Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

62
19
High Cost
CooperCyberCoffee icon

opencti_mcp_server

by CooperCyberCoffee

Sec9

Connects Claude Desktop to OpenCTI's threat intelligence platform for AI-augmented threat intelligence analysis and reporting, enabling natural language queries and context-aware responses.

Setup Requirements

  • ⚠️Requires Claude Desktop for MCP integration.
  • ⚠️Requires OpenCTI 6.x instance.
  • ⚠️Requires Claude Pro subscription (if using cloud LLM) or local LLM (e.g., Ollama) running for AI analysis.
Verified SafeView Analysis
Comprehensive security audit report is provided within the codebase. The project implements multi-layered security controls including TLP filtering (server-side and client-side), robust input validation (against SQL/XSS/template injection, path traversal, null bytes), secure configuration practices (e.g., `yaml.safe_load()`), rate limiting, and detailed audit logging with SHA256 integrity hashing for tamper detection. Default network binding is `127.0.0.1` (localhost only). Dependencies are actively monitored for CVEs and explicitly updated (e.g., `cryptography` CVE fixes in v0.4.2). Parameter sanitization is performed before logging sensitive data.
Updated: 2025-11-29GitHub
62
112
Low Cost
VectifyAI icon

pageindex-mcp

by VectifyAI

Sec8

This MCP server acts as a bridge, enabling LLM-native, reasoning-based RAG on documents (local or online PDFs) for MCP-compatible agents like Claude and Cursor, without requiring a vector database locally.

Setup Requirements

  • ⚠️Requires Node.js >=18.0.0
  • ⚠️Requires OAuth authentication with the PageIndex service, involving a browser redirect.
  • ⚠️Relies on connection to a remote PageIndex API ('https://chat.pageindex.ai' by default).
  • ⚠️Document size limit of 100MB for PDF processing.
Verified SafeView Analysis
The server uses standard OAuth 2.1 for authentication, involving a temporary local HTTP server for callback and storing tokens with restrictive file permissions (0o600). It handles local and remote PDF uploads, performing validation (size, PDF magic bytes) to mitigate risks, and uploads files via signed URLs to a remote PageIndex API. No 'eval', code obfuscation, or hardcoded secrets were identified. The primary network risks are inherent in fetching external PDFs and relying on the security of the remote PageIndex API, though the local server includes validation steps.
Updated: 2026-01-19GitHub
62
61
Medium Cost
skilder-ai icon

skilder

by skilder-ai

Sec9

Skilder is an infrastructure layer for AI agent tooling, providing a private tool registry with embedded runtimes that works across any agent environment.

Setup Requirements

  • ⚠️Requires Docker to run the entire platform.
  • ⚠️A one-time setup step (`npm run setup-local`) is required to generate cryptographic keys, which depends on Node.js locally.
  • ⚠️Local development requires Node.js v22+.
Verified SafeView Analysis
The system demonstrates a strong focus on security. Cryptographic keys (JWT and NATS operator keys) are generated and managed securely outside the repository (`dev/.docker-keys/`) with strict file permissions, or via Docker volumes in production, preventing hardcoded secrets. Authentication enforces database-verified workspace access, mitigating stale token issues. Rate limiting is implemented for API calls, OAuth, and key validation. OAuth uses encryption for client secrets and a nonce-based state service for CSRF protection. GraphQL subscriptions include periodic re-validation of user access. While `whitelist=0.0.0.0/0` is used for Dgraph Alpha in development, production `docker-compose.yml` uses more restrictive IP whitelisting. No `eval` or intentional obfuscation was found.
Updated: 2025-12-14GitHub
62
223
High Cost
azure-ai-foundry icon

mcp-foundry

by azure-ai-foundry

Sec2

A Model Context Protocol (MCP) server for Azure AI Foundry, providing a unified set of tools for interacting with Azure AI models, knowledge bases (AI Search), evaluation services, and finetuning operations.

