Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

55
1
Medium Cost
Etude-Labs icon
Sec9

An IDE-agnostic MCP server that exposes project rules and workflows as MCP resources, providing consistent development guidelines to AI coding tools.

Setup Requirements

  • ⚠️Requires .NET 9 SDK
  • ⚠️Docker required for containerized deployment
  • ⚠️External authentication/TLS handling required for HTTP endpoints in production
Verified SafeView Analysis
The server adheres to a clean architecture and has explicit mitigations for common risks like path traversal. It runs as a non-root user in Docker. HTTP transport does not include built-in authentication or TLS, expecting these to be handled by upstream infrastructure (e.g., API gateway, ingress, load balancer). Configuration and rule files are recommended to be mounted as read-only.
Updated: 2025-12-03GitHub
55
33
Medium Cost
jraylan icon

seamless-agent

by jraylan

Sec9

Empowers AI agents within GitHub Copilot Chat (or similar LM clients) to seek interactive user confirmation and feedback via specialized tools (ask_user, plan_review, walkthrough_review) before executing actions, ensuring user control.

Setup Requirements

  • ⚠️Requires VS Code 1.104.0+ and GitHub Copilot Chat extension.
  • ⚠️If integrating with Antigravity IDE, Node.js must be installed and in the system PATH for the `seamless-agent-mcp.js` CLI tool.
  • ⚠️Local API authentication relies on a dynamically generated bearer token, which might require troubleshooting if misconfigured during Antigravity integration.
Verified SafeView Analysis
The HTTP API service binds exclusively to localhost (127.0.0.1) and employs a randomly generated bearer token for authentication, utilizing `crypto.timingSafeEqual` to prevent timing attacks. CORS is explicitly disabled. Image attachments undergo magic number validation to mitigate spoofed file types. No direct `eval` or obfuscation is present. The primary security risk would stem from a compromised VS Code environment itself, rather than the extension's internal mechanisms.
Updated: 2026-01-08GitHub
55
1
High Cost
fxrrysalim icon

rbx-mcp-engine

by fxrrysalim

Sec5

Provides a high-performance, WebSocket-based bridge for AI agents to interact with and control Roblox Studio in real-time.

Setup Requirements

  • ⚠️Requires Roblox Studio to be installed on the machine.
  • ⚠️The 'rbx-studio-mcp.exe' executable must be downloaded and its path specified in the AI client's MCP configuration.
  • ⚠️Requires configuration of an external MCP-compatible AI client (e.g., Claude, Cursor, Windsurf).
Verified SafeView Analysis
The primary security consideration is the `run_code` tool, which allows AI agents to execute arbitrary Luau code within Roblox Studio with 'God Mode' privileges. While this is an advertised core feature enabling deep engine access and control, it inherently presents a significant risk if the AI agent or its prompts are compromised. The server communicates with the AI client via standard I/O (stdio JSON-RPC) and with Roblox Studio via a localhost-bound WebSocket (port 44755), limiting external network attack surface. No hardcoded secrets or obvious malicious patterns were found in the provided source.
Updated: 2025-12-01GitHub
55
1
Low Cost
pand40x icon

crypto-mcp

by pand40x

Sec9

Provides real-time and historical cryptocurrency data to LLM applications, using Binance as the primary source and CoinMarketCap as a fallback.

Setup Requirements

  • ⚠️Requires CoinMarketCap API keys for fallback functionality, which must be obtained and configured in a .env file.
  • ⚠️The MCP client configuration requires the absolute path to the 'build/index.js' file, which can be a common point of error.
  • ⚠️Node.js v20.0.0 or higher is required.
Verified SafeView Analysis
The server uses environment variables for API keys and `zod` for input validation, which are good security practices. It avoids hardcoding secrets and utilizes public API endpoints where possible. No 'eval' or other directly dangerous functions are used. Symbol normalization helps prevent injection. The overall design prioritizes robustness and security within its operational scope.
Updated: 2025-11-29GitHub
55
1
Medium Cost
khaoss85 icon

arvo-mcp

by khaoss85

Sec9

Connects AI assistants to Arvo's AI fitness coach to access and manage workout data, personal records, and training plans via the Model Context Protocol.

