Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

55
1
High Cost

ai-trading-mcp-server

by FajarArrizki

Sec7

AI-powered cryptocurrency trading assistant for real-time market analysis, signal generation, and trade execution.

Setup Requirements

  • ⚠️Requires API Key for AI Provider (e.g., OpenRouter), which is a paid service.
  • ⚠️Requires Hyperliquid Wallet API Key and Account Address for live trading (sensitive credentials).
  • ⚠️Requires Node.js 20+ and pnpm for local development and execution.
Verified SafeView Analysis
The project uses Zod for input validation and explicitly warns about production hardening (HTTPS, authentication, rate limiting) for the streaming server. Private keys are expected via environment variables or tool parameters, which is generally good practice. However, there are hardcoded default API keys (e.g., OpenRouter, CoinMarketCap in a test script) which reduce the security score. The nature of financial trading inherently carries high risk if not deployed and managed securely, especially with explicit warnings for 'Local Development Only' without further hardening for production.
Updated: 2025-11-25GitHub
55
22
Low Cost
roddutra icon
Sec8

An MCP gateway that aggregates multiple downstream MCP servers, providing policy-based access control and on-demand tool discovery to optimize context window usage for agents and subagents.

Setup Requirements

  • ⚠️Requires Python 3.12+.
  • ⚠️For macOS GUI applications (e.g., Claude Desktop), environment variables referenced in .mcp.json (e.g., ${API_KEY}) must be explicitly set in the gateway's env object in the MCP client configuration, not just the shell environment.
  • ⚠️For production access control, the .mcp-gateway-rules.json file should be stored outside the project directory (e.g., ~/.claude/mcp-gateway-rules.json) to prevent agents from reading or modifying permissions.
  • ⚠️OAuth with pre-registered applications (e.g., GitHub's direct OAuth flow) is not supported; GitHub MCP requires a Personal Access Token (PAT) via a 'headers' configuration.
Verified SafeView Analysis
The project demonstrates strong security awareness through its 'deny-before-allow' policy, environment variable substitution for secrets, and explicit gating of diagnostic tools behind a debug flag. Critical guidance is provided for storing sensitive access control rules outside the project directory to prevent agent inspection or modification, and OAuth token storage is documented with security recommendations. The main security risks stem from potential misconfiguration of the rules file location or lax permissions on token caches, which are explicitly addressed in the documentation.
Updated: 2025-12-02GitHub
55
128
Medium Cost
StarRocks icon
Sec5

Acts as a bridge between AI assistants and StarRocks databases for direct SQL execution, database exploration, and data visualization.

Setup Requirements

  • ⚠️Requires a StarRocks cluster running on localhost (default port 9030, user 'root', empty password, at least one BE node).
  • ⚠️Arrow Flight SQL functionality is optional and requires specific StarRocks FE configuration (e.g., `arrow_flight_sql_port = 9408` in `fe.conf`) and a FE restart.
  • ⚠️Requires Python 3.10 or higher and several Python packages (e.g., mysql-connector-python, pandas, plotly, kaleido, adbc-driver-manager, adbc-driver-flightsql, pyarrow). These are managed by 'uv' during installation/run but must be resolvable.
Review RequiredView Analysis
The server uses `eval()` for Plotly expressions, although it includes AST-based validation to restrict the expression's complexity. A significant SQL injection risk exists because many SQL queries, particularly in tools like `read_query`, `write_query`, and internal data fetching, are constructed via f-strings and sent without explicit parameterization to the database driver. This is especially problematic if user-controlled input (like query strings or database/table names from an AI agent) is not thoroughly sanitized upstream by the MCP framework or the AI agent itself. The `parse_connection_url` function has a known limitation where an `@` symbol in the password can lead to incorrect parsing, potentially causing connection failures or unintended host connections. Additionally, CORS is configured to `allow_origins=["*"]` by default for HTTP modes, which is insecure for production environments.
Updated: 2025-11-24GitHub
55
1
Low Cost
pedrospdc icon

datadog-mcp

by pedrospdc

Sec9

Exposes Datadog monitoring and observability data to AI models, enabling AI assistants like Claude to query metrics, traces, services, and dashboards.

Setup Requirements

  • ⚠️Requires Datadog API Key and Application Key (`DD_API_KEY`, `DD_APP_KEY`).
  • ⚠️Requires Go runtime environment for installation or building from source.
  • ⚠️Designed for integration with Claude Code/Desktop, though it can run standalone.
Verified SafeView Analysis
The server correctly uses environment variables for sensitive API keys (DD_API_KEY, DD_APP_KEY), avoiding hardcoded secrets. It operates as an MCP server, which typically communicates via standard I/O, limiting direct network attack surfaces. Input parameters for Datadog API calls are defined through Go structs and processed by the Datadog API client, reducing the risk of injection vulnerabilities. No 'eval' or similar dynamic code execution patterns are observed. The primary security consideration is the secure handling of Datadog API keys and the trust placed in the Datadog API client library itself.
Updated: 2025-12-10GitHub
55
1
Medium Cost
mazamaka icon

octo-mcp

by mazamaka

Sec7

Enables AI assistants like Claude to control Octo Browser profiles and automate browser actions through natural language.

