Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

55
1
Low Cost
SalesforceDiariesBySanket icon

salesforce-docs-mcp

by SalesforceDiariesBySanket

Sec10

Provides a local-first Model Context Protocol (MCP) server for searching Salesforce Developer Documentation, augmenting AI coding assistants with relevant documentation snippets.

Setup Requirements

  • ⚠️Requires Node.js 18+ and npm or yarn for installation and execution.
  • ⚠️Manual download of Salesforce PDF documents to `docs/pdfs/` and `docs/release-notes/` is necessary before the initial index build.
  • ⚠️The initial index build (`npm run build-index`) is a time-consuming, one-time process (5-10 minutes) that parses all PDFs and creates a ~520MB SQLite database locally.
Verified SafeView Analysis
The server is designed for local-first operation, utilizing stdio transport, which prevents the exposure of HTTP endpoints. It employs parameterized SQLite queries to robustly prevent SQL injection and uses Zod for comprehensive input validation across all tool arguments. No 'eval' or code obfuscation is present in the core server logic. The server itself does not handle or store sensitive user data and makes no external network calls for its primary functionality. API keys for external LLMs (e.g., OpenAI) are only required for optional test scripts (`test-llm-judge.ts`) and are handled via environment variables, not hardcoded within the server's runtime code.
Updated: 2026-01-19GitHub
55
1
Low Cost
Awakehsh icon
Sec1

The repository provides a curated collection of AI agent skills and development resources, including documentation and tutorials for building Model Context Protocol (MCP) servers, although no original MCP server implementation is currently present in the source code.

Setup Requirements

  • ⚠️No MCP server implementation found in the provided source code. The repository contains documentation and skills, but original MCP servers are marked as 'Coming soon'.
  • ⚠️The 'codex-cli' skill, while not an MCP server, requires OpenAI API Key and consumes OpenAI API credits for its operations.
Review RequiredView Analysis
The provided source code for the 'awesome-agent-tools' repository does not contain an implemented MCP server; the section for 'Original MCP Servers' explicitly states 'Coming soon'. Therefore, a security audit of a specific server's code, including checks for 'eval', obfuscation, network risks, hardcoded secrets, or malicious patterns, cannot be performed. This score reflects the inability to assess an implemented server, not an inherent vulnerability in the repository's other contents. The safety of running an MCP server from this source cannot be determined.
Updated: 2026-01-18GitHub
55
1
Low Cost
senseiBas icon
Sec10

Provides current date and time information to an MCP-compatible AI model, preventing stale context.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Manual configuration in Claude Desktop's `claude_desktop_config.json` is required, potentially including an absolute path for `PYTHONPATH` if the package is not installed globally or within a standard virtual environment.
Verified SafeView Analysis
The server's design is minimal and focuses solely on providing date/time information. It uses standard Python libraries (`datetime`, `zoneinfo`) and communicates only via stdin/stdout through the MCP SDK. No dangerous patterns like `eval`, arbitrary file access, or external network calls are present. No hardcoded credentials were found. Input schemas are empty, preventing arbitrary user input processing.
Updated: 2025-12-03GitHub
55
133
Low Cost
reza-gholizade icon

k8s-mcp-server

by reza-gholizade

Sec8

Interacting with Kubernetes clusters and Helm releases through a standardized Model Context Protocol (MCP) interface.

Setup Requirements

  • ⚠️Requires access to a Kubernetes cluster and appropriate RBAC permissions.
  • ⚠️Kubernetes authentication (kubeconfig, service account, or token) must be configured correctly for the server to connect.
  • ⚠️For VS Code integration, the 'k8s-mcp-server' binary must be in the system's PATH, and the MCP VS Code extension is required.
Verified SafeView Analysis
The server uses standard Go client libraries for Kubernetes and Helm, which are generally robust. Authentication methods leverage secure practices (env vars, in-cluster service accounts, kubeconfig files). A critical security feature is the '--read-only' flag, which disables all write operations. The primary security considerations are proper RBAC configuration for the server's Kubernetes identity and ensuring the server's HTTP/stdio endpoints are not exposed to untrusted sources, as the server can perform powerful cluster operations. There are no obvious signs of 'eval' or direct command injection of untrusted strings.
Updated: 2026-01-19GitHub
55
1
Medium Cost
utapyngo icon

sentry-mcp-rs

by utapyngo

Sec9

An MCP server to interact with Sentry's API for error and performance monitoring, providing tools to retrieve issue details, trace details, and search issue events.

