cost
InakiBes icon

adb-mcp-server

by InakiBes

Sec2

Provides an AI-callable interface for controlling Android devices via ADB, enabling automation, testing, and debugging workflows.

Setup Requirements

  • ⚠️Requires Java Runtime (JRE/JDK 17+) and ADB to be installed locally.
  • ⚠️The client-side `PATH` environment variable must correctly point to the `adb` executable for the server to function.
  • ⚠️The generated startup script (`build/install/adb-mcp-server/bin/adb-mcp-server`) requires executable permissions (`chmod +x`).
Review RequiredView Analysis
The server exposes an `adb_shell` tool that allows execution of arbitrary shell commands on connected Android devices. This grants an LLM extensive control over the device, posing significant risks such as data exfiltration, malware installation, or other malicious actions. The `install_apk` tool also allows deploying any APK without validation, and `gradle_assemble` could be exploited if `projectPath` is not strictly controlled.
Updated: 2025-12-16GitHub
9
1
Medium Cost
LukeL99 icon
Sec9

Provides enhanced filesystem access to an MCP client with named path aliases and fuzzy search capabilities.

Setup Requirements

  • ⚠️Requires Node.js environment.
  • ⚠️Configuration of allowed directories or named paths is mandatory for functionality (via CLI or or ~/.filesystem-mcp.json config file).
  • ⚠️Requires `npm install` and `npm run build` for setup.
Verified SafeView Analysis
The server implements robust path validation, symlink resolution using `fs.realpath`, and atomic file writes (via temporary files and renames) to prevent path traversal, symlink attacks, and race conditions. Input paths are rigorously checked against a list of explicitly allowed directories. No 'eval' or obfuscation found. Configuration files are read from standard locations, and CLI arguments override them, but all paths are subjected to strict validation.
Updated: 2025-12-16GitHub
9
1
Medium Cost
jnpacker icon

gcal-mcp-server

by jnpacker

Sec9

Provides intelligent Google Calendar integration, event management, and scheduling capabilities through a standardized Model Context Protocol (MCP) interface for AI assistants.

Setup Requirements

  • ⚠️Requires a Google Cloud Project with the Google Calendar API enabled and OAuth 2.0 credentials configured.
  • ⚠️Requires an initial browser-based authentication flow to generate and save `token.json`.
  • ⚠️AI-powered recommendations require the `claude` command line interface (CLI) to be installed and accessible in the system's PATH.
Verified SafeView Analysis
The server uses Google OAuth 2.0 for authentication, storing `credentials.json` and `token.json` in a detected repository root or user config directory, which is a standard and acceptable practice. It sets up a temporary local HTTP server on `localhost:8080` for the OAuth callback, confining network exposure. The Python TUI component interacts with the `claude` CLI via `subprocess.create_subprocess_exec` to provide AI recommendations, passing event data through a temporary JSON file (`event-prompt.json`). This interaction pattern is transparent and common for CLI integrations, but relies on the security of the `claude` executable itself. No `eval` or obvious hardcoded secrets were found in the provided source code.
Updated: 2025-12-17GitHub
9
1
Medium Cost
loosheng icon

knife4j-mcp

by loosheng

Sec7

Provides a Model Context Protocol (MCP) server for Knife4j OpenAPI documentation, converting it to Markdown for LLM-driven batch operations and API exploration.

Setup Requirements

  • ⚠️Requires `DOCS_URL` environment variable to be set, pointing to one or more valid OpenAPI documentation URLs (e.g., Knife4j endpoints).
  • ⚠️Requires a Node.js runtime environment (as `npx` is used to execute).
Verified SafeView Analysis
The server fetches OpenAPI documentation from `DOCS_URL` using `ofetch`. While `DOCS_URL` is an environment variable (reducing direct user injection risk), careful control over this variable during deployment is critical to prevent Server-Side Request Forgery (SSRF) or fetching of malicious/internal content. No `eval` or obvious code obfuscation found in the provided source.
Updated: 2025-12-18GitHub
9
1
Medium Cost
LanceVCS icon

codex-mcp

by LanceVCS

Sec9

Provides a robust MCP server wrapper for Codex CLI to enable reliable session ID tracking for multi-turn AI conversations.

Setup Requirements

  • ⚠️Requires Codex CLI to be installed and configured separately.
  • ⚠️Requires Node.js 14.0 or higher.
  • ⚠️Requires Claude Code for standard installation and usage workflow.
Verified SafeView Analysis
The server uses `child_process.spawn` with an array of arguments, which generally mitigates shell injection risks by not invoking a shell directly. It explicitly defaults the Codex sandbox mode to 'read-only' and restricts Playwright tools to a safe subset, enhancing security. No direct `eval` or obfuscation is present. The primary security considerations would stem from the inherent trust placed in the underlying `codex` CLI application and its own argument parsing/execution logic, or potential vulnerabilities in `codex` itself.
Updated: 2025-12-17GitHub
PreviousPage 263 of 713Next