Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

57
194
Medium Cost
nickgnd icon

tmux-mcp

by nickgnd

Sec4

Enables AI assistants (like Claude Desktop) to interact with, control, and observe tmux terminal sessions by providing tools for session management and command execution.

Setup Requirements

  • ⚠️Requires Node.js installed and available in the environment.
  • ⚠️Requires tmux installed and running on the host system.
Review RequiredView Analysis
The server's core functionality involves executing arbitrary commands within tmux panes, as explicitly warned in the README ('use it at your own risk ⚠️'). While the `paneId` argument to `tmux send-keys` is escaped to prevent simple single-quote injection (e.g., `paneId.replace(/'/g, "'\\''")`), the `command` string itself, when passed to `tmux send-keys ... Enter`, is the arbitrary command an AI is expected to execute. This means if the controlling AI is compromised or misconfigured, it could issue malicious commands that are then executed directly on the host system within a tmux pane. The `rawMode` and `noEnter` options further complicate monitoring as they disable command status tracking. No hardcoded secrets, obfuscation, or direct network listening (it uses standard I/O for communication) are observed, but the inherent capability to execute arbitrary shell commands poses a significant security risk if not used with extreme caution and trust in the AI's prompts.
Updated: 2026-01-07GitHub
57
175
Medium Cost
mixelpixx icon
Sec7

This MCP server enhances Google search with AI-powered research synthesis, content extraction, source quality assessment, and deduplication, designed to be used by large language models (LLMs) like Claude.

Setup Requirements

  • ⚠️Node.js 18+ required
  • ⚠️Google Custom Search API Key required (Paid API)
  • ⚠️Google Custom Search Engine ID required
Verified SafeView Analysis
The use of `eval` for dynamic imports, while seemingly controlled for a specific SDK, is generally a security concern. The content extraction service fetches content from arbitrary URLs, which could pose a risk if the server were exposed directly to untrusted input (e.g., SSRF vulnerability if not behind an LLM context). Hardcoded secrets are avoided, with API keys properly sourced from environment variables. Prompt injection concerns are shifted to the LLM layer rather than the tool itself, due to its MCP design.
Updated: 2025-12-03GitHub
56
2
Low Cost
fengf233 icon

mcp-mock-server

by fengf233

Sec9

Provides a mock server for the Model Context Protocol (MCP) to aid in the development and testing of MCP clients.

Setup Requirements

  • ⚠️Requires Go compiler to build and run.
  • ⚠️Requires a `mock.yaml` configuration file.
Verified SafeView Analysis
The server uses string replacement (`strings.ReplaceAll`) for template processing, which is generally safer than dynamic code execution. No hardcoded secrets or obvious malicious patterns were found. The server binds to `0.0.0.0`, which is common for development but implies network accessibility. Potential client-side XSS could occur if mock templates containing malicious scripts are rendered by an unsanitized client, but this is a client-side vulnerability and the server's templates are controlled by the developer.
Updated: 2025-11-28GitHub
56
2
Low Cost
Dav082004 icon
Sec9

Demonstrates GitHub MCP Server capabilities by providing a deliberately buggy Snake game for analysis and issue creation.

Setup Requirements

  • ⚠️Requires Python installed to run the local HTTP server.
  • ⚠️Requires GitHub CLI (`gh`) and potentially GitHub Copilot CLI extension if `analyze` or `create-issues` scripts are used.
Verified SafeView Analysis
The project is a client-side JavaScript game served via a local HTTP server (Python's `http.server`). There are no server-side vulnerabilities, `eval` usage, obfuscation, or hardcoded sensitive information. The explicit 'intentional bugs' are related to game logic and UI, not security. `localStorage` is used for high scores, which is standard browser behavior and not a security risk for the server itself. Running the `gh copilot suggest` or `gh issue create` scripts would rely on GitHub CLI security, but the server itself is minimal and local.
Updated: 2025-11-29GitHub
56
19
Medium Cost
SShadowS icon
Sec7

Enable AI agents (like Claude) to interact with Business Central (BC) by translating high-level commands into BC WebSocket protocol interactions, specifically tailored for on-premises BC deployments via runtime patching.