Setup Requirements

  • ⚠️Requires a Sentry API authentication token (`SENTRY_AUTH_TOKEN`).
  • ⚠️Requires your Sentry instance hostname (`SENTRY_HOST`).
  • ⚠️Requires an MCP client to interact with its provided tools.
Verified SafeView Analysis
The server demonstrates good security practices by requiring Sentry API authentication tokens and hostnames via environment variables, avoiding hardcoded secrets. It utilizes `reqwest` for network communication, a well-regarded HTTP client in the Rust ecosystem. No `eval` or similar dynamic code execution patterns are present, nor is there any apparent code obfuscation or overtly malicious patterns. The use of `regex` for URL parsing is for a simple, non-complex pattern, reducing the risk of ReDoS. The overall code structure is clean and direct.
Updated: 2026-01-19GitHub
55
1
Low Cost
aimlsolutions-nyc icon

mcp-fastmcp-starter

by aimlsolutions-nyc

Sec9

Provides a minimal, production-minded MCP-shaped tool server for building agentic AI services with typed tool contracts and deterministic JSON I/O via FastAPI.

Setup Requirements

  • ⚠️Requires Python 3.10 or newer.
  • ⚠️Manual virtual environment setup and dependency installation are required before running.
Verified SafeView Analysis
The server uses FastAPI and Pydantic for input validation, which significantly reduces common web vulnerabilities. Tool dispatch is explicit and hardcoded, preventing dynamic code execution. No `eval` or `exec` functions are used, and no hardcoded secrets or malicious patterns were identified in the provided source code. The `/invoke` endpoint relies on Pydantic's `model_validate` for robust argument handling, enhancing security against malformed inputs.
Updated: 2025-12-14GitHub
55
73
Medium Cost
GDKsoftware icon

Delphi-MCP-Server

by GDKsoftware

Sec8

Implements the Model Context Protocol (MCP) in Delphi to enable AI-powered development workflows and integrate with clients like Claude Code.

Setup Requirements

  • ⚠️Requires Delphi 12 Athens or later.
  • ⚠️For Linux builds, requires Delphi Enterprise with Linux platform support and PAServer running on the target machine.
  • ⚠️Requires OpenSSL DLLs (e.g., libcrypto-3.dll, libssl-3.dll for TaurusTLS) to be present with the executable for HTTPS/SSL.
Verified SafeView Analysis
The server framework appears well-structured, supporting JSON-RPC 2.0, CORS configuration, and modern SSL/TLS (TaurusTLS with OpenSSL 3.x). No 'eval' or obvious malicious patterns are present in the provided truncated code snippets. The tool system uses RTTI-based discovery; the security of tools largely depends on their implementation (e.g., 'list_files' could expose risks if not carefully contained). The framework itself seems robust, but practical security relies on careful configuration and secure tool development by the user.
Updated: 2025-12-11GitHub
55
1
Medium Cost
NocturnLabs icon
Sec9

A personal knowledge base and session memory system for AI agents, enabling semantic search and persistent local storage.

Setup Requirements

  • ⚠️Requires Bun runtime environment to be installed (`bun:sqlite` is used).
  • ⚠️Requires initial download of a local embedding model (BGE-small-en-v1.5) on first use, which may take time and disk space.
Verified SafeView Analysis
Input validation is handled by Zod schemas for all tool arguments. All data is stored locally in SQLite and LanceDB (vector database) within the user's local share directory, or a custom path via environment variable. The server uses StdioServerTransport, meaning it communicates via standard input/output streams, which is inherently safer than opening network ports. Embedding models are downloaded locally by `fastembed` from trusted sources, without arbitrary code execution. No direct `eval` or `child_process.exec` calls were found. The primary risk would be overly permissive data access if the `OPENCODE_PK_DATA_DIR` is set to an insecure location.
Updated: 2025-12-15GitHub
55
1
Low Cost
luongjames8 icon

deepseek-mcp-server

by luongjames8

Sec8

This MCP server delegates routine coding tasks, file operations, and web research from Claude Code to DeepSeek models to significantly reduce API costs.

