Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
Medium Cost
r1chard-lyu icon

tracium

by r1chard-lyu

Sec3

Exposes Linux tracing and debugging capabilities (e.g., eBPF, bpftrace, perf, ftrace, syscall tracing) to LLMs and autonomous agents for observability, profiling, and debugging.

Setup Requirements

  • ⚠️Requires `bpftrace`, `perf`, `strace`, and `trace-cmd` (or equivalent ftrace wrapper) to be installed on the Linux system.
  • ⚠️Requires running `sudo ./setup.sh` to configure passwordless `sudo` for `bpftrace`, which is a significant security risk for production environments and should only be used in development.
  • ⚠️Requires Python dependencies, including `fastmcp`, to be installed via `pip install -r requirements.txt`.
Review RequiredView Analysis
The server requires passwordless sudo for `bpftrace` (configured via `setup.sh`), which is a powerful kernel-level tracing tool. While path traversal is checked for `bpftrace` scripts, running arbitrary `bpftrace` scripts with root privileges carries significant risk for system stability, performance, and information disclosure. The `setup.sh` explicitly warns this is for 'development — do not enable in production.'
Updated: 2025-12-04GitHub
0
0
Medium Cost
immersiveidea icon

babylon-mcp

by immersiveidea

Sec8

Provides AI agents with semantic search access to Babylon.js documentation, API references, and source code, acting as a canonical information source to reduce AI model token usage and improve accuracy.

Setup Requirements

  • ⚠️Requires initial data indexing (~30-45 minutes, ~2GB disk space) by running `npm run clone:repos` and `npm run index:all`.
  • ⚠️Alpine Linux environments require an additional setup step (`npm run alpine:setup`) after `npm install` for WASM backend compatibility with Transformers.js.
  • ⚠️Claude Code CLI integration currently only works via direct `/mcp <url>` command and not through `~/.claude/config.json`.
  • ⚠️If New Relic monitoring is active (default setup), `NEW_RELIC_LICENSE_KEY` and `NEW_RELIC_APP_NAME` environment variables are required.
Verified SafeView Analysis
The server uses `simple-git` for repository management, which executes shell commands for cloning and updating. Input validation is performed using Zod schemas for tool parameters, and `path.join` is used to mitigate path traversal risks when accessing local files, restricting access to cloned repositories. No 'eval', obvious hardcoded secrets, or direct network risks beyond standard HTTP server exposure were identified. New Relic integration requires environment variables for secure setup.
Updated: 2025-11-24GitHub
0
0
High Cost
apothegmatic-whiskfern276 icon

autosteer

by apothegmatic-whiskfern276

Sec5

A desktop application for managing local Git worktrees and integrating with Claude AI for code-related tasks, providing an enhanced development environment.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (Paid service for Claude AI access).
  • ⚠️Requires a local Git installation for version control operations.
  • ⚠️May require the Claude CLI (`claude` executable) to be installed and available in the system PATH for some advanced agent commands (e.g., /compact).
Review RequiredView Analysis
The application is built using Electron, employing `contextBridge` for renderer-to-main process IPC isolation, which is a good practice. However, its core functionality involves deep system integration, exposing powerful capabilities such as direct terminal access (`terminal.create`, `terminal.write`), extensive file system operations (`file:listDirectory`, `resources:uploadResources`), spawning child processes for Git operations (`git:diff-stats`, `worktree.create`), and managing external MCP servers. A vulnerability in any of these exposed IPC handlers or the underlying services could lead to arbitrary code execution or data manipulation on the user's system. The application also handles API keys (e.g., ANTHROPIC_API_KEY) and potentially sensitive `.mcp.json` configuration files locally. While typical for developer tools requiring such access, the broad permissions make it inherently higher risk if not properly secured and updated.
Updated: 2026-01-19GitHub
0
0
Low Cost
MuscleGear5 icon

llama-api

by MuscleGear5

Sec3

A local LLM API server for chat completions, tool calling, vision, embeddings, and audio transcription, integrated with developer tools.

Setup Requirements

  • ⚠️Requires local GGUF models for LLM inference (e.g., Qwen3-1.7B-UD-Q6_K.gguf) to be present in the configured models directory (e.g., /mnt/storage/.llama-cpp/models).
  • ⚠️Optimal performance relies on GPU acceleration for llama.cpp, meaning a compatible NVIDIA GPU and drivers are highly recommended, especially when running via Docker Compose.
  • ⚠️Requires Python 3.11+.
  • ⚠️Docker Compose production setup (docker-compose.prod.yml) expects specific volume mounts for models, sessions, Redis, Prometheus, Grafana, Loki, and Whisper cache, which need to be configured on the host machine.
Review RequiredView Analysis
The project includes a built-in tool, `run_shell_command`, which uses `subprocess.run(command, shell=True)`. This is a critical security vulnerability as it allows for arbitrary shell command execution if an attacker can induce the LLM to call it or directly exploit an API endpoint that invokes tools. While intended for developer use, exposing such a capability, especially with `shell=True`, poses a significant risk for sandbox escapes and system compromise. Additionally, the `test_endpoint` MCP tool can make HTTP requests to arbitrary URLs, which could be abused for SSRF if not properly secured.
Updated: 2025-12-19GitHub
0
0
Medium Cost
asami icon
Sec7