Setup Requirements

  • ⚠️Requires 'uv' (universal Python package manager) for execution.
  • ⚠️Requires Azure CLI to be installed and configured for Azure resource management tools.
  • ⚠️Extensive Azure cloud service dependencies (Azure AI Search, Azure OpenAI, Azure AI Project, Azure Cognitive Services) requiring active subscriptions and API keys/credentials.
  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Setting `SWAGGER_PATH` environment variable is required for dynamic Swagger tool registration.
Review RequiredView Analysis
CRITICAL: The `az` helper function, used by `mcp.tool` functions like `create_azure_ai_services_account` and `create_foundry_project`, directly passes user-controlled `subscription_id` and `resource_group` parameters to `subprocess.run` without sufficient sanitization. This creates a severe command injection vulnerability. CRITICAL: The dynamic Swagger tool execution (`swagger.py`) uses `url.replace(placeholder, str(param_value))` to construct URLs from path parameters without URL encoding. This allows for URL injection/path traversal if `param_value` contains malicious characters (e.g., `/../` or encoded slashes).
Updated: 2025-11-19GitHub
62
114
Low Cost
marcuspat icon

turbo-flow-claude

by marcuspat

Sec8

An advanced agentic development environment designed for AI-powered coding, orchestration, and quality assurance, facilitating complex software development workflows.

Setup Requirements

  • ⚠️Requires API keys for Anthropic, OpenRouter, Google Gemini, OpenAI, Grok (for PAL MCP and Claudish)
  • ⚠️Node.js (LTS, v20+) is required
  • ⚠️Git is required for cloning and agent management
  • ⚠️DevPod needs to be installed for cloud/remote workspace setup (macOS: brew install, Windows: choco install, Linux: curl script)
  • ⚠️PAL MCP server requires manual `.env` file configuration after setup
  • ⚠️Playwright requires installation of browser binaries
  • ⚠️Python tools (uv, specify-cli) are installed via `uv`
Verified SafeView Analysis
The project emphasizes 'Verification-First Development' and 'Byzantine Fault Tolerance' within its agentic workflows, includes dedicated security agents (e.g., `github-security-manager`, `qe-security-scanner`), and has a security policy for vulnerability reporting. API keys for various AI models (Anthropic, OpenAI, Gemini, Grok, OpenRouter, n8n) are explicitly documented to be configured via environment variables (e.g., in `.env` files for PAL MCP), which is a good practice. The `claude --dangerously-skip-permissions` option is noted as an explicit user choice. Overall, the environment is designed with a strong security posture and provides tools for secure development, but ultimate safety depends on user configuration and operational practices.
Updated: 2026-01-18GitHub
62
157
Low Cost
notargs icon

UnityNaturalMCP

by notargs

Sec7

Integrates Unity Editor with Model Context Protocol (MCP) clients like AI coding assistants, enabling direct execution of Unity C# tools from these clients.

Setup Requirements

  • ⚠️Requires Unity 6000.0 or later.
  • ⚠️Requires Node.js 18.0.0 or later for the 'mcp-stdio-to-streamable-http' proxy if not using Streamable HTTP directly.
  • ⚠️Requires specific Unity packages (UniTask, NugetForUnity) and NuGet packages (System.Text.Json, ModelContextProtocol, Microsoft.Extensions.DependencyInjection), with ModelContextProtocol being in preview.
  • ⚠️WSL2 setup requires specific '.wslconfig' and caution regarding binding IP to '*' in Unity settings.
Verified SafeView Analysis
The server explicitly mentions a cautionary setup step for WSL2 that involves binding the IP address to '*' (all interfaces), which is generally not recommended for security unless properly firewalled. The project is also noted as being in 'preview stage', which often implies less mature security hardening. No direct 'eval' or malicious patterns were observed in the provided snippets.
Updated: 2026-01-19GitHub
62
61
Medium Cost
AlpinAI icon

2ly

by AlpinAI

Sec9

Skilder is an infrastructure layer for AI agent tooling, providing a private tool registry and embedded runtimes for integrating with various agent frameworks and custom tools.