Setup Requirements

  • ⚠️Requires an existing Business Central Server (tested with BC 27) running on Windows.
  • ⚠️Requires non-standard deployment of a .NET runtime patch (CopilotPatcher.dll, 0Harmony.dll) directly into the BC service path, necessitating PowerShell with administrative privileges.
  • ⚠️Explicitly designed for on-premises BC; compatibility with cloud BC or other BC versions may be limited or require modifications.
  • ⚠️Requires environment variables (BC_USERNAME, BC_PASSWORD, BC_BASE_URL, BC_TENANT_ID) for Business Central connection, and BC_COPILOT_API_KEYS if using the patched Copilot API.
Verified SafeView Analysis
The system uses environment variables for sensitive credentials (BC_USERNAME, BC_PASSWORD, etc.), which is good practice. It also implements a consent and audit logging mechanism for high-sensitivity operations, improving transparency and accountability. However, the core functionality relies on a .NET runtime patch (CopilotPatcher.dll) to enable API key authentication on an on-premises Business Central server, replacing Azure S2S tokens. This non-standard modification to the BC server could introduce vulnerabilities or bypass native security features if the patcher itself is compromised or misconfigured. Hardcoded secrets were found in test scripts, highlighting the need for vigilance in production environments. Actions performed by the AI agent will inherit the permissions of the authenticated BC user, requiring careful management of user privileges.
Updated: 2025-11-26GitHub
56
593
Medium Cost
joreilly icon
Sec9

Exposes Fantasy Premier League player and fixture data as an MCP tools endpoint for consumption by AI models like Claude Desktop.

Setup Requirements

  • ⚠️Requires building the executable JAR using 'gradle shadowJar'.
  • ⚠️Requires a Java Runtime Environment (JRE) to execute the server JAR.
  • ⚠️Integration with AI clients like Claude Desktop requires manual configuration (e.g., updating client developer settings with the JAR path and command).
Verified SafeView Analysis
The server uses the Kotlin MCP SDK, with well-defined tools and standard I/O for communication. Input parsing for tool arguments is handled safely using kotlinx.serialization.json, mitigating injection risks. External data fetching is done via the official Fantasy Premier League API. No 'eval', obfuscation, or hardcoded secrets were found within the MCP server module itself.
Updated: 2026-01-16GitHub
56
361
Medium Cost
eat-pray-ai icon

yutu

by eat-pray-ai

Sec8

Automate YouTube channel workflows and manage YouTube resources like videos, playlists, channels, and comments through a CLI or an MCP server.

Setup Requirements

  • ⚠️Requires a Google Cloud Platform account with YouTube Data API v3 (and optionally YouTube Analytics/Reporting API) enabled.
  • ⚠️Requires manual creation of an OAuth 2.0 Client ID (Web Application type) with `http://localhost:8216` as a redirect URI, and downloading `client_secret.json`.
  • ⚠️Authentication requires either placing `client_secret.json` and `youtube.token.json` in the working directory or specifying their paths/base64 encoded content via environment variables.
  • ⚠️The AI agent functionality requires `GEMINI_MODEL` and `GEMINI_API_KEY` environment variables to be set for Google Gemini models.
Verified SafeView Analysis
The project uses standard Go libraries for Google API interactions and OAuth2 authentication, including a local web server for the callback URI and state parameter for CSRF protection. Credentials (client_secret.json and youtube.token.json) are expected to be provided by the user, not hardcoded, and the MCP server configuration marks them as secrets. File operations for uploads/downloads are handled through defined paths. The build/install scripts (e.g., `curl | bash`) are common for open-source projects but inherently rely on trust in the source repository. The AI agent functionality leverages environment variables for API keys, which is a secure practice.
Updated: 2026-01-16GitHub
56
56
Low Cost
Antonytm icon

figma-mcp-server

by Antonytm

Sec9

Enables AI agents to read from and modify Figma design documents programmatically, offering capabilities beyond the official read-only Figma MCP server.

Setup Requirements

  • ⚠️Requires manual local installation and setup of both the Node.js server and the Figma plugin, as it is not available in the official Figma plugin store.
  • ⚠️The Figma plugin UI must remain open in Figma for the connection to the local MCP server to persist and function.
  • ⚠️Requires Node.js to be installed locally on the machine.
Verified SafeView Analysis
The server is designed for local-only operation, restricting network access to localhost for communication between the Figma plugin and the server. This significantly reduces external attack surfaces. Input validation for tool parameters is implemented using Zod schemas, which helps prevent malformed requests. The architecture clearly separates the plugin (interacting with Figma API) from the server (handling MCP communication). A prominent warning is included in the README about the risks of exposing the server to a wider network, demonstrating awareness of potential vulnerabilities. Deductions are minor, acknowledging the inherent power of a tool that can modify a document and the explicit warning for network exposure.
Updated: 2026-01-06GitHub
56
2
Low Cost
0x-Professor icon

