Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

61
111
Low Cost
YuzeHao2023 icon

MCP-oura

by YuzeHao2023

Sec9

Provides language models with access to Oura API health data (sleep, readiness, resilience) via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires an Oura API Personal Access Token (obtained from Oura Developer Portal).
  • ⚠️Requires Python 3.12 or newer.
  • ⚠️Intended for integration with Model Context Protocol (MCP) compatible language models like Claude for Desktop.
Verified SafeView Analysis
The server retrieves the Oura API token from environment variables, which is a good security practice. It uses `httpx` for external API calls, and the data transformation logic does not appear to introduce direct security vulnerabilities. No usage of `eval`, obfuscation, or other immediately malicious patterns were found. Error handling is present, returning human-readable messages.
Updated: 2025-12-21GitHub
61
148
Medium Cost
gbrigandi icon

mcp-server-wazuh

by gbrigandi

Sec8

This Rust-based server acts as a bridge between a Wazuh SIEM system and applications requiring contextual security data, especially for AI assistants using the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Wazuh server (v4.12 recommended) with its API and Indexer accessible.
  • ⚠️Critical environment variables for Wazuh API and Indexer credentials must be configured (e.g., in a `.env` file or directly in the shell).
  • ⚠️The default `WAZUH_VERIFY_SSL=false` is insecure; for production, it must be explicitly set to `true` with valid SSL certificates.
Verified SafeView Analysis
The server's tools primarily provide read-only access to Wazuh data, limiting the impact of potential misuse. It properly externalizes sensitive credentials to environment variables. However, the default setting of `WAZUH_VERIFY_SSL=false` for Wazuh API and Indexer connections is explicitly insecure and should be set to `true` in production environments after ensuring proper certificate validation.
Updated: 2025-12-12GitHub
61
62
Low Cost
shinpr icon

mcp-local-rag

by shinpr

Sec9

Local RAG server for developers enabling private, offline semantic search with keyword boosting on personal or project documents (PDF, DOCX, TXT, MD, HTML).

Setup Requirements

  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Initial ~90MB embedding model download on first run (takes 1-2 minutes) before it can operate fully offline.
  • ⚠️The `BASE_DIR` environment variable MUST be set to define the root directory for searchable documents, acting as a critical security boundary.
  • ⚠️Changing the `MODEL_NAME` requires deleting the LanceDB database (`DB_PATH`) and re-ingesting all documents due to incompatible vector dimensions.
Verified SafeView Analysis
The server demonstrates strong security practices for a local RAG solution. It explicitly prevents path traversal attacks (S-002) by validating file paths against a defined `BASE_DIR` and ensuring they are absolute. All processing is local (S-001), with the only external network communication being the initial (cached) download of the embedding model from HuggingFace. Sensitive data (document content, search queries) is confirmed not to be logged (S-003), and stack traces are suppressed in production environments (S-004). No hardcoded secrets were found. The use of `isEvalSupported: false` in the PDF parser is a good practice. Overall, the security measures are well-implemented and tested.
Updated: 2026-01-17GitHub
61
227
Low Cost
EvalsOne icon

MCP-connect

by EvalsOne

Sec1

A lightweight bridge service that exposes local MCP servers as HTTP APIs, enabling cloud AI tools and agents to interact with various local MCP services via Streamable HTTP or a classic request/response bridge.

Setup Requirements

  • ⚠️Requires Node.js >= 22.0.0 and npm/yarn for local execution.
  • ⚠️Requires `AUTH_TOKEN` to be set for secure operation; defaults to unauthenticated access, which is a major security risk.
  • ⚠️Requires an E2B API Key (`E2B_API_KEY`) for cloud sandbox deployment, along with a Python 3.8+ environment (`pip install -r requirements.txt`).
  • ⚠️The `serverPath` in the `/bridge` endpoint or `command` in `mcp-servers.json` allows arbitrary command execution. Proper whitelisting, sanitization, or containerization is essential when exposing this service to untrusted input.
Review RequiredView Analysis
CRITICAL VULNERABILITIES: The `/bridge` endpoint allows an unauthenticated or authenticated client to specify an arbitrary `serverPath` in the request body. If this `serverPath` is a command (e.g., `rm -rf /`), the `MCPClientManager` will directly execute it via `StdioClientTransport`. This is a direct command injection vulnerability. Additionally, the `AUTH_TOKEN` environment variable defaults to an empty string, meaning the server runs unauthenticated by default. This allows any client to make calls, including exploiting the command injection. The `deploy/e2b/sandbox_deploy.py` script also fetches `startup.sh` and other configuration from a `remote_base` URL by default, which introduces a supply chain risk if the remote source is compromised. Sensitive environment variables like `N8N_API_KEY` can be included in `mcp-servers.json` and are handled via environment variable resolution, requiring careful management to prevent leaks.
Updated: 2025-12-11GitHub
60
181
Low Cost
natsukium icon

mcp-servers-nix

by natsukium

Sec9

Provides a Nix-based configuration framework for Model Control Protocol (MCP) servers with ready-to-use packages and reproducible deployments.

