Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

64
11
Medium Cost
BiboyQG icon

WeChat-MCP

by BiboyQG

Sec8

Automate WeChat interactions on macOS for LLMs, enabling programmatic control over chat, contact management, and Moments (social feed) publishing via accessibility APIs and screen capture.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️WeChat for Mac application must be installed and actively running.
  • ⚠️Python 3.12+ is required.
  • ⚠️Requires granting Accessibility permissions to the terminal application (e.g., Terminal.app, iTerm2) in macOS System Settings, enabling it to control other applications.
Review RequiredView Analysis
The server leverages macOS Accessibility APIs and screen capture to directly control the WeChat application. This requires granting significant system-level permissions to the terminal running the server, which inherently carries a risk. While the source code does not contain 'eval', obfuscation, hardcoded secrets, or overt malicious patterns, the power of UI automation means that if a controlling LLM or user misuses the exposed tools, it could perform unintended actions within WeChat (e.g., sending messages, adding contacts, publishing posts). Trust in the LLM and careful permission management are critical.
Updated: 2025-12-12GitHub
63
194
High Cost
metorial icon
Sec8

An open source integration platform for agentic AI, connecting AI models to external APIs, data sources, and tools.

Setup Requirements

  • ⚠️Requires Docker, Bun runtime, Go runtime, PostgreSQL, Redis, and MongoDB installed and configured.
  • ⚠️GitHub App registration and configuration is necessary for SCM integration features.
  • ⚠️Designed for developers, implying a complex setup and operational overhead for self-hosting.
Verified SafeView Analysis
The project demonstrates a strong commitment to security with a dedicated Go module for Server-Side Request Forgery (SSRF) protection, explicitly used in critical network-facing TypeScript modules like `provider-oauth` and `callbacks`. Sensitive configurations (DB URLs, API keys, secrets) are managed via environment variables and robust password hashing (Bun.password). Input validation is applied, and structured protocols like gRPC are used for inter-service communication. Markdown rendering uses `rehypeSanitize` for XSS. The system's nature, involving custom code execution and external integrations, inherently requires meticulous implementation to mitigate risks, but core architectural decisions appear sound.
Updated: 2026-01-19GitHub
63
370
Medium Cost
hustcc icon

mcp-mermaid

by hustcc

Sec9

Generate Mermaid diagrams and charts from textual syntax, primarily for AI models or documentation platforms to visualize information dynamically.

Setup Requirements

  • ⚠️Requires Playwright Chromium browser engine to be installed and available in the execution environment. This is typically handled automatically by a `postinstall` script for local installations or by `npx` for on-demand CLI usage.
Verified SafeView Analysis
The server utilizes `mermaid-isomorphic` to render diagrams, which involves creating temporary CSS files in the operating system's temporary directory. Input validation is robustly handled using the Zod library, and no direct `eval` calls or other obvious malicious patterns were identified in the provided source code. For HTTP streamable transport, `cors` is configured with `origin: "*"`; while broad, this is not considered a vulnerability given the tool's specific purpose of generating diagrams from provided syntax.
Updated: 2025-12-16GitHub
63
217
Medium Cost
marcelmarais icon

spotify-mcp-server

by marcelmarais

Sec9

Enables AI assistants to control Spotify playback and manage playlists via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a Spotify Premium account for full playback control functionality.
  • ⚠️Requires creating a Spotify Developer application to obtain Client ID, Client Secret, and set a Redirect URI.
  • ⚠️Manual authentication process involving running a script (`npm run auth`) and opening a browser to authorize the application. The redirect URI must be a localhost address for automatic token exchange.
Verified SafeView Analysis
The server uses standard OAuth 2.0 for Spotify API authentication, storing tokens and client secrets in a local `spotify-config.json` file. It enforces `localhost` for the redirect URI during the authorization flow, preventing token leakage to external domains. OAuth state parameter is generated and verified to protect against CSRF. While the configuration file stores sensitive tokens unencrypted, this is a common practice for local applications and the file is explicitly excluded from version control in examples. No 'eval' or malicious patterns were found in the source code.
Updated: 2026-01-12GitHub
63
269
High Cost
metorial icon

metorial-index

by metorial

Sec7

A background service that builds and maintains a comprehensive public catalog of Model Context Protocol (MCP) servers, enriching their metadata through automated fetching from repositories and AI-driven content generation.

