Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

60
163
High Cost
tableau icon

tableau-mcp

by tableau

Sec9

The Tableau MCP server provides a standardized interface for AI tools to interact with Tableau Cloud or Server, enabling AI-powered analytics, data exploration, and insight generation from Tableau workbooks, views, datasources, and Pulse metrics.

Setup Requirements

  • ⚠️Requires configuration of Tableau connection details (TABLEAU_SERVER, TABLEAU_SITE_NAME) and an authentication method (PAT_VALUE/PAT_NAME, UAT_PUBLIC_KEY, or DIRECT_TRUST_USERNAME) via environment variables.
  • ⚠️If OAuth is enabled, requires robust setup including `OAUTH_JWE_PRIVATE_KEY` and client registration.
  • ⚠️Data retrieval tools (`query-datasource`, `get-view-image`, list tools with high limits) can return large datasets or base64 encoded images, potentially leading to high token usage and longer response times. Users are advised to use aggregation and filters.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in its OAuth implementation with explicit SSRF mitigation using `isSSRFSafeURL` and DNS resolution. All sensitive configurations, including authentication secrets (PATs, UAT public keys, OAuth private keys, datasource credentials), are externalized to environment variables, preventing hardcoding. Logging includes masking of sensitive data when not in debug mode. However, the reliance on environment variables for critical secrets means secure environment management is crucial, as misconfiguration could expose sensitive information.
Updated: 2026-01-17GitHub
60
171
Low Cost
8beeeaaat icon

touchdesigner-mcp

by 8beeeaaat

Sec6

Enables AI agents to control and operate TouchDesigner projects programmatically, allowing for node manipulation, Python script execution, and project querying.

Setup Requirements

  • ⚠️Requires TouchDesigner (latest version recommended) to be running and accessible.
  • ⚠️The folder structure of the `mcp_webserver_base.tox` component must be preserved after extraction within TouchDesigner.
  • ⚠️Requires Node.js 18.x or later for NPM package usage, or Docker and Docker Compose for containerized deployment.
Verified SafeView Analysis
The server's core functionality includes executing arbitrary Python code (`exec_python_script`) directly within the TouchDesigner environment, which is inherently powerful and could be misused by an unconstrained AI agent. While the `get_module_help` tool's Python `help()` proxy was hardened to prevent code injection, the `exec_python_script` explicitly uses `exec` and `eval` as intended mechanisms. Network configurations default to loopback for HTTP mode in Docker, limiting external exposure by default. The security score reflects the high capabilities granted to an AI agent, which require careful management of the AI's permissions and input, rather than unaddressed vulnerabilities within the server's own implementation of its stated purpose.
Updated: 2026-01-10GitHub
60
205
Medium Cost
nailuoGG icon

anki-mcp-server

by nailuoGG

Sec9

Enables Large Language Models (LLMs) to interact with and manage Anki flashcards and decks using the AnkiConnect add-on, providing tools for creating, updating, searching, and organizing learning material.

Setup Requirements

  • ⚠️Requires the Anki desktop application to be installed and running on the local machine.
  • ⚠️Requires the AnkiConnect add-on to be installed within Anki.
Verified SafeView Analysis
The server operates locally, communicating via standard I/O (stdio) with the LLM client and connecting to AnkiConnect on 'localhost' (default port 8765 or user-specified local port). This architecture minimizes external network exposure. No hardcoded secrets or 'eval' statements were found. The primary security consideration is the potential misuse of Anki control by a compromised LLM, which is an inherent functional risk rather than a vulnerability in the server code itself. Robust error handling is implemented for AnkiConnect communication issues.
Updated: 2026-01-13GitHub
60
143
Medium Cost
CelestoAI icon

agentor

by CelestoAI

Sec3

Build and deploy scalable AI agents that can interact with various tools and communicate via A2A and MCP protocols.