Setup Requirements

  • ⚠️Requires Octo Browser application installed and running locally or on a remote host.
  • ⚠️Requires `playwright install chromium` to be run after installation for browser automation capabilities.
  • ⚠️Cloud API features (like searching profiles by name or tags) require an Octo Browser API token (`OCTO_API_TOKEN`) to be configured.
Verified SafeView Analysis
The `browser_evaluate` tool allows executing arbitrary JavaScript within the browser context. While this is an intended feature for browser automation, a poorly constrained AI agent could potentially misuse it to perform unwanted actions on visited websites. No direct `eval` of untrusted Python code or hardcoded secrets were found. The server's ability to connect to remote Octo Browser instances via `OCTO_HOST` implies that users must ensure proper network security for their Octo Browser API and CDP ports.
Updated: 2025-12-11GitHub
55
1
Low Cost
E-Conners-Lab icon

First_MCP_Server

by E-Conners-Lab

Sec6

A Model Context Protocol (MCP) server for automating interactions with Cisco IOS-XE network devices, allowing execution of show commands and inventory listing.

Setup Requirements

  • ⚠️Requires Python 3.13+
  • ⚠️Network devices accessible via SSH required
  • ⚠️Device IP addresses in `server.py` must be updated
  • ⚠️Requires a `.env` file for credentials
Verified SafeView Analysis
Secrets are managed via environment variables, which is good practice. However, disabling strict host key checking (`auth_strict_key: False`) in Scrapli connections exposes the server to Man-in-the-Middle attacks, which is a significant vulnerability for production use. The application directly passes user-provided commands to network devices; while `scrapli.send_command` typically mitigates simple command injection for CLI commands, it relies on the robustness of the underlying library and device CLI.
Updated: 2026-01-16GitHub
55
1
High Cost
txn2 icon

mcp-s3

by txn2

Sec9

The mcp-s3 server enables AI assistants to interact with Amazon S3 and S3-compatible object storage for tasks like browsing buckets, reading/writing objects, and generating presigned URLs.

Setup Requirements

  • ⚠️Requires AWS/S3-compatible credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) and an S3 service endpoint (e.g., AWS S3, SeaweedFS, LocalStack).
  • ⚠️Write operations (put, delete, copy) are disabled by default (`MCP_S3_EXT_READONLY=true`) for safety; must be explicitly enabled for full functionality.
  • ⚠️Object retrieval (GET) is limited to 10MB by default (`MCP_S3_MAX_GET_SIZE=10MB`), and uploads (PUT) to 100MB (`MCP_S3_MAX_PUT_SIZE=100MB`), potentially affecting large file transfers for AI assistants.
Verified SafeView Analysis
The project demonstrates a strong focus on security, with defaults like read-only mode, size limits, and configurable prefix-based ACLs. It leverages the AWS SDK's credential chain for secure access and explicitly warns against committing credentials. Audit logging is available. No 'eval' or malicious patterns were found in the provided source. The `SECURITY.md` file comprehensively covers best practices and verification methods, contributing to a high security posture.
Updated: 2026-01-18GitHub
55
84
High Cost
stevereiner icon

flexible-graphrag

by stevereiner

Sec8

The Flexible GraphRAG MCP Server integrates document processing, knowledge graph building, hybrid search, and AI query capabilities via the Model Context Protocol (MCP) for clients like Claude Desktop and MCP Inspector.

Setup Requirements

  • ⚠️Requires a separate FastAPI backend server to be running locally on port 8000.
  • ⚠️Requires Python 3.12 or 3.13, and the 'uv' package manager.
  • ⚠️If using Ollama, 'OLLAMA_NUM_PARALLEL=4' (or higher) must be set as a system-wide environment variable and the Ollama service restarted, which is critical for parallel processing and preventing errors.
  • ⚠️Requires proper configuration of various environment variables in a '.env' file, including LLM API keys and database credentials, which can be paid services (e.g., OpenAI, LlamaParse, cloud databases).
Verified SafeView Analysis
The server itself acts as a lightweight client to a local FastAPI backend, forwarding requests. The primary security considerations lie within the backend: proper configuration of sensitive environment variables (API keys, database credentials) and the security posture of integrated third-party services (LLMs, various databases, cloud storage providers). No obvious 'eval' or direct malicious patterns were observed in the truncated code. Communication with the backend is over localhost by default, which is generally acceptable for local development setups.
Updated: 2026-01-11GitHub
55
1
Medium Cost
yudai-uk icon

firestore-mcp

by yudai-uk

Sec9

Enables AI assistants to interact directly with Firebase Firestore databases for full CRUD operations, collection management, and querying.