Setup Requirements

  • ⚠️Requires GITHUB_TOKEN environment variable (Personal Access Token for GitHub API access).
  • ⚠️Requires OPENAI_API_KEY environment variable (Paid OpenAI API calls, potentially expensive depending on usage).
  • ⚠️The 'start' script (`prisma db push --force-reset`) will reset the database on every execution, leading to data loss if not handled externally.
  • ⚠️Relies on 'bun' as the package manager and runtime environment.
Verified SafeView Analysis
The project relies on environment variables for sensitive API keys (GitHub, OpenAI), which is a good practice. It processes external YAML files and feeds their content to an AI model for generation. While `yaml.parse` is generally safer than `yaml.load` for untrusted input, large or malformed YAML could potentially cause resource exhaustion or unexpected behavior. No direct remote code execution vulnerabilities are apparent in the provided code, but careful input validation is crucial when interacting with external content and APIs.
Updated: 2025-12-31GitHub
63
99
Medium Cost
aliyun icon
Sec8

Orchestrates various AlibabaCloud ACK and Kubernetes management, observability, and diagnostic tools into a unified AI-native toolset, enabling AI agents to interact with and manage container services through natural language.

Setup Requirements

  • ⚠️Requires Alibaba Cloud Access Key ID and Secret with specific RAM permissions (CS, Log, ARMS read-only minimum).
  • ⚠️Requires Python 3.12+ and a running Kubernetes cluster (preferably Alibaba Cloud ACK) accessible from the server.
  • ⚠️The `kubectl` command-line tool must be installed and configured in the environment for `ack_kubectl` functionality.
Verified SafeView Analysis
The server can execute arbitrary `kubectl` commands, including mutating operations, if `--allow-write` is enabled. It implements command filtering to prevent interactive commands and restrict write operations when `allow_write` is false. Sensitive credentials (Access Key ID/Secret) are configured via environment variables or command-line arguments, not hardcoded. Users should carefully manage the `--allow-write` flag due to the powerful capabilities granted to the AI agent.
Updated: 2026-01-15GitHub
63
255
High Cost
claude-did-this icon

MCPControl

by claude-did-this

Sec6

A Windows control server for the Model Context Protocol, enabling AI models to programmatically control system operations such as mouse, keyboard, window management, and screen capture.

Setup Requirements

  • ⚠️Supports Windows only.
  • ⚠️The `keysender` provider requires native build tools (VC++ workload, Python for node-gyp) to compile native modules.
  • ⚠️The `autohotkey` provider requires AutoHotkey v2.0+ to be installed on the system.
  • ⚠️Optimal click accuracy is achieved in a virtual machine at 1280x720 resolution, suggesting potential issues at other resolutions or multi-monitor setups.
  • ⚠️HTTPS/TLS certificates are mandatory for production deployments for secure remote access.
Review RequiredView Analysis
This software grants AI models direct, programmatic control over the operating system's UI (mouse, keyboard, window management, screen capture), which is an inherently high-risk capability. The AutoHotkey provider executes dynamically generated scripts via `execSync`, which is a powerful and potentially risky operation. While strong input validation (Zod schemas, detection of dangerous key combinations) and mandatory HTTPS for remote production deployments are implemented to mitigate risks, the fundamental nature of the tool requires extreme caution. The project explicitly warns users of its experimental and potentially dangerous nature.
Updated: 2025-12-02GitHub
63
223
Medium Cost
carterlasalle icon

mac_messages_mcp

by carterlasalle

Sec7

Enables AI assistants to interact with the macOS Messages app for reading, sending, and searching messages, including universal messaging capabilities with SMS/RCS fallback.

Setup Requirements

  • ⚠️Requires macOS 11+ and the Messages app to be configured and active.
  • ⚠️Requires 'Full Disk Access' permission for the terminal application or AI assistant in macOS System Settings.
  • ⚠️Requires Python 3.10+ and the 'uv' package manager to be installed first.
Verified SafeView Analysis
The application requires 'Full Disk Access' permission on macOS for the terminal or AI application, which grants high privileges and should be granted with caution. It interacts with macOS system services (AppleScript) and SQLite databases. While efforts are made to sanitize user inputs for AppleScript commands using string replacement to prevent injection, and parameterized queries are used for SQLite, direct interaction with shell commands (`subprocess.run(cmd, shell=True)`) in `get_addressbook_contacts_subprocess` is generally discouraged even if the command string is static. If exposed via `mcp-proxy` for Docker, binding to `0.0.0.0` is a network security risk if not properly restricted or authenticated in production.
Updated: 2026-01-18GitHub
62
191
Medium Cost
dynatrace-oss icon

dynatrace-mcp

by dynatrace-oss

Sec9

The Dynatrace MCP Server allows AI Assistants to interact with the Dynatrace observability platform, bringing real-time observability data directly into development workflows for contextual debugging, security insights, and automation.

