Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

68
250
High Cost
salesforcecli icon

mcp

by salesforcecli

Sec9

The MCP Server for Salesforce facilitates seamless interaction between large language models (LLMs) and Salesforce orgs, providing a robust set of tools for common development and administrative tasks. This includes static code analysis for performance/security antipatterns, metadata deployment/retrieval, org management, SOQL queries, Apex/Agent testing, and DevOps workflows like work item management and conflict resolution.

Setup Requirements

  • ⚠️This is a 'pilot or beta service' and is for 'Internal Use Only', with no guarantee of compatibility with prior versions.
  • ⚠️Requires Node.js (up-to-date LTS) and Yarn (globally installed) due to its monorepo structure with Yarn workspaces and `nohoist`.
  • ⚠️Requires locally authorized Salesforce orgs (scratch orgs, sandboxes, Dev Hub) for tool execution (`--orgs` flag must be configured).
  • ⚠️DevOps tools (e.g., for work item checkout and conflict detection) rely on a pre-authenticated Git CLI for repository operations.
  • ⚠️The `run_code_analyzer` tool has a maximum target file count of 10 for static analysis and currently rejects `sfge` and `flow` engines.
  • ⚠️Inputs for file/directory paths must be absolute paths and undergo explicit validation against path traversal attempts.
  • ⚠️Long-running operations (e.g., scratch org creation, metadata deployment) may require polling or using the `resume_tool_operation` tool to track completion.
  • ⚠️A known bug (`W-19828802`) in `sfdx-core` may cause `NamedOrgNotFoundError` when creating scratch orgs synchronously.
  • ⚠️Telemetry is enabled by default and must be explicitly disabled using `--no-telemetry` for testing or privacy concerns.
Verified SafeView Analysis
The project adheres to Salesforce's internal security guidelines, including a dedicated security contact (`security@salesforce.com`). It demonstrates proactive security measures such as robust path traversal prevention (`sanitizePath` function in `mcp-provider-dx-core`), explicit handling and redaction of sensitive authentication information (e.g., `assertNoSensitiveInfo` in test utilities), and careful dependency management (e.g., `overrides` in root `package.json`). Contribution guidelines mandate security reviews for all pull requests. The architecture leverages `@salesforce/core` for secure Salesforce authentication mechanisms, which are well-established.
Updated: 2026-01-19GitHub
68
282
High Cost
szeider icon

consult7

by szeider

Sec9

Enables AI agents to analyze extensive file collections (e.g., codebases) using large context window models via OpenRouter, overcoming agent context limits.

Setup Requirements

  • ⚠️Requires an OpenRouter API Key (paid service) to function.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Relies on 'uvx' for simplified installation and execution, which may require initial setup if not already present.
Verified SafeView Analysis
The server uses `httpx` for external API calls to OpenRouter with hardcoded URLs, reducing arbitrary network risks. API keys are passed via CLI arguments rather than hardcoded. File path validation is implemented for wildcards, limiting potential path traversal. The `zdr` (Zero Data Retention) option enhances privacy. The primary security consideration is the inherent capability to read local files, which could be misused by an agent if the system running Consult7 is not secured or the agent is not trusted for file access. No `eval` or obvious malicious patterns were found.
Updated: 2026-01-02GitHub
68
287
High Cost
context-hub icon

generator

by context-hub

Sec3

Provides a Retrieval-Augmented Generation (RAG) system and Micro-Context Protocol (MCP) server for AI assistants to understand, interact with, and generate documentation/code for projects. It allows indexing codebase knowledge, semantic search, and exposing file system, Git, and code analysis tools to AI agents.

