Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

66
451
Medium Cost
controlplaneio-fluxcd icon

flux-operator

by controlplaneio-fluxcd

Sec8

The Flux Operator MCP Server acts as a bridge for AI assistants, allowing them to manage and troubleshoot GitOps pipelines and Kubernetes resources controlled by FluxCD through natural language interactions.

Setup Requirements

  • ⚠️Requires a Kubernetes cluster with Flux Operator already installed.
  • ⚠️A valid `kubeconfig` file with appropriate permissions to access Kubernetes resources is mandatory.
  • ⚠️AI instructions (from `docs/mcp/instructions.md`) must be manually configured in your AI assistant's settings for optimal functionality.
Verified SafeView Analysis
The Flux Operator MCP Server is designed with security considerations, offering features like read-only mode, secret masking, and Kubernetes impersonation (`--kube-as`) to restrict its actions and data exposure. However, as a powerful tool interacting directly with the Kubernetes API, its overall security depends heavily on the operational security practices of the user, including proper RBAC configuration for the service account it runs under and careful management of `--kube-as` settings. The `install_flux_instance` tool can download manifests from URLs, which requires trusting the source of those manifests.
Updated: 2026-01-19GitHub
66
326
Medium Cost
CheMiguel23 icon

MemoryMesh

by CheMiguel23

Sec9

A local knowledge graph server for AI models, focusing on structured memory for text-based RPGs and interactive storytelling.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires manually configuring an absolute path to 'dist/index.js' in Claude Desktop's 'claude_desktop_config.json'.
Verified SafeView Analysis
The server primarily uses standard I/O (stdio) for communication with the MCP client, which inherently limits direct network attack surfaces. No usage of 'eval' or other highly dangerous functions was found. Configuration paths are dynamic or hardcoded to the local build directory. The SDK ('@modelcontextprotocol/sdk') does include dependencies like 'express' and 'cors', which are typically for HTTP servers, but this specific implementation leverages its 'StdioServerTransport' for the core MCP interaction, mitigating common web-based vulnerabilities for the MemoryMesh application itself. No hardcoded sensitive credentials detected.
Updated: 2026-01-17GitHub
66
17
Medium Cost
milkymap icon

pulsar-mcp

by milkymap

Sec2

Acts as a semantic router for Model Context Protocol (MCP) ecosystems, enabling discovery and execution of tools across multiple MCP servers without context bloat for LLMs.

Setup Requirements

  • ⚠️Requires OpenAI API Key for embeddings, descriptions, and vision (Paid Service).
  • ⚠️Requires persistent storage for `TOOL_OFFLOADED_DATA_PATH` and a Qdrant vector database (either local file/in-memory using `QDRANT_DATA_PATH`, or remote URL using `QDRANT_URL`).
  • ⚠️Python 3.12+ only.
Review RequiredView Analysis
The server's `mcp-servers.json` configuration allows specifying `command` and `args` for `stdio` transport MCP servers. This means it can execute arbitrary shell commands on the host system if an attacker can control the `mcp-servers.json` file or its content. This is a critical remote code execution vulnerability if the configuration is not immutable and from a highly trusted source. Content offloading to `TOOL_OFFLOADED_DATA_PATH` could also pose a risk if paths are not securely managed or if malicious content is stored and later retrieved/executed by another agent.
Updated: 2025-12-08GitHub
66
134
Medium Cost
williamzujkowski icon

strudel-mcp-server

by williamzujkowski

Sec7

An MCP server enabling AI-powered music generation, live coding, and algorithmic composition by controlling Strudel.cc in a browser.

Setup Requirements

  • ⚠️Requires Playwright to install Chromium for browser automation (`npx playwright install chromium`), which can be resource-intensive.
  • ⚠️By default, `headless: false` in `config.json` means a visible browser window will launch; it is recommended to set this to `true` for background or server operation.
  • ⚠️Audio analysis (e.g., `analyze`, `detect_tempo`, `detect_key`) may require the browser window to be visible (not headless) for initial audio context activation on some systems, potentially causing issues in fully headless setups.
Verified SafeView Analysis
The server executes user-provided JavaScript code within a Playwright-controlled browser context via `new Function()` in the `executeInStrudelContext` tool. While the `PatternValidator` attempts to detect dangerous patterns (e.g., `eval()`, infinite loops, excessive gain) and performs syntax checks for Strudel patterns, executing arbitrary, albeit validated, JavaScript in a browser still carries inherent risks if the validation is incomplete or new browser vulnerabilities emerge. File operations in `PatternStore` use `sanitizeFilename` to prevent path traversal. No hardcoded secrets were found. The default `headless: false` in `config.json` means a browser GUI will appear, which can be changed for server environments.
Updated: 2026-01-15GitHub
66
17
Medium Cost
milkymap icon

omnimcp

by milkymap

Sec8

Acts as a semantic router to discover and execute tools across multiple Model Context Protocol (MCP) servers, reducing context bloat for large language models by exposing a single meta-tool.

