Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

65
273
Low Cost
zueai icon

mcp-manager

by zueai

Sec4

A web GUI to easily manage and configure Model Context Protocol (MCP) servers for the Claude Desktop app on MacOS, generating terminal commands for installation and setup.

Setup Requirements

  • ⚠️Requires MacOS as it targets the Claude Desktop app on that OS.
  • ⚠️Requires Node.js and uv (Python package manager) installed locally via terminal commands.
  • ⚠️Requires manual execution of generated terminal commands, which can include high-privilege operations like `sudo npm link` for some MCP servers.
  • ⚠️Requires obtaining and inputting API keys/tokens for various third-party services (e.g., Brave Search, AWS, GitHub) into the GUI, which are then included in the generated configuration.
Verified SafeView Analysis
The `mcp-manager` application itself is a client-side React web GUI and does not inherently contain direct security vulnerabilities like `eval` of user input or hardcoded active secrets. Placeholder environment variables are present in `src/server-configs.ts` but are explicitly for user configuration. However, the core function of this manager is to *generate and instruct users to execute terminal commands* (`npx`, `uvx`, `node`, `curl | sh`, `npm install`, `sudo npm link`) which download and run external code (MCP servers) on the user's system. This requires significant trust in the external MCP server packages and the generated commands. Executing `sudo npm link` as part of the setup for some servers (e.g., Exa) grants high privileges, posing a severe risk if the external package or its dependencies were compromised. Users must exercise extreme caution and vet all external code before running the generated commands.
Updated: 2025-12-03GitHub
65
236
High Cost
Arenukvern icon

mcp_flutter

by Arenukvern

Sec4

Connects Flutter applications with AI coding assistants to enable real-time debugging, UI inspection, and dynamic tool interaction for development workflows.

Setup Requirements

  • ⚠️Requires running the Flutter app with `--disable-service-auth-codes` due to a security workaround, disabling VM service authentication.
  • ⚠️Mandates integration of the `mcp_toolkit` package into the Flutter app's `pubspec.yaml` and initialization of `MCPToolkitBinding` in `main.dart`.
  • ⚠️Requires manual configuration within the specific AI assistant (e.g., Cursor, Cline, Claude), often involving absolute paths to the server executable and specific flags like `--no-resources` for client compatibility.
Review RequiredView Analysis
Requires the Flutter application to be run with `--disable-service-auth-codes`, which bypasses VM service authentication and creates a potential vulnerability if the VM service port (default 8182) is exposed beyond localhost. While intended for local debug environments, this is a significant security compromise. The `--save-images` flag saves screenshots to local disk, which could expose sensitive data if the Flutter app displays it.
Updated: 2026-01-17GitHub
65
125
Medium Cost
nesquikm icon

mcp-rubber-duck

by nesquikm

Sec9

An MCP (Model Context Protocol) server that acts as a bridge to query multiple OpenAI-compatible LLMs, enabling multi-agent AI workflows and providing an AI 'rubber duck' debugging panel.

Setup Requirements

  • ⚠️Requires Node.js 20 or higher.
  • ⚠️Requires at least one API key for a supported LLM provider (e.g., OpenAI, Gemini, Groq) for core functionality.
  • ⚠️For Claude Desktop integration, `MCP_SERVER=true` environment variable must be set in the client's config, and API keys for LLM providers must be provided.
  • ⚠️Docker with `buildx` is recommended for building multi-architecture images, and Docker Compose for easy deployment.
  • ⚠️Ollama or LM Studio require local instances running if used as providers.
Verified SafeView Analysis
The server demonstrates a strong commitment to security through several features: a robust MCP tool approval service with 'always', 'trusted', and 'never' modes, session-based approvals, and per-server trusted tool lists. It incorporates a pluggable 'Guardrails' system for runtime safety, including Rate Limiting, Token Limiting, Pattern Blocking, and PII Redaction. Sensitive data is actively sanitized from logs using `SafeLogger`. Input validation is performed for external tool calls via AJV. Global error handlers (`uncaughtException`, `unhandledRejection`) are in place for crash diagnosis and stability. API keys are managed via environment variables or config files, avoiding hardcoding in the codebase. Network calls to external LLMs and MCP servers are inherent to its bridging function but are managed within these security layers. The project structure and practices suggest a high degree of security awareness for its intended use case.
Updated: 2026-01-19GitHub
65
25
Low Cost
kitwork icon

kitwork

by kitwork

Sec6

A lightweight workflow engine for automating tasks, orchestrating services, building serverless functions, and creating API endpoints via YAML.