Setup Requirements

  • ⚠️Requires an Arvo account and API key from arvo.guru (external service).
  • ⚠️Requires Node.js 18+ to run.
  • ⚠️Requires manual configuration in the AI client's settings (e.g., modifying claude_desktop_config.json or Cursor MCP settings).
Verified SafeView Analysis
The server acts as a proxy for the Arvo API, correctly using HTTPs and bearer token authentication via an environment variable (ARVO_API_KEY). The API key is not hardcoded and is validated on startup. No 'eval' or other direct code injection vulnerabilities were found in the provided server code. Security heavily relies on the upstream Arvo API and the user's secure handling of their API key locally. The project provides a detailed SECURITY.md, indicating a responsible approach to security.
Updated: 2026-01-19GitHub
55
163
Medium Cost
meilisearch icon

meilisearch-mcp

by meilisearch

Sec7

Connect LLMs to Meilisearch for natural language interaction and management of search indices and data.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Requires a running Meilisearch instance (e.g., Docker container on port 7700).
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop or OpenAI agents) for interaction.
Verified SafeView Analysis
The server allows dynamic updates to Meilisearch connection settings (URL and API key) via MCP tools like `update-connection-settings`. While convenient for development, the README warns this approach does not follow best MCP security practices for production without proper safeguards. A compromised LLM agent could potentially redirect the Meilisearch connection to a malicious instance or expose/change the API key. There are no immediate signs of 'eval', obfuscation, or hardcoded secrets within the provided source code. API keys are masked in output logs.
Updated: 2026-01-09GitHub
55
1
High Cost
QwQzy icon

searcher

by QwQzy

Sec5

Provides a Model Context Protocol (MCP) server for aggregating and extracting information from search engines like Bing using Playwright for web scraping.

Setup Requirements

  • ⚠️Requires Python 3.12
  • ⚠️Requires manual Playwright Chromium installation via `playwright install chromium`
  • ⚠️The `bing_cn_detail` tool could expose the server to Server-Side Request Forgery (SSRF) if publicly accessible without proper input validation or firewall rules.
Verified SafeView Analysis
The `bing_cn_detail` tool allows fetching content from arbitrary URLs. If this MCP server is exposed to untrusted external input, it could be exploited for Server-Side Request Forgery (SSRF) to scan internal networks or access internal resources. The client-side `json.loads` on user input in `client.py` is a potential risk for the client environment, though Pydantic validation on the server side mitigates direct injection vulnerabilities for tool parameters. The `headless=False` mode and `slow_mo` for Playwright are not security risks but indicate a non-production-ready setup that might consume more resources or be unsuitable for server deployments without display environments.
Updated: 2025-12-06GitHub
55
1
High Cost
GitHubNexon icon

blink

by GitHubNexon

Sec9

An AI-powered agentic command-based assistant that can read, create, and modify code files using Replicate's Claude models.

Setup Requirements

  • ⚠️Requires a Replicate API token (free tier available, but requires signup).
  • ⚠️Requires Python 3.8+.
  • ⚠️Requires an active internet connection for API calls.
Verified SafeView Analysis
The server demonstrates strong security practices, particularly in API token handling (in-memory, cleared on exit, never saved to disk, validated on startup) and file system interactions (using `pathvalidate.sanitize_filepath` and explicit path resolution to the `workspace_root`). There is no use of `eval` or `exec` on user-controlled input, mitigating common code injection risks. All file operations are channeled through a robust file handler, reducing path traversal vulnerabilities. The primary remaining risk is the inherent nature of AI code generation, where a malicious prompt could potentially lead the AI to generate insecure code, but the server's implementation itself is secure.
Updated: 2025-12-11GitHub
55
1
Low Cost
Sharper-Flow icon

Vision-MCP-Manager

by Sharper-Flow

Sec8

Manages local or remote MCP (Model Context Protocol) servers and exposes them as HTTP endpoints for AI agents, replacing complex multi-layer setups.