Setup Requirements

  • ⚠️Requires an OpenAI API Key (paid service) for generating embeddings, tool/server descriptions, and image descriptions.
  • ⚠️Requires Python 3.12 or newer to run.
  • ⚠️Requires `uv` (a Python package installer and executor) to be installed and in PATH for using `uvx` commands.
  • ⚠️A Qdrant vector database connection must be configured, supporting local file storage, in-memory, or a remote Qdrant server/cloud instance.
Verified SafeView Analysis
The server employs robust configuration management using Pydantic Settings, prioritizing environment variables for sensitive data (API keys, storage paths). Internal communication within the `MCPEngine` utilizes in-process ZeroMQ (pyzmq), which is secure for internal messaging and doesn't expose external network ports for this purpose. The `ContentManager` uses UUIDs for filenames when offloading content, effectively mitigating path traversal vulnerabilities. Tool arguments are processed via `json.loads`, which is generally safe when inputs are constrained by LLM tool calling standards. The project builds upon the `FastMCP` framework, inheriting its security posture; no obvious new network vulnerabilities are introduced within OmniMCP's code. Overall, security practices appear solid, but rely on the integrity of complex upstream dependencies and proper environmental configuration.
Updated: 2025-12-08GitHub
66
26
Medium Cost
Dataojitori icon

nocturne_memory

by Dataojitori

Sec8

Provides a persistent, structured long-term memory and dynamic knowledge graph system for AI agents, designed for human-AI collaboration.

Setup Requirements

  • ⚠️Requires a running Neo4j database instance (local or cloud).
  • ⚠️Requires Python 3.10+ and Node.js 18+.
  • ⚠️The MCP server (`mcp_server.py`) needs to be configured with its absolute path in AI client settings.
  • ⚠️A special wrapper (`mcp_wrapper.py`) is required for Antigravity IDE due to a specific bug with line endings.
Verified SafeView Analysis
The backend utilizes parameterized Cypher queries for database interactions, significantly mitigating injection risks. Neo4j credentials are managed via environment variables. File system operations for snapshots (`db/snapshot.py`) include basic path sanitization and hashing, reducing direct path traversal vulnerabilities. The `mcp_wrapper.py` workaround for Antigravity uses `subprocess.Popen` with explicit executable and script paths, limiting command injection. Frontend rendering of user-generated content (e.g., entity descriptions) might pose an XSS risk if not properly escaped, although the current UI primarily uses `whitespace-pre-wrap` styling, implying plain text. Deletion logic for states and entities incorporates checks for dependencies, preventing accidental deletion of referenced nodes.
Updated: 2026-01-18GitHub
66
100
Medium Cost
southleft icon

figma-console-mcp

by southleft

Sec3

Provides AI assistants with real-time console access, visual debugging, design system extraction, and design creation capabilities for Figma.

Setup Requirements

  • ⚠️Requires Figma Desktop launched with `--remote-debugging-port=9222` flag (manual restart).
  • ⚠️Requires Figma Personal Access Token (PAT) for REST API access in NPX/Local modes, or OAuth for Cloudflare remote mode.
  • ⚠️Requires 'Figma Desktop Bridge' plugin to be installed and running in Figma Desktop for advanced local-mode features (variables without Enterprise, reliable component descriptions, write operations).
  • ⚠️Figma Variables API requires Enterprise plan if not using the Desktop Bridge plugin or console snippet fallback.
Review RequiredView Analysis
CRITICAL RISK: The `figma_execute` tool allows arbitrary JavaScript code execution (`eval`) within the Figma Desktop plugin context. This means any code provided by the AI (or a malicious user controlling the AI) can be run with full Figma Plugin API access, potentially modifying or exfiltrating user data. The `networkAccess` in the plugin manifest is set to `none`, which limits external communication from the plugin itself, but the server making the `eval` call could still be a vector. The plugin is designed to be run locally and is intended for debugging and development workflows, but the `eval` itself is a severe vulnerability for any AI-driven tool.
Updated: 2026-01-19GitHub
66
228
High Cost
aws-samples icon
Sec6

Implements a sample stateful MCP (Model Context Protocol) server with echo functionality, deployable on AWS ECS Fargate using Python.

