Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

70
211
Medium Cost
aaronsb icon
Sec9

This plugin connects your Obsidian vault to AI assistants through MCP (Model Context Protocol), enabling them to understand and navigate your notes as a connected knowledge graph.

Setup Requirements

  • ⚠️Requires Obsidian desktop application to be running.
  • ⚠️Requires an MCP-compatible AI client (e.g., Claude Desktop, Claude Code, Continue.dev).
  • ⚠️Requires manual configuration of the plugin's generated API key in the AI client (and potentially `NODE_TLS_REJECT_UNAUTHORIZED=0` for self-signed HTTPS certificates).
  • ⚠️Full functionality of 'dataview' and 'bases' tools requires the respective Obsidian plugins to be installed and enabled.
Verified SafeView Analysis
The server features a comprehensive, multi-layered security framework, including OWASP-grade path validation (`SecurePathValidator`), a central firewall (`VaultSecurityManager`) with granular operation permissions (read, write, delete, move, etc.), and integration with a `.mcpignore` file for path exclusions. It actively guards against common vulnerabilities like path traversal, ReDoS (via `SafeRegexValidator`), and DoS (via `BatchLimitValidator`). API keys are securely auto-generated on first use, and an explicit 'dangerouslyDisableAuth' setting is provided with appropriate warnings. CPU-intensive operations are offloaded to worker threads for isolation. The web fetching tool is an inherent network interaction but is designed for user-requested URLs. Overall, the security implementation is exceptionally robust for an open-source plugin.
Updated: 2026-01-19GitHub
70
201
Medium Cost
hyprmcp icon

jetski

by hyprmcp

Sec9

Jetski is an open-source platform providing analytics, authentication, and simplified client setup for Model Context Protocol (MCP) servers by acting as a proxy.

Setup Requirements

  • ⚠️Requires Docker for local development dependencies (PostgreSQL, Dex, Mailpit).
  • ⚠️Requires 'mise' (dev tool environment manager) for tool installation and task execution.
  • ⚠️Requires 'pnpm' as the JavaScript package manager.
  • ⚠️Requires a host file entry for `host.minikube.internal` for local Dex setup if using Minikube.
  • ⚠️Kubernetes/Minikube is required for optional gateway orchestration, including Helm and Metacontroller.
Verified SafeView Analysis
The codebase demonstrates good security practices. Environment variables are used for sensitive configurations (e.g., database URL, OIDC credentials, GitHub secrets for Dex). OAuth2/OIDC is used for authentication, with JWT validation against a JWK set in the backend. User-provided `proxyUrl`s are subject to backend validation to prevent Server-Side Request Forgery (SSRF). Observability tools (Sentry, OpenTelemetry) are integrated. The use of `public: true` for OIDC clients in `docker-compose.yaml` is standard for single-page applications and CLIs, which cannot securely store client secrets. No 'eval', blatant obfuscation, or hardcoded production secrets were found. `requireHttps: false` in dev config is acceptable.
Updated: 2026-01-18GitHub
70
58
Medium Cost
aplaceforallmystuff icon

mcp-arr

by aplaceforallmystuff

Sec8

Manages Sonarr, Radarr, Lidarr, Readarr, and Prowlarr applications for media library control and configuration review via natural language queries.

Setup Requirements

  • ⚠️Requires Node.js 18+.
  • ⚠️At least one *arr application (Sonarr, Radarr, Lidarr, Readarr, or Prowlarr) must be running with API access.
  • ⚠️Requires setting specific environment variables (URL and API Key) for each *arr service to be managed.
Verified SafeView Analysis
The server uses environment variables for all sensitive configuration (URLs, API keys) and relies on standard `fetch` API for external communication. No hardcoded secrets or direct `eval`/`exec` calls with untrusted input were found. External data from TRaSH Guides is fetched from GitHub, which is generally reliable. The primary security considerations would be the user's secure setup of their *arr applications (e.g., not exposing them directly to the public internet).
Updated: 2026-01-16GitHub
70
3
High Cost
SerifeusStudio icon

threlte-mcp

by SerifeusStudio

Sec8

Enables AI agents to inspect and manipulate Three.js/Threlte 3D scenes in real-time, facilitating debugging, asset optimization, and cinematic tooling.

Setup Requirements

  • ⚠️Requires Node 18+ to run.
  • ⚠️Requires Svelte 5 for the MCPBridge component in your Threlte application.
  • ⚠️Your Threlte application must be running with the MCPBridge component, which connects to the server via WebSocket on ws://localhost:8083.
Verified SafeView Analysis
The server operates primarily as a local development tool, communicating with IDEs via standard I/O and with the game client via a local WebSocket (ws://localhost:8083). It handles file operations for GLTF asset processing, leveraging trusted libraries like `@gltf-transform` and `meshoptimizer`. While these operations involve file system access, input paths are validated, and remote URLs are disallowed, mitigating common file traversal risks. No direct 'eval' or hardcoded sensitive secrets were found. The primary risk lies with potential vulnerabilities in third-party GLTF processing libraries or if the local WebSocket server were exposed externally, allowing unauthorized scene manipulation. However, for its intended local use, it is considered robust.
Updated: 2026-01-17GitHub
70
3
Low Cost
dmytro-ustynov icon

pptx-generator-mcp

by dmytro-ustynov

Sec4

Generate professional PowerPoint presentations from Markdown input via a Model Context Protocol (MCP) server integrated with Claude Desktop.