CTF-time-mcp

by 0x-Professor

Sec9

A Model Context Protocol (MCP) server providing programmatic access to CTFtime.org data for CTF events, team rankings, and competition results.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Requires Git
Verified SafeView Analysis
The server interfaces with the public CTFtime.org API using the `httpx` library, which is generally secure. It does not use `eval` or contain any obvious obfuscation or hardcoded secrets. Input parameters to tools are validated (e.g., integer casting, range limits) which helps mitigate simple injection risks. As with any application interacting with external APIs, the security is also dependent on the upstream CTFtime API's robustness and integrity. The server itself does not implement client-side rate limiting beyond `httpx` defaults, which could be a concern for very heavy usage impacting CTFtime's resources.
Updated: 2026-01-18GitHub
56
2
Low Cost
thejens icon

lyngdorf-mcp

by thejens

Sec8

A Model Context Protocol (MCP) server for controlling Lyngdorf Audio devices (TDAI, MP, and CD series) via TCP, featuring auto-discovery, volume safety, and built-in documentation.

Setup Requirements

  • ⚠️Requires Node.js 22+.
  • ⚠️Relies on the `dns-sd` utility (native on macOS/Linux; may require Bonjour Print Services on Windows) for mDNS device discovery.
Verified SafeView Analysis
The server utilizes `child_process.spawn` to execute the `dns-sd` system utility for mDNS device discovery. While arguments for `dns-sd` are internally managed or derived from parsed `dns-sd` output, reliance on external executables always carries a minor risk of platform-specific inconsistencies or vulnerabilities in compromised environments. The `LYNGDORF_IP` environment variable allows manual IP specification, bypassing discovery, which could direct the server to an untrusted device if misconfigured. Volume control features include explicit safety checks (warning and hard limits). No `eval` or obvious hardcoded secrets were found.
Updated: 2025-12-04GitHub
56
114
Medium Cost
hatayama icon

uLoopMCP

by hatayama

Sec8

Acts as a Model Context Protocol (MCP) server to bridge Unity Editor operations with AI coding tools like Cursor and Claude Code, enabling autonomous development loops for compiling, testing, logging, and scene automation.

Setup Requirements

  • ⚠️Requires Node.js 22 or higher.
  • ⚠️The `execute-dynamic-code` tool requires manual installation of the `Microsoft.CodeAnalysis.CSharp` package via OpenUPM NuGet, which involves adding a scoped registry.
  • ⚠️Cursor has a known bug where MCP connection may fail after `.cursor/mcp.json` is updated; manual toggle off/on or Cursor restart is required.
  • ⚠️Claude Code's sandbox mode requires enabling `network.allowLocalBinding: true` in `.claude/settings.local.json`, which broadly allows localhost connections to all services, not just uLoopMCP.
  • ⚠️Several powerful tools (`run-tests`, `execute-menu-item`, custom tools, `execute-dynamic-code`) are disabled by default for security reasons and must be explicitly enabled in Unity's uLoopMCP window's Security Settings.
Verified SafeView Analysis
The project includes a `execute-dynamic-code` tool that allows dynamic C# code execution within Unity, which is inherently high-risk. However, it implements a 3-tier security model (Disabled, Restricted, FullAccess) for this tool, with 'Restricted' being the recommended default, blocking file/network/process operations. Other potentially dangerous tools like `run-tests` and `execute-menu-item`, as well as third-party tools, are disabled by default. The `SECURITY.md` outlines a clear vulnerability reporting process. Overall, the project demonstrates strong security awareness and mitigations, making it safe to run with recommended (default) settings. FullAccess mode for dynamic code execution should only be used with trusted code.
Updated: 2026-01-19GitHub
56
2
Medium Cost
microsoft icon

agent-skills

by microsoft

Sec9

Provides a collection of skills, prompts, agents, and MCP server configurations to enhance AI coding agents working with Microsoft AI SDKs and Azure services.

Setup Requirements

  • ⚠️Requires an existing AI coding agent platform (e.g., GitHub Copilot, Claude) to utilize the configurations.
  • ⚠️Requires manual copying and configuration of `.vscode/mcp.json` or referencing `SKILL.md` files for the respective agent.
  • ⚠️Utilizes Azure AI SDKs, which will require an Azure subscription and proper authentication setup (e.g., via `az login` for `DefaultAzureCredential`) for projects involving Azure services.
Verified SafeView Analysis
The provided source code (documentation, agent instructions) promotes secure practices like `DefaultAzureCredential` and environment variables. No `eval`, obfuscation, or hardcoded secrets are present in the provided snippets. The `SECURITY.md` file indicates a responsible approach to vulnerability reporting. A full security audit of the actual `mcp.json` server configurations and skill content would require their full source, which is not provided in this context.
Updated: 2026-01-19GitHub
PreviousPage 38 of 713Next