Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

58
12
Medium Cost
nirholas icon

UCAI

by nirholas

Sec9

Generates Model Context Protocol (MCP) servers from smart contract ABIs, enabling AI agents to interact with blockchain protocols safely and efficiently, incorporating security scanning and contract explanations.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️For write operations in generated MCP servers, a `PRIVATE_KEY` environment variable must be set (and kept secure).
  • ⚠️For fetching ABIs from Etherscan-family explorers, an `ETHERSCAN_API_KEY` (or network-specific key) environment variable may be required to avoid rate limits.
  • ⚠️Generated MCP servers rely on `web3.py`, requiring RPC access to the target blockchain network.
  • ⚠️Running the generated server requires the `mcp` Python SDK (installed via `requirements.txt`).
Verified SafeView Analysis
The core `abi-to-mcp` CLI and web builder code adheres to good security practices, particularly in handling sensitive information (private keys are loaded from environment variables only, never hardcoded or stored). A key feature is its 'Security Scanner' which analyzes *target smart contracts* for over 50 risk patterns, significantly enhancing the safety for end-users interacting with generated MCP servers. Write operations in generated servers are 'simulation-first' by default, and a read-only mode is available. The main residual risk is the end-user's secure handling of the `PRIVATE_KEY` environment variable when deploying and running generated MCP servers for real write operations.
Updated: 2026-01-19GitHub
58
25
Medium Cost
SimplyLiz icon

CodeMCP

by SimplyLiz

Sec8

Provides deep code intelligence (symbol navigation, impact analysis, architecture maps, ownership, risk assessment) to AI assistants, CLI, and HTTP API.

Setup Requirements

  • ⚠️Requires manual installation of SCIP indexers (e.g., scip-go) for enhanced language analysis, though 'ckb index' provides auto-install guidance.
  • ⚠️Initial setup may require explicitly defining the repository root via CKB_REPO environment variable or --repo flag if running from npx in a non-standard project structure, though a Node.js shim aims to mitigate this.
  • ⚠️Requires Go 1.21+ (if building from source) or Node.js 16+ and Git (if using npm package).
Verified SafeView Analysis
The server exposes HTTP API endpoints, remote federation capabilities, and webhooks, which require careful user configuration for security (e.g., API key management, trusting remote servers). No obvious hardcoded secrets or malicious code patterns were found. The project structure and documentation emphasize security considerations like token authentication.
Updated: 2026-01-19GitHub
58
62
Medium Cost
vintasoftware icon

django-ai-boost

by vintasoftware

Sec9

Provides Model Context Protocol (MCP) tools for AI assistants to introspect and interact with Django project details and runtime information.

Setup Requirements

  • ⚠️Requires Python 3.12+ and Django 4.2+
  • ⚠️A Django project's settings module (e.g., 'myproject.settings') must be specified via DJANGO_SETTINGS_MODULE environment variable or --settings argument.
  • ⚠️For SSE transport in production mode (DEBUG=False), a bearer token (DJANGO_MCP_AUTH_TOKEN env var or --auth-token) is mandatory for security.
Verified SafeView Analysis
The server includes robust authentication mechanisms for SSE transport in production environments (DEBUG=False), requiring a bearer token and explicitly preventing tokens with stdio transport to avoid false security. All exposed tools are designed to be read-only, limiting potential for data modification. Django's ORM is used for database queries, which generally guards against SQL injection, though AI-generated complex filters could still be a concern if not carefully reviewed. No 'eval' or obvious malicious patterns were found in the provided source code.
Updated: 2026-01-09GitHub
57
37
Low Cost
athola icon
Sec9

Manages, validates, analyzes, and synchronizes AI skills and configurations for Claude Code and Codex CLI, also serving them to MCP clients and running subagents.

Setup Requirements

  • ⚠️Requires Anthropic API Key (Paid) for Claude agent execution features.
  • ⚠️Requires OpenAI API Key (Paid) for Codex/OpenAI agent execution features.
  • ⚠️Requires Rust toolchain (1.75+) for building from source (`cargo install`).
Verified SafeView Analysis
The project demonstrates a strong focus on security, with extensive threat modeling documentation, explicit input sanitization to prevent common vulnerabilities (e.g., path traversal, command injection in CLI binary names, GitHub query injection), and the use of environment variables for API keys. It actively audits dependencies using `cargo audit` (evidenced by `audit.toml`). The core server does not execute arbitrary skill code directly; instead, it provides skills to external, trusted AI clients (Claude/Codex), delegating execution risk. HTTP transport supports authentication and TLS. No 'eval' or obvious malicious patterns were found.
Updated: 2026-01-17GitHub
57
529
Medium Cost
Canner icon

wren-engine

by Canner

Sec6

The Wren MCP Server facilitates AI agent integration by providing a Model Context Protocol interface to interact with the Wren Engine for SQL planning and data access.