Setup Requirements

  • ⚠️Requires Node.js 18.0 or higher
  • ⚠️Requires Claude Desktop for integration
  • ⚠️Manual configuration of `claude_desktop_config.json` is necessary after installation
  • ⚠️Global npm installation may require sudo depending on system configuration
  • ⚠️Custom fonts (e.g., JetBrains Mono) need to be manually installed on the operating system for proper display in the generated PPTX
Review RequiredView Analysis
The `generate_presentation` tool constructs an output file path using user-provided `filename` without sufficient sanitization against directory traversal (e.g., `../../`). An attacker could potentially write files to arbitrary locations on the host system within the user's permissions. For example, `filename: "../../malicious-script"` could lead to writing a file outside the intended `output` directory. The `list_presentations` tool lists files in a predefined output directory, which is less of a risk but does expose local file names. No direct `eval` or command injection from user input found.
Updated: 2025-12-01GitHub
70
3
High Cost
telmon95 icon

VulneraMCP

by telmon95

Sec3

An AI-powered platform for automated security testing, vulnerability research, and bug bounty hunting.

Setup Requirements

  • ⚠️Requires manual installation of external CLI tools (subfinder, httpx, amass, sqlmap) and presence in system PATH.
  • ⚠️PostgreSQL 18+ is recommended, and if installed locally (e.g., via Homebrew), it defaults to port 5433, not the standard 5432, which needs explicit configuration.
  • ⚠️OWASP ZAP must be running, and examples often disable its API key for convenience, making it insecurely accessible to anyone on the network.
  • ⚠️Caido integration requires a CAIDO_API_TOKEN, which must be obtained and configured separately.
Review RequiredView Analysis
The server uses `eval()` in `render.execute_js` which allows arbitrary JavaScript execution provided by the user/AI, posing a critical remote code execution risk if the MCP client is compromised or provides untrusted input. Default PostgreSQL passwords like 'bugbounty123' are suggested in setup scripts and `docker-compose.yml`, which is a hardcoded secret vulnerability. ZAP is often configured with `api.disablekey=true` in examples, leaving its API unprotected.
Updated: 2025-11-28GitHub
69
13
High Cost
jellydn icon

my-ai-tools

by jellydn

Sec2

Provides a comprehensive setup and configuration management guide for an AI-powered developer environment, integrating various AI coding tools and their custom settings.

Setup Requirements

  • ⚠️Requires a paid Claude Code subscription for full features.
  • ⚠️Manual `jq` installation may be required if common package managers are unavailable.
  • ⚠️Reliance on `npm`/`npx` for many tool installations and MCP server invocations, requiring Node.js/Bun environment setup.
Review RequiredView Analysis
CRITICAL: The `cli.sh` and `generate.sh` scripts use `eval "$1"` for command execution, which is a severe vulnerability allowing arbitrary code execution if inputs are not perfectly sanitized. CRITICAL: `configs/amp/settings.json` explicitly sets `"amp.dangerouslyAllowAll": true`, granting the Amp AI assistant unrestricted command execution privileges without user confirmation. Dynamic command execution within Claude Code hooks (e.g., auto-formatting based on file path input) could also be a vector if not properly secured against malicious input. The system installs third-party tools globally, posing a supply chain risk. API keys are handled in separate files but require careful local management.
Updated: 2026-01-19GitHub
69
257
High Cost
anyproto icon

anytype-mcp

by anyproto

Sec3

The Anytype MCP Server enables AI assistants to interact with Anytype's API through natural language by converting its OpenAPI specification into MCP tools.

Setup Requirements

  • ⚠️Requires an Anytype API Key for authentication, which must be obtained from the Anytype Desktop app settings.
  • ⚠️Requires the Anytype Desktop application (or its local API server) to be running and accessible, typically on `http://127.0.0.1:31009`.
  • ⚠️The `OPENAPI_MCP_HEADERS` environment variable is required to pass authentication and version headers as a JSON string (e.g., `{"Authorization":"Bearer <YOUR_API_KEY>", "Anytype-Version":"2025-11-08"}`).
Review RequiredView Analysis
The server loads an OpenAPI specification from a URL or local file, which is then parsed to create MCP tools. A critical vulnerability exists in the `HttpClient`'s file upload handling: it uses `fs.createReadStream` with file paths directly derived from AI-provided arguments. This allows an AI (or a malicious user interacting through the AI) to potentially read arbitrary files from the server's filesystem, posing a significant local file inclusion/arbitrary file read risk. While an `eval` statement was found, it is currently commented out, mitigating that specific severe risk.
Updated: 2026-01-13GitHub
69
315
High Cost
cloudwego icon

abcoder

by cloudwego

Sec4

Starts a Model Context Protocol (MCP) server that provides AST reading tools for code analysis, integrable with AI clients like Claude Code.