Setup Requirements

  • ⚠️Requires Nix package manager. Users unfamiliar with Nix will have a learning curve for setup and usage.
  • ⚠️Developing or extending the framework for custom servers may require Node.js/npm and TypeScript knowledge (as indicated by the 'package-lock.json' for 'slite-mcp-server').
  • ⚠️Specific MCP server modules configured by this framework will have their own runtime dependencies (e.g., Python for some tools, specific binaries) that need to be met.
Verified SafeView Analysis
The repository leverages Nix, which inherently promotes reproducible and isolated builds, reducing supply chain risks. It explicitly addresses security concerns regarding credentials by recommending `envFile` or `passwordCommand` instead of hardcoding sensitive information directly into Nix store-readable attributes. The provided `toml-inline-gen.py` and `update.sh` scripts are straightforward and do not contain obvious 'eval' or malicious patterns. While `package-lock.json` lists various dependencies (including dev tools like `eslint`, `vitest`, `typescript`), without access to the full source code of the individual MCP servers, a complete deep dive into potential vulnerabilities of all transitive dependencies isn't possible, but the framework itself demonstrates good security awareness and practices for its configuration role.
Updated: 2026-01-19GitHub
60
291
High Cost
Shy2593666979 icon

AgentChat

by Shy2593666979

Sec2

An AI Agent platform for building, deploying, and managing AI assistants that integrate various tools, Large Language Models (LLMs), knowledge bases (RAG), and Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Docker (v20.10+) and Docker Compose (v2.0+) for deployment.
  • ⚠️Requires various paid AI/tool API keys (e.g., OpenAI, Anthropic, Tavily, Alibaba Cloud, AMap) to enable full functionality.
  • ⚠️The `convert_to_pdf` tool implicitly requires LibreOffice to be installed in the backend environment/Docker image.
Review RequiredView Analysis
Critical vulnerability due to `exec()` of potentially user-controlled Python code for custom agents (`src/backend/agentchat/services/autobuild/client.py`) without clear sandboxing mechanisms. High risk from a hardcoded default JWT secret (`src/backend/agentchat/api/JWT.py`) and various default API keys in `config.yaml` (e.g., AMap, Tavily, Alibaba Cloud Delivery, various LLMs) that could be active if not overridden. The use of MD5 hashing for passwords (`src/backend/agentchat/api/services/user.py`) is insecure. Command execution via `subprocess.run` for the `convert_to_pdf` tool is present, though its current usage appears constrained.
Updated: 2026-01-12GitHub
60
7
Low Cost
ulasbilgen icon

mcp2skill-tools

by ulasbilgen

Sec4

Enables AI coding assistants like Claude Code to interact with various Model Context Protocol (MCP) servers and their tools via a unified REST API gateway.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 and npm >= 9.0.0.
  • ⚠️The `mcp2rest` daemon must be running for `mcp2scripts` or generated skills to function.
  • ⚠️For production deployments, `mcp2rest` requires a reverse proxy with authentication (e.g., Nginx, Caddy) to prevent unauthenticated arbitrary code execution if exposed to a public network. Default host `localhost` is safe for development.
  • ⚠️Using `mcp2rest service install` will configure it as a PM2 service, which requires PM2 to be available (implicitly handled by `npx pm2`).
Verified SafeView Analysis
The `mcp2rest` gateway allows dynamic addition of new MCP servers via its `POST /servers` REST API endpoint. When a server is added, `mcp2rest` executes `npx <package> [args]` to spawn the MCP server process. If the `mcp2rest` API is exposed on a public network (e.g., by configuring `--host 0.0.0.0`) *without a protective reverse proxy and authentication*, an attacker could use the `POST /servers` endpoint to add and execute arbitrary `npm` packages with arbitrary arguments, leading to remote code execution on the host machine. The documentation explicitly warns that 'Production users should put gateway behind reverse proxy (nginx) with auth.' This is a critical security step that is left to the user. Additionally, API keys and sensitive environment variables are stored in plaintext in `~/.mcp2rest/config.yaml`, necessitating secure file permissions.
Updated: 2025-11-25GitHub
60
80
High Cost
ankimcp icon

anki-mcp-server

by ankimcp

Sec9

This server seamlessly integrates Anki with AI assistants via the Model Context Protocol (MCP), enabling natural language interaction, dynamic note creation/editing, and interactive review sessions.

Setup Requirements

  • ⚠️Requires Anki desktop application with the AnkiConnect plugin installed and running.
  • ⚠️Requires Node.js version 20 or higher.
  • ⚠️Using the optional remote mode via ngrok requires a separate global ngrok installation (`npm install -g ngrok`) and a configured ngrok auth token.
Verified SafeView Analysis
The server includes an `OriginValidationGuard` to prevent DNS rebinding attacks on its HTTP interface, validating `Origin` and `Referer` headers against configurable allowed patterns (defaulting to localhost/127.0.0.1). Communication with Anki is handled via the local AnkiConnect plugin, limiting network exposure. The optional `ngrok` integration for public access is opt-in and requires the user to perform external setup, placing responsibility on the user. No hardcoded secrets were identified.
Updated: 2026-01-15GitHub
60
165
High Cost
alexei-led icon

aws-mcp-server

by alexei-led

Sec7

The AWS MCP Server allows AI assistants to execute AWS CLI commands and access AWS environment context, providing a powerful interface for cloud management and automation.