Setup Requirements

  • ⚠️Requires familiarity with YAML for workflow, API, and schedule definitions.
  • ⚠️Browser automation with `Chromedp` may require a headless Chrome/Chromium browser installation or runtime environment.
  • ⚠️Database interaction (e.g., PostgreSQL) requires explicit configuration of credentials (user, password, host, port) in YAML files like `database/postgres.yaml`.
Verified SafeView Analysis
The system is designed to execute arbitrary JavaScript scripts, database queries, HTTP requests, and browser automation steps defined within YAML workflow files. This inherent power means security heavily relies on the trustworthiness of the provided workflow definitions. Secrets are stored in YAML files (e.g., `secret/telegram.yaml`), which, while using placeholders, can be a risk if not properly managed (e.g., through environment variable overrides or encryption) in a production environment. The manifesto mentions 'Core can also read files dynamically,' which, if exploitable via untrusted YAML, could lead to local file access.
Updated: 2025-12-11GitHub
65
136
Medium Cost
microsoft icon

mcp-interviewer

by microsoft

Sec8

A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.

Setup Requirements

  • ⚠️Requires OpenAI API Key (Paid for default model configuration)
  • ⚠️Python 3.11+ required
  • ⚠️Docker (or similar containerization) recommended for target server to mitigate execution risks
  • ⚠️Requires explicit acceptance of risk for functional testing via CLI prompt or `--accept-risk` flag
Verified SafeView Analysis
The `mcp-interviewer` tool itself does not contain obvious vulnerabilities like `eval` or hardcoded secrets. Its primary security risk stems from its intended function: executing user-provided MCP server commands in a child process and invoking their tools. This inherently involves interacting with potentially untrusted external code. The project demonstrates strong security awareness by explicitly warning users about these risks in the README and CLI (e.g., `--test` flag requires `accept-risk` confirmation) and recommending running target servers in isolated containers. Adherence to these best practices is crucial for safe operation.
Updated: 2025-12-15GitHub
65
277
Low Cost
milisp icon

mcp-linker

by milisp

Sec7

A desktop GUI application for syncing and managing AI Model Context Protocol (MCP) server configurations across various AI clients and providing a marketplace for server templates.

Setup Requirements

  • ⚠️Requires Node.js 20+, Bun, and Rust toolchain for development/building.
  • ⚠️Certain features (e.g., cloud sync, team management) require user authentication via Supabase.
  • ⚠️Local MCP servers (stdio type) may require specific runtimes like Python, Node.js, or UV, which the app attempts to auto-detect/install.
  • ⚠️Relies on `git` command-line tool for cloning repositories and diffing.
Verified SafeView Analysis
The application relies on a remote API (api.mcp-linker.store) for marketplace, cloud sync, and authentication, introducing third-party dependency risks. It fetches and executes Dynamic Extension (DXT) manifests from GitHub, which are validated by a Zod schema but still represent a supply chain risk. Direct execution of external commands (git, uv, node, python, bun, claude) from user-provided or marketplace configurations expands the attack surface, though common for such tools. User configurations from deep links are parsed and then handled by the Rust backend, which is safer than direct frontend eval. Encryption keys are used for cloud sync, and strong cryptography (ring::aead) is employed in the Rust backend for data protection. Authentication uses Supabase, which should handle user credentials securely. Overall, the architecture has common risks associated with desktop apps that interact with external services and execute code, but shows efforts in mitigating some of them.
Updated: 2026-01-06GitHub
64
171
High Cost
PipedreamHQ icon

mcp-chat

by PipedreamHQ

Sec8

An AI chat application that leverages Pipedream's Model Context Protocol (MCP) to integrate with thousands of APIs and perform tool-based actions, serving as a reference for building powerful AI chat solutions.