Setup Requirements

  • ⚠️Requires PHP 8.2+ and Composer for dependency management.
  • ⚠️Docker is recommended for building the executable binary.
  • ⚠️Requires an OpenAI API Key (or compatible platform API key) for RAG vectorization (e.g., OPENAI_API_KEY). This is a paid service.
  • ⚠️Requires a running Qdrant instance for the default RAG knowledge store (RAG_QDRANT_HOST, RAG_QDRANT_PORT).
  • ⚠️The 'git' executable must be installed and accessible for Git-related features and tools.
  • ⚠️The MCP server exposes powerful capabilities; it must be run in a highly controlled, isolated environment with robust network and access controls. It is not safe for general public exposure.
Verified SafeView Analysis
The project is designed to expose powerful filesystem, Git, and code analysis capabilities via an HTTP API (MCP Server). This inherent design choice makes it highly critical from a security perspective. If the MCP server is exposed to untrusted users, or if an AI agent interacting with it is compromised, it could lead to: - Arbitrary file read/write/delete/replace on the server's filesystem. - Execution of arbitrary Git commands (add, commit, status). - Server-Side Request Forgery (SSRF) via the 'url' source type, fetching content from untrusted external URLs. - Indexing of sensitive internal code/data into external vector stores (Qdrant, OpenAI) if not configured carefully. While command execution uses Symfony Process (which correctly escapes arguments, reducing direct command injection risk), the *ability* to perform these actions via an API makes it a very high-privilege system. The default in-memory user provider for OAuth (if active) suggests a development-oriented authentication setup that is not suitable for production without significant hardening. No direct use of 'eval' or intentional obfuscation was detected.
Updated: 2026-01-19GitHub
68
270
Medium Cost
zinja-coder icon

jadx-mcp-server

by zinja-coder

Sec8

Facilitates live, LLM-driven reverse engineering and vulnerability analysis of Android APKs by integrating JADX with the Model Context Protocol.

Setup Requirements

  • ⚠️Requires JADX-AI-MCP plugin running locally and an APK loaded into JADX.
  • ⚠️Requires Java 11+ for the JADX-AI-MCP plugin.
  • ⚠️Requires Python 3.13+ to run the MCP server.
Verified SafeView Analysis
The Python server primarily acts as a proxy, forwarding requests to a local JADX-AI-MCP plugin (Java). Communication is restricted to localhost (127.0.0.1), reducing network attack surface for the server itself. No 'eval' or direct code injection vulnerabilities are apparent in the Python codebase. However, the powerful refactoring tools (e.g., renaming classes, methods, fields, packages) expose significant capabilities of the underlying JADX plugin. The overall security and integrity of the analysis and modifications depend heavily on the robustness of the JADX-AI-MCP plugin and how LLMs utilize these tools. Users must ensure authorized usage as per the project's disclaimer.
Updated: 2026-01-08GitHub
68
705
Medium Cost
Cyfrin icon

aderyn

by Cyfrin

Sec9

A Rust-based Solidity static analyzer that identifies vulnerabilities in smart contracts and provides developer tooling such as LSP and an MCP server for integration with other development environments and AI agents.

Setup Requirements

  • ⚠️Windows users must have WSL installed.
  • ⚠️Requires Rust toolchain for development/compilation.
  • ⚠️Development/release tooling like `cargo-release`, `gh` CLI, and `bacon` require separate installation.
Verified SafeView Analysis
The project is implemented in Rust, which inherently reduces many common memory-related vulnerabilities. It serves as a local development tool with capabilities for static analysis, LSP, and an MCP server. The `xtask` commands can perform sensitive operations like Git pushes and cargo releases, but these are intended for developer/CI environments and not directly exposed by the runtime servers. The MCP server binds to `127.0.0.1` by default for HTTP streaming, limiting network exposure. No obvious malicious patterns, hardcoded secrets, or `eval`-like constructs were found for arbitrary code execution in the server components.
Updated: 2026-01-19GitHub
67
219
Low Cost
Govcraft icon
Sec8

Provides up-to-date Rust crate documentation via semantic search and LLM summarization to AI coding assistants.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Requires Rust Toolchain (if building from source, or implicitly for cargo doc functionality)
  • ⚠️Requires active internet connection for initial setup and OpenAI API calls
  • ⚠️First-time setup for a new crate/version/feature set can take significant time due to documentation generation and embedding
Verified SafeView Analysis
The server relies on the `cargo` library to download and generate documentation for specified crates, which entails fetching code from crates.io. While standard for Rust, this introduces a dependency on the security of the crate ecosystem. It also interacts with the OpenAI API, requiring an API key, which must be secured by the user. There are no obvious signs of arbitrary code execution ('eval' equivalents) or hardcoded secrets in the provided source code, and network access is limited to necessary external APIs and crate registries.
Updated: 2025-11-24GitHub
67
241
Medium Cost
a-bonus icon

google-docs-mcp

by a-bonus

Sec8

Allows AI assistants to programmatically interact with Google Docs, Sheets, and Drive for document management, editing, formatting, and file organization.