Setup Requirements

  • ⚠️Requires Python 3.12+ (or Node.js for other examples).
  • ⚠️Requires Docker/Podman for local builds and containerization.
  • ⚠️Deployment requires AWS CLI, AWS SAM CLI (or Terraform/CDK), and appropriately configured AWS credentials.
  • ⚠️Access to specific AWS Bedrock models is required for agent-based examples, which may incur costs.
Verified SafeView Analysis
Multiple examples within the repository demonstrate hardcoded secrets for JWT signing (`'jwt-signature-secret'`) and authorization tokens (`'good_access_token'`). While noted as sample values in the READMEs, deploying these patterns to a production environment without proper secret management (e.g., AWS Secrets Manager, environment variables with controlled access) poses a severe security risk. External API calls are made to `ip-api.com` and `frankfurter.app` by some agents.
Updated: 2026-01-08GitHub
66
311
Low Cost
apappascs icon

mcp-servers-hub

by apappascs

Sec10

This repository serves as a hub to discover and rank the top 100 most popular Model Context Protocol (MCP) servers based on GitHub stars, aggregating information from various MCP registries.

Verified SafeView Analysis
The provided source code is a README.md file and does not contain any executable server logic. Therefore, this repository, as analyzed from the provided source, does not introduce runtime security risks associated with server operation. The security of the *listed* MCP servers cannot be assessed without their respective source codes.
Updated: 2026-01-19GitHub
66
261
Medium Cost
spences10 icon

mcp-omnisearch

by spences10

Sec9

Provides a unified interface for various search, AI response, content processing, and enhancement tools via Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires API keys for each desired external provider (e.g., TAVILY_API_KEY, PERPLEXITY_API_KEY, KAGI_API_KEY).
  • ⚠️GitHub API Key requires a personal access token with *no scopes selected* for public repository access, as per specific setup instructions to ensure security.
  • ⚠️Understanding the different 'modes' and 'extract_depth' for processing tools (e.g., Firecrawl, Exa) is crucial for optimal usage.
Verified SafeView Analysis
The server demonstrates good security practices: API keys are loaded from environment variables, preventing hardcoding. Input validation is performed using `valibot` for tool parameters. Large outputs are handled by writing to the system's temporary directory with `randomUUID` for file names, mitigating path traversal risks. URLs provided by users for content processing are validated using `is_valid_url`. Network requests use a centralized `http_json` utility with timeouts and robust error handling. No obvious use of `eval` or direct system commands with unsanitized user input was found. The specific instruction for GitHub API keys (no scopes) also highlights a security-conscious design.
Updated: 2026-01-15GitHub
65
90
Medium Cost
poly-mcp icon

Polymcp

by poly-mcp

Sec8

A comprehensive TypeScript framework for building and orchestrating Model Context Protocol (MCP) servers and AI agents, enabling LLMs to intelligently discover, select, and execute external tools.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires Docker Desktop or daemon running for Docker sandbox features (optional).
  • ⚠️Requires LLM API keys (OpenAI, Anthropic, Kimi, DeepSeek) for cloud LLM providers, or Ollama for local LLM inference (optional).
Verified SafeView Analysis
The project demonstrates a strong commitment to security, particularly with its `DockerSandboxExecutor` which provides robust isolation, resource limits, and network/filesystem restrictions for untrusted code execution. For in-process code execution (`SandboxExecutor`), it employs a `vm2` sandbox with explicit blocking of dangerous patterns (`require`, `fs`, `eval`). File operations (`readFile`, `writeFile`, `listDirectory`) are protected against directory traversal by validating paths against the current working directory. The `shellCommand` tool also includes explicit blocking of high-risk commands (`rm -rf`, `sudo`, `|`, `>`). While `vm2` and shell command execution carry inherent risks (and `vm2` has had vulnerabilities in the past), the extensive mitigations, including logging redaction, tool allow/denylists, and budget controls in `UnifiedPolyAgent`, demonstrate a multi-layered security approach. Examples for hardcoded secrets (`JWT_SECRET`, `API_KEY`) are clearly marked for production changes.
Updated: 2026-01-16GitHub
65
225
Medium Cost
volcengine icon

mcp-server

by volcengine

Sec9

Provides natural language access to Volcengine Content Delivery Network (DCDN) services, enabling queries and analysis of domain configuration and monitoring data.

Setup Requirements

  • ⚠️Requires Python 3.11 or higher.
  • ⚠️Requires 'uv' (Astral's dependency manager and runner) to be installed for local execution and dependency management.
  • ⚠️Requires 'VOLCENGINE_ACCESS_KEY' and 'VOLCENGINE_SECRET_KEY' environment variables set with appropriate permissions for Volcengine DCDN APIs.
Verified SafeView Analysis
Credentials (VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY) are securely read from environment variables, which is a standard practice for sensitive information. No direct 'eval' or obvious code injection vulnerabilities were found in the provided DCDN server source. The system relies on the security of the environment where it's deployed to protect these environment variables and ensure least privilege for the API keys.
Updated: 2026-01-12GitHub
PreviousPage 30 of 713Next