Setup Requirements

  • ⚠️Requires a Pipedream Account and OAuth Credentials (External service dependency and setup).
  • ⚠️Requires at least one of OpenAI, Anthropic, or Google Generative AI API keys (Paid services, essential for AI functionality).
  • ⚠️Persistence features require a PostgreSQL database setup (e.g., Neon Serverless Postgres), with local development optionally using Docker.
Verified SafeView Analysis
The application employs best practices such as using `process.env` for environment variables, `bcrypt-ts` for password hashing (if credentials login is enabled), and `zod` for input validation on file uploads, storing them via `@vercel/blob`. Auth.js provides a robust authentication framework. A minor concern is `dangerouslyAllowSVG: true` in `next.config.ts` which could pose an XSS risk if SVGs from untrusted sources were allowed, though `remotePatterns` are specified to restrict domains. `ignoreBuildErrors: true` in TypeScript config is a build-time warning and not a direct security vulnerability. Overall, the security posture is good for its functionality.
Updated: 2026-01-16GitHub
64
151
Low Cost
paoloricciuti icon

tmcp

by paoloricciuti

Sec8

A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.

Setup Requirements

  • ⚠️Requires installation of a specific schema adapter (e.g., @tmcp/adapter-valibot, @tmcp/adapter-zod) corresponding to the chosen validation library.
  • ⚠️Requires installation of a specific transport (e.g., @tmcp/transport-stdio, @tmcp/transport-http) for communication.
  • ⚠️For remote/distributed deployments, a session manager (e.g., @tmcp/session-manager-redis, @tmcp/session-manager-postgres) is recommended for persistent state, requiring setup of an external database or service.
Verified SafeView Analysis
The project uses standard development practices including TypeScript, ESLint, and Prettier, which contribute to code quality and reduce common vulnerabilities. It implements JSON-RPC 2.0 and OAuth 2.1, with an emphasis on security features like PKCE and HTTPS for OAuth. Input parsing (JSON.parse) from external sources (stdin, HTTP body) is handled within try-catch blocks. While the default CORS policy for HTTP transport is permissive (`*`), it is configurable. There are no obvious signs of 'eval', obfuscation, hardcoded production secrets, or malicious patterns in the provided source code. The LLM sampling (`server.message`) requests are initiated by the server but executed by the client, with client-side user consent and controls, mitigating direct server-side LLM cost/abuse concerns.
Updated: 2026-01-19GitHub
64
433
High Cost
SylphxAI icon

pdf-reader-mcp

by SylphxAI

Sec7

Provides a robust server for AI agents to extract text, images, and metadata from PDF documents, preserving content order for better comprehension.

Setup Requirements

  • ⚠️Requires Node.js 22.0.0 or higher.
  • ⚠️The server, when processing local file paths, has read access to the file system where it is deployed, constrained by the permissions of the running Node.js process. Ensure proper sandboxing if exposing to untrusted agents.
  • ⚠️Extracting full text and especially images from large PDFs can be memory intensive, requiring adequate system resources for optimal performance and stability. The server limits PDF input size to 100MB.
Verified SafeView Analysis
The server correctly uses `path.resolve` to handle file paths, accepting both absolute and relative paths. It has robust input validation via `vex` and implements size limits (100MB) for PDF files to prevent memory exhaustion. Per-page error handling enhances reliability. No direct `eval` or command injection vulnerabilities are apparent. However, as a local file system access tool, it grants the AI agent (and thus, potentially a compromised agent or user) the ability to read any file on the system within the permissions of the running Node.js process. While this is an intended feature for an MCP server, it represents a security boundary that implementers should be aware of regarding the hosting environment and client trust.
Updated: 2025-12-17GitHub
64
154
Medium Cost
xpack-ai icon
Sec5

XPack is an open-source marketplace that enables users to create and sell their own Model Context Protocol (MCP) services.