Setup Requirements

  • ⚠️Requires AWS CLI to be installed and configured with valid credentials.
  • ⚠️Requires Python 3.13+.
  • ⚠️Docker is highly recommended for enhanced security and a consistent execution environment.
Verified SafeView Analysis
The server *directly executes* AWS CLI commands via subprocess without application-layer command filtering, relying entirely on the host's IAM policies for authorization. It includes strong OS-level sandboxing (Landlock/Bubblewrap/Seatbelt) and recommends Docker hardening (read-only filesystem, dropped capabilities, PID limits) to mitigate host-level risks. However, a permissive IAM policy could allow the AI to perform destructive or unintended actions, as the server does not perform command validation beyond ensuring it's an 'aws' command. No hardcoded secrets or 'eval' patterns found.
Updated: 2025-12-02GitHub
60
8
Low Cost
iceener icon
Sec7

Control a Tesla vehicle remotely via the Tessie API using the Model Context Protocol (MCP) for AI agents.

Setup Requirements

  • ⚠️Requires a Tessie account and API access token, which is a paid service.
  • ⚠️Requires your Tesla vehicle's VIN to be configured as an environment variable.
  • ⚠️For Cloudflare Worker deployment, a KV namespace (`TOKENS`) must be created and configured in `wrangler.toml`.
  • ⚠️A random bearer token must be generated and configured (`BEARER_TOKEN`) for client authentication to the MCP server.
Verified SafeView Analysis
The server employs good practices for secret management (environment variables), encryption (AES-256-GCM for storage), and logging (redacting sensitive data). Client authentication uses a bearer token, which is validated against an environment variable. However, a critical security risk for production deployments is that the `isAllowedOrigin` function in `src/shared/mcp/security.ts` currently returns `true` for all origins, effectively disabling origin validation. The `README.md` explicitly warns about this, emphasizing the deployer's responsibility to harden the HTTP layer with proper token validation, secure storage, TLS, strict CORS/origin checks, rate limiting, and audit logging for remote deployments. If deployed without addressing the `isAllowedOrigin` placeholder, it becomes vulnerable to Cross-Origin Resource Sharing (CORS) attacks. For local development, this is generally acceptable.
Updated: 2025-12-09GitHub
60
145
Medium Cost
postmanlabs icon

postman-mcp-server

by postmanlabs

Sec9

The Postman MCP Server connects Postman to AI tools, giving AI agents and assistants the ability to access workspaces, manage collections and environments, evaluate APIs, and automate workflows through natural language interactions.

Setup Requirements

  • ⚠️Requires a valid Postman API Key, which may necessitate a paid Postman plan for certain advanced features like Enterprise tagging, private, or partner workspaces.
  • ⚠️Requires Node.js version 20.0.0 or higher.
  • ⚠️Specific toolsets (Minimal, Full, Code) are enabled via command-line flags (`--minimal`, `--full`, `--code`) or environment variables, with 'minimal' being the default if no flag is specified.
Verified SafeView Analysis
The server demonstrates strong security practices for API key management, requiring the `POSTMAN_API_KEY` environment variable and explicitly stating not to hardcode secrets. It uses a robust HTTP client (`fetch`) with timeouts and filters out potentially problematic headers. There are no instances of `eval` or obvious code obfuscation found. Network requests are well-encapsulated within the `PostmanAPIClient`. Telemetry data is reported asynchronously, which is a common practice for usage analytics and does not present an immediate security risk, though users should be aware of data collection. The use of `newman` for running collections is a standard tool but like any subprocess execution, requires careful handling of inputs.
Updated: 2026-01-09GitHub
60
92
High Cost
OctopusDeploy icon

mcp-server

by OctopusDeploy

Sec8

The server enables AI assistants to inspect, query, and diagnose problems within an Octopus Deploy instance by exposing its API as MCP tools.

Setup Requirements

  • ⚠️Requires Node.js >= v20.0.0
  • ⚠️Requires an Octopus Deploy instance accessible via HTTPS
  • ⚠️Requires an Octopus Deploy API Key for authentication
Verified SafeView Analysis
The server explicitly prioritizes security by defaulting to read-only operations and requiring API keys via environment variables or CLI arguments. It uses Zod for input validation, mitigating common injection risks. The primary security consideration, as noted in the README, is the inherent risk of reading potentially sensitive deployment logs and variables from the Octopus instance, which could be exposed if the connected AI client is not trusted. However, this is a risk associated with how the tool is used by the end-user rather than a vulnerability in the server's implementation.
Updated: 2026-01-19GitHub
PreviousPage 34 of 713Next