Setup Requirements

  • ⚠️Requires Docker for deployment (local or production).
  • ⚠️Node.js v22+ is required for local development.
  • ⚠️Requires initial generation of cryptographic keys via `npm run setup-local` (or `sh ./generate-keys.sh`) for local development, which are then stored in `dev/.docker-keys/`.
  • ⚠️Relies on NATS and Dgraph as core infrastructure components, which are managed via Docker Compose.
Verified SafeView Analysis
The project demonstrates robust security practices for a distributed system, including the use of generated cryptographic keys for JWTs and NATS, strong password hashing (scrypt with peppering), and database-backed access validation for tokens (mitigating stale token issues). It features distributed rate limiting for API keys and OAuth initiation. GraphQL subscriptions are periodically re-validated for workspace access, which is a commendable measure against permission revocation during active sessions. While development configurations expose certain services (e.g., Dgraph, NATS Dashboard) and use broad CORS settings (origin: '*'), these are explicitly for development and should be hardened for production deployment.
Updated: 2025-12-14GitHub
62
29
Low Cost
buremba icon

1mcp

by buremba

Sec9

Orchestrates AI agent tool calls by executing JavaScript/TypeScript code in a WASM sandbox, reducing LLM context bloat and managing security policies.

Setup Requirements

  • ⚠️Requires Node.js version >=22.0.0.
  • ⚠️Initial setup requires network access to download WASM runtimes (QuickJS/Pyodide) from CDN.
  • ⚠️Python dependencies must be 'wheel-only' (no native extensions or sdists) and compatible with Pyodide.
Verified SafeView Analysis
The project demonstrates robust security considerations with a multi-layered approach, including WASM sandbox isolation (QuickJS/Pyodide), cryptographic signing of execution capsules (Ed25519), and double-enforcement of network and filesystem policies (browser and server). Path traversal protections and IP literal blocking are implemented. The specification indicates that critical security issues identified in development have been addressed. However, it notes that upstream MCP servers are fully trusted by the relay server (requiring external security measures for those services) and current rate limiting is basic (queue depth of 100). Code execution uses `vm.evalCode` within the sandboxed runtime, which is controlled by the capsule builder.
Updated: 2025-12-08GitHub
61
17
Medium Cost
cardmagic icon

messages

by cardmagic

Sec9

Fuzzy search and browse Apple Messages (iMessage/SMS) from the command line or as an MCP server.

Setup Requirements

  • ⚠️Requires macOS operating system.
  • ⚠️Requires Node.js version 22 or higher.
  • ⚠️Requires 'Full Disk Access' permission for your terminal application to read `~/Library/Messages/chat.db`.
Verified SafeView Analysis
The server primarily operates locally, reading from the Apple Messages database (`~/Library/Messages/chat.db`) and AddressBook, then building local search indexes in `~/.messages/`. It uses `better-sqlite3` in read-only mode for the source databases, which is a good security practice. The `node-typedstream` library handles parsing binary blobs for message content, which is a potential, but non-obvious, vector for malformed data. The MCP server uses `StdioServerTransport`, meaning communication is over standard I/O, not a network, reducing network-based attack surfaces. No `eval` or obvious hardcoded secrets were found. The most significant security consideration is the explicit requirement for 'Full Disk Access' permission for the terminal, which grants broad access but is necessary for its core functionality and is a user-controlled setting.
Updated: 2026-01-18GitHub
61
97
Low Cost
emqx icon
Sec9

The TypeScript SDK facilitates the implementation of Model Context Protocol (MCP) over MQTT for creating AI-integrable servers and clients, enabling LLMs to discover and interact with external services and tools.