Setup Requirements

  • ⚠️Requires a Firebase project with Firestore enabled.
  • ⚠️Requires Firebase Admin SDK service account credentials (JSON file must be downloaded and environment variables configured correctly).
  • ⚠️The 'FIREBASE_PRIVATE_KEY' environment variable from the JSON file needs its newlines escaped (e.g., '\n') if defined in a .env file, but the code handles this transformation.
Verified SafeView Analysis
The server loads Firebase Admin SDK credentials from environment variables, which is a good practice. No 'eval' or obvious obfuscation detected. Communication occurs over standard I/O (stdio), reducing external network attack surface. Critical security relies on properly securing the Firebase service account with minimal necessary permissions. The codebase itself includes strong recommendations for credential management and security best practices in its README and SECURITY.md.
Updated: 2026-01-17GitHub
55
1
Medium Cost
Arunk47001 icon
Sec9

This system implements an agentic architecture using AWS Bedrock Agents, featuring an orchestrator agent that dispatches tasks to specialized action and RAG agents, underpinned by an S3-based vector ingestion and retrieval system.

Setup Requirements

  • ⚠️Requires significant AWS infrastructure setup (Bedrock Agents, S3 buckets for vector store and source documents).
  • ⚠️Requires specific AWS IAM roles with permissions for Bedrock AgentCore, Bedrock Runtime (for LLMs and embeddings), S3, S3Vectors, and SSM.
  • ⚠️Relies on numerous environment variables (`REGION`, `MCP_URL`, `ACTION_AGENT_ARN`, `RAG_AGENT_ARN`, `VECTOR_BUCKET`, `VECTOR_INDEX_NAME`, `SOURCE_BUCKET`, `AGENT_ARN`, `QUALIFIER`) to be correctly configured.
  • ⚠️The `s3vector-ingestion-function` and `agentcore-gateway-function` are designed as AWS Lambda functions, requiring AWS deployment for full functionality.
Verified SafeView Analysis
The system utilizes AWS SigV4 authentication for inter-service communication and retrieves sensitive configurations (like ARNs and URLs) from environment variables, which are good security practices. Boto3 is used for AWS service interactions, leveraging IAM roles/credentials. There's a minor hardcoded region for SSM ('eu-central-1') which might be a friction point if deploying in a different region, but not a direct security flaw. The setting of `BYPASS_TOOL_CONSENT='true'` for 'strands' agents should be noted, as it bypasses explicit consent checks for tool execution, which is common in automated agent flows but should be considered in a broader security context.
Updated: 2026-01-18GitHub
55
1
High Cost
zannagh icon

Synaptic.NET

by zannagh

Sec8

Provides a .NET-based server for Model-Client Protocol (MCP), RESTful RAG, and Blazor web UI, secured with OAuth2, leveraging Qdrant and OpenAI.

Setup Requirements

  • ⚠️Requires .NET SDK 10 (Preview)
  • ⚠️Requires OpenAI API Key (Paid Service)
  • ⚠️Docker and Docker Compose required for recommended deployment
  • ⚠️Requires OAuth2 application setup (GitHub, Google, or Microsoft) and an externally available domain with TLS certificate for authentication callbacks.
Verified SafeView Analysis
The project uses placeholder secrets (e.g., API keys, JWT keys, database credentials) directly within `docker-compose.yml` and `appsettings.json`. The README explicitly instructs users to replace these with their own values, which is critical for security. Exposing services to `0.0.0.0` without a robust reverse proxy or firewall can be a network risk. OAuth2 authentication is implemented, which is a good security practice, but requires careful configuration of redirect URIs and client secrets.
Updated: 2025-12-10GitHub
55
1
Low Cost
kaoosurf-a11y icon

mcp-server-n8n

by kaoosurf-a11y

Sec5

Provides a Model Context Protocol (MCP) server for n8n to expose custom tools, starting with a mathematical expression evaluator.

Setup Requirements

  • ⚠️The server's listening PORT is hardcoded to 3000 and must match EasyPanel settings.
Review RequiredView Analysis
The server uses `mathjs.evaluate(input)` to process user-provided mathematical expressions. While `mathjs.evaluate` is generally safer than raw `eval()`, it still executes arbitrary user input as code within a mathematical context. This poses a potential risk for denial-of-service (e.g., very complex or long expressions) or, in highly unlikely scenarios, sandbox escapes if a fundamental vulnerability were found in the mathjs library. Input for the 'calculate' tool should be sanitized or validated if coming from untrusted sources.
Updated: 2025-12-11GitHub
PreviousPage 40 of 713Next