Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

72
10
Medium Cost
iceener icon
Sec9

Provides sandboxed filesystem access for AI agents to explore directories, read/search file content, and safely edit text files with checksum verification.

Setup Requirements

  • ⚠️Requires `Bun` runtime for the primary `dev` and `start` scripts.
  • ⚠️User MUST configure accessible directories via `FS_ROOTS` or `FS_ROOT` environment variables, otherwise the filesystem tools will be non-functional or report 'OUT_OF_SCOPE' errors.
  • ⚠️When connecting to clients (e.g., Claude Desktop), the `args` parameter often requires the absolute path to the server's entry point (e.g., `/absolute/path/to/files-mcp/src/index.ts`).
Verified SafeView Analysis
The server implements strong sandboxing by preventing absolute paths and directory traversal (`..`) outside configured mount points (`FS_ROOTS`). All file operations are routed through a robust path resolution layer (`src/lib/paths.ts`). Input validation is performed using Zod, mitigating common injection risks. File write operations (`fs_write`) strongly recommend checksum verification to prevent stale or unintended overwrites, enhancing data integrity. There is no apparent use of `eval` or direct arbitrary command execution. Glob patterns for searching are converted to safe regular expressions, not shell commands. Communication is via stdin/stdout, reducing network attack surface.
Updated: 2025-12-09GitHub
72
14
Medium Cost
ecos-labs icon

ecos

by ecos-labs

Sec8

Transforms AWS Cost and Usage Reports (CUR) into enriched datasets for FinOps analysis and provides AI-powered cost insights.

Setup Requirements

  • ⚠️Requires AWS CLI and configured AWS credentials.
  • ⚠️Requires Python 3.8+ and dbt Core with the `dbt-athena-community` adapter installed.
  • ⚠️AWS Cost & Usage Reports (CUR) must be enabled and configured for Athena in your AWS account.
  • ⚠️Appropriate AWS IAM permissions are necessary for the CLI to create and manage AWS resources (S3, Athena).
  • ⚠️Setting the `GITHUB_TOKEN` environment variable is recommended to avoid GitHub API rate limiting during model downloads.
Verified SafeView Analysis
The CLI component interacts with AWS services (S3, Athena, STS) and GitHub. It relies on standard AWS SDK practices for credential loading (from environment variables or local AWS config files) and utilizes the `GITHUB_TOKEN` environment variable for GitHub API authentication. Path sanitization (`filepath.Clean`) and checks for path traversal vulnerabilities are implemented during the extraction of dbt models from compressed archives. The `ecos init` and `ecos destroy` commands perform high-privilege AWS resource operations (creating/deleting S3 buckets and Athena workgroups), which is expected for an infrastructure management tool, but requires users to configure appropriate IAM permissions. No dynamic code execution (`eval` or similar) or obvious hardcoded secrets were detected in the provided Go or dbt code. The source code for the "MCP Server" (Python component for AI insights) is not provided, thus its specific security posture cannot be fully assessed.
Updated: 2025-12-11GitHub
72
270
Medium Cost
smat-dev icon

jinni

by smat-dev

Sec8

A tool to efficiently provide Large Language Models with structured project context for code comprehension and generation tasks.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️For MCP server integration, requires setup with an MCP client (e.g., Cursor, Claude Desktop) to run 'uvx jinni-server'.
  • ⚠️WSL must be installed and configured on Windows for WSL path translation features to work correctly; relies on 'wslpath' or 'wsl -l -q' commands.
Verified SafeView Analysis
The tool executes external commands (`wslpath`, `wsl`) via `subprocess` for WSL path translation, based on user-provided paths. While safeguards like NUL byte checks (`ensure_no_nul`), explicit command arguments (`--`), and server-side `--root` path confinement are implemented, a sophisticated path traversal or OS-level vulnerability in the WSL environment could pose a risk. No direct 'eval', obfuscation, or hardcoded secrets were found.
Updated: 2025-12-14GitHub
71
315
Medium Cost
decocms icon

admin

by decocms

Sec6

The server acts as a control plane for Model Context Protocol (MCP) traffic, providing a unified API gateway for authentication, routing, and observability across various AI-native services and clients.

Setup Requirements

  • ⚠️Requires a commercial license for any revenue-generating or multi-tenant (SaaS) deployments, as per the Sustainable Use License (SUL). It is free for internal/agency use.
  • ⚠️Requires critical environment variables like `ENCRYPTION_KEY` and `AUTH_SECRET` for secure operation; failure to set these will lead to vulnerabilities or errors.
  • ⚠️The `CODE_EXECUTION_RUN_CODE` tool and associated gateway strategy enable running arbitrary JavaScript code in a sandbox, which introduces a significant and complex security risk that users must fully understand and manage.
Verified SafeView Analysis
The project implements robust security features including role-based access control (RBAC), multi-tenancy, credential encryption via a vault, and detailed audit logging with OpenTelemetry. However, it includes a "code execution" feature that allows running user-provided JavaScript code in a sandbox. While sandboxing aims to provide isolation, dynamic code execution is inherently a high-risk attack surface, making perfect security extremely challenging and prone to potential vulnerabilities. Careful review of the sandbox implementation would be required for high-security environments. Production deployments should ensure all sensitive environment variables are correctly configured.
Updated: 2026-01-19GitHub
71
80
Medium Cost
magentic icon
Sec8

Provides coding agents with full browser context from recorded user flows for debugging and regression testing.