Setup Requirements

  • ⚠️Requires JDK 21+ for the underlying Java Wren Engine (if used).
  • ⚠️Requires 'uv' Python package manager for environment setup.
  • ⚠️Requires a running Wren Engine (Rust or Java) accessible via `WREN_URL`.
  • ⚠️Relies on environment variables (`WREN_URL`, `CONNECTION_INFO_FILE`, `MDL_PATH`) for configuration, including sensitive database credentials.
Verified SafeView Analysis
The server directly accepts SQL queries from AI agents and forwards them to the Wren Engine (or an external Java engine). While the core Wren Engine (Rust implementation) uses AST-based parsing and rewriting, which is generally more robust against SQL injection than string concatenation, the direct exposure of a SQL input surface remains a significant security concern. The overall security largely depends on the absolute robustness of the Wren Engine's SQL parser and rewriter against all forms of malicious SQL constructs. The Python code itself does not contain obvious hardcoded secrets or arbitrary code execution (`eval`) patterns. Database connection information is loaded from a file, relying on file system security. The `query` tool is explicitly marked with `destructiveHint=True` for AI agents, indicating a potential for data modification or deletion.
Updated: 2026-01-16GitHub
57
37
Medium Cost
athola icon

skrills

by athola

Sec9

A versatile tool to manage, validate, analyze, and synchronize AI skills and agent configurations for Claude Code and Codex CLI, running as an MCP server.

Setup Requirements

  • ⚠️Requires Anthropic or OpenAI API keys (paid services) if using subagent features for API-based LLM interactions (e.g., SKRILLS_CLAUDE_API_KEY, SKRILLS_CODEX_API_KEY).
  • ⚠️Full functionality for CLI-based subagent execution and skill syncing relies on `claude` or `codex` CLI tools being installed and configured locally.
  • ⚠️Installation from source requires a Rust toolchain (>= 1.75).
  • ⚠️For HTTP transport on Linux, users may need to manually enable systemd user lingering or manage the service for persistent operation.
Verified SafeView Analysis
The project demonstrates strong security awareness through a dedicated threat model, comprehensive security documentation, and continuous integration checks (`cargo audit`, `cargo deny`). Explicit mitigations for common vulnerabilities like path traversal and command injection are implemented, alongside input sanitization for CLI binaries. Network transport, when enabled, supports authentication and TLS. API keys for external LLMs are loaded from environment variables, avoiding hardcoding. The core functionality involves executing external CLI tools, which inherently carries a risk if the environment is untrusted, but the project provides robust controls.
Updated: 2026-01-19GitHub
57
143
Low Cost
microsoft icon

mcp-dotnet-samples

by microsoft

Sec9

This MCP server retrieves GitHub Copilot customizations, including instructions, agents, prompts, and collections, from the `awesome-copilot` repository to provide contextual guidance to AI models.

Setup Requirements

  • ⚠️Requires .NET 9 SDK for local execution.
  • ⚠️Requires Docker Desktop for containerized execution.
  • ⚠️Requires Visual Studio Code with C# Dev Kit for local development and MCP integration.
Verified SafeView Analysis
The server's core function is to retrieve markdown and JSON metadata from a public, trusted GitHub repository. It does not contain 'eval', obfuscation, or hardcoded secrets. The 'AllowedHosts: "*"' in appsettings.json is a common development default that should be restricted for production. The primary security consideration would shift to the client (e.g., GitHub Copilot) that consumes and interprets the provided customization content.
Updated: 2026-01-19GitHub
57
164
Medium Cost
joenorton icon

comfyui-mcp-server

by joenorton

Sec9

The server enables AI agents to generate and iteratively refine images, audio, and video using a local ComfyUI instance through the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a local ComfyUI instance to be installed and running.
  • ⚠️Python 3.8+ is required to run the server.
  • ⚠️The asset registry is ephemeral; generated assets are lost on server restart or after their TTL (24 hours by default).
Verified SafeView Analysis
The server binds to localhost by default and explicitly warns against public exposure without authentication or a reverse proxy. Path traversal attempts for workflow IDs are sanitized and validated. No direct 'eval' or 'exec' found. Asset access is controlled via a registry. The system's security relies on ComfyUI's internal security for asset processing and generation.
Updated: 2026-01-19GitHub
57
384
Low Cost
TheLunarCompany icon

lunar

by TheLunarCompany

Sec3

The Lunar MCP Server acts as an HTTP proxy, designed to intercept, analyze, and manage API traffic within a Python environment, applying policies for caching, throttling, queueing, and collecting data for observability.