Setup Requirements

  • ⚠️Requires API keys for LLMs (e.g., OPENAI_API_KEY, LLM_API_KEY) and various tools (e.g., WEATHER_API_KEY, BRIGHT_DATA_API_KEY, GITHUB_TOKEN, SLACK_TOKEN, CELESTO_API_KEY) which may involve paid services.
  • ⚠️Dependencies for specific tools (e.g., `psycopg2-binary` for PostgreSQL, `PyGithub` for GitHub) are optional and must be installed with `pip install agentor[<extra>]` as needed.
  • ⚠️Setting up Google OAuth credentials is required for `GmailTool`.
  • ⚠️Requires Python 3.10 or higher.
Review RequiredView Analysis
The `ShellTool` allows for arbitrary shell command execution, which is a critical security risk in a server environment without robust sandboxing and explicit human approval for each command. The `FetchTool` can make arbitrary HTTP requests, enabling potential SSRF or data exfiltration if the agent's input is compromised. Tools interacting with external services like `GitHubTool`, `SlackTool`, and `GmailTool` grant significant access to sensitive platforms and could be abused by a malicious agent. The `PostgreSQLTool` could be vulnerable to SQL injection if LLM-generated queries are not properly sanitized before execution. Hardcoded API keys are avoided, relying on environment variables, but the presence of highly permissive tools drastically increases the attack surface.
Updated: 2026-01-14GitHub
59
115
Medium Cost
petabridge icon

memorizer-v1

by petabridge

Sec7

A .NET-based service for AI agents to store, retrieve, and search through memories using vector embeddings, featuring asynchronous chunking, version control, and relationship management.

Setup Requirements

  • ⚠️Docker and Docker Compose are required for easy setup and dependency management.
  • ⚠️An Ollama service (or compatible LLM/embedding API) is required for vector embeddings and LLM operations, which is typically managed via Docker Compose.
  • ⚠️PostgreSQL with the pgvector extension is required as the primary data store.
Verified SafeView Analysis
The project uses permissive default CORS settings and hardcoded default credentials for PostgreSQL and PgAdmin in `appsettings.json` and `docker-compose.yml`. While common for development, these pose significant security risks if deployed to production without modification. However, the `docs/security.md` provides explicit guidance on securing the application for production, including restricting CORS, using secure connection strings, and managing credentials securely. No 'eval', obfuscation, or immediately malicious patterns were found in the provided code snippets.
Updated: 2026-01-14GitHub
59
5
Medium Cost
jxnl icon
Sec8

This MCP server acts as a gateway, allowing AI assistants to interact with the Cursor Cloud Agents API to create, manage, and monitor automated tasks on GitHub repositories.

Setup Requirements

  • ⚠️Requires `CURSOR_API_KEY` environment variable, obtained from cursor.com/settings.
  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️Local Git CLI must be installed for `get_repos` to detect local repositories.
Verified SafeView Analysis
The server uses `child_process.exec` for local Git operations. While `cwd` is passed as a separate option mitigating direct command injection, the `regex_patterns` in `get_repos` could theoretically be used for a ReDoS attack if supplied with complex, malicious regexes by an attacker controlling inputs. However, this is a localized resource exhaustion risk rather than remote code execution. The `CURSOR_API_KEY` is correctly fetched from environment variables, not hardcoded. Error messages are sanitized for production environments.
Updated: 2025-11-25GitHub
59
131
Medium Cost
buildswithpaul icon

Frappe_Assistant_Core

by buildswithpaul

Sec7

AI-powered business data analysis and document management by connecting Claude Desktop (or other LLMs) to Frappe ERP systems.

