Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

0
0
High Cost
chieftecho icon

budgie

by chieftecho

Sec8

A Go-based MCP server that exposes specialized Kiro agents as sub-tools for complex task orchestration within the Kiro CLI ecosystem, with robust session management and Docker-based sandboxing.

Setup Requirements

  • ⚠️Docker is required for 'sandbox mode', which is highly recommended for security.
  • ⚠️The 'budgie-sandbox' Docker image must be pre-built: `docker build -t budgie-sandbox:latest .`
  • ⚠️Every sub-agent call (by the orchestrator) MUST include a 'directory' parameter, otherwise the call will fail.
  • ⚠️Every sub-agent JSON configuration MUST include 'fs_read' and 'fs_write' in its 'allowedTools' list for response file decoupling, which might seem counter-intuitive for agents that conceptually don't need file system access.
Verified SafeView Analysis
The server prioritizes security through its robust sandbox mode, running each sub-agent in an isolated Docker container. This provides filesystem isolation (only mounted working directory is RW), credential protection (host credentials like ~/.aws/ and ~/.ssh/ are explicitly not mounted, only kiro-cli auth is RO-mounted), and controlled execution. Each session uses a unique Docker volume for isolation and clean cleanup. The 'Mandatory directory parameter' forces explicit working directory control. However, the 'TODO' section explicitly notes the lack of a 'Prompt Sanitizer' to prevent prompt injection attacks, which is a significant acknowledged risk for a system orchestrating AI agents that can use powerful tools like 'execute_bash', 'fs_read', and 'web_fetch'. While the sandbox heavily mitigates the blast radius of such attacks, the prompt injection itself is not yet prevented at the input stage.
Updated: 2026-01-07GitHub
0
0
Medium Cost
Yogeshknaik icon

jira-mcp-server

by Yogeshknaik

Sec8

Provides tools to interact with Jira, enabling programmatic execution of JQL queries, creation/editing/deletion of tickets, and management of Jira projects and statuses.

Setup Requirements

  • ⚠️Requires Jira URL, API email, and API key configured as environment variables (JIRA_URL, JIRA_API_MAIL, JIRA_API_KEY).
  • ⚠️Requires 'npm install' to install dependencies and 'npm run build' to compile the TypeScript code.
  • ⚠️Specifically designed for use with Claude Desktop, requiring configuration in 'claude_desktop_config.json'.
Verified SafeView Analysis
Uses environment variables for sensitive Jira credentials (URL, email, API key), which is a good practice. API calls are made via the 'axios' library. No 'eval' or direct command injection patterns are present. Input parameters are used directly in API calls or JQL queries; while the server itself doesn't introduce vulnerabilities, the client (LLM) must ensure JQL and other string inputs are safe to prevent potential JQL injection. Error responses may include raw API error data, potentially exposing internal details. Attachment uploads use 'X-Atlassian-Token: no-check', a Jira-specific header.
Updated: 2025-11-23GitHub
0
0
Low Cost
Harsha-1705 icon

my-mcp-server

by Harsha-1705

Sec8

A multi-tool agent designed for web quality assurance, capable of scraping web pages, optimizing images, and creating Jira tickets for identified issues.

Setup Requirements

  • ⚠️Requires Playwright browser binaries to be installed (e.g., via 'playwright install' after pip installation).
  • ⚠️Real Jira ticket creation requires setting 'JIRA_URL', 'JIRA_EMAIL', and 'JIRA_TOKEN' environment variables.
  • ⚠️The 'create_jira_ticket' tool uses a hardcoded Jira project key ('WEB') which needs to be customized for your specific Jira instance.
Verified SafeView Analysis
The 'scrape_webpage' tool utilizes 'playwright' which launches a headless browser, interacting with potentially untrusted external web content. While 'playwright' offers sandboxing, this inherently introduces a larger attack surface compared to simple HTTP requests. However, this is necessary for its intended web scraping functionality. Sensitive Jira credentials ('JIRA_URL', 'JIRA_EMAIL', 'JIRA_TOKEN') are correctly sourced from environment variables, preventing hardcoding. No 'eval' or obvious malicious patterns are present.
Updated: 2026-01-19GitHub
0
0
High Cost
sk3tch icon

glkvm-mcp

by sk3tch

Sec6

Control KVM devices (mouse, keyboard, screenshot, OCR) directly over HTTPS with mTLS for agent-driven GUI automation on remote computers.