Setup Requirements

  • ⚠️Requires a running Redis instance for state management and clustering features.
  • ⚠️Designed to integrate with HAProxy as an SPOE agent for full traffic interception, implying HAProxy is a prerequisite for full functionality.
  • ⚠️The `TENANT_NAME` environment variable is critical and must be set for the server to start.
  • ⚠️If used, the 'CustomScript' processor allows arbitrary JavaScript execution, posing a significant security risk.
Review RequiredView Analysis
The `custom_script_processor.go` explicitly allows users to define and execute arbitrary JavaScript code via the `script_text` parameter using the Goja JavaScript runtime. This feature, without robust sandboxing or strict input validation, presents a significant security risk, as malicious scripts could potentially compromise the server or access sensitive data. While other components appear to be robust Go implementations, this particular processor introduces a critical vulnerability if not handled with extreme caution.
Updated: 2026-01-19GitHub
57
111
High Cost
kapilduraphe icon

mcp-watch

by kapilduraphe

Sec9

A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.

Setup Requirements

  • ⚠️Requires Git command-line tool for scanning remote GitHub repositories.
  • ⚠️Requires Node.js (>=16.0.0) and npm installed if not using Docker.
Verified SafeView Analysis
The scanner uses `git clone` to fetch external repositories into a temporary directory. While `spawnSync` with an array of arguments for `git clone` reduces direct shell injection risks into the Git command itself, there's always an inherent, albeit low, risk when executing code from untrusted sources, even in a sandboxed environment. The tool is designed to *detect* dangerous patterns like command injection within the scanned code, not *introduce* them into its own operation. Evidence sanitization is implemented to prevent credential leakage in reports.
Updated: 2025-12-14GitHub
57
32
Medium Cost
d-kimuson icon

modular-mcp

by d-kimuson

Sec9

A proxy server that efficiently manages and loads large tool collections from multiple Model Context Protocol (MCP) servers on-demand for LLMs, reducing context overhead.

Setup Requirements

  • ⚠️Requires Node.js version >=22.0.0.
  • ⚠️Environment variables (e.g., API keys) must be set prior to running if used in the configuration file.
  • ⚠️Experimental built-in OAuth support might require browser interaction for the initial setup, with a `mcp-remote` fallback recommended for robustness.
Verified SafeView Analysis
The server uses Zod for robust configuration validation and environment variable interpolation (`${VAR}` syntax only), with graceful fallback for undefined variables. OAuth tokens and client information are stored locally in the user's home directory. The use of `execSync` for locating `npx` and for the `mcp-remote` fallback is controlled. Built-in OAuth support is marked as experimental, but a fallback to `mcp-remote` provides a robust alternative.
Updated: 2025-11-21GitHub
57
70
Low Cost
huweihua123 icon

stock-mcp

by huweihua123

Sec8

Provides AI Agents with professional-grade stock market analysis capabilities by bridging large language models with real-time financial data.

Setup Requirements

  • ⚠️Requires Python 3.10+ and a running Redis server for caching.
  • ⚠️Optional (but highly recommended) API keys for premium data sources (Tushare, Finnhub) and web search (Tavily, Google) are needed for full functionality.
  • ⚠️MinIO server is required for caching and processing SEC filings, needing specific environment variables configured.
Verified SafeView Analysis
The project follows good security practices by loading API keys and sensitive configurations from environment variables. Input validation is in place via Pydantic models. However, it relies heavily on numerous third-party APIs (financial data, web search) which introduces external trust dependencies. Default MinIO/Redis credentials are for development and should be secured in production. The `edgartools` library used for SEC filings shares an identity (email) with the SEC, which is a privacy consideration.
Updated: 2026-01-18GitHub
PreviousPage 37 of 713Next