A hybrid semantic and vector retrieval engine that integrates knowledge graphs and embedding models to provide RAG capabilities via REST and MCP APIs for AI agents.

Setup Requirements

  • ⚠️Requires Docker to run external dependencies (Fuseki, sie-embedding).
  • ⚠️Requires an OpenAI API Key if configured to use OpenAI for embeddings.
  • ⚠️For local development, an `sbt` installation and JVM are required to run SIE outside of Docker.
Verified SafeView Analysis
The server architecture relies on external dependencies like Fuseki and a `sie-embedding` service for embedding and vector database operations. Input validation is present for common parameters (query, concept URI) at the API boundaries. Hardcoded credentials are not apparent, with sensitive keys like OPENAI_API_KEY fetched from environment variables. The internal `FusekiClient.queryFlat` method takes a raw SPARQL string; however, its current usage within SIE constructs these queries internally, mitigating direct user-controlled SPARQL injection. The `chroma_server.py` service, typically internal to the Docker network, exposes endpoints that accept document IDs, texts, and metadata. While not directly exposed to end-users in a typical deployment, these could be points of resource exhaustion if not adequately protected by a proxy or firewall in production. Overall, for its intended use as a demo/development server, the security posture is reasonable, but it lacks advanced features like rate limiting, authentication, or robust input sanitization for untrusted external traffic.
Updated: 2026-01-05GitHub
0
0
Low Cost
aredigg icon
Sec6

This program dynamically generates Python wrappers and a FastMCP server for macOS applications, enabling LLM interaction with native app functionalities via AppleScript.

Setup Requirements

  • ⚠️Requires macOS
  • ⚠️Python 3.10+
  • ⚠️Requires `fastmcp` Python package (for server usage)
  • ⚠️Requires user permission to control macOS applications via AppleScript
Review RequiredView Analysis
The provided source code is limited to `LICENSE.md` and `README.md`, preventing a full audit of the Python generator (`mcp-osacreate`). However, the `README` explicitly warns that the generated AppleScript wrappers can expose powerful and potentially damaging macOS application functionalities, requiring user due diligence to remove risky tools. The tool itself relies on `osascript` and `sdef`.
Updated: 2025-12-05GitHub
0
0
Medium Cost
zarqa640 icon

MCP-server

by zarqa640

Sec4

A server application designed to host and manage custom Minecraft game instances, potentially supporting modding and multiplayer interactions.

Setup Requirements

  • ⚠️Requires Java Runtime Environment (JRE) to be installed.
  • ⚠️Requires an open network port (default 25565 for Minecraft) and appropriate firewall rules.
  • ⚠️Requires manual configuration of server properties files.
Review RequiredView Analysis
Source code heavily truncated, making a thorough security audit impossible. No visibility into specific patterns like 'eval', obfuscation, hardcoded secrets, or network handling practices. Running any server without full code review carries inherent risks. A score of 4 reflects this high degree of uncertainty rather than identified vulnerabilities.
Updated: 2025-11-25GitHub
0
0
Low Cost
spre-sre icon

mcpm

by spre-sre

Sec5

A CLI tool for developers to install, manage, and register Model Context Protocol (MCP) servers with Claude Code and Gemini CLI.

Setup Requirements

  • ⚠️Requires Go 1.23+ to build from source.
  • ⚠️Requires Git to clone repositories for installation.
  • ⚠️Requires Node.js/npm, Python 3, and/or Go runtime environments on the host machine if installing servers of those types.
  • ⚠️Requires Claude Code CLI and/or Gemini CLI to register installed MCP servers with those clients.
Review RequiredView Analysis
The tool's core functionality involves downloading and executing arbitrary code (MCP servers) from user-specified or inferred repositories. This is an inherent risk for any package manager. Specifically, the `internal/builder/shell.go` executes build commands using the user's shell (`zsh -l -c command` or `bash -l -c command`), which can be more susceptible to shell injection if the command strings themselves were derived from untrusted, unsanitized user input. The `mcpm add` command allows direct registration of arbitrary commands and arguments for MCP servers. While this is an intended feature, it means the security responsibility lies entirely with the user to ensure the commands and repositories they instruct `mcpm` to handle are trusted. No direct hardcoded secrets or obfuscation were identified within the provided source code, but the execution of untrusted external code remains a significant vector for security compromise.
Updated: 2025-12-10GitHub
0
0
Medium Cost
franco-gh icon

az-mcp-tf

by franco-gh

Sec9

Deploys the terraform-mcp-server to Azure Container Apps, providing an interface for Terraform interaction compatible with clients like GitHub Copilot Chat.