Setup Requirements

  • ⚠️Requires a multi-step manual setup of Google Cloud Project credentials (enabling APIs, configuring OAuth consent screen, creating desktop client ID, downloading JSON).
  • ⚠️Involves a one-time interactive authorization process where the user must copy a URL, open it in a browser, grant permissions, copy an authorization code, and paste it back into the terminal.
  • ⚠️Operations involving comments (`addComment`, `resolveComment`) have known Google API limitations where anchoring may not be visible in the Docs UI or resolved status may not persist.
Verified SafeView Analysis
The server uses standard Google OAuth 2.0 or Service Account authentication, which are secure. It explicitly warns users about not sharing `credentials.json` and `token.json` files. Input parameters are validated using `zod` to prevent malformed requests. By default, it runs over `stdio`, limiting direct network exposure. However, it requires broad Google Drive, Docs, and Sheets scopes, meaning a compromised token could grant extensive access to user data.
Updated: 2026-01-14GitHub
67
4
Medium Cost
nguyenmanmkt icon

mcp-server

by nguyenmanmkt

Sec1

A web-based Docker management platform for deploying, managing, and building custom AI tools (MCP servers) for integration with language models.

Setup Requirements

  • ⚠️Requires Docker Daemon Access: The 'server.js' backend needs permissions to interact directly with the Docker socket on the host machine, which implies running in a privileged Docker container or on a host with proper permissions.
  • ⚠️Plaintext Sensitive Data: User credentials and other sensitive configurations are stored in 'database.json' without encryption.
  • ⚠️External AI API Keys Required: 'GEMINI_API_KEY' is explicitly used by the Gemini tool, and a Perplexity API key (likely an environment variable like `PERPLEXITY_API_KEY`) would be needed for the Perplexity tool.
  • ⚠️Arbitrary Code Execution Risks: The image build feature allowing Git repo cloning and Dockerfile execution, along with the `eval` function in `calculator.py`, introduces severe remote code execution vulnerabilities.
Review RequiredView Analysis
CRITICAL: Multiple severe security vulnerabilities identified. User passwords are stored in plaintext in 'database.json'. The backend 'server.js' interacts directly with the Docker daemon socket, granting full control over the host's Docker environment via an API authenticated with plaintext credentials. The image build feature allows cloning arbitrary Git repositories and building Docker images, which is a critical Remote Code Execution (RCE) vulnerability if a malicious Dockerfile is provided. Furthermore, the 'calculator.py' MCP tool explicitly uses `eval(python_expression)` which is highly susceptible to RCE, even with attempts to limit scope. These combined issues make the system extremely vulnerable to unauthorized access, privilege escalation, and arbitrary code execution on the host.
Updated: 2025-11-28GitHub
67
70
Medium Cost
ayunis-core icon

ayunis-legal-mcp

by ayunis-core

Sec4

A comprehensive system for searching and analyzing German legal texts using vector embeddings and semantic search, integrating with AI assistants via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for setup.
  • ⚠️Requires Ollama to be running on the host system, with a specific embedding model (ryanshillington/Qwen3-Embedding-4B:latest) pulled, and must produce 2560-dimensional vectors.
  • ⚠️Python 3.10+ is required.
  • ⚠️Database migrations must be run manually after initial setup (`docker-compose exec store-api alembic upgrade head`).
Verified SafeView Analysis
The system uses a hardcoded authentication token 'fake-super-secret-token' in `store/app/dependencies.py` for API access, which is a critical security vulnerability for any endpoints intended to be protected. The default PostgreSQL password 'postgres_password' is weak and should be changed in production. While input validation (e.g., `validate_legal_code`) and request body size limits are implemented, the easily bypassable authentication mechanism significantly lowers the overall security posture.
Updated: 2026-01-09GitHub
67
22
Medium Cost
dealfluence icon

adeu

by dealfluence

Sec8

Facilitates AI agents and LLMs to apply 'Track Changes' and comments to Microsoft Word documents, enabling automated redlining and document reconciliation.