Setup Requirements

  • ⚠️Requires Node.js >= 18
  • ⚠️Project must be configured to use ES modules (`"type": "module"` in package.json)
  • ⚠️Requires an MQTT broker to be running and accessible (e.g., locally or a public broker)
Verified SafeView Analysis
The source code appears to follow good security practices. It extensively uses Zod schemas for input validation, which helps prevent malformed requests and potential injection vulnerabilities. Message parsing uses `JSON.parse`, which is safe for valid JSON. There are no explicit uses of `eval`, `child_process.exec`, or other dynamic code execution mechanisms. Sensitive information like MQTT credentials (username, password) are expected to be provided by the user during configuration and are not hardcoded. The SDK uses `nanoid` for generating unique IDs, which is cryptographically strong. MQTT 5.0 features are leveraged to enhance connection robustness. The error handling mechanism also appears to prevent excessive internal detail leakage. The `RELEASING.md` indicates secure npm publishing via OIDC, reflecting a general security awareness.
Updated: 2026-01-19GitHub
61
361
High Cost
prajwalshettydev icon

UnrealGenAISupport

by prajwalshettydev

Sec2

The plugin enables large language models (LLMs) to programmatically interact with and control Unreal Engine, facilitating generative AI applications in game development, such as spawning objects, manipulating scenes, and generating blueprints or Python scripts.

Setup Requirements

  • ⚠️Requires `mcp[cli]` Python package installation.
  • ⚠️Requires Unreal Engine's Python Editor Script Plugin to be enabled.
  • ⚠️For DeepSeek reasoning model, Unreal Engine HTTP timeouts must be increased (e.g., `HttpConnectionTimeout=180`, `HttpReceiveTimeout=180` in `DefaultEngine.ini`).
  • ⚠️Requires `PS_<ORGNAME>` environment variables for API keys (e.g., `PS_OPENAIAPIKEY`, `PS_ANTHROPICAPIKEY`, etc.).
  • ⚠️Requires manual configuration of `claude_desktop_config.json` or `.cursor/mcp.json` file in specific user/project directories.
Review RequiredView Analysis
The MCP server (`mcp_server.py`) acts as a bridge, forwarding LLM-generated Python scripts to the Unreal Engine's Python interpreter (`unreal_socket_server.py`). The `handle_execute_python` function in `python_commands.py` executes these scripts using `exec(f.read())` on temporary files without sufficient sandboxing or robust input validation. This creates a severe remote code execution (RCE) vulnerability, allowing an LLM (if compromised or intentionally misdirected) to run arbitrary Python code within the Unreal Editor's environment. The `is_potentially_destructive` check is a weak heuristic and easily bypassable. The README explicitly warns about security risks, indicating this is a known, inherent risk of the design.
Updated: 2026-01-04GitHub
61
350
Medium Cost
nwiizo icon

tfmcp

by nwiizo

Sec9

A CLI tool and MCP server that enables LLMs to analyze, manage, and operate Terraform configurations and infrastructure environments.

Setup Requirements

  • ⚠️Requires Rust 1.85.0+ (Edition 2024) for compilation.
  • ⚠️Terraform CLI must be installed and available in the system's PATH.
  • ⚠️Dangerous operations (like 'apply' and 'destroy') are disabled by default and require setting the TFMCP_ALLOW_DANGEROUS_OPS environment variable to 'true'.
Verified SafeView Analysis
The server implements robust security controls by default. Dangerous operations (apply/destroy) are disabled, sensitive file patterns are blocked (e.g., 'prod*', 'secret*'), and a maximum resource limit is enforced. All operations are subject to audit logging. The code also includes internal secret detection patterns for Terraform configurations to warn users of potential hardcoded secrets. Policies can be customized via environment variables, requiring users to explicitly opt-in to less secure behaviors. There are no obvious 'eval' or obfuscation patterns.
Updated: 2025-12-28GitHub
PreviousPage 33 of 713Next