Setup Requirements

  • ⚠️Requires a running Frappe/ERPNext instance with the `frappe_assistant_core` app installed and API access enabled.
  • ⚠️Requires extensive Python data science libraries (e.g., pandas, numpy, matplotlib, seaborn, plotly, scipy, pypdf, Pillow, python-docx, pdfplumber) to be installed in the Frappe environment.
  • ⚠️Requires a system-level Tesseract OCR installation for image and scanned PDF content extraction.
  • ⚠️OAuth 2.0 configuration for LLM clients, including generating API credentials and potentially configuring CORS for development tools.
Review RequiredView Analysis
The server extensively uses Python's `exec()` for running AI-generated code. This is mitigated by a multi-layered sandboxing approach: `ReadOnlyDatabase` wraps all `frappe.db` calls to prevent write/delete/update SQL operations; `_scan_for_dangerous_operations` performs static code analysis to block a wide array of dangerous keywords (e.g., `DELETE`, `DROP`, `INSERT`, `exec`, `eval`, `__import__`, `open`, network calls like `requests`, `urllib`); the execution environment (`_setup_secure_execution_environment`) carefully whitelists built-in functions and pre-loads only safe modules, while explicitly removing dangerous ones (`os`, `sys`, `subprocess`, `socket`, `threading`, `multiprocessing`, `asyncio`, `ctypes`, `imp`, `importlib`); user permissions are strictly enforced (`frappe.has_permission`). Unicode sanitization is also performed. Despite these rigorous protections, relying on `exec` with external input inherently carries a risk of potential bypass if a subtle vulnerability exists in the sandboxing or static analysis.
Updated: 2026-01-16GitHub
59
184
Low Cost
rocketship-ai icon

rocketship

by rocketship-ai

Sec9

This MCP server assists AI coding agents by providing Rocketship testing examples, optimal test structure, schema information, CLI guidance, and codebase analysis to help agents write better Rocketship tests.

Setup Requirements

  • ⚠️Requires Node.js 18+ to run the MCP server.
  • ⚠️The build process requires the Go-based Rocketship CLI to be buildable and runnable for dynamic introspection, implying a Go development environment dependency during compilation.
  • ⚠️Full functionality of the integrated 'agent' plugin (which consumes this MCP server's knowledge) depends on `ANTHROPIC_API_KEY` and `claude-agent-sdk` (installed via pip), incurring external API costs and Python dependencies.
Verified SafeView Analysis
The MCP server's primary function is to provide informational guidance and structured knowledge, not to perform direct file modifications or arbitrary code execution at runtime. CLI introspection, which involves building and executing the Rocketship CLI, is an isolated step performed during the build process to embed dynamic knowledge. There are no direct 'eval' patterns or hardcoded secrets found within the MCP server's codebase itself. While the 'agent' plugin (a client of this MCP server) operates with 'bypassPermissions' for non-interactive QA, this refers to the agent's interaction model with its environment rather than a vulnerability of the MCP server.
Updated: 2026-01-19GitHub
59
30
Medium Cost
Kirachon icon

context-engine

by Kirachon

Sec7

Provides an agent-agnostic local context engine via Model Context Protocol (MCP) for coding agents, enabling semantic search, planning, code review, and prompt enhancement with AI integration.

Setup Requirements

  • ⚠️Requires Node.js 18 or higher to run.
  • ⚠️Requires Auggie CLI (`npm install -g @augmentcode/auggie`) for setup and authentication.
  • ⚠️Relies on an external Augment API Token (`AUGMENT_API_TOKEN` environment variable or `auggie login`), which likely incurs costs for LLM and embedding services. Offline mode (`CONTEXT_ENGINE_OFFLINE_ONLY=true`) can be enabled, but requires a pre-built local index and disables online features.
  • ⚠️Optional static analysis features require `tsc` (TypeScript) and optionally `semgrep` to be installed and available in the system's PATH.
Verified SafeView Analysis
The system is designed for 'local-first' operation and includes features like `secretScrubber` to prevent sensitive data exposure to LLMs and robust path validation to prevent traversal attacks. However, it relies on an external 'Auggie API' (default behavior) for core embedding and LLM features, contradicting the 'no data leaves the machine' claim from the architecture documentation. Users should be aware that data is sent to Augment's API unless `CONTEXT_ENGINE_OFFLINE_ONLY` is enabled and a local index is pre-built. An optional HTTP server runs locally, restricted by CORS. User-defined regular expressions in `.review-invariants.yml` (for the `check_invariants` tool) could pose a ReDoS risk if not carefully crafted and validated.
Updated: 2026-01-14GitHub
59
181
High Cost
lostintangent icon

gistpad-mcp

by lostintangent

Sec9

Manages and shares personal knowledge, daily notes, and reusable prompts via GitHub Gists for MCP-enabled AI products.

