Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

55
174
Low Cost
quarkiverse icon

quarkus-mcp-server

by quarkiverse

Sec9

This server demonstrates a secure Model Context Protocol (MCP) using Server-Sent Events (SSE) for exposing tools, prompts, and resources, with authentication handled by Keycloak or GitHub OAuth2.

Setup Requirements

  • ⚠️Requires configuration of external OIDC/OAuth2 providers (e.g., Keycloak, GitHub) including client IDs and secrets.
  • ⚠️Specific configuration properties like `quarkus.keycloak.devservices.java-opts` may be needed for Keycloak Dev Services on certain OS (e.g., Mac OS).
  • ⚠️`jbang` is required to run the packaged application in production mode after a Maven install.
Verified SafeView Analysis
The server leverages Quarkus's robust security features for OIDC (Keycloak) and OAuth2 (GitHub), offloading authentication to external providers. Secrets like GitHub client ID/secret are configured externally via properties, not hardcoded in the source. Input validation for tool and prompt arguments is implemented and configurable to prevent common injection attacks. There are no direct uses of 'eval' or other highly dangerous patterns identified in the provided source code. The implementation also includes cancellation mechanisms for long-running operations.
Updated: 2026-01-19GitHub
55
85
Medium Cost
sulaiman013 icon

powerbi-mcp

by sulaiman013

Sec7

Enables AI assistants to interact with Power BI Desktop and Service for querying data, managing models, and performing safe bulk operations through natural language, ensuring enterprise-grade security and preserving report visual integrity during refactoring.

Setup Requirements

  • ⚠️Requires Windows 10/11 for ADOMD.NET and Power BI Desktop connectivity.
  • ⚠️Requires Power BI Desktop installed for local model interaction and PBIP editing.
  • ⚠️ADOMD.NET client libraries (often bundled with Power BI Desktop or SSMS) must be discoverable.
  • ⚠️Cloud connectivity requires Azure AD App Registration with specific permissions (Dataset.Read.All, Workspace.Read.All) and a Premium Per User (PPU) or Premium Capacity workspace for XMLA endpoint access.
Verified SafeView Analysis
The project integrates a robust security layer for PII detection, audit logging, and access policies, which is a significant positive. However, it relies on environment variables for sensitive cloud credentials (TENANT_ID, CLIENT_ID, CLIENT_SECRET), which is good practice but requires careful management outside the code. The use of 'eval' for .NET assembly loading in connectors, while common for .NET interop, carries inherent risks. Extensive file manipulation for PBIP projects (reading, writing, copying, deleting via `powerbi_pbip_connector.py`) and execution of arbitrary DAX queries means the tool has significant power over the local system and data. The `pbip_load_project` tool directly takes user-provided paths for PBIP projects, which necessitates trust in the input or robust path sanitization to prevent potential traversal vulnerabilities.
Updated: 2025-12-01GitHub
55
1
Low Cost
bigph00t icon

greenlight

by bigph00t

Sec9

Provides a visual status indicator in a terminal window for AI assistant tasks.

Setup Requirements

  • ⚠️Requires Node.js version 18.0.0 or higher.
  • ⚠️The display component (`src/display.js`) must be run separately in a visible terminal window.
  • ⚠️Achieving 'yellow light' status for AI approval prompts (Claude Code only) requires manual configuration of AI hooks with the full path to the `cli.js` script.
Verified SafeView Analysis
The server operates locally via file I/O and standard I/O, primarily writing to and reading from `~/.greenlight/status.json` and `~/.greenlight/display.pid`. It uses `process.kill(pid, 0)` to check for process existence, which is a safe operation. User-provided messages are stored in a local JSON file and then displayed in the terminal. While the application does not execute these messages, there's a theoretical, low-risk possibility of a compromised AI injecting malicious ANSI escape sequences into the message that a vulnerable terminal emulator might misinterpret. However, the risk is contained to the local terminal session, and the application itself does not execute arbitrary code. No hardcoded secrets or direct network risks were identified within the server's code.
Updated: 2025-12-13GitHub
55
1
High Cost
final0920 icon

mcp-worklog

by final0920

Sec9

Automates the generation and management of daily work reports, including collecting content from AI tool sessions for summarization and editing.

Setup Requirements

  • ⚠️Requires a '--storage-path' argument to specify where daily reports are saved.
  • ⚠️AI session collection (Claude Code, Kiro, Cursor) is dependent on the user having these tools installed and their data files existing in standard locations, otherwise, no sessions will be collected.
  • ⚠️Requires Python 3.10 or newer.
Verified SafeView Analysis
The server operates locally using standard I/O and reads/writes files in a user-specified directory. AI session collectors access predefined application data paths (e.g., ~/.claude, %APPDATA%/Kiro, %APPDATA%/Cursor). The CursorCollector uses SQLite with a hardcoded query key, which reduces SQL injection risk. No explicit 'eval' or direct external network calls (beyond standard MCP communication) are apparent from the provided code, nor any hardcoded secrets. File operations are controlled and limited to expected paths for its functionality, and no arbitrary file access based on user input is observed.
Updated: 2025-12-11GitHub
55
1
Medium Cost

pipe-dream-mcp

by ryanmichaeljames

Sec9

Enables AI agents to securely interact with Microsoft Dataverse for querying, retrieving, and managing data.