Setup Requirements

  • ⚠️Requires 'uv' (uvx) installed for MCP server use.
  • ⚠️Requires Python 3.12+.
  • ⚠️The server manipulates local DOCX files based on provided paths.
Verified SafeView Analysis
The server primarily interacts with the local file system based on paths provided as arguments. A key security consideration is the sanitization of these file paths by the calling LLM agent or client to prevent path traversal attacks, as the server's functions perform read/write operations (e.g., `read_docx`, `apply_structured_edits`) on local files. No 'eval' or direct network risks to external malicious hosts were found. `lxml.xpath` is used for internal XML cleanup, not for parsing untrusted XPath expressions from external input.
Updated: 2026-01-19GitHub
67
251
Low Cost
apollographql icon

apollo-mcp-server

by apollographql

Sec9

Exposes GraphQL APIs as Model Context Protocol (MCP) tools, enabling AI models to access, orchestrate, and interact with APIs through standardized protocols.

Setup Requirements

  • ⚠️Requires an upstream GraphQL API endpoint to function.
  • ⚠️For local execution, requires either Docker or the Rust toolchain to build from source.
  • ⚠️Configuration involves YAML files and/or environment variables, including Apollo-specific credentials (`APOLLO_KEY`, `APOLLO_GRAPH_REF`) for GraphOS integration.
  • ⚠️The `danger_accept_invalid_certs` TLS option should be avoided in production.
Verified SafeView Analysis
The server implements robust OAuth 2.1 authorization with JWT validation, audience, and scope enforcement. It uses the `secrecy` crate for sensitive data. Configuration supports environment variable expansion, requiring careful management of secrets in config files. The `danger_accept_invalid_certs` TLS option, intended for development, must not be used in production environments as it disables certificate validation, making it vulnerable to MITM attacks. Overall, it appears to follow good security practices for an API proxy/tooling server, with configurable security measures.
Updated: 2026-01-16GitHub
66
265
Medium Cost
opensolon icon

solon-ai

by opensolon

Sec4

The Model Context Protocol (MCP) server provides a standardized interface for AI models to interact with external tools, resources, and prompt templates through a structured, bidirectional communication protocol.

Setup Requirements

  • ⚠️External Process Management: For `StdioClientTransport` and `StdioServerTransportProvider`, a separate, compatible process (e.g., a Python script or another server) must be correctly configured and managed for standard input/output communication. This adds complexity to deployment and operation.
  • ⚠️Solon Framework Dependency: The project is built on the Solon framework, requiring familiarity with Solon's dependency injection and application lifecycle for proper integration and configuration.
  • ⚠️Reactive Programming Paradigm: The `McpAsyncClient` and related components extensively use Project Reactor's `Mono` and `Flux` for asynchronous operations. Developers need to be proficient in reactive programming to effectively use and extend these parts of the framework.
Review RequiredView Analysis
The `StdioClientTransport` and `StdioServerTransportProvider` components within the MCP module utilize `ProcessBuilder.start()` for inter-process communication. This functionality inherently allows the execution of arbitrary external commands if the `ServerParameters` (command, arguments, and environment variables) can be influenced by untrusted external input. This poses a critical command injection risk if proper input validation and sanitization are not rigorously applied by the consuming application. While no hardcoded secrets were found in the core MCP code, the JSON deserialization process with `McpJsonMapper` also introduces potential deserialization vulnerabilities if malicious JSON messages are processed.
Updated: 2026-01-19GitHub
PreviousPage 29 of 713Next