Setup Requirements

  • ⚠️Requires the FlowLens Chrome extension to record and capture browser flows.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️A `FLOWLENS_MCP_TOKEN` environment variable is required to access shareable (remote) flows.
Verified SafeView Analysis
The server makes external network calls to the FlowLens API (flowlens-api.magentic.ai) and downloads recordings from URLs provided by this API. While the server itself does not contain obvious vulnerabilities like 'eval' or command injection based on user input, a compromise of the FlowLens API or manipulation of the provided video/RRWEB URLs could lead to the download of malicious files. However, these downloaded files (WEBM, JSON) are processed internally (e.g., for screenshots, DOM snapshots) and not directly executed, mitigating immediate execution risks. Authentication relies on a `FLOWLENS_MCP_TOKEN` which is expected to be provided via environment variables, a standard and secure practice to avoid hardcoding secrets.
Updated: 2025-12-07GitHub
71
315
Low Cost
decocms icon

mesh

by decocms

Sec9

An open-source control plane for Model Context Protocol (MCP) traffic, providing unified authentication, routing, observability, and tool management for AI agents and integrations across various services.

Setup Requirements

  • ⚠️Requires Bun runtime for local development and build processes.
  • ⚠️The `ENCRYPTION_KEY` environment variable is critical for data security and must be set securely in production (defaults to empty string if not provided).
  • ⚠️For production deployments, `DATABASE_URL` should be configured for PostgreSQL; SQLite is the default but not suitable for scale.
  • ⚠️STDIO connections are disabled by default in production; set `UNSAFE_ALLOW_STDIO_TRANSPORT=true` to enable them.
Verified SafeView Analysis
The project demonstrates strong security awareness, especially in critical areas. It utilizes `quickjs-emscripten-core` for sandboxed JavaScript execution, carefully limiting tool exposure. Raw SQL execution via `DATABASES_RUN_SQL` is mitigated with `SET LOCAL ROLE` and `SET LOCAL search_path` within transactions for PostgreSQL, providing robust isolation. The OAuth proxy (`oauth-proxy.ts`) includes logic to rewrite URLs and handle `WWW-Authenticate` headers, addressing common OAuth vulnerabilities. Sensitive data is protected using `aes-256-gcm` encryption with a non-hardcoded `ENCRYPTION_KEY`. STDIO connections are disabled by default in production unless explicitly enabled via `UNSAFE_ALLOW_STDIO_TRANSPORT=true`. Overall, the architecture and implementation show a high level of attention to security, but complex systems always have inherent risks.
Updated: 2026-01-19GitHub
71
152
Medium Cost
keyboard-dev icon

keyboard-local

by keyboard-dev

Sec9

Enables AI clients to execute real-world tasks through connected third-party tools (APIs, CLIs, SDKs) with human approval, leveraging a secure GitHub Codespace environment.

Setup Requirements

  • ⚠️Requires `git clone --recursive` to fetch submodules.
  • ⚠️Requires a Node.js/npm environment for both the Electron desktop client and the MCP server.
  • ⚠️Relies on GitHub Codespaces for the secure execution environment of AI-generated code.
  • ⚠️Users must connect and configure their own third-party API keys and credentials for desired tools (e.g., Gmail, Slack, Stripe).
Verified SafeView Analysis
The architecture described in the README emphasizes security through human approval workflows and execution within the user's own GitHub Codespace. This design aims to prevent the Keyboard server from directly accessing sensitive API keys, as they are managed within the user's secure environment. The user reviews and approves the generated code before execution, providing a critical control point. The disclaimer also places responsibility on the user for code review and connecting trusted applications. Without the actual JavaScript/TypeScript code for the `approver-client` and `keyboard-mcp` components, a deeper code-level security audit (e.g., checking for `eval` usage, obfuscation, or specific vulnerabilities) cannot be performed. The score reflects the strong security claims and architectural design rather than a direct code audit.
Updated: 2025-11-28GitHub
71
222
Medium Cost
strands-agents icon

mcp-server

by strands-agents

Sec9

Provides a Model Context Protocol (MCP) server for AI agents to search and retrieve curated documentation for the Strands Agents framework, facilitating AI coding assistance.

Setup Requirements

  • ⚠️Requires 'uv' for installation and command execution.
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Using the MCP Inspector for testing requires Node.js and npx.
Verified SafeView Analysis
The server explicitly validates URLs passed to `fetch_doc` to ensure they start with `https://strandsagents.com`, which significantly mitigates Server-Side Request Forgery (SSRF) risks. No `eval` or similar dangerous functions were found. The HTML cleaning uses standard library functions and regex to strip tags and unescape content, reducing XSS concerns if content were ever rendered directly. Overall, the security posture appears robust for its intended function.
Updated: 2025-11-21GitHub
71
390
Medium Cost
domdomegg icon
Sec8

A Model Context Protocol server that provides read and write access to Airtable databases, enabling LLMs to inspect schemas and manage records.