Setup Requirements

  • ⚠️Requires Tesseract OCR (`tesseract-ocr`) and FFmpeg (`ffmpeg`) to be installed locally on the machine running the MCP server.
  • ⚠️The target KVM device must be running Linux with USB HID gadget support and `ustreamer` for video capture, which may require specific hardware and kernel configuration.
  • ⚠️Requires a multi-step, manual process for generating and managing mutual TLS (mTLS) certificates (CA, client, and per-KVM server certs), which is complex and prone to misconfiguration.
Verified SafeView Analysis
The KVM-side HID server, which facilitates direct control of the physical device, is designed to run with root privileges to access HID gadget devices (`/dev/hidg0`, `/dev/hidg1`). A compromise of this server would grant full root access to the controlled machine, representing a critical risk. While mutual TLS (mTLS) is implemented for secure communication and authentication, the setup involves manual certificate management across multiple machines, which is prone to human error. External dependencies like `ffmpeg` and `tesseract` introduce additional attack surfaces if those binaries contain vulnerabilities or if their invocation arguments could be manipulated (though current usage appears safe). The README itself highlights the 'terrifying' ease of building such a powerful tool.
Updated: 2025-12-05GitHub
0
0
Medium Cost
zhangchark icon

jadx-mcp-server

by zhangchark

Sec8

This server acts as an MCP (Microservice Communication Protocol) proxy to a local JADX-AI-MCP Plugin, enabling programmatic interaction for Android reverse engineering tasks.

Setup Requirements

  • ⚠️Requires a JADX-AI-MCP Plugin instance running locally on a specified port (default 8650).
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Requires `fastmcp` and `httpx` Python packages to be installed.
Verified SafeView Analysis
The server connects to a JADX-AI-MCP Plugin instance that is hardcoded to run on `127.0.0.1` (localhost). This design significantly limits the direct network attack surface of the sensitive reverse engineering data it exposes. The code itself does not contain obvious malicious patterns, 'eval' usage, or hardcoded secrets. Error handling for network requests is present. The primary security risk would arise if the MCP server itself is exposed publicly without robust authentication or access controls, which is not the intended or default deployment.
Updated: 2025-11-24GitHub
0
0
Low Cost
hawkymisc icon
Sec7

Integrate Stable Diffusion image generation models with LLMs (like Claude) via the Model Context Protocol, enabling natural language control for image generation.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires a CUDA-enabled GPU (NVIDIA), Apple Silicon (MPS), or falls back to CPU (performance significantly impacted).
  • ⚠️Large Stable Diffusion models (e.g., SD3.5-large-turbo) require substantial RAM/VRAM (32GB+ RAM, 48GB+ recommended for WSL with large models).
  • ⚠️Dependencies include fastmcp, diffusers, transformers, torch, pillow, accelerate, and psutil.
Verified SafeView Analysis
The server can operate in SSE (HTTP) mode, which exposes it to the network. While FastMCP provides a framework for secure interactions, the server itself does not implement explicit authentication or authorization mechanisms, relying on the client (LLM Host) for access control. Careful deployment in a controlled network environment (e.g., localhost, behind a firewall, or with a secure proxy) is recommended if using SSE. Input validation for image sizes and other parameters is in place, and file path handling appears robust, mitigating common injection and path traversal risks. No 'eval' or hardcoded secrets were found.
Updated: 2025-12-13GitHub
0
0
Low Cost
dontpanicw icon

go-devops-mcp

by dontpanicw

Sec10

A Micro-Capability Platform (MCP) server designed to optimize routine DevOps tasks for backend developers and other users through a standardized tool interface.

Setup Requirements

  • ⚠️Requires Go runtime and dependencies (`github.com/mark3labs/mcp-go`).
  • ⚠️Designed to communicate via standard I/O (stdin/stdout), typically requiring integration with a parent process or system.
Verified SafeView Analysis
The provided source code does not contain any obvious security vulnerabilities such as hardcoded credentials, 'eval' equivalent, or direct arbitrary command execution. The server communicates via standard I/O (ServeStdio), which limits direct network exposure. Tools are added with defined parameters, suggesting a controlled execution environment. Further security would depend on the `mcp-go` library itself and any additional tools implemented in the `internal/tools` directory not provided.
Updated: 2025-11-24GitHub
0
0
Low Cost
mordang7 icon

ContextKeep

by mordang7

Sec4

Provides a standalone, persistent, and searchable long-term memory server for AI agents and tools, compatible with the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Manual copying of the generated `mcp_config.json` content into the AI client's configuration is necessary.
  • ⚠️The WebUI runs with Flask `debug=True` by default when started manually, which is a significant security risk for a network-accessible server.
Review RequiredView Analysis
The `webui.py` Flask application is configured with `debug=True` when run directly (e.g., `python webui.py`). Running a Flask application in debug mode in a production or network-accessible environment is a critical security vulnerability, as it can expose sensitive information and allow arbitrary code execution. Both the MCP server and WebUI bind to `0.0.0.0` by default, making them accessible from any network interface without explicit authentication. Data is stored locally in plain JSON files.
Updated: 2025-12-12GitHub
0
0
High Cost
burnworks icon
Sec9

A local Model Context Protocol (MCP) server designed to assist users learning web accessibility by acting as a guide, providing curated official WCAG/W3C resources and learning paths through a chatbot interface.