Setup Requirements

  • ⚠️.NET 10.0 SDK required
  • ⚠️Azure CLI required
  • ⚠️Azure subscription with Dataverse access required
  • ⚠️Must run `az login` to authenticate
Verified SafeView Analysis
Utilizes Azure CLI for secure token-based authentication to Microsoft Dataverse; no direct 'eval' or obfuscation is indicated. Standard network interaction for data operations.
Updated: 2025-11-19GitHub
55
1
Low Cost
portertech icon
Sec9

Provides AI assistants with remote control over LM Studio models, enabling management actions like listing, loading, and unloading models through the LM Studio API.

Setup Requirements

  • ⚠️Requires Node.js 18.0.0 or higher.
  • ⚠️Requires LM Studio to be running with its local server enabled.
  • ⚠️When running via Docker on macOS/Windows, `LMSTUDIO_HOST` must be set to `host.docker.internal` to connect to LM Studio on the host machine.
Verified SafeView Analysis
The server employs robust practices including input validation via Zod schemas, consistent error handling with a `safeToolHandler` wrapper to prevent unhandled exceptions, and configurable LM Studio connection details through environment variables rather than hardcoded secrets. It utilizes established SDKs (`@lmstudio/sdk`, `@modelcontextprotocol/sdk`). Logs from the LM Studio SDK are correctly routed to stderr to maintain protocol-safe stdout. No direct `eval` or similarly dangerous patterns executing arbitrary user input were identified.
Updated: 2026-01-16GitHub
54
117
High Cost
browserstack icon

mcp-server

by browserstack

Sec2

This server acts as a comprehensive testing platform, enabling users to manage, execute, debug, and fix tests for web and mobile applications on BrowserStack's cloud infrastructure using natural language prompts and AI integrations.

Setup Requirements

  • ⚠️Requires Node.js version >= 18.0.0 (enforced at startup).
  • ⚠️Requires BrowserStack API credentials (BROWSERSTACK_USERNAME, BROWSERSTACK_ACCESS_KEY) to be set as environment variables.
  • ⚠️For testing local/private URLs, the BrowserStack Local binary may need to be installed and running, or managed by the server.
  • ⚠️Many tools require additional language-specific SDKs (e.g., npm, pip, gem, dotnet) to be installed in the user's project environment.
Review RequiredView Analysis
The `runPercyScan` tool executes a user-provided `percyRunCommand` directly, which is a critical command injection vulnerability if user input is not carefully constrained or sanitized. Additionally, `execSync` is used in `src/lib/local.ts` to manage the BrowserStackLocal binary, which poses a lower but still present risk for code execution. While `sanitizeUrlParam` is used for some URL components and `apiClient` performs URL validation, the direct execution of arbitrary commands in `runPercyScan` is a severe risk.
Updated: 2026-01-14GitHub
54
59
Low Cost
xakpc icon

anymcp-io

by xakpc

Sec7

A static site catalog for discovering and browsing single-file .NET MCP (Model Context Protocol) servers.

Setup Requirements

  • ⚠️Contributing C# MCP servers requires targeting .NET 10 Preview 4+.
  • ⚠️Contributed C# files must include specific YAML front matter within C# comments.
  • ⚠️Contributed C# servers must use the ModelContextProtocol package version 0.3.0-preview.3 or later.
Verified SafeView Analysis
The project is a static site generator. The primary security considerations are at build-time, particularly related to the processing of contributed C# server files (`mcp/*.cs`). The `servers.js` script reads these files and parses their YAML front matter and extracts C# code as strings. There is no direct execution of the C# code within the Node.js build process, which limits direct code execution vulnerabilities. However, if unvetted malicious C# content (e.g., embedded HTML/JS) is not properly escaped when rendered into the Nunjucks templates (e.g., in `servers.njk`), it could lead to Cross-Site Scripting (XSS) on the generated static website. No explicit use of `eval` or intentional obfuscation was found in the provided JavaScript code. Hardcoded secrets are not present in the catalog's source code; environment variables are specified as requirements for the *contributed MCP servers* themselves.
Updated: 2025-12-10GitHub
54
115
High Cost
helixml icon

kodit

by helixml

Sec9

Kodit is a code intelligence platform that indexes code repositories to enable enhanced AI code generation, semantic search, and documentation.