Setup Requirements

  • ⚠️Requires an Airtable Personal Access Token with appropriate scopes (schema.bases:read, data.records:read, and optionally write permissions).
  • ⚠️Requires Node.js to be installed.
  • ⚠️If using HTTP transport (MCP_TRANSPORT=http), there is no built-in authentication; must be secured externally.
Verified SafeView Analysis
The server correctly retrieves the Airtable API key from environment variables (AIRTABLE_API_KEY) or a deprecated command-line argument, preventing hardcoding. It uses Zod for input and API response validation. The `searchRecords` function sanitizes user-provided search terms to prevent Airtable formula injection. An explicit warning is provided when running with HTTP transport about the lack of built-in authentication, emphasizing the need for a reverse proxy or secured setup. While a read-only API key is present in an e2e test file, it's not used in production code paths.
Updated: 2026-01-16GitHub
70
3
Medium Cost
FitoDomik icon

gitlab-mcp-server

by FitoDomik

Sec9

Connects an AI assistant to GitLab to facilitate interactive queries and actions on merge requests, pipelines, and code reviews.

Setup Requirements

  • ⚠️Requires `uv` for Python package management.
  • ⚠️GitLab Access Token needs `api` scope for write operations (e.g., commenting, resolving discussions), despite README suggesting `read_api` for initial setup.
  • ⚠️Requires a numeric `GITLAB_PROJECT_ID` for configuration.
Verified SafeView Analysis
The server securely handles GitLab API tokens by requiring them via environment variables (GITLAB_ACCESS_TOKEN, GITLAB_PROJECT_ID) and uses `aiohttp` for external API calls, correctly setting private tokens in headers. There are no signs of `eval`, code obfuscation, or hardcoded secrets. The `run-mcp.sh` script prioritizes loading environment variables from a local `.env` file, which is good practice for managing sensitive information.
Updated: 2025-11-28GitHub
70
26
Medium Cost
girste icon
Sec8

A Linux server security auditing and continuous monitoring tool that provides security posture analysis and anomaly detection capabilities, designed to be integrated with AI agents.

Setup Requirements

  • ⚠️Requires `sudo` for full functionality, granting privileged access to the system.
  • ⚠️Requires Go 1.23+ and `make` for building from source.
  • ⚠️Relies on various Linux commands (e.g., `ufw`, `docker`, `apt`/`yum`, `openssl`, `dig`) being available on the system.
Verified SafeView Analysis
The tool is written in Go and leverages standard system commands (`exec.Command`) for its auditing functions. It explicitly states in the README and code (e.g., `RequiresSudo()`) that `sudo` access is required for many operations. This inherently grants high privileges. While the code appears to handle command execution and file path sanitization (e.g., in `handleAnalyzeAnomaly`) carefully, any vulnerability in an invoked external command or the tool's parsing of its output could potentially be exploited. The `system.RunCommandSudo` function attempts `sudo -n` (no password) which is a good practice for automation. The tool makes outbound network calls for public IP detection and vulnerability intelligence (`api.ipify.org`, `nvd.nist.gov`, `cisa.gov`). No hardcoded secrets or malicious patterns were identified in the provided source code. The project's use of CI badges (CodeQL, Trivy) and an explicit private security advisory process indicates a focus on security.
Updated: 2026-01-17GitHub
70
3
High Cost
greatSumini icon

sharp-mcp

by greatSumini

Sec7

This MCP server provides image session management and processing capabilities for AI coding assistants, enabling tasks like metadata extraction, color picking, background removal, cropping, and compression.

Setup Requirements

  • ⚠️Requires Node.js >= v18.0.0.
  • ⚠️ML model files (~10-50MB) for background removal are downloaded on first run, causing a delay.
  • ⚠️The server process needs appropriate file system read/write permissions for tools interacting with local paths (e.g., `create_session_by_path`, `output_path` parameters).
Verified SafeView Analysis
The server can handle user-provided file paths for reading and writing images (`create_session_by_path`, `compress_image`, `extract_region`, `remove_background`). While `validateAbsolutePath` is used to prevent relative path traversal, the server's underlying process permissions will determine the extent of potential file system access an attacker could exploit if they gain control over the `output_path`. Storing base64 images in memory sessions, and performing CPU/memory intensive operations like background removal, cropping, and compression, poses a potential Denial-of-Service (DoS) risk if not adequately rate-limited or resource-managed at a higher layer. The ML model files (10-50MB) for background removal are downloaded and cached on first use, which introduces a supply chain risk if the source of these models were compromised. No hardcoded secrets or 'eval' were found in the provided code.
Updated: 2025-11-28GitHub
PreviousPage 27 of 713Next