Setup Requirements

  • ⚠️Requires Node.js 20+ to run.
  • ⚠️Requires Claude Code CLI for integration.
  • ⚠️A DeepSeek API Key is mandatory and will incur costs.
  • ⚠️A Brave Search API Key is optional for web_search functionality.
Verified SafeView Analysis
The project demonstrates good security practices by loading API keys from environment variables and not hardcoding them. A critical security measure is the `validatePath` function in `src/tools.ts` which prevents path traversal attacks, ensuring all file system operations (`read_file`, `write_file`, `edit_file`, `list_dir`, `grep`) are strictly sandboxed within the specified working directory. The `run_bash` tool, while inherently risky due to executing arbitrary shell commands, operates within this same sandboxed environment, mitigating the most severe external access risks. However, an adversarial prompt could potentially instruct the LLM to perform malicious actions within the sandboxed directory, which is a common risk with agentic systems.
Updated: 2026-01-19GitHub
55
1
Medium-High Cost
rajrounak21 icon

Cerina-Foundry

by rajrounak21

Sec6

An autonomous multi-agent system for generating and refining safe, empathetic Cognitive Behavioral Therapy (CBT) exercises with human-in-the-loop approval and PostgreSQL persistence.

Setup Requirements

  • ⚠️Requires Python 3.13+.
  • ⚠️Requires a PostgreSQL database for persistence and checkpointing.
  • ⚠️Requires an OpenAI or Groq API key (paid services) for LLM inference.
Review RequiredView Analysis
The Flask server runs with `debug=True` and listens on `0.0.0.0`, which are critical security vulnerabilities for production or network-exposed environments. `debug=True` exposes a debugger that can lead to remote code execution. API keys and database credentials are properly managed via environment variables, which is good practice. The project's README explicitly states it's a 'sprint assignment project' and lists production-ready enhancements (error handling, rate limiting, authentication, etc.) that are currently missing.
Updated: 2025-12-13GitHub
55
1
Medium Cost
ngandugilbert icon

cellpilot-mcp

by ngandugilbert

Sec4

Empowers AI assistants to perform comprehensive read, write, and manipulation operations on Excel files.

Setup Requirements

  • ⚠️The `mcp.json` configuration examples use `dnx`, which is a deprecated command from early .NET Core. Users will likely encounter issues as `dnx` is not typically available in modern .NET environments. The correct command for a global tool would likely be `dotnet CellPilotMCP` after installation, or `dotnet run` for local development.
  • ⚠️While the deployed application is stated to be self-contained, installing from NuGet (implicitly via `dnx` or `dotnet tool`) or running from source requires the .NET SDK to be installed.
  • ⚠️Configuring this server grants a connected AI assistant (like GitHub Copilot) extensive control over local Excel files, requiring a high degree of trust in the AI's interpretation of user commands and its ability to not misuse the granted capabilities.
Review RequiredView Analysis
Crucially, the actual C# source code for the MCP server was not provided, making a comprehensive security audit impossible. The analysis is based solely on the README's description of features. The server's extensive file system and data manipulation capabilities (e.g., creating, copying, deleting files, writing to arbitrary cells, reading any data) present significant security risks if not implemented with robust input validation, path sanitization, and access control. Without code, there is no way to verify protection against path traversal, arbitrary code execution, or ReDoS attacks with `SearchWithRegex`. Running this server grants an AI agent powerful capabilities over local files, which inherently requires high trust and careful implementation.
Updated: 2025-12-02GitHub
55
144
Medium Cost
Taxuspt icon

garmin_mcp

by Taxuspt

Sec9

Exposes Garmin Connect fitness and health data to Claude and other MCP-compatible clients.

Setup Requirements

  • ⚠️Requires initial interactive login for Garmin Connect MFA to generate OAuth tokens if MFA is enabled and tokens are not present.
  • ⚠️Specific Python environment managed by `uvx` and Python 3.12 is recommended for direct execution/Claude Desktop integration.
  • ⚠️Requires manual configuration in Claude Desktop's `claude_desktop_config.json` for full integration.
Verified SafeView Analysis
The server uses environment variables or file-based secrets for Garmin Connect credentials, which is a good security practice. OAuth tokens are persisted locally (e.g., in `~/.garminconnect`) after an initial login, which helps with MFA handling. All API calls are wrapped in exception handlers. No 'eval' or direct command injection vectors are apparent in the provided source code. Error messages from underlying API calls are returned directly, which could expose some internal details but is not critical for a self-hosted client.
Updated: 2026-01-15GitHub
PreviousPage 42 of 713Next