Setup Requirements

  • ⚠️Requires a valid Dynatrace Platform Environment URL (DT_ENVIRONMENT).
  • ⚠️Interactive OAuth 2.0 Authorization Code Flow requires human intervention to open a browser and grant access if no other authentication credentials are provided.
  • ⚠️Using capabilities that query Dynatrace Grail (e.g., `execute_dql`) may incur additional costs based on data scanned. The server includes budget tracking (DT_GRAIL_QUERY_BUDGET_GB) but vigilance is advised.
Verified SafeView Analysis
The server implements OAuth 2.0 flows (Client Credentials and Authorization Code with PKCE) for authentication, using `node:crypto` for secure random generation and hashing. Secrets are expected via environment variables, and the OAuth client ID for the interactive flow is a hardcoded non-secret identifier. A temporary local HTTP server is started for OAuth redirect handling, binding to localhost or a Codespaces-forwarded URL, which is a standard pattern for interactive flows. No `eval` or obvious malicious code patterns were found. The project is open-source, promoting transparency.
Updated: 2026-01-19GitHub
62
75
Low Cost
Intina47 icon

context-sync

by Intina47

Sec8

Context Sync provides AI systems with persistent, queryable memory across all development tools, sessions, and projects, allowing AI to remember codebase details, architectural decisions, and conversation history.

Setup Requirements

  • ⚠️Requires Node.js 16+.
  • ⚠️Notion integration requires a Notion API token and sharing specific pages with the integration.
  • ⚠️Restarting your AI tool (e.g., Claude Desktop, Cursor, VS Code) is often required after installation or configuration changes.
Verified SafeView Analysis
The server operates locally, minimizing network exposure. File operations include path validation and size limits, and require explicit user approval for writes/deletes. Git integration uses `execSync` for external commands, which is a potential risk vector but is constrained to `git` commands and attempts to sanitize inputs using quoted paths. No hardcoded secrets were identified; Notion API keys are expected to be user-configured. The architecture is 'local-first' and 'open source' promoting transparency and user control over data.
Updated: 2026-01-10GitHub
62
107
Medium Cost
BingoWon icon

apple-rag-mcp

by BingoWon

Sec9

Provides a comprehensive RAG (Retrieval-Augmented Generation) server for AI agents to search and retrieve content from Apple's developer documentation and WWDC transcripts.

Setup Requirements

  • ⚠️Requires an external PostgreSQL database with pgvector extension for RAG data storage.
  • ⚠️Requires a Cloudflare D1 database for authentication, rate limiting, and logging, configured via Wrangler bindings.
  • ⚠️Requires a DeepInfra API key (a paid service) for embedding generation and AI reranking.
  • ⚠️Designed to be deployed as a Cloudflare Worker, requiring a Cloudflare account and Wrangler CLI setup.
Verified SafeView Analysis
The server uses Cloudflare Workers, which provides a secure execution environment. Sensitive configurations (API keys, database credentials) are correctly handled via environment variables (Cloudflare Secrets) and not hardcoded. Database interactions use parameterized queries via 'postgres' library, reducing SQL injection risks. Input validation for URLs and queries is in place, and URL normalization helps prevent malformed requests. Logging includes user and request details for auditing. Dual-model fallback for reranking adds resilience. Background D1 writes ensure logging does not block the main request, enhancing performance and stability.
Updated: 2025-12-08GitHub
62
503
High Cost
cyberkaida icon
Sec8

Provides an MCP (Model Context Protocol) server to expose Ghidra's reverse engineering capabilities for AI models and automated binary analysis in a headless environment.

Setup Requirements

  • ⚠️Requires a pre-existing Ghidra installation with `GHIDRA_INSTALL_DIR` environment variable set.
  • ⚠️Requires building the Java Ghidra extension with Gradle and manual installation of the resulting .zip file into Ghidra.
  • ⚠️Requires Java 21 Runtime Environment.
  • ⚠️Requires Python and specific dependencies via `pip install -r tests/requirements.txt`.
Verified SafeView Analysis
The MCP server is a network service, which carries inherent risks. However, it provides API key authentication, which should be enabled for production use. No obvious 'eval' or hardcoded secrets were found in the provided source code. Tool operations are primarily interactions with Ghidra's robust APIs within a transaction management system.
Updated: 2026-01-19GitHub
PreviousPage 32 of 713Next