Setup Requirements

  • ⚠️Requires installation of multiple language-specific LSP servers (e.g., `clangd-18`, `rust-analyzer`, `pylsp`, JDTLS), which `abcoder` attempts to auto-install but may require manual intervention or system-wide package changes.
  • ⚠️For large TypeScript/JavaScript repositories, Node.js's maximum memory allocation might need to be increased (e.g., `NODE_OPTIONS=--max-old-space-size=65536`).
  • ⚠️The 'agent' subcommand requires environment variables like `API_KEY` for LLM providers, which are typically paid services.
Review RequiredView Analysis
The server frequently uses `exec.Command` to run external tools (LSP servers, npm, go, cargo, mvn) in user-provided repository directories. A malicious repository could contain build configuration files (e.g., `Cargo.toml`, `pom.xml`, `package.json`, `go.mod`) designed to execute arbitrary commands during parsing or setup. This is a significant supply chain and command injection risk. Downloads of LSP servers and npm packages also introduce supply chain integrity concerns.
Updated: 2026-01-16GitHub
69
225
Medium Cost
Muvon icon

octocode

by Muvon

Sec8

An intelligent code indexer and semantic search engine that builds knowledge graphs of codebases, providing AI-powered assistance for development tasks like natural language search, smart commits, and code reviews, with local-first and multi-language support.

Setup Requirements

  • ⚠️Requires Voyage AI API Key (required for embeddings, 200M free tokens/month available).
  • ⚠️Requires OpenRouter API Key for full AI features (optional).
  • ⚠️Requires Rust/Cargo toolchain for manual installation via `cargo install`.
  • ⚠️By default, requires the project directory to be a Git repository (`require_git: true` in `index` config).
Verified SafeView Analysis
The project emphasizes local-first design for search and API keys are securely handled via environment variables, reducing the risk of hardcoded secrets. The Model Context Protocol (MCP) server runs locally with no external network access for search queries, limiting external exposure. No 'eval' or similar dangerous dynamic execution patterns were found in the provided source code snippets. Reliance on third-party AI models (Voyage AI, OpenRouter) implies dependency on their security, but Octocode's internal handling of API keys is sound.
Updated: 2026-01-17GitHub
69
155
Medium Cost
neo4j icon

mcp

by neo4j

Sec9

Enables AI models (LLMs) to interact with a Neo4j graph database by providing a structured set of tools via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Neo4j database instance with the APOC plugin installed.
  • ⚠️Requires Go 1.25+ to build and run from source.
  • ⚠️Client (e.g., VSCode, Claude Desktop) setup involves specific configuration files and potentially base64-encoded credentials for HTTP mode.
Verified SafeView Analysis
The server implements strong security practices including per-request authentication (Basic Auth/Bearer Token) and configurable CORS for HTTP mode, and robust TLS/HTTPS support with secure defaults. Input validation prevents non-read operations in 'read-cypher' tool. Sensitive information (passwords, tokens, URIs) is redacted in logs. Startup checks ensure a valid Neo4j connection and APOC plugin. A MixPanel analytics token is hardcoded, but explicitly marked as safe for public exposure per G101 and does not grant sensitive access.
Updated: 2026-01-19GitHub
69
253
Medium Cost
mixelpixx icon

KiCAD-MCP-Server

by mixelpixx

Sec4

Enables AI assistants like Claude to interact with KiCAD for PCB design automation, providing comprehensive tool schemas and real-time project state access.

Setup Requirements

  • ⚠️Requires KiCAD 9.0 or higher installed with Python scripting support.
  • ⚠️Correct Python environment configuration (PYTHONPATH) is critical and platform-specific, often requiring KiCAD's bundled Python.
  • ⚠️Full JLCPCB API integration requires user-obtained JLCPCB API Key and Secret environment variables.
Review RequiredView Analysis
The server uses `child_process.spawn` in TypeScript to invoke a Python script, and the Python backend then uses `subprocess.run` (or similar) to execute `kicad-cli` commands. Multiple tools (e.g., `export_gerber`, `export_pdf`, `run_drc`) pass user-supplied parameters (`outputDir`, `outputPath`, `reportPath`) to these shell commands. If these parameters are not rigorously sanitized and escaped before interpolation into the shell command string, this creates a potential for command injection vulnerabilities. For instance, providing a malicious path like `'my_output && rm -rf /'` could execute arbitrary commands on the host system. The code snippets provided do not explicitly show robust input sanitization for these shell executions.
Updated: 2026-01-11GitHub
PreviousPage 28 of 713Next