Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

59
109
Medium Cost
cobanov icon

teslamate-mcp

by cobanov

Sec8

Connects a TeslaMate PostgreSQL database to AI assistants, enabling natural language queries about Tesla vehicle data and analytics.

Setup Requirements

  • ⚠️Requires an existing and running TeslaMate instance with a PostgreSQL database.
  • ⚠️Requires the `DATABASE_URL` environment variable to be configured correctly.
  • ⚠️Authentication is optional but highly recommended for remote deployments; otherwise, the server will be publicly accessible.
  • ⚠️Python 3.11+ or Docker is required for setup.
Verified SafeView Analysis
The server implements robust SQL validation (`src/validators.py`) to ensure only read-only `SELECT` queries are executed, preventing common SQL injection attacks. Environment variables are used for sensitive configurations like `DATABASE_URL` and `AUTH_TOKEN`, avoiding hardcoded secrets. Optional bearer token authentication is available for remote deployments (`main_remote.py` includes `BearerAuthMiddleware`), which is crucial for securing the API. The primary security consideration is to ensure authentication is enabled and correctly configured when deploying the server remotely, as without it, the API would be publicly accessible over HTTP.
Updated: 2025-11-29GitHub
59
101
High Cost
tuannvm icon
Sec8

Serves as a Model Context Protocol (MCP) bridge to integrate OpenAI's Codex CLI for AI-powered code analysis, generation, and review within various editors like Claude Code, VS Code, and Cursor.

Setup Requirements

  • ⚠️Requires Codex CLI v0.75.0+ to be installed globally.
  • ⚠️Requires an OpenAI API key for authentication with the Codex CLI (implies paid usage).
  • ⚠️User must explicitly log in to Codex CLI via `codex login --api-key "your-openai-api-key"`.
Verified SafeView Analysis
The server uses `child_process.spawn` to execute the `codex` CLI. While user-provided prompts and working directories are passed to the CLI, the server takes precautions: the executable `codex` is fixed, and arguments are constructed and escaped (`escapeArgForWindows`) to mitigate direct shell injection. Session IDs are validated with a regex. No hardcoded secrets were found; API keys are expected to be managed by the underlying Codex CLI's login mechanism. The main security surface area relies on the robustness of the `codex` CLI itself in processing arbitrary user input, which is an external dependency.
Updated: 2026-01-19GitHub
58
88
Medium Cost
Kapeli icon
Sec9

Provides tools to interact with the Dash documentation browser API for listing docsets, searching documentation, and enabling full-text search.

Setup Requirements

  • ⚠️Requires macOS to run the Dash application.
  • ⚠️Requires Dash 8 or higher to be installed.
  • ⚠️Requires Python 3.12 or higher (as per pyproject.toml).
  • ⚠️The Dash API server must be enabled in Dash Settings > Integration, although the server attempts to enable it automatically.
Verified SafeView Analysis
The server primarily interacts with the local Dash application's API via the loopback address (127.0.0.1), minimizing external network exposure. It uses `subprocess.run` to manage and launch Dash and enable its API, but these commands use fixed parameters (e.g., bundle identifiers, 'defaults write' keys), preventing injection through user input. No 'eval' or similar dangerous functions are used, and no hardcoded secrets were found.
Updated: 2025-12-11GitHub
58
3
Medium Cost
mnfst icon
Sec4

Generate Model Context Protocol (MCP) servers from database datasources for integration with AI agents, using a visual canvas interface for tool creation and management.