Setup Requirements

  • ⚠️Requires Go 1.24+ for building from source (pre-built binaries available).
  • ⚠️Managed MCP servers must be installed separately via `npx`, `uvx`, or direct binaries.
  • ⚠️Many MCP servers require API keys (e.g., CONTEXT7_API_KEY, KAGI_API_KEY) configured as environment variables.
Verified SafeView Analysis
The Vision daemon demonstrates good security practices for its role as a local process manager. The administrative MCP server binds exclusively to `127.0.0.1:6275`, limiting network exposure for management functions. Individual MCP servers are exposed on dedicated `localhost` ports (`6276-6300`), ensuring per-server isolation and preventing external access. The `install.sh` script utilizes standard systemd hardening options like `NoNewPrivileges=true` and `PrivateTmp=true` when installing as a system service. Environment variables (e.g., `${API_KEY}`) are correctly expanded from the host environment, and explicit warnings are given against committing configuration files containing secrets. The primary inherent risk stems from its core function: executing user-defined commands for `stdio`-based MCP servers. While this is expected behavior, it implies a trust model where the configured commands are not malicious or vulnerable to injection. Input validation for server names is present in the API handlers. No `eval`, obfuscation, or direct remote execution of arbitrary code is observed within the Vision daemon's own codebase.
Updated: 2026-01-19GitHub
55
1
Low Cost
vibecodiq icon

asa-starter-kit

by vibecodiq

Sec9

A deterministic Python CLI for generating and managing production-ready, slice-based FastAPI backend code, ensuring architectural standards and preserving custom logic during regeneration.

Setup Requirements

  • ⚠️Requires Python 3.10+.
  • ⚠️Optional `devbox` environment setup (otherwise requires manual virtual environment and `pip` management).
Verified SafeView Analysis
The core ASA CLI tool focuses on deterministic code generation and architectural enforcement (e.g., boundary linting), which inherently promotes secure development practices. It does not use `eval` or other known dangerous functions. Hardcoded secrets are not present in the provided core logic or demo snippets. The generated FastAPI application's runtime security depends heavily on the user's implementation of business logic within the provided markers (e.g., for JWT generation, database interactions). The linter actively prevents cross-domain import violations.
Updated: 2025-12-05GitHub
55
1
Low Cost
For-Sunny icon

galaxy-brain

by For-Sunny

Sec4

This MCP server enables AI agents to perform a complete cognitive loop by combining structured sequential thinking with chained sequential execution of operations.

Setup Requirements

  • ⚠️Requires Python 3.10+
  • ⚠️Relies on modifying the `claude_desktop_config.json` file for integration with Claude Desktop (handled by install script, but manual setup requires awareness)
  • ⚠️Execution of certain 'doing' operations (e.g., `shell.run`, `python.execute`) can have security implications if input is not carefully controlled.
Review RequiredView Analysis
The `DoingService` allows execution of arbitrary shell commands (`shell.run`) via `subprocess.run(shell=True)` and Python code (`python.execute`) by writing to a temporary file and executing it. While it includes a `_security_check` with `DANGEROUS_PATTERNS` regex to block some malicious commands (e.g., `rm -rf /`), this is not foolproof against all forms of command injection or malicious Python code. The `python.eval` method is more sandboxed with a strict `allowed_builtins` list. If the server is exposed to untrusted input, there is a significant risk of arbitrary code execution.
Updated: 2025-12-05GitHub
55
1
Low Cost
AI-Hub-Admin icon

fortune-compass-agent

by AI-Hub-Admin

Sec9

An AI-powered divination agent that provides Tarot, I Ching, and Guangong Oracle readings via an LLM-callable tool.

Setup Requirements

  • ⚠️Requires `pnpm` for package management.
  • ⚠️The full agent experience requires running two separate processes: the main MCP server (`pnpm start`) and a static file server for assets (`pnpm run serve`). The `serve` CLI tool is used for static files and is not listed as a direct dependency, potentially requiring a global installation (e.g., `pnpm install -g serve`).
  • ⚠️Assumes the LLM client environment supports rendering MCP widgets and resolving relative image URLs against the static asset server (default `http://localhost:4444`).
Verified SafeView Analysis
The source code primarily performs local random number generation and JSON data lookups. It uses `fs.readFileSync` to load the widget HTML, which is path-controlled to the local `assets` directory. No 'eval', 'child_process', hardcoded credentials, or other obvious malicious patterns were found. The system is designed to serve static assets (images) from a separate `serve` process, which, while exposing the `assets` directory, is intended for image delivery and not inherently a vulnerability within the core agent logic.
Updated: 2026-01-17GitHub
PreviousPage 44 of 713Next