Setup Requirements

  • ⚠️Requires a GitHub Personal Access Token (PAT) with 'gist' scope set as `GITHUB_TOKEN` environment variable.
  • ⚠️Requires Node.js v22.0.0 or higher.
  • ⚠️Requires manual configuration in the MCP client to add the server's command and environment variables.
Verified SafeView Analysis
The server securely handles GitHub API authentication via a `GITHUB_TOKEN` environment variable, which is explicitly validated as required. It implements input validation using Zod for all tool arguments. No usage of `eval` or direct arbitrary command execution of user input was found. The core functionality relies on the GitHub Gist API, confining operations to the token's permissions. The README strongly recommends generating a PAT with *only* the `gist` scope to minimize potential risks.
Updated: 2026-01-16GitHub
59
222
Low Cost
punkpeye icon

mcp-proxy

by punkpeye

Sec8

A TypeScript streamable HTTP and SSE proxy for MCP servers that use stdio transport.

Setup Requirements

  • ⚠️Requires a running MCP server accessible via stdio (e.g., a local Node.js or Python process).
  • ⚠️Requires Node.js installed in the environment.
  • ⚠️Using `--shell` or `--tunnel` options with an untrusted underlying MCP server exposes significant security risks.
Verified SafeView Analysis
The MCP Proxy itself demonstrates robust implementation for its core functionality and configurable security features. It supports API key authentication via `X-API-Key` headers and custom stateless OAuth 2.0 JWT Bearer token authentication through a user-provided callback. HTTPS/SSL is supported for encrypted communication. CORS is configurable with sensible defaults, allowing users to fine-tune origin, methods, and headers. The `/ping` and `OPTIONS` endpoints are exempt from authentication. However, as a proxy, its overall security posture heavily depends on the trustworthiness and security of the underlying MCP server it spawns and communicates with over stdio. The use of `child_process.spawn` (especially with the `--shell` option) means that executing untrusted commands via the proxy could lead to arbitrary code execution on the host. The `--tunnel` feature, while convenient, exposes the local server to the public internet, requiring careful consideration of the proxied application's vulnerabilities. No obvious hardcoded secrets, `eval` usage on untrusted input, or malicious patterns were found within the proxy's source code itself.
Updated: 2026-01-19GitHub
59
31
Medium Cost
dhanababum icon

supermcp

by dhanababum

Sec4

A multi-tenant SQL database connector for the MCP platform, enabling AI assistants to interact with various SQL databases like PostgreSQL, MySQL, MSSQL, Oracle, Snowflake, and SQLite through a unified interface.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️Deployment is primarily demonstrated via Docker and Docker Compose, requiring familiarity with containerization.
  • ⚠️The core `app` backend requires a PostgreSQL database (TimescaleDB recommended). Specific database drivers (e.g., `psycopg2-binary`, `pymysql`) must be installed for each target SQL database type the connector intends to support.
  • ⚠️The hardcoded `SECRET = "SECRET"` in `app/src/users.py` for user authentication tokens must be manually changed in the source code or overridden via environment variables for any non-development deployment to prevent critical security vulnerabilities.
Review RequiredView Analysis
The `app/src/users.py` file, which is part of the core SuperMCP backend that manages connectors, contains a hardcoded `SECRET = "SECRET"` used for password reset and email verification tokens. This is a critical vulnerability that makes user account management insecure. Docker Compose files for development (`docker-compose.dev.yml`, `docker-connectors-compose.yml`) include default placeholder secrets (`mysecretpassword`, `your-super-secret-jwt-key-change-in-production`, `CONNECTOR_SECRET` UUIDs) which must be replaced with strong, unique values in production environments. Good security practices observed include the use of parameterized queries to prevent SQL injection, Pydantic for input validation, bcrypt for hashing connector secrets, and FastAPI-Users for authentication.
Updated: 2026-01-18GitHub
PreviousPage 35 of 713Next