Setup Requirements

  • ⚠️Requires Terraform and Azure CLI installation and configuration.
  • ⚠️Requires Azure subscription with Contributor access and ability to create RBAC role assignments.
  • ⚠️Requires specific GitHub Secrets and Variables for automated CI/CD deployment via GitHub Actions and Terraform Cloud.
  • ⚠️Potential Key Vault naming conflicts requiring manual purging of soft-deleted vaults.
Verified SafeView Analysis
The project is designed with strong security practices, including API key authentication, Azure Key Vault for secret storage, Managed Identities for secure access, RBAC for Key Vault access, and HTTPS by default for all communication. No 'eval' or obvious obfuscation detected. API keys are not hardcoded. The architecture places Nginx in front for API key validation, enhancing security.
Updated: 2025-12-02GitHub
0
0
Medium Cost
AnotherStream icon

mcp-notes-connector

by AnotherStream

Sec9

Implements a Model Context Protocol (MCP) server to integrate with the Evernote API, allowing MCP clients (like AI agents) to access and manage Evernote notes and notebooks.

Setup Requirements

  • ⚠️Requires an Evernote Developer Token (needs registration on dev.evernote.com)
  • ⚠️Requires Python 3.10 or higher
  • ⚠️Testing is strongly recommended in the Evernote Sandbox environment to avoid affecting real data
Verified SafeView Analysis
The project uses environment variables for sensitive data (EVERNOTE_TOKEN) via `python-dotenv`, which is good practice. MCP communication occurs over `stdio`, limiting direct network exposure locally. The `evernote3` SDK is used for external API calls, which is generally reliable. No `eval` or `exec` found. Full input validation for currently unimplemented API methods (`search_notes`, `get_note`, `create_note`) needs to be confirmed once they are implemented, but the current structure handles arguments safely.
Updated: 2025-11-23GitHub
0
0
Medium Cost
BharatDeepanTR icon
Sec8

An AI-powered IT Helpdesk for Thomson Reuters employees, integrating real TR service desk resources and Claude AI for enhanced support.

Setup Requirements

  • ⚠️Requires access to a specific AWS account (818565325759) with the pre-existing IAM role 'a208194-askjulius-agentcore-gateway' and Lambda function 'a208194-it-helpdesk-enhanced-mcp-server' already configured.
  • ⚠️Deployment script (`deploy-enhanced-mcp-cloudshell.sh`) is optimized for AWS CloudShell, although it might run in other environments.
  • ⚠️The Lambda runtime is explicitly set to Python 3.9 in the deployment script, conflicting with the Python 3.14 mentioned in the README. Python 3.9 compatibility is required for the Lambda function code.
Verified SafeView Analysis
The code uses standard AWS SDK calls for Lambda invocation and Bedrock interactions, which rely on configured AWS credentials for authentication. There are no direct hardcoded API keys or sensitive secrets exposed in the provided code snippets. The deployment script performs URL validation using `curl`, which is a common and generally safe practice. Hardcoded AWS resource identifiers (Lambda name, IAM role ARN, Agent ID) are present but are configuration details rather than security secrets. The `bedrock_agentcore.memory` SDK is conditionally imported, with a fallback if not available, mitigating direct dependency risks. No 'eval' or other highly dangerous patterns were observed. The overall security posture is good for an internal enterprise tool, though externalizing all configuration could improve flexibility.
Updated: 2025-12-04GitHub
0
0
High Cost
liquid1982 icon
Sec9

Provides read-only access to the TrustLayer API via the Model Context Protocol (MCP) for integration with AI clients and other MCP-compatible tools.

Setup Requirements

  • ⚠️Requires Python 3.11+
  • ⚠️Requires a valid TrustLayer API token for authentication
Verified SafeView Analysis
The server is explicitly designed for read-only access (GET operations only), significantly reducing the attack surface. It properly handles API tokens via environment variables or per-request Authorization headers using Python's contextvars, preventing hardcoded secrets. There is no evidence of `eval` or code obfuscation. Uses well-known libraries (`httpx`, `pydantic-settings`). Production deployment notes emphasize HTTPS and firewalling, which are critical for any exposed service. The only minor deductions would be for standard deployment considerations (e.g., ensuring secure infrastructure).
Updated: 2025-12-05GitHub
PreviousPage 279 of 713Next