Setup Requirements

  • ⚠️Requires Docker and Docker Compose for easy deployment.
  • ⚠️Default administrator credentials ('admin'/'123456789') are hardcoded and must be changed immediately after installation.
  • ⚠️The Docker deployment uses `privileged: true` for database and messaging containers, which is insecure for production use and should be re-evaluated or hardened.
Review RequiredView Analysis
The quick-start script uses `curl | bash` which is generally risky if the source is untrusted, though in this case it's for self-hosting the provided open-source code. The Docker Compose deployment uses `privileged: true` for MySQL, Redis, and RabbitMQ containers, which significantly reduces container isolation and is a major security concern for production environments. Default hardcoded passwords (`mysql_ZTdhRB`, `redis_6sJZDm`, `rabbitmq_Gs123dA`, `admin`/`123456789`) are present in `docker-compose.yml` and `quick-start.sh`, requiring immediate change for any non-demo deployment. The backend uses `ast.literal_eval` for parsing certain parameters, which is safer than `eval` but still requires careful validation of input to prevent unexpected code execution.
Updated: 2026-01-16GitHub
64
367
High Cost
magicyuan876 icon

mineru-tianshu

by magicyuan876

Sec8

Enterprise-grade AI data preprocessing platform for converting diverse unstructured multi-modal data (documents, images, audio, video, bioinformatics formats) into structured Markdown and JSON formats, leveraging GPU acceleration and a robust task management system with user authentication and MCP protocol integration.

Setup Requirements

  • ⚠️Requires Docker 20.10+ and Docker Compose 2.0+ for the recommended deployment.
  • ⚠️NVIDIA GPU and NVIDIA Container Toolkit are mandatory for utilizing GPU-accelerated AI engines (MinerU, PaddleOCR-VL, SenseVoice, YOLO11x, LaMa) which are central to the platform's functionality.
  • ⚠️Large AI models (totaling several GBs) are downloaded on the first run, which can take significant time and requires a stable internet connection, potentially with proxy configuration for users in certain regions.
  • ⚠️Crucial environment variables such as `JWT_SECRET_KEY` (no default in production), `RUSTFS_ACCESS_KEY`, `RUSTFS_SECRET_KEY` (insecure defaults), and `RUSTFS_PUBLIC_URL` (no default) must be properly configured for a secure and functional production deployment.
Verified SafeView Analysis
The project implements robust JWT and API Key authentication with role-based access control. The `JWT_SECRET_KEY` is correctly parameterized for production, avoiding hardcoded secrets. However, `RUSTFS_ACCESS_KEY` and `RUSTFS_SECRET_KEY` have insecure default values (`rustfsadmin`) in `docker-compose.yml`, which must be explicitly overridden in the `.env` file for production deployments. File uploads via the MCP server (Base64 or URL) are first saved to temporary files before internal API submission, a generally safe practice. Command execution through `subprocess.run` (e.g., `ffmpeg`) appears to use fixed commands with internal file paths, mitigating command injection risks. Ensure `ALLOWED_ORIGINS` is restricted in production.
Updated: 2026-01-19GitHub
64
10
Medium Cost
DavidFuchs icon

mcp-uptime-kuma

by DavidFuchs

Sec9

Provides a Model Context Protocol (MCP) interface for real-time Uptime Kuma monitoring data.

Setup Requirements

  • ⚠️Requires a running Uptime Kuma v2 instance.
  • ⚠️Requires Node.js 18+ to run directly, or Docker for containerized deployment/testing.
  • ⚠️Authentication requires Uptime Kuma URL and credentials (username/password/2FA token or JWT token) as environment variables.
Verified SafeView Analysis
No direct 'eval' or malicious patterns found. Uses Zod for input/output validation, and filters sensitive data like `steamAPIKey` from settings. CORS defaults to '*' for HTTP transport, which is common but less restrictive than specific origins. Authentication credentials are handled via environment variables.
Updated: 2025-11-29GitHub
PreviousPage 31 of 713Next