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher to run.
  • ⚠️Requires manual configuration within Claude Desktop's 'claude_desktop_config.json' file, specifying the full path to the compiled 'dist/index.js'.
  • ⚠️Knowledge base (topic mappings and supplements) must be maintained via local YAML and Markdown files in the 'mappings/' directory.
Verified SafeView Analysis
The server explicitly whitelists allowed URL prefixes for all external references (W3C/WAIC domains), preventing calls to untrusted external sources. It loads configuration and knowledge from local YAML and Markdown files, which is appropriate for its intended local operation. No dynamic code execution (e.g., 'eval') or hardcoded secrets were found in the provided source code. The primary security considerations revolve around ensuring the integrity of the local mapping files, which is outside the application's direct control.
Updated: 2025-11-28GitHub
0
0
Low Cost

jaeger-mcp-chart

by transform-ia

Sec9

Deploys a server that exposes Jaeger tracing data through the Model Context Protocol (MCP) for AI assistants and other tools.

Setup Requirements

  • ⚠️Requires an existing Jaeger deployment with a Query service accessible by the MCP server.
  • ⚠️Network connectivity between the MCP server and the Jaeger Query service must be ensured, potentially requiring adjustments to network policies or service configurations.
  • ⚠️The chart deploys a Kubernetes Helm chart, requiring Helm and a Kubernetes cluster for installation.
Verified SafeView Analysis
The chart promotes security best practices by configuring containers to run as non-root users, with read-only filesystems, and dropped capabilities. Network policies are also implemented to restrict ingress and egress traffic. No obvious 'eval' or malicious patterns found. The main risk would be misconfiguration of network policies or insecure Jaeger backend.
Updated: 2025-11-22GitHub
0
0
Medium Cost
alanflanders icon

gemini-grounded-mcp

by alanflanders

Sec9

An MCP server that provides a 'grounded_answer' tool, leveraging Google's Gemini API with Google Search grounding to answer factual questions and provide source citations.

Setup Requirements

  • ⚠️Requires GEMINI_API_KEY for Google Gemini API access (paid API usage applies).
  • ⚠️Requires Node.js (version 18.0.0 or higher is recommended by package.json dependencies).
Verified SafeView Analysis
The server demonstrates good security practices: GEMINI_API_KEY is loaded from environment variables or a .env file, preventing hardcoding. All console.log output is redirected to stderr to prevent stdout corruption, which is critical for JSON-RPC. Uncaught exceptions and unhandled promise rejections are handled and logged. Communication occurs over standard I/O (stdio), limiting network exposure to the expected Gemini API calls. No dangerous functions like 'eval' or unsanitized shell executions are present. The 'debug-server.js' included in the repo also follows similar safe practices.
Updated: 2025-12-13GitHub
0
0
Medium Cost
caioldcarvalho icon

whmcs-mcp

by caioldcarvalho

Sec9

Integrate WHMCS API for managing clients, tickets, orders, invoices, and services via an MCP client.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher.
  • ⚠️Requires an active WHMCS instance with API access enabled, including an API Identifier, Secret, and the MCP server's IP whitelisted in WHMCS.
  • ⚠️WHMCS API credentials (WHMCS_IDENTIFIER, WHMCS_SECRET, WHMCS_API_URL) must be configured in a local .env file.
Verified SafeView Analysis
The server uses environment variables for API credentials (WHMCS_IDENTIFIER, WHMCS_SECRET, WHMCS_API_URL), preventing hardcoding. It communicates via standard I/O (StdioServerTransport), which is generally more secure for local tools than exposing network ports. Input validation is rigorously performed using Zod schemas for all tool arguments, significantly reducing the risk of injection or malformed request vulnerabilities. Error handling prevents raw stack traces from being exposed. The primary outbound network risk is inherent to Axios calls to the configured WHMCS API endpoint, which should be secured with HTTPS and IP whitelisting on the WHMCS side.
Updated: 2026-01-16GitHub
PreviousPage 328 of 713Next