Setup Requirements

  • ⚠️Requires Python 3.9+ to run.
  • ⚠️Requires a PostgreSQL or SQLite database for persistent storage.
  • ⚠️Requires API access to an LLM provider (e.g., OpenAI, Anthropic, or a compatible LiteLLM endpoint) for code enrichment and semantic search capabilities. This is a paid service and token usage can be high.
  • ⚠️Using local LLM models for embeddings and enrichment may require significant CPU/GPU resources and disk space for model downloads.
Verified SafeView Analysis
The server processes external Git repositories, which inherently carries some risk. However, it utilizes established and mature Git libraries (Dulwich, GitPython, PyGit2) to perform Git operations, reducing the risk of command injection. API key authentication is supported for the REST API, and environment variables are used for sensitive configurations, following good security practices. No obvious malicious patterns or unsafe `eval()`/`exec()` calls were found outside expected library usage.
Updated: 2026-01-19GitHub
54
112
Medium Cost
VictoriaMetrics-Community icon

mcp-victoriametrics

by VictoriaMetrics-Community

Sec9

Acts as a Model Context Protocol (MCP) server for VictoriaMetrics, enabling AI integration for monitoring, observability, and debugging tasks through its APIs and embedded documentation.

Setup Requirements

  • ⚠️Requires a running VictoriaMetrics or VictoriaMetrics Cloud instance to connect to.
  • ⚠️Requires an MCP client (e.g., Cursor, Claude Desktop, VS Code, Zed, JetBrains IDEs) to interact with the server.
  • ⚠️Requires Go 1.24+ if building from source, otherwise Docker can be used for easier deployment.
  • ⚠️Authentication to VictoriaMetrics requires either `VM_INSTANCE_ENTRYPOINT` and `VM_INSTANCE_TYPE` (for self-hosted instances) or `VMC_API_KEY` (for VictoriaMetrics Cloud) to be configured.
Verified SafeView Analysis
The server uses environment variables for sensitive credentials like API keys and bearer tokens, which is a good practice. It processes user input for queries, relabeling, and rule testing, but the Go implementation appears to use trusted internal libraries (e.g., `metricsql.Prettify`, `vmalert-tool/unittest`) and standard HTTP client practices with URL encoding, reducing the risk of direct command injection or arbitrary code execution. Temporary files are created for rule testing, which is handled via `os.MkdirTemp` and `os.WriteFile`, followed by an internal library call, minimizing external command execution risks. No obvious obfuscation or highly dangerous patterns like `eval` in the Go runtime were found.
Updated: 2026-01-13GitHub
54
132
Medium Cost
ai-zerolab icon

mcp-email-server

by ai-zerolab

Sec8

This server allows MCP clients to interact with email accounts via IMAP and SMTP protocols, enabling functionalities like listing, fetching, sending, and deleting emails.

Setup Requirements

  • ⚠️Requires IMAP and SMTP account credentials (host, port, username, password) for configuration.
  • ⚠️Recommended to use `uv` for environment management and installation, as per documentation (`uv sync`, `uv run`).
  • ⚠️The attachment download feature is disabled by default and must be explicitly enabled for security reasons.
Verified SafeView Analysis
The server relies on user-provided IMAP/SMTP credentials. The `download_attachment` tool allows saving attachments to a user-specified path, which could lead to arbitrary file writes if running with elevated privileges and combined with a malicious client providing an unsanitized path. However, this feature is explicitly disabled by default and requires user opt-in. File attachments for outgoing emails are validated to ensure they are actual files and exist. A Codecov token is hardcoded in `codecov.yaml`, which is a minor repository-level information leak but does not directly impact the runtime security of the server itself.
Updated: 2026-01-19GitHub
54
130
Low Cost
Dicklesworthstone icon

ultimate_mcp_server

by Dicklesworthstone

Sec8

The Ultimate MCP Server acts as a comprehensive AI agent operating system, providing advanced AI agents access to a rich ecosystem of tools, cognitive systems, and specialized services via the Model Context Protocol for cognitive augmentation, tool use, and intelligent orchestration.

Setup Requirements

  • ⚠️Requires Python 3.13+ and configuration of at least one LLM provider API key in a `.env` file.
  • ⚠️Many powerful features (e.g., browser automation with Playwright, OCR with Tesseract, Excel automation with COM objects) require additional system-level dependencies or specific operating system environments.
  • ⚠️Secure and effective use of filesystem and other powerful tools critically depends on strictly defining `FILESYSTEM__ALLOWED_DIRECTORIES` and other access control settings to prevent unintended access.
Verified SafeView Analysis
The server explicitly addresses common security concerns like API key management, network exposure, input validation (preventing directory traversal, SQL injection), and sandboxing for Python execution and browser automation. It emphasizes proper configuration of `FILESYSTEM__ALLOWED_DIRECTORIES` for filesystem tools and recommends external measures for authentication, authorization, and rate limiting. Dynamic API integration and arbitrary Python execution in the sandbox are high-privilege operations that rely on robust isolation and user vigilance but are handled with clear controls. However, any sandbox has inherent complexity, and the ultimate safety relies heavily on correct user configuration and vigilance.
Updated: 2026-01-19GitHub
PreviousPage 46 of 713Next