Setup Requirements

  • ⚠️Requires Node.js 20.x or higher
  • ⚠️Requires npm 9.x or higher
  • ⚠️Requires Docker and Docker Compose (for MySQL database instance)
  • ⚠️Requires an OpenAI API key (paid service) configured in the .env file
  • ⚠️Requires a `CREDENTIALS_ENCRYPTION_KEY` environment variable (32+ characters) for datasource password encryption
Verified SafeView Analysis
This is a Proof-Of-Concept application explicitly labeled as 'Work In Progress' and 'Do not use in production'. **Identified Risks for Production Use:** - **No user authentication or authorization:** All API endpoints and generated MCP servers are publicly accessible without any form of access control. - **Broad CORS policy:** `app.enableCors({ origin: true, credentials: true })` is enabled for all origins in `backend/src/main.ts`. - **Limited Input Sanitization:** Explicitly stated in `CONTRIBUTING.md`. - **No Rate Limiting:** API endpoints lack rate limiting, making them vulnerable to abuse. - **Sensitive Data Exposure:** While datasource credentials are encrypted at rest using AES-256 (via `CREDENTIALS_ENCRYPTION_KEY`), they are accessible to any user of the application (due to lack of auth/auth). File resources uploaded to `public/storage` are directly served and exposed via the MCP protocol, potentially risking sensitive file exposure if not carefully managed. **Positive Security Aspects for POC:** - **Password Encryption:** Datasource passwords are encrypted at rest using a key from environment variables. - **SQL Injection Prevention:** The `QueryGenerationService` explicitly validates that generated SQL queries are `SELECT`-only. The `ToolsService` uses `mysql2/promise` with parameterized queries (`connection.execute(query, values)`) to prevent SQL injection during tool execution. - **Transparent Disclosure:** The project's documentation clearly outlines its security limitations for a POC.
Updated: 2025-11-26GitHub
58
142
Medium Cost
PostHog icon

mcp

by PostHog

Sec8

Provides an AI agent toolkit and server implementation to interact with PostHog analytics data, manage feature flags, create insights, and perform other analytics tasks through natural language queries.

Setup Requirements

  • ⚠️Requires a PostHog Personal API Key for connecting to PostHog data.
  • ⚠️Requires an OpenAI API Key for interactions with OpenAI models (LangChain and AI SDK examples use ChatOpenAI).
  • ⚠️Requires Node.js >=18 for TypeScript development/building and Python >=3.11 for Python examples.
  • ⚠️Deployment of the Cloudflare Worker server (if using the TypeScript implementation) requires a Cloudflare account and Wrangler CLI setup.
  • ⚠️Optional INKEEP_API_KEY environment variable is needed for PostHog documentation search functionality.
Verified SafeView Analysis
The server expects sensitive API keys via Authorization headers or environment variables, which is standard practice. A hardcoded PostHog project API key ('sTMFPsFhdP1Ssg') is used internally for the MCP server's own analytics tracking, not for accessing user-specific data. The `userHash` for caching uses PBKDF2 with a fixed salt ('posthog_mcp_salt'); while not a direct vulnerability, this is less ideal than a unique random salt per user if cache integrity were a primary security boundary. The linter rule `noExplicitAny: 'off'` can subtly hide type-related bugs.
Updated: 2026-01-19GitHub
58
100
High Cost
igrigorik icon

AgentBoard

by igrigorik

Sec6

Integrates AI agents with browser capabilities, enabling interaction with web pages and external Model Context Protocol (MCP) servers through a suite of specialized tools for tasks like content extraction and web automation.

Setup Requirements

  • ⚠️Requires API keys (paid) for OpenAI, Anthropic, or Google AI services to enable default agents.
  • ⚠️User-defined WebMCP scripts are injected directly into the web page's MAIN world, potentially interacting with page JavaScript and DOM. On sites with strict Trusted Types policies, user scripts may not load without explicit user policy creation/acceptance.
  • ⚠️The built-in `get_full_page_context` tool relies on well-structured HTML and JSON-LD for optimal content and metadata extraction. Pages with highly unusual or dynamic DOM structures may yield incomplete or poor results.
Review RequiredView Analysis
The system utilizes dynamic user script injection into the MAIN world of web pages via blob URLs. While efforts are made for sanitization (removing `export`, wrapping in IIFE) and Trusted Types support, direct script injection is an inherent security risk. A malicious user script or a vulnerability in the parsing/injection mechanism could lead to browser context compromise. The `fetch_url` tool can perform CORS-bypassing network requests, optionally including user credentials, which is a powerful capability that could be abused by a malicious LLM prompt or a compromised user script. The `parseMetadataObject` function in `script-parser.ts` and metadata extraction in `src/options/webmcp-scripts.ts` use `new Function()` to parse user-provided metadata, which is a risk if malicious JSON or JavaScript is injected there, though contextually limited. No hardcoded secrets were found. API keys are handled via secure browser storage.
Updated: 2026-01-02GitHub
58
3
Low Cost
jpinsonneau icon

mcp-shield

by jpinsonneau

Sec3

Provides an OAuth proxy for Model Context Protocol (MCP) servers on OpenShift, handling OAuth 2.0 discovery, client registration, token exchange, and enhancing security with a proxy token system.

Setup Requirements

  • ⚠️Requires deployment on or with network access to an OpenShift cluster for full OAuth integration.
  • ⚠️If integrating with `mcp-gateway`, specific code modifications are required in `mcp-gateway` itself to enable standalone tool forwarding (details provided in `docs/mcp-gateway-changes.md`).
  • ⚠️The `OAUTH_AUTHORIZATION_SERVERS` environment variable is mandatory and must be correctly configured with the public URL where MCP Shield is accessible.
  • ⚠️When deploying with `loki-mcp-server`, the Loki MCP image (`quay.io/jpinsonn/loki-mcp:dev` in examples) might need to be built from source if not available in a public registry.
Review RequiredView Analysis
The server's HTTP client (`internal/handlers/oauth_token.go`) explicitly disables SSL certificate verification (`InsecureSkipVerify: true`) when communicating with the OpenShift OAuth token endpoint. This critically exposes the system to man-in-the-middle attacks, even if intended for environments with self-signed certificates. Additionally, the `INSPECTOR_ORIGIN` environment variable, used for CORS headers, defaults to '*' (allowing all origins) if not explicitly set. While convenient for development, this is a significant security risk in production, potentially exposing sensitive information or allowing unauthorized cross-origin requests.
Updated: 2025-12-01GitHub
58
65
Medium Cost
sonatype icon
Sec7

Connects AI assistants to Sonatype's dependency management and security intelligence platform for real-time insights into open source security, license compliance, and dependency health within the development workflow.

Setup Requirements

  • ⚠️Requires a Sonatype Guide API token for authentication.
  • ⚠️Requires external network access to `https://mcp.guide.sonatype.com/mcp`.
  • ⚠️For IDEs that only support stdio MCP servers (like IntelliJ), `mcp-remote` must be installed globally via npm.
Review RequiredView Analysis
The provided 'source code' consists solely of the `README.md` file. As such, a direct analysis of the server's implementation for security risks like 'eval', obfuscation, or malicious patterns is not possible. The server is described as a remote HTTP service hosted by Sonatype. The setup instructions detail client-side configuration using standard HTTPS and Bearer token authentication. The main security risk for users lies in securing their personal API token, which the README appropriately advises against committing to version control.
Updated: 2026-01-14GitHub
58
3
Medium Cost
lennyzeltser icon

mcp-expertise-toolkit

by lennyzeltser

Sec9

This server turns domain expertise into an AI-accessible knowledge base, delivering structured feedback and guidance to AI assistants for local content analysis.

Setup Requirements

  • ⚠️Requires a Cloudflare account with an R2 bucket configured for expertise YAML files.
  • ⚠️Users must manually create and populate the R2 bucket with their expertise `.yaml` files, replacing `[REPLACE: ...]` placeholders.
  • ⚠️The `toolPrefix` in each expertise YAML file must be unique across all files uploaded to the R2 bucket.
Verified SafeView Analysis
The architecture explicitly prioritizes user privacy, ensuring that user content is analyzed locally by the AI assistant and never sent to this server. Expertise content is loaded from a Cloudflare R2 bucket, which is a secure, managed object storage service. The system uses robust YAML validation with Zod schemas, mitigating risks associated with malformed input. There are no indications of 'eval' usage, code obfuscation, or hardcoded secrets. The server functions primarily as a static content provider (guidelines), reducing dynamic execution risks. Access control is not implemented by default, assuming expertise content is public, but Cloudflare Access could be integrated for private deployments.
Updated: 2026-01-17GitHub
58
119
Medium Cost
kubeflow icon
Sec9

Connect AI agents to Apache Spark History Server for intelligent job analysis and performance monitoring.

Setup Requirements

  • ⚠️Requires an existing Spark History Server running and accessible via network.
  • ⚠️Requires Python 3.12+ for server execution.
  • ⚠️Local testing setup requires Docker for the sample Spark History Server.
Verified SafeView Analysis
The project demonstrates a strong commitment to security with a dedicated `SECURITY.md`, a pre-commit hook to detect hardcoded credentials (`check-config-security.py`), and a configuration system that encourages environment variables for sensitive data. The use of Playwright for HTML rendering introduces a potential attack surface if the target Spark UI is compromised, but this is an inherent risk of browser automation and is generally mitigated by trusting the source (Spark History Server). Boto3 usage for EMR assumes secure AWS credential management in the execution environment. Overall, very good security practices for the technology stack.
Updated: 2026-01-13GitHub
58
3
High Cost
enessari icon
Sec9

The Metabase AI Assistant integrates an AI agent with Metabase to enable AI-powered data exploration, SQL generation, dashboard creation, and Metabase instance management through an MCP client.

Setup Requirements

  • ⚠️Access to Metabase's internal application database credentials (MB_METADATA_*) is required for advanced metadata analytics (Phase 2 & 3 tools).
  • ⚠️Direct database modification tools (e.g., `db_table_create`) may require Metabase username/password authentication rather than just an API key if the API key does not expose the underlying database connection password.
  • ⚠️Requires either an Anthropic API key (`ANTHROPIC_API_KEY`) or an OpenAI API key (`OPENAI_API_KEY`), both of which are paid services and incur usage costs.
Verified SafeView Analysis
The server implements robust security controls for direct database (DDL) operations, including enforced naming prefixes (claude_ai_), explicit approval requirements, dry-run modes, and blacklisting of dangerous SQL commands (e.g., DROP DATABASE, TRUNCATE). The Metabase metadata client is explicitly read-only. Environment variables are used for credentials, preventing hardcoding. A minor theoretical risk exists from `JSON.parse` operations on AI-generated content, though AI models are typically constrained to valid JSON output.
Updated: 2026-01-14GitHub
58
3
Medium Cost
Dav082004 icon
Sec8

Automate project management and issue creation using GitHub Copilot and MCP Server by transforming requirements into actionable GitHub tasks.

Setup Requirements

  • ⚠️Requires GitHub Copilot CLI installation (npm install)
  • ⚠️Requires GitHub account authentication for CLI tools
  • ⚠️Requires configuration of GitHub MCP Server (setup details not provided in source code)
  • ⚠️GitHub Copilot Pro subscription needed for advanced automatic issue resolution (optional)
Verified SafeView Analysis
The provided 'SOURCE CODE' is limited to markdown files (README and project requirements) and does not include the actual server-side code for 'GitHub MCP Server'. Therefore, a direct security audit of the server's implementation is not possible based on the given information. The security score reflects the absence of immediately apparent risks in the provided documentation, assuming standard security practices for GitHub Copilot CLI installation and authentication are followed. The underlying GitHub Copilot CLI and GitHub MCP Server would require their own security audits.
Updated: 2025-11-29GitHub
